CN107277079A - A kind of across cloud customer certification system towards mixed cloud - Google Patents

A kind of across cloud customer certification system towards mixed cloud Download PDF

Info

Publication number
CN107277079A
CN107277079A CN201710727800.7A CN201710727800A CN107277079A CN 107277079 A CN107277079 A CN 107277079A CN 201710727800 A CN201710727800 A CN 201710727800A CN 107277079 A CN107277079 A CN 107277079A
Authority
CN
China
Prior art keywords
cloud
service
service requester
authentication
private clound
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710727800.7A
Other languages
Chinese (zh)
Inventor
安森宾
童炜明
陈琳
雷兴民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Wide Benefit Network Polytron Technologies Inc
Original Assignee
Shanghai Wide Benefit Network Polytron Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Wide Benefit Network Polytron Technologies Inc filed Critical Shanghai Wide Benefit Network Polytron Technologies Inc
Publication of CN107277079A publication Critical patent/CN107277079A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a kind of across cloud customer certification system towards mixed cloud, including service request terminal, mixed cloud management system, across cloud authentication administrative system, access monitoring system and information storage system.The present invention constructs across the cloud Verification System towards mixed cloud, can meet user under mixing cloud environment and adhere to the authenticated domain of different private clounds, service access frequently demand separately.

Description

A kind of across cloud customer certification system towards mixed cloud
Technical field
The present invention relates to field of cloud calculation, and in particular to a kind of across cloud customer certification system towards mixed cloud.
Background technology
With the increase and popularization of private clound quantity, will appear from the interconnection of each private clound turns into mixed cloud, private clound interconnection After mixed cloud, provided relative to private clound service orientation single service domain, mixed cloud exist between a large amount of clouds service collaboration and Requirements of combination, therefore bring the safety problem of across cloud synergistic application service.
The content of the invention
To solve the above problems, the present invention provides a kind of across cloud customer certification system towards mixed cloud.
The purpose of the present invention is realized using following technical scheme:
A kind of across cloud customer certification system towards mixed cloud, including service request terminal, mixed cloud management system, recognize across cloud Demonstrate,prove management system, access monitoring system and information storage system;
The service request terminal is used to provide access interface for the privately owned cloud service in service requester access mixed cloud;
The mixed cloud management system includes mixed cloud identity management module, mixed cloud differentiated control module;The mixing Cloud identity management module is used to be managed the private clound for adding mixed cloud based on Certificate Authentication Mechanism, and sets up each private clound Between trusting relationship;The mixed cloud differentiated control module is used to private clound is divided into public affairs according to the security classification of private clound Level, confidential and confidential are opened, and takes different security strategies to be managed for different brackets;
Across the cloud authentication administrative system includes across cloud authentication module and alarm module;Across the cloud authentication module is used for Service requester obtained during across cloud access the attribute token of service requester, and based on customized across cloud authentication protocol Realize that across cloud certification when service of the service requester of local private clound to other private clounds carries out across cloud access provides communication Service;The alarm module is used for the alert when obtaining attribute token failure or decryption failure;
The access monitoring system is used to be monitored service requester across the process that cloud is accessed;
Described information storage system is used for the access information and warning message of storage service requestor.
Beneficial effects of the present invention are:Across the cloud Verification System towards mixed cloud is constructed, can be met under mixing cloud environment Service requester adheres to the authenticated domain of different private clounds, service access frequently demand separately, solves above-mentioned technical problem.
Brief description of the drawings
Using accompanying drawing, the invention will be further described, but the embodiment in accompanying drawing does not constitute any limit to the present invention System, for one of ordinary skill in the art, on the premise of not paying creative work, can also be obtained according to the following drawings Other accompanying drawings.
Fig. 1 is structure connection diagram of the present invention.
Fig. 2 is the structural representation of mixed cloud identity management module of the present invention.
Reference:
Service request terminal 1, mixed cloud management system 2, across cloud authentication administrative system 3, access monitoring system 4, information storage System 5, mixed cloud identity management module 21, mixed cloud differentiated control module 22, across cloud authentication module 31, alarm module 32, card Bookmark bill member 211, Yun Jian authentication proxys unit 212.
Embodiment
The invention will be further described with the following Examples.
Application scenarios 1
Referring to Fig. 1, Fig. 2, across the cloud customer certification system towards mixed cloud of one embodiment of this application scene, including Service request terminal 1, mixed cloud management system 2, across cloud authentication administrative system 3, access monitoring system 4 and information storage system 5;
The service request terminal 1 is used to provide access interface for the privately owned cloud service in service requester access mixed cloud;
The mixed cloud management system 2 includes mixed cloud identity management module 21, mixed cloud differentiated control module 22;It is described Mixed cloud identity management module 21 is used to be managed the private clound for adding mixed cloud based on Certificate Authentication Mechanism, and sets up each Trusting relationship between private clound;The mixed cloud differentiated control module 22 is used for private clound according to the security classification of private clound Open level, confidential and confidential are divided into, and takes different security strategies to be managed for different brackets;
Across the cloud authentication administrative system 3 includes across cloud authentication module 31 and alarm module 32;Across the cloud authentication module 31 are used for the attribute token of acquisition service requester during for service requester progress across cloud access, and based on customized across cloud Authentication protocol realizes across cloud certification when service of the service requester of local private clound to other private clounds carries out across cloud access Communication service is provided;The alarm module 32 is used for the alert when obtaining attribute token failure or decryption failure;
The access monitoring system 4 is used to be monitored service requester across the process that cloud is accessed;
Described information storage system 5 is used for the access information and warning message of storage service requestor.
It is preferred that, the attribute token that service requester is obtained when service requester carries out across cloud access, including:
(1) service requester sends to the service S for other private clounds to be accessed across cloud and accesses service request;
(2) service S responses are accessed after service request, and attribute request is sent to service requester;
(3) service requester inputs self-defined password, and the self-defined password digit have to be larger than 6, and will be self-defined Password and its identity together with the attribute request as message by sending jointly to the certification of private clound after encrypted signature Agency, authentication proxy message is decrypted checking, after being verified, root by the private key of oneself and the public key of service requester According to extracting corresponding with attribute request attribute in the attribute request dependence memory module of service requester and sign and issue attribute token, Session key is generated, service requester is sent to after encrypted signature together with the attribute token and self-defined password;
(4) service requester is received after message, and message is carried out using the private key of oneself and the public key certificate of authentication proxy Decryption, if containing self-defined password in information, have authenticated the identity of the authentication proxy, while also obtain attribute token.
It is preferred that, the alert when obtaining attribute token failure or decryption failure, including:
(1) service requester sends to the service S for other private clounds to be accessed across cloud and accesses service request;
(2) service S responses are accessed after service request, and attribute request is sent to service requester;
(3) service requester inputs self-defined code error, obtains attribute token failure, and alarm module 32 sends alarm signal Breath, attribute token, which is obtained, to be sent to after service requester, and information can not be decrypted for service requester, it is impossible to is completed identity and is tested Card, the also alert of alarm module 32.
The above embodiment of the present invention devises the acquisition modes of attribute token, improve attribute token acquisition security and Efficiency;Across the cloud Verification System towards mixed cloud is constructed, service requester under mixing cloud environment can be met and adhere to different privates separately There are the authenticated domain of cloud, service access frequently demand, so as to solve above-mentioned technical problem.
It is preferred that, the mixed cloud identity management module 21 includes:
(1) certificate issuance unit 211:For the authentication proxy when private clound adds or exits mixed cloud for the private clound Sign and issue or revoked public key certificate, and the public key certificate signed and issued in mixed cloud is managed collectively;
(2) Yun Jian authentication proxys unit 212:The registration of the private clound newly added for receiving, it is privately owned that management is newly added The log-on message of the authentication proxy of cloud, so as to set up its trusting relationship between private clound.
It is preferred that, the authentication proxy of the private clound supports ID authentication mechanism and Certificate Authentication Mechanism, for managing private There is signing and issuing for the authentication in cloud and attribute token, and when across cloud authentication module 31 carries out across cloud certification, by the registration Information is submitted to mixed cloud identity management module 21 and is managed, and receives the public key card that mixed cloud identity management module 21 is signed and issued Book;The log-on message of the authentication proxy for managing the private clound newly added, including:Audit the certification generation of the private clound newly added The log-on message of reason, receive the private clound newly added authentication proxy log-on message, log-on message is stored in safety database, The log-on message of the private clound exited is deleted when private clound exits mixed cloud.
Above-mentioned two preferred embodiment realizes the management to the private clound in mixed cloud, and the authentication proxy of private clound supports ID authentication mechanism and Certificate Authentication Mechanism, make the more science of the management to the private clound in mixed cloud, safe.
It is preferred that, private clound is divided into open level, confidential and confidential, bag by the security classification according to private clound Include:
(1) if certain private clound only allows private clound founder itself to access, the private clound is confidential;
(2) if the service requester that certain private clound allows private clound founder to authorize is accessed, the private clound is secret Level;
(3) if certain private clound allows to access with all service requesters that the private clound sets up trusting relationship, this is privately owned Cloud is open level.
It is preferred that, the security strategy includes:
(1) for confidential private clound, it is encrypted using elliptic curve cipher system, visitor needs to carry out fingerprint inspection Card could send access request;
(2) for confidential private clound, it is encrypted using RSA cryptographic algorithms, visitor needs to authorize U-shield to visit Ask;
(3) for open level private clound, it is encrypted using des encryption algorithm, the visitor for setting up trusting relationship can be with Directly transmit access request.
This preferred embodiment divides security classification to different private clounds and designs corresponding security strategy, is ensureing safety On the premise of different private clounds can be conducted interviews.
It is preferred that, described information storage system 5 is stored using multilayered model to information, including accumulation layer, management level And interface layer, the accumulation layer be in memory module bottom, be made up of different equipment, the management level be located at accumulation layer it On, storage device is managed by various softwares, the service-oriented requestor of interface layer provides service, can be according to visitor There is provided different service interfaces for family demand.
This preferred embodiment is easy to that manager's queried access information and warning message can be easy to, and is easy to subsequent examination.
It is preferred that, customized across the cloud authentication protocol is:
(1) service requester randomly selects self-defined numeral as fresh number, the attribute token obtained with service requester The random number of service requester is returned to together as message with S is serviced when carrying out across cloud accesss, and clothes are sent to after encrypted signature Be engaged in S;
(2) service S is received after message, close to message solution label with the private key of oneself and the public key of service requester, if message The random number of service requester is returned to containing the service S, then service requester authentication passes through, service S and then generation Another random number, carries out encrypted signature to another random number and the self-defined numeral, forms feedback information, be sent to clothes Be engaged in requestor;
(3) service requester is received after the feedback information, with the private key of oneself and service S public key to feedback information solution Label are close, if feedback information contains the self-defined numeral, service S identity have authenticated, it is achieved thereby that both sides' mutually recognizes each other Card.
This preferred embodiment devises customized across cloud authentication protocol, realizes two-way between service requester and service Certification, improves the security and the efficiency across cloud certification of system.
It is preferred that, the monitoring system 4 that accesses is by access process vector X=(a1、a2、a3) be indicated, a1Represent report A situation arises for alert information, a2Represent service requester accesses whether meet security strategy, a2Represent running situation;Work as alarm When information does not occur, a11 is taken, 0 is otherwise taken;When service requester access meets security strategy, a21 is taken, 0 is otherwise taken;When system fortune A when row is normal31 is taken, 0 is otherwise taken;Only when X=(1,1,1), monitoring system identification is accessed successfully;Monitoring system 4 is accessed to exist Recorded in work to accessing unsuccessful time and number of times, setting time is reached when accessing unsuccessful number of times in setting time section Number, accesses monitoring system 4 and sends warning information.
This preferred embodiment realizes the monitoring to service requester access process, improves the security of system.
In this application scenarios, the self-defined password digit is 11, and certification speed improves 10%, and security is improved 12%.
Application scenarios 2
Referring to Fig. 1, Fig. 2, across the cloud customer certification system towards mixed cloud of one embodiment of this application scene, including Service request terminal 1, mixed cloud management system 2, across cloud authentication administrative system 3, access monitoring system 4 and information storage system 5;
The service request terminal 1 is used to provide access interface for the privately owned cloud service in service requester access mixed cloud;
The mixed cloud management system 2 includes mixed cloud identity management module 21, mixed cloud differentiated control module 22;It is described Mixed cloud identity management module 21 is used to be managed the private clound for adding mixed cloud based on Certificate Authentication Mechanism, and sets up each Trusting relationship between private clound;The mixed cloud differentiated control module 22 is used for private clound according to the security classification of private clound Open level, confidential and confidential are divided into, and takes different security strategies to be managed for different brackets;
Across the cloud authentication administrative system 3 includes across cloud authentication module 31 and alarm module 32;Across the cloud authentication module 31 are used for the attribute token of acquisition service requester during for service requester progress across cloud access, and based on customized across cloud Authentication protocol realizes across cloud certification when service of the service requester of local private clound to other private clounds carries out across cloud access Communication service is provided;The alarm module 32 is used for the alert when obtaining attribute token failure or decryption failure;
The access monitoring system 4 is used to be monitored service requester across the process that cloud is accessed;
Described information storage system 5 is used for the access information and warning message of storage service requestor.
It is preferred that, the attribute token that service requester is obtained when service requester carries out across cloud access, including:
(1) service requester sends to the service S for other private clounds to be accessed across cloud and accesses service request;
(2) service S responses are accessed after service request, and attribute request is sent to service requester;
(3) service requester inputs self-defined password, and the self-defined password digit have to be larger than 6, and will be self-defined Password and its identity together with the attribute request as message by sending jointly to the certification of private clound after encrypted signature Agency, authentication proxy message is decrypted checking, after being verified, root by the private key of oneself and the public key of service requester According to extracting corresponding with attribute request attribute in the attribute request dependence memory module of service requester and sign and issue attribute token, Session key is generated, service requester is sent to after encrypted signature together with the attribute token and self-defined password;
(4) service requester is received after message, and message is carried out using the private key of oneself and the public key certificate of authentication proxy Decryption, if containing self-defined password in information, have authenticated the identity of the authentication proxy, while also obtain attribute token.
It is preferred that, the alert when obtaining attribute token failure or decryption failure, including:
(1) service requester sends to the service S for other private clounds to be accessed across cloud and accesses service request;
(2) service S responses are accessed after service request, and attribute request is sent to service requester;
(3) service requester inputs self-defined code error, obtains attribute token failure, and alarm module 32 sends alarm signal Breath, attribute token, which is obtained, to be sent to after service requester, and information can not be decrypted for service requester, it is impossible to is completed identity and is tested Card, the also alert of alarm module 32.
The above embodiment of the present invention devises the acquisition modes of attribute token, improve attribute token acquisition security and Efficiency;Across the cloud Verification System towards mixed cloud is constructed, service requester under mixing cloud environment can be met and adhere to different privates separately There are the authenticated domain of cloud, service access frequently demand, so as to solve above-mentioned technical problem.
It is preferred that, the mixed cloud identity management module 21 includes:
(1) certificate issuance unit 211:For the authentication proxy when private clound adds or exits mixed cloud for the private clound Sign and issue or revoked public key certificate, and the public key certificate signed and issued in mixed cloud is managed collectively;
(2) Yun Jian authentication proxys unit 212:The registration of the private clound newly added for receiving, it is privately owned that management is newly added The log-on message of the authentication proxy of cloud, so as to set up its trusting relationship between private clound.
It is preferred that, the authentication proxy of the private clound supports ID authentication mechanism and Certificate Authentication Mechanism, for managing private There is signing and issuing for the authentication in cloud and attribute token, and when across cloud authentication module 31 carries out across cloud certification, by the registration Information is submitted to mixed cloud identity management module 21 and is managed, and receives the public key card that mixed cloud identity management module 21 is signed and issued Book;The log-on message of the authentication proxy for managing the private clound newly added, including:Audit the certification generation of the private clound newly added The log-on message of reason, receive the private clound newly added authentication proxy log-on message, log-on message is stored in safety database, The log-on message of the private clound exited is deleted when private clound exits mixed cloud.
Above-mentioned two preferred embodiment realizes the management to the private clound in mixed cloud, and the authentication proxy of private clound supports ID authentication mechanism and Certificate Authentication Mechanism, make the more science of the management to the private clound in mixed cloud, safe.
It is preferred that, private clound is divided into open level, confidential and confidential, bag by the security classification according to private clound Include:
(1) if certain private clound only allows private clound founder itself to access, the private clound is confidential;
(2) if the service requester that certain private clound allows private clound founder to authorize is accessed, the private clound is secret Level;
(3) if certain private clound allows to access with all service requesters that the private clound sets up trusting relationship, this is privately owned Cloud is open level.
It is preferred that, the security strategy includes:
(1) for confidential private clound, it is encrypted using elliptic curve cipher system, visitor needs to carry out fingerprint inspection Card could send access request;
(2) for confidential private clound, it is encrypted using RSA cryptographic algorithms, visitor needs to authorize U-shield to visit Ask;
(3) for open level private clound, it is encrypted using des encryption algorithm, the visitor for setting up trusting relationship can be with Directly transmit access request.
This preferred embodiment divides security classification to different private clounds and designs corresponding security strategy, is ensureing safety On the premise of different private clounds can be conducted interviews.
It is preferred that, described information storage system 5 is stored using multilayered model to information, including accumulation layer, management level And interface layer, the accumulation layer be in memory module bottom, be made up of different equipment, the management level be located at accumulation layer it On, storage device is managed by various softwares, the service-oriented requestor of interface layer provides service, can be according to visitor There is provided different service interfaces for family demand.
This preferred embodiment is easy to that manager's queried access information and warning message can be easy to, and is easy to subsequent examination.
It is preferred that, customized across the cloud authentication protocol is:
(1) service requester randomly selects self-defined numeral as fresh number, the attribute token obtained with service requester The random number of service requester is returned to together as message with S is serviced when carrying out across cloud accesss, and clothes are sent to after encrypted signature Be engaged in S;
(2) service S is received after message, close to message solution label with the private key of oneself and the public key of service requester, if message The random number of service requester is returned to containing the service S, then service requester authentication passes through, service S and then generation Another random number, carries out encrypted signature to another random number and the self-defined numeral, forms feedback information, be sent to clothes Be engaged in requestor;
(3) service requester is received after the feedback information, with the private key of oneself and service S public key to feedback information solution Label are close, if feedback information contains the self-defined numeral, service S identity have authenticated, it is achieved thereby that both sides' mutually recognizes each other Card.
This preferred embodiment devises customized across cloud authentication protocol, realizes two-way between service requester and service Certification, improves the security and the efficiency across cloud certification of system.
It is preferred that, the monitoring system 4 that accesses is by access process vector X=(a1、a2、a3) be indicated, a1Represent report A situation arises for alert information, a2Represent service requester accesses whether meet security strategy, a3Represent running situation;Work as alarm When information does not occur, a11 is taken, 0 is otherwise taken;When service requester access meets security strategy, a21 is taken, 0 is otherwise taken;When system fortune A when row is normal31 is taken, 0 is otherwise taken;Only when X=(1,1,1), monitoring system identification is accessed successfully;Monitoring system 4 is accessed to exist Recorded in work to accessing unsuccessful time and number of times, setting time is reached when accessing unsuccessful number of times in setting time section Number, accesses monitoring system 4 and sends warning information.
This preferred embodiment realizes the monitoring to service requester access process, improves the security of system.
In this application scenarios, the self-defined password digit is 10, and certification speed improves 11%, and security is improved 11%.
Application scenarios 3
Referring to Fig. 1, Fig. 2, across the cloud customer certification system towards mixed cloud of one embodiment of this application scene, including Service request terminal 1, mixed cloud management system 2, across cloud authentication administrative system 3, access monitoring system 4 and information storage system 5;
The service request terminal 1 is used to provide access interface for the privately owned cloud service in service requester access mixed cloud;
The mixed cloud management system 2 includes mixed cloud identity management module 21, mixed cloud differentiated control module 22;It is described Mixed cloud identity management module 21 is used to be managed the private clound for adding mixed cloud based on Certificate Authentication Mechanism, and sets up each Trusting relationship between private clound;The mixed cloud differentiated control module 22 is used for private clound according to the security classification of private clound Open level, confidential and confidential are divided into, and takes different security strategies to be managed for different brackets;
Across the cloud authentication administrative system 3 includes across cloud authentication module 31 and alarm module 32;Across the cloud authentication module 31 are used for the attribute token of acquisition service requester during for service requester progress across cloud access, and based on customized across cloud Authentication protocol realizes across cloud certification when service of the service requester of local private clound to other private clounds carries out across cloud access Communication service is provided;The alarm module 32 is used for the alert when obtaining attribute token failure or decryption failure;
The access monitoring system 4 is used to be monitored service requester across the process that cloud is accessed;
Described information storage system 5 is used for the access information and warning message of storage service requestor.
It is preferred that, the attribute token that service requester is obtained when service requester carries out across cloud access, including:
(1) service requester sends to the service S for other private clounds to be accessed across cloud and accesses service request;
(2) service S responses are accessed after service request, and attribute request is sent to service requester;
(3) service requester inputs self-defined password, and the self-defined password digit have to be larger than 6, and will be self-defined Password and its identity together with the attribute request as message by sending jointly to the certification of private clound after encrypted signature Agency, authentication proxy message is decrypted checking, after being verified, root by the private key of oneself and the public key of service requester According to extracting corresponding with attribute request attribute in the attribute request dependence memory module of service requester and sign and issue attribute token, Session key is generated, service requester is sent to after encrypted signature together with the attribute token and self-defined password;
(4) service requester is received after message, and message is carried out using the private key of oneself and the public key certificate of authentication proxy Decryption, if containing self-defined password in information, have authenticated the identity of the authentication proxy, while also obtain attribute token.
It is preferred that, the alert when obtaining attribute token failure or decryption failure, including:
(1) service requester sends to the service S for other private clounds to be accessed across cloud and accesses service request;
(2) service S responses are accessed after service request, and attribute request is sent to service requester;
(3) service requester inputs self-defined code error, obtains attribute token failure, and alarm module 32 sends alarm signal Breath, attribute token, which is obtained, to be sent to after service requester, and information can not be decrypted for service requester, it is impossible to is completed identity and is tested Card, the also alert of alarm module 32.
The above embodiment of the present invention devises the acquisition modes of attribute token, improve attribute token acquisition security and Efficiency;Across the cloud Verification System towards mixed cloud is constructed, service requester under mixing cloud environment can be met and adhere to different privates separately There are the authenticated domain of cloud, service access frequently demand, so as to solve above-mentioned technical problem.
It is preferred that, the mixed cloud identity management module 21 includes:
(1) certificate issuance unit 211:For the authentication proxy when private clound adds or exits mixed cloud for the private clound Sign and issue or revoked public key certificate, and the public key certificate signed and issued in mixed cloud is managed collectively;
(2) Yun Jian authentication proxys unit 212:The registration of the private clound newly added for receiving, it is privately owned that management is newly added The log-on message of the authentication proxy of cloud, so as to set up its trusting relationship between private clound.
It is preferred that, the authentication proxy of the private clound supports ID authentication mechanism and Certificate Authentication Mechanism, for managing private There is signing and issuing for the authentication in cloud and attribute token, and when across cloud authentication module 31 carries out across cloud certification, by the registration Information is submitted to mixed cloud identity management module 21 and is managed, and receives the public key card that mixed cloud identity management module 21 is signed and issued Book;The log-on message of the authentication proxy for managing the private clound newly added, including:Audit the certification generation of the private clound newly added The log-on message of reason, receive the private clound newly added authentication proxy log-on message, log-on message is stored in safety database, The log-on message of the private clound exited is deleted when private clound exits mixed cloud.
Above-mentioned two preferred embodiment realizes the management to the private clound in mixed cloud, and the authentication proxy of private clound supports ID authentication mechanism and Certificate Authentication Mechanism, make the more science of the management to the private clound in mixed cloud, safe.
It is preferred that, private clound is divided into open level, confidential and confidential, bag by the security classification according to private clound Include:
(1) if certain private clound only allows private clound founder itself to access, the private clound is confidential;
(2) if the service requester that certain private clound allows private clound founder to authorize is accessed, the private clound is secret Level;
(3) if certain private clound allows to access with all service requesters that the private clound sets up trusting relationship, this is privately owned Cloud is open level.
It is preferred that, the security strategy includes:
(1) for confidential private clound, it is encrypted using elliptic curve cipher system, visitor needs to carry out fingerprint inspection Card could send access request;
(2) for confidential private clound, it is encrypted using RSA cryptographic algorithms, visitor needs to authorize U-shield to visit Ask;
(3) for open level private clound, it is encrypted using des encryption algorithm, the visitor for setting up trusting relationship can be with Directly transmit access request.
This preferred embodiment divides security classification to different private clounds and designs corresponding security strategy, is ensureing safety On the premise of different private clounds can be conducted interviews.
It is preferred that, described information storage system 5 is stored using multilayered model to information, including accumulation layer, management level And interface layer, the accumulation layer be in memory module bottom, be made up of different equipment, the management level be located at accumulation layer it On, storage device is managed by various softwares, the service-oriented requestor of interface layer provides service, can be according to visitor There is provided different service interfaces for family demand.
This preferred embodiment is easy to that manager's queried access information and warning message can be easy to, and is easy to subsequent examination.
It is preferred that, customized across the cloud authentication protocol is:
(1) service requester randomly selects self-defined numeral as fresh number, the attribute token obtained with service requester The random number of service requester is returned to together as message with S is serviced when carrying out across cloud accesss, and clothes are sent to after encrypted signature Be engaged in S;
(2) service S is received after message, close to message solution label with the private key of oneself and the public key of service requester, if message The random number of service requester is returned to containing the service S, then service requester authentication passes through, service S and then generation Another random number, carries out encrypted signature to another random number and the self-defined numeral, forms feedback information, be sent to clothes Be engaged in requestor;
(3) service requester is received after the feedback information, with the private key of oneself and service S public key to feedback information solution Label are close, if feedback information contains the self-defined numeral, service S identity have authenticated, it is achieved thereby that both sides' mutually recognizes each other Card.
This preferred embodiment devises customized across cloud authentication protocol, realizes two-way between service requester and service Certification, improves the security and the efficiency across cloud certification of system.
It is preferred that, the monitoring system 4 that accesses is by access process vector X=(a1、a2、a3) be indicated, a1Represent report A situation arises for alert information, a2Represent service requester accesses whether meet security strategy, a3Represent running situation;Work as alarm When information does not occur, a11 is taken, 0 is otherwise taken;When service requester access meets security strategy, a21 is taken, 0 is otherwise taken;When system fortune A when row is normal31 is taken, 0 is otherwise taken;Only when X=(1,1,1), monitoring system identification is accessed successfully;Monitoring system 4 is accessed to exist Recorded in work to accessing unsuccessful time and number of times, setting time is reached when accessing unsuccessful number of times in setting time section Number, accesses monitoring system 4 and sends warning information.
This preferred embodiment realizes the monitoring to service requester access process, improves the security of system.Herein In application scenarios, the self-defined password digit is 9, and certification speed improves 12%, and security improves 10%.
Application scenarios 4
Referring to Fig. 1, Fig. 2, across the cloud customer certification system towards mixed cloud of one embodiment of this application scene, including Service request terminal 1, mixed cloud management system 2, across cloud authentication administrative system 3, access monitoring system 4 and information storage system 5;
The service request terminal 1 is used to provide access interface for the privately owned cloud service in service requester access mixed cloud;
The mixed cloud management system 2 includes mixed cloud identity management module 21, mixed cloud differentiated control module 22;It is described Mixed cloud identity management module 21 is used to be managed the private clound for adding mixed cloud based on Certificate Authentication Mechanism, and sets up each Trusting relationship between private clound;The mixed cloud differentiated control module 22 is used for private clound according to the security classification of private clound Open level, confidential and confidential are divided into, and takes different security strategies to be managed for different brackets;
Across the cloud authentication administrative system 3 includes across cloud authentication module 31 and alarm module 32;Across the cloud authentication module 31 are used for the attribute token of acquisition service requester during for service requester progress across cloud access, and based on customized across cloud Authentication protocol realizes across cloud certification when service of the service requester of local private clound to other private clounds carries out across cloud access Communication service is provided;The alarm module 32 is used for the alert when obtaining attribute token failure or decryption failure;
The access monitoring system 4 is used to be monitored service requester across the process that cloud is accessed;
Described information storage system 5 is used for the access information and warning message of storage service requestor.
It is preferred that, the attribute token that service requester is obtained when service requester carries out across cloud access, including:
(1) service requester sends to the service S for other private clounds to be accessed across cloud and accesses service request;
(2) service S responses are accessed after service request, and attribute request is sent to service requester;
(3) service requester inputs self-defined password, and the self-defined password digit have to be larger than 6, and will be self-defined Password and its identity together with the attribute request as message by sending jointly to the certification of private clound after encrypted signature Agency, authentication proxy message is decrypted checking, after being verified, root by the private key of oneself and the public key of service requester According to extracting corresponding with attribute request attribute in the attribute request dependence memory module of service requester and sign and issue attribute token, Session key is generated, service requester is sent to after encrypted signature together with the attribute token and self-defined password;
(4) service requester is received after message, and message is carried out using the private key of oneself and the public key certificate of authentication proxy Decryption, if containing self-defined password in information, have authenticated the identity of the authentication proxy, while also obtain attribute token.
It is preferred that, the alert when obtaining attribute token failure or decryption failure, including:
(1) service requester sends to the service S for other private clounds to be accessed across cloud and accesses service request;
(2) service S responses are accessed after service request, and attribute request is sent to service requester;
(3) service requester inputs self-defined code error, obtains attribute token failure, and alarm module 32 sends alarm signal Breath, attribute token, which is obtained, to be sent to after service requester, and information can not be decrypted for service requester, it is impossible to is completed identity and is tested Card, the also alert of alarm module 32.
The above embodiment of the present invention devises the acquisition modes of attribute token, improve attribute token acquisition security and Efficiency;Across the cloud Verification System towards mixed cloud is constructed, service requester under mixing cloud environment can be met and adhere to different privates separately There are the authenticated domain of cloud, service access frequently demand, so as to solve above-mentioned technical problem.
It is preferred that, the mixed cloud identity management module 21 includes:
(1) certificate issuance unit 211:For the authentication proxy when private clound adds or exits mixed cloud for the private clound Sign and issue or revoked public key certificate, and the public key certificate signed and issued in mixed cloud is managed collectively;
(2) Yun Jian authentication proxys unit 212:The registration of the private clound newly added for receiving, it is privately owned that management is newly added The log-on message of the authentication proxy of cloud, so as to set up its trusting relationship between private clound.
It is preferred that, the authentication proxy of the private clound supports ID authentication mechanism and Certificate Authentication Mechanism, for managing private There is signing and issuing for the authentication in cloud and attribute token, and when across cloud authentication module 31 carries out across cloud certification, by the registration Information is submitted to mixed cloud identity management module 21 and is managed, and receives the public key card that mixed cloud identity management module 21 is signed and issued Book;The log-on message of the authentication proxy for managing the private clound newly added, including:Audit the certification generation of the private clound newly added The log-on message of reason, receive the private clound newly added authentication proxy log-on message, log-on message is stored in safety database, The log-on message of the private clound exited is deleted when private clound exits mixed cloud.
Above-mentioned two preferred embodiment realizes the management to the private clound in mixed cloud, and the authentication proxy of private clound supports ID authentication mechanism and Certificate Authentication Mechanism, make the more science of the management to the private clound in mixed cloud, safe.
It is preferred that, private clound is divided into open level, confidential and confidential, bag by the security classification according to private clound Include:
(1) if certain private clound only allows private clound founder itself to access, the private clound is confidential;
(2) if the service requester that certain private clound allows private clound founder to authorize is accessed, the private clound is secret Level;
(3) if certain private clound allows to access with all service requesters that the private clound sets up trusting relationship, this is privately owned Cloud is open level.
It is preferred that, the security strategy includes:
(1) for confidential private clound, it is encrypted using elliptic curve cipher system, visitor needs to carry out fingerprint inspection Card could send access request;
(2) for confidential private clound, it is encrypted using RSA cryptographic algorithms, visitor needs to authorize U-shield to visit Ask;
(3) for open level private clound, it is encrypted using des encryption algorithm, the visitor for setting up trusting relationship can be with Directly transmit access request.
This preferred embodiment divides security classification to different private clounds and designs corresponding security strategy, is ensureing safety On the premise of different private clounds can be conducted interviews.
It is preferred that, described information storage system 5 is stored using multilayered model to information, including accumulation layer, management level And interface layer, the accumulation layer be in memory module bottom, be made up of different equipment, the management level be located at accumulation layer it On, storage device is managed by various softwares, the service-oriented requestor of interface layer provides service, can be according to visitor There is provided different service interfaces for family demand.
This preferred embodiment is easy to that manager's queried access information and warning message can be easy to, and is easy to subsequent examination.
It is preferred that, customized across the cloud authentication protocol is:
(1) service requester randomly selects self-defined numeral as fresh number, the attribute token obtained with service requester The random number of service requester is returned to together as message with S is serviced when carrying out across cloud accesss, and clothes are sent to after encrypted signature Be engaged in S;
(2) service S is received after message, close to message solution label with the private key of oneself and the public key of service requester, if message The random number of service requester is returned to containing the service S, then service requester authentication passes through, service S and then generation Another random number, carries out encrypted signature to another random number and the self-defined numeral, forms feedback information, be sent to clothes Be engaged in requestor;
(3) service requester is received after the feedback information, with the private key of oneself and service S public key to feedback information solution Label are close, if feedback information contains the self-defined numeral, service S identity have authenticated, it is achieved thereby that both sides' mutually recognizes each other Card.
This preferred embodiment devises customized across cloud authentication protocol, realizes two-way between service requester and service Certification, improves the security and the efficiency across cloud certification of system.
It is preferred that, the monitoring system 4 that accesses is by access process vector X=(a1、a2、a3) be indicated, a1Represent report A situation arises for alert information, a2Represent service requester accesses whether meet security strategy, a3Represent running situation;Work as alarm When information does not occur, a11 is taken, 0 is otherwise taken;When service requester access meets security strategy, a21 is taken, 0 is otherwise taken;When system fortune A when row is normal31 is taken, 0 is otherwise taken;Only when X=(1,1,1), monitoring system identification is accessed successfully;Monitoring system 4 is accessed to exist Recorded in work to accessing unsuccessful time and number of times, setting time is reached when accessing unsuccessful number of times in setting time section Number, accesses monitoring system 4 and sends warning information.
This preferred embodiment realizes the monitoring to service requester access process, improves the security of system.
In this application scenarios, the self-defined password digit is 8, and certification speed improves 13%, and security is improved 9%.
Application scenarios 5
Referring to Fig. 1, Fig. 2, across the cloud customer certification system towards mixed cloud of one embodiment of this application scene, including Service request terminal 1, mixed cloud management system 2, across cloud authentication administrative system 3, access monitoring system 4 and information storage system 5;
The service request terminal 1 is used to provide access interface for the privately owned cloud service in service requester access mixed cloud;
The mixed cloud management system 2 includes mixed cloud identity management module 21, mixed cloud differentiated control module 22;It is described Mixed cloud identity management module 21 is used to be managed the private clound for adding mixed cloud based on Certificate Authentication Mechanism, and sets up each Trusting relationship between private clound;The mixed cloud differentiated control module 22 is used for private clound according to the security classification of private clound Open level, confidential and confidential are divided into, and takes different security strategies to be managed for different brackets;
Across the cloud authentication administrative system 3 includes across cloud authentication module 31 and alarm module 32;Across the cloud authentication module 31 are used for the attribute token of acquisition service requester during for service requester progress across cloud access, and based on customized across cloud Authentication protocol realizes across cloud certification when service of the service requester of local private clound to other private clounds carries out across cloud access Communication service is provided;The alarm module 32 is used for the alert when obtaining attribute token failure or decryption failure;
The access monitoring system 4 is used to be monitored service requester across the process that cloud is accessed;
Described information storage system 5 is used for the access information and warning message of storage service requestor.
It is preferred that, the attribute token that service requester is obtained when service requester carries out across cloud access, including:
(1) service requester sends to the service S for other private clounds to be accessed across cloud and accesses service request;
(2) service S responses are accessed after service request, and attribute request is sent to service requester;
(3) service requester inputs self-defined password, and the self-defined password digit have to be larger than 6, and will be self-defined Password and its identity together with the attribute request as message by sending jointly to the certification of private clound after encrypted signature Agency, authentication proxy message is decrypted checking, after being verified, root by the private key of oneself and the public key of service requester According to extracting corresponding with attribute request attribute in the attribute request dependence memory module of service requester and sign and issue attribute token, Session key is generated, service requester is sent to after encrypted signature together with the attribute token and self-defined password;
(4) service requester is received after message, and message is carried out using the private key of oneself and the public key certificate of authentication proxy Decryption, if containing self-defined password in information, have authenticated the identity of the authentication proxy, while also obtain attribute token.
It is preferred that, the alert when obtaining attribute token failure or decryption failure, including:
(1) service requester sends to the service S for other private clounds to be accessed across cloud and accesses service request;
(2) service S responses are accessed after service request, and attribute request is sent to service requester;
(3) service requester inputs self-defined code error, obtains attribute token failure, and alarm module 32 sends alarm signal Breath, attribute token, which is obtained, to be sent to after service requester, and information can not be decrypted for service requester, it is impossible to is completed identity and is tested Card, the also alert of alarm module 32.
The above embodiment of the present invention devises the acquisition modes of attribute token, improve attribute token acquisition security and Efficiency;Across the cloud Verification System towards mixed cloud is constructed, service requester under mixing cloud environment can be met and adhere to different privates separately There are the authenticated domain of cloud, service access frequently demand, so as to solve above-mentioned technical problem.
It is preferred that, the mixed cloud identity management module 21 includes:
(1) certificate issuance unit 211:For the authentication proxy when private clound adds or exits mixed cloud for the private clound Sign and issue or revoked public key certificate, and the public key certificate signed and issued in mixed cloud is managed collectively;
(2) Yun Jian authentication proxys unit 212:The registration of the private clound newly added for receiving, it is privately owned that management is newly added The log-on message of the authentication proxy of cloud, so as to set up its trusting relationship between private clound.
It is preferred that, the authentication proxy of the private clound supports ID authentication mechanism and Certificate Authentication Mechanism, for managing private There is signing and issuing for the authentication in cloud and attribute token, and when across cloud authentication module 31 carries out across cloud certification, by the registration Information is submitted to mixed cloud identity management module 21 and is managed, and receives the public key card that mixed cloud identity management module 21 is signed and issued Book;The log-on message of the authentication proxy for managing the private clound newly added, including:Audit the certification generation of the private clound newly added The log-on message of reason, receive the private clound newly added authentication proxy log-on message, log-on message is stored in safety database, The log-on message of the private clound exited is deleted when private clound exits mixed cloud.
Above-mentioned two preferred embodiment realizes the management to the private clound in mixed cloud, and the authentication proxy of private clound supports ID authentication mechanism and Certificate Authentication Mechanism, make the more science of the management to the private clound in mixed cloud, safe.
It is preferred that, private clound is divided into open level, confidential and confidential, bag by the security classification according to private clound Include:
(1) if certain private clound only allows private clound founder itself to access, the private clound is confidential;
(2) if the service requester that certain private clound allows private clound founder to authorize is accessed, the private clound is secret Level;
(3) if certain private clound allows to access with all service requesters that the private clound sets up trusting relationship, this is privately owned Cloud is open level.
It is preferred that, the security strategy includes:
(1) for confidential private clound, it is encrypted using elliptic curve cipher system, visitor needs to carry out fingerprint inspection Card could send access request;
(2) for confidential private clound, it is encrypted using RSA cryptographic algorithms, visitor needs to authorize U-shield to visit Ask;
(3) for open level private clound, it is encrypted using des encryption algorithm, the visitor for setting up trusting relationship can be with Directly transmit access request.
This preferred embodiment divides security classification to different private clounds and designs corresponding security strategy, is ensureing safety On the premise of different private clounds can be conducted interviews.
It is preferred that, described information storage system 5 is stored using multilayered model to information, including accumulation layer, management level And interface layer, the accumulation layer be in memory module bottom, be made up of different equipment, the management level be located at accumulation layer it On, storage device is managed by various softwares, the service-oriented requestor of interface layer provides service, can be according to visitor There is provided different service interfaces for family demand.
This preferred embodiment is easy to that manager's queried access information and warning message can be easy to, and is easy to subsequent examination.
It is preferred that, customized across the cloud authentication protocol is:
(1) service requester randomly selects self-defined numeral as fresh number, the attribute token obtained with service requester The random number of service requester is returned to together as message with S is serviced when carrying out across cloud accesss, and clothes are sent to after encrypted signature Be engaged in S;
(2) service S is received after message, close to message solution label with the private key of oneself and the public key of service requester, if message The random number of service requester is returned to containing the service S, then service requester authentication passes through, service S and then generation Another random number, carries out encrypted signature to another random number and the self-defined numeral, forms feedback information, be sent to clothes Be engaged in requestor;
(3) service requester is received after the feedback information, with the private key of oneself and service S public key to feedback information solution Label are close, if feedback information contains the self-defined numeral, service S identity have authenticated, it is achieved thereby that both sides' mutually recognizes each other Card.
This preferred embodiment devises customized across cloud authentication protocol, realizes two-way between service requester and service Certification, improves the security and the efficiency across cloud certification of system.
It is preferred that, the monitoring system 4 that accesses is by access process vector X=(a1、a2、a3) be indicated, a1Represent report A situation arises for alert information, a2Represent service requester accesses whether meet security strategy, a3Represent running situation;Work as alarm When information does not occur, a11 is taken, 0 is otherwise taken;When service requester access meets security strategy, a21 is taken, 0 is otherwise taken;When system fortune A when row is normal31 is taken, 0 is otherwise taken;Only when X=(1,1,1), monitoring system identification is accessed successfully;Monitoring system 4 is accessed to exist Recorded in work to accessing unsuccessful time and number of times, setting time is reached when accessing unsuccessful number of times in setting time section Number, accesses monitoring system 4 and sends warning information.
This preferred embodiment realizes the monitoring to service requester access process, improves the security of system.
In this application scenarios, the self-defined password digit is 7, and certification speed improves 14%, and security is improved 8%.
Finally it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than to present invention guarantor The limitation of scope is protected, although being explained with reference to preferred embodiment to the present invention, one of ordinary skill in the art should Work as understanding, technical scheme can be modified or equivalent substitution, without departing from the reality of technical solution of the present invention Matter and scope.

Claims (8)

1. a kind of across cloud customer certification system towards mixed cloud, it is characterised in that including service request terminal, mixing cloud management system System, across cloud authentication administrative system, access monitoring system and information storage system;
The service request terminal is used to provide access interface for the privately owned cloud service in service requester access mixed cloud;
The mixed cloud management system includes mixed cloud identity management module, mixed cloud differentiated control module;The mixed cloud body Part management module is used to be managed the private clound for adding mixed cloud based on Certificate Authentication Mechanism, and sets up between each private clound Trusting relationship;The mixed cloud differentiated control module is used to private clound is divided into disclosure according to the security classification of private clound Level, confidential and confidential, and take different security strategies to be managed for different brackets;
Across the cloud authentication administrative system includes across cloud authentication module and alarm module;Across the cloud authentication module is used for for service Requestor obtained during across cloud access the attribute token of service requester, and is realized based on customized across cloud authentication protocol Across cloud certification when service of the service requester of local private clound to other private clounds carries out across cloud access provides communication service;
The access monitoring system is used to be monitored service requester across the process that cloud is accessed;
Described information storage system is used for the access information and warning message of storage service requestor.
2. a kind of across cloud customer certification system towards mixed cloud according to claim 1, it is characterised in that the mixing Cloud identity management module includes:
(1) certificate issuance unit:For added in private clound or when exiting mixed cloud for the private clound authentication proxy sign and issue or Revoked public key certificate, and the public key certificate signed and issued in mixed cloud is managed collectively;
(2) Yun Jian authentication proxys unit:The registration of the private clound newly added for receiving, manages the certification of the private clound newly added The log-on message of agency, so as to set up its trusting relationship between private clound.
3. a kind of across cloud customer certification system towards mixed cloud according to claim 2, it is characterised in that described privately owned The authentication proxy of cloud supports ID authentication mechanism and Certificate Authentication Mechanism, for managing authentication and attribute order in private clound Board is signed and issued, and when across cloud authentication module carries out across cloud certification, the log-on message is submitted into mixed cloud Identity Management mould Block is managed, and receives the public key certificate that mixed cloud identity management module is signed and issued;The certification for managing the private clound newly added The log-on message of agency, including:Audit the log-on message of the authentication proxy of the private clound newly added, receive the private clound newly added Authentication proxy log-on message, log-on message is stored in safety database, deletes when private clound exits mixed cloud and exits The log-on message of private clound.
4. a kind of across cloud customer certification system towards mixed cloud according to claim 1, it is characterised in that described information Storage system is stored using multilayered model to information, including accumulation layer, management level and interface layer, and the accumulation layer is in and deposited The bottom of module is stored up, is made up of different equipment, the management level are located on accumulation layer, by various softwares to storage device It is managed, the service-oriented requestor of interface layer provides service, can be connect according to customer demand there is provided different services Mouthful.
5. a kind of across cloud customer certification system towards mixed cloud according to claim 1, it is characterised in that described in clothes Business requestor obtained during across cloud access the attribute token of service requester, including:
(1) service requester sends to the service S for other private clounds to be accessed across cloud and accesses service request;
(2) service S responses are accessed after service request, and attribute request is sent to service requester;
(3) service requester inputs self-defined password, and the self-defined password digit have to be larger than 6, and by self-defined password With its identity by sending jointly to the authentication proxy of private clound after encrypted signature as message together with the attribute request, Authentication proxy message is decrypted checking by the private key of oneself and the public key of service requester, after being verified, according to clothes It is engaged in extracting attribute corresponding with attribute request in the attribute request dependence memory module of requestor and signs and issues attribute token, generates Session key, service requester is sent to together with the attribute token and self-defined password after encrypted signature;
(4) service requester is received after message, and message is decrypted using the private key of oneself and the public key certificate of authentication proxy, If containing self-defined password in information, the identity of the authentication proxy is have authenticated, while also obtain attribute token.
6. a kind of across cloud customer certification system towards mixed cloud according to claim 5, it is characterised in that described to obtain Alert when taking attribute token failure or decryption failure, including:
(1) service requester sends to the service S for other private clounds to be accessed across cloud and accesses service request;
(2) service S responses are accessed after service request, and attribute request is sent to service requester;
(3) service requester inputs self-defined code error, obtains attribute token failure, and alarm module sends a warning, and belongs to Property token obtain and be sent to after service requester, information can not be decrypted for service requester, it is impossible to complete authentication, alarm Module also alert.
7. a kind of across cloud customer certification system towards mixed cloud according to claim 6, it is characterised in that described to make by oneself Justice across cloud authentication protocol be:
(1) service requester randomly selects self-defined numeral as fresh number, the attribute token that is obtained with service requester and enters Service S returns to the random number of service requester together as message during row across cloud accesss, is sent to after encrypted signature and services S;
(2) service S is received after message, close to message solution label with the private key of oneself and the public key of service requester, if message contains The service S returns to the random number of service requester, then service requester authentication passes through, and services S and then generates another Random number, carries out encrypted signature to another random number and the self-defined numeral, forms feedback information, being sent to service please The person of asking;
(3) service requester is received after the feedback information, with the private key of oneself and service S public key to feedback information solution label It is close, if feedback information contains the self-defined numeral, service S identity is have authenticated, it is achieved thereby that both sides' is mutually authenticated.
8. a kind of across cloud customer certification system towards mixed cloud according to claim 7, it is characterised in that the access Monitoring system is by access process vector X=(a1、a2、a3) be indicated, a1Represent that a situation arises for warning message, a2Represent service Whether requester accesses meet security strategy, a3Represent running situation;When warning message does not occur, a11 is taken, is otherwise taken 0;When service requester access meets security strategy, a21 is taken, 0 is otherwise taken;The a when system operation is normal31 is taken, 0 is otherwise taken;Only There is the monitoring system identification when X=(1,1,1) to access successfully;Access monitoring system at work to access unsuccessful time and Number of times is recorded, and setting number of times is reached when accessing unsuccessful number of times in setting time section, is accessed monitoring system and is sent alarm letter Breath.
CN201710727800.7A 2016-08-31 2017-08-23 A kind of across cloud customer certification system towards mixed cloud Pending CN107277079A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2016107902814 2016-08-31
CN201610790281.4A CN106375308A (en) 2016-08-31 2016-08-31 Hybrid cloud-oriented cross-cloud user authentication system

Publications (1)

Publication Number Publication Date
CN107277079A true CN107277079A (en) 2017-10-20

Family

ID=57899722

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201610790281.4A Pending CN106375308A (en) 2016-08-31 2016-08-31 Hybrid cloud-oriented cross-cloud user authentication system
CN201710727800.7A Pending CN107277079A (en) 2016-08-31 2017-08-23 A kind of across cloud customer certification system towards mixed cloud

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN201610790281.4A Pending CN106375308A (en) 2016-08-31 2016-08-31 Hybrid cloud-oriented cross-cloud user authentication system

Country Status (1)

Country Link
CN (2) CN106375308A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109598114A (en) * 2018-11-23 2019-04-09 金色熊猫有限公司 Cross-platform unification user account management method and system
CN114036480A (en) * 2022-01-07 2022-02-11 北京悦游信息技术有限公司 Security access control method and system for private application and readable storage medium

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106375308A (en) * 2016-08-31 2017-02-01 上海宽惠网络科技有限公司 Hybrid cloud-oriented cross-cloud user authentication system
CN107465681B (en) * 2017-08-07 2021-01-26 国网上海市电力公司 Cloud computing big data privacy protection method
CN108599936A (en) * 2018-04-20 2018-09-28 西安电子科技大学 A kind of OpenStack increases income the safety certifying method of cloud user
CN109039866A (en) * 2018-08-09 2018-12-18 上海织语网络科技有限公司 A kind of instant messaging mixing cloud system and its means of communication
CN109413099B (en) * 2018-12-04 2021-06-04 北京致远互联软件股份有限公司 Certificate-based hybrid cloud encrypted communication method and device and electronic equipment
CN109922128A (en) * 2019-01-08 2019-06-21 中金数据(武汉)超算技术有限公司 A kind of data safety exchange method suitable for across cloud service deployment environment
CN109671005A (en) * 2019-01-08 2019-04-23 中金数据(武汉)超算技术有限公司 A kind of across government affairs clouds based on safety bridge and public cloud data communications method
CN112487390A (en) * 2020-11-27 2021-03-12 网宿科技股份有限公司 Micro-service switching method and system
CN113489695B (en) * 2021-06-24 2023-08-01 深圳Tcl新技术有限公司 Private cloud networking method, device, system, computer equipment and storage medium
CN115913676B (en) * 2022-11-04 2023-06-02 上海申石软件有限公司 Access control method and device for cloud native application, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140223507A1 (en) * 2013-02-05 2014-08-07 Fortinet, Inc. Cloud-based security policy configuration
CN104113595A (en) * 2014-07-09 2014-10-22 武汉邮电科学研究院 Mixed cloud storage system and method based on safety grading
CN104246741A (en) * 2012-07-31 2014-12-24 惠普发展公司,有限责任合伙企业 Orchestrating hybrid cloud services
CN104935606A (en) * 2015-07-07 2015-09-23 成都睿峰科技有限公司 Terminal login method in cloud computing network
CN106375308A (en) * 2016-08-31 2017-02-01 上海宽惠网络科技有限公司 Hybrid cloud-oriented cross-cloud user authentication system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104246741A (en) * 2012-07-31 2014-12-24 惠普发展公司,有限责任合伙企业 Orchestrating hybrid cloud services
US20140223507A1 (en) * 2013-02-05 2014-08-07 Fortinet, Inc. Cloud-based security policy configuration
CN104113595A (en) * 2014-07-09 2014-10-22 武汉邮电科学研究院 Mixed cloud storage system and method based on safety grading
CN104935606A (en) * 2015-07-07 2015-09-23 成都睿峰科技有限公司 Terminal login method in cloud computing network
CN106375308A (en) * 2016-08-31 2017-02-01 上海宽惠网络科技有限公司 Hybrid cloud-oriented cross-cloud user authentication system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109598114A (en) * 2018-11-23 2019-04-09 金色熊猫有限公司 Cross-platform unification user account management method and system
CN109598114B (en) * 2018-11-23 2021-07-09 金色熊猫有限公司 Cross-platform unified user account management method and system
CN114036480A (en) * 2022-01-07 2022-02-11 北京悦游信息技术有限公司 Security access control method and system for private application and readable storage medium
CN114036480B (en) * 2022-01-07 2022-04-12 北京悦游信息技术有限公司 Security access control method and system for private application and readable storage medium

Also Published As

Publication number Publication date
CN106375308A (en) 2017-02-01

Similar Documents

Publication Publication Date Title
CN107277079A (en) A kind of across cloud customer certification system towards mixed cloud
CN101547095B (en) Application service management system and management method based on digital certificate
CN103107996B (en) Digital certificate download online method and system, digital certificate are provided platform
CN104753881B (en) A kind of WebService safety certification access control method based on software digital certificate and timestamp
CN108235805A (en) Account unifying method and device and storage medium
CN112528250B (en) System and method for realizing data privacy and digital identity through block chain
US20010020228A1 (en) Umethod, system and program for managing relationships among entities to exchange encryption keys for use in providing access and authorization to resources
CN109067801A (en) A kind of identity identifying method, identification authentication system and computer-readable medium
CN106452772B (en) Terminal authentication method and device
CN109150535A (en) A kind of identity identifying method, equipment, computer readable storage medium and device
CN101262342A (en) Distributed authorization and validation method, device and system
KR102410006B1 (en) Method for creating decentralized identity able to manage user authority and system for managing user authority using the same
CN101546407A (en) Electronic commerce system and management method thereof based on digital certificate
CN109981287A (en) A kind of code signature method and its storage medium
CN101540757A (en) Method and system for identifying network and identification equipment
CN114666168B (en) Decentralized identity certificate verification method and device, and electronic equipment
CN101547097B (en) Digital media management system and management method based on digital certificate
US20170104748A1 (en) System and method for managing network access with a certificate having soft expiration
LU93150B1 (en) Method for providing secure digital signatures
CN108400962A (en) A kind of Authentication and Key Agreement method under multiserver framework
CN101547096A (en) Net-meeting system and management method thereof based on digital certificate
CN108011873A (en) A kind of illegal connection determination methods based on set covering
CN106339597A (en) Intelligent medical remote monitor system based on cloud computing
CN114760070A (en) Digital certificate issuing method, digital certificate issuing center and readable storage medium
CN107248997A (en) Authentication method based on smart card under environment of multi-server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20171020

WD01 Invention patent application deemed withdrawn after publication