CN107566414A - A kind of data encryption cloud system - Google Patents

A kind of data encryption cloud system Download PDF

Info

Publication number
CN107566414A
CN107566414A CN201711002805.XA CN201711002805A CN107566414A CN 107566414 A CN107566414 A CN 107566414A CN 201711002805 A CN201711002805 A CN 201711002805A CN 107566414 A CN107566414 A CN 107566414A
Authority
CN
China
Prior art keywords
data
module
encryption
identity
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711002805.XA
Other languages
Chinese (zh)
Inventor
黄挺冠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201711002805.XA priority Critical patent/CN107566414A/en
Publication of CN107566414A publication Critical patent/CN107566414A/en
Pending legal-status Critical Current

Links

Landscapes

  • Computer And Data Communications (AREA)

Abstract

The present invention provides a kind of data encryption cloud system, including client computer, authentication module, client computer first passes around authentication module after sending request, authentication module is used for the identity for analyzing client computer, crypto identity or non-encrypted identity are confirmed as, non-encrypted data access can be carried out by such as directly sending the request to Cloud Server for non-encrypted identity, and such as sending the request to encrypting module for crypto identity is handled;Encrypting module is responsible for data encryption and carries out data interaction with Cloud Server;Cloud Server, it is divided into separate non-encrypted data memory module and encryption data memory module, non-encrypted data memory module is used to store the data without encryption, and encryption data memory module is used to store the data after data processing module is encrypted.The system can not only be that high in the clouds data realize effective encryption, while be designed to by stratification module to increase substantially high in the clouds data transmission efficiency.

Description

A kind of data encryption cloud system
Technical field
The invention mainly relates to cloud system field of information security technology, specifically a kind of data encryption cloud system.
Background technology
Cloud computing is centered on internet, provides safety, quick data storage and network calculations service centre.In cloud In computing system, the storage of mass data is located in Cloud Server.In order to realize the interaction of information security, needed for encryption information Used after carrying out corresponding encryption for user's access.
In the prior art, usually cloud server is authenticated to the identity of user, for meeting crypto identity User can just conduct interviews to encryption data.But because the data volume stored in Cloud Server is very big, a series of certifications and Encryption process is relatively complicated so that the efficiency of transmission of data is very low, has a strong impact on the usage experience of user.
The content of the invention
To solve the deficiency of current technology, the present invention combines prior art, from practical application, there is provided a kind of data add Miyun system, the system can not only be that high in the clouds data realize effective encryption, while be designed to greatly by stratification module Amplitude improves high in the clouds data transmission efficiency.
To achieve the above object, technical scheme is as follows:
A kind of data encryption cloud system, including
Client computer, the terminal that client uses, it is divided into data uploading module and data download module, wherein data uploading module Stored for required data to be uploaded into Cloud Server, data download module is used for required data from Cloud Server It is downloaded;
Authentication module, client computer first pass around authentication module after sending request, and authentication module is used to divide The identity of client computer is analysed, confirms as crypto identity or non-encrypted identity, such as directly sends the request to cloud for non-encrypted identity Server can carry out non-encrypted data access, and such as sending the request to encrypting module for crypto identity is handled;
Encrypting module, is divided into judge module and data processing module, and judge module first determines whether data needed for client Secret grade, communicated according to respective encrypted grade with data processing module, data processing module enters according to secret grade to data The corresponding encryption of row or decryption, while be responsible for carrying out data interaction with Cloud Server;
Cloud Server, it is divided into separate non-encrypted data memory module and encryption data memory module, non-encrypted number It is used to store the data without encryption according to memory module, encryption data memory module is used to store after data processing module is encrypted Data.
Authentication module regards as crypto identity, provides access permission card, and access permission card has useful life, surpassed Need to re-start identity identification after crossing useful life.
Data processing module is divided into primary encrypting module and superencipherment module, and encryption data memory module is divided into primary add Ciphertext data memory module and superencipherment data memory module, judge module can determine that crypto identity is primary crypto identity and height Level crypto identity, data are formed after the primary encryption for realizing data that communicated with primary encrypting module is realized for primary crypto identity Ciphertext is stored to primary encryption data memory module, is realized to communicate with superencipherment module for superencipherment identity and is realized number According to superencipherment after formed data ciphertext store to advanced encryption data memory module.
Client computer need to attach required secret grade when sending encryption data upload request, and authentication module is regarded as encrypting Sending the request to judge module after identity, judge module judges whether crypto identity meet with the secret grade of request, Stored if met after data processing module carries out respective level encryption to Cloud Server.
After client computer sends encryption data download request, authentication module is sent the request to after regarding as crypto identity Judge module, judge module judge crypto identity grade and send the request to data processing module, data processing module and cloud Asked encryption data grade is obtained after server communication, the data download can be carried out by such as meeting with crypto identity.
Beneficial effects of the present invention:
1st, in the present invention, cloud server is arranged to two parts of encryption data and non-encrypted data independence, when with Family access Cloud Server before first by authentication module carry out authentication, for non-encrypted identity can directly with it is non-encrypted Data are communicated, and are realized after being handled for crypto identity by corresponding encrypting and decrypting and are communicated with encryption data, entirely System level is clearly demarcated, can increase substantially the data communication efficiency between user terminal and Cloud Server, improves the use of user Experience.
2nd, data encryption is carried out graded encryption processing mode, different brackets encryption number by the present invention according to user's actual need Handle and do not interfere with each other between, be not only able to ensure the security of data encryption, while be easy to the efficient process of data.
3rd, the data upload requests and data CIPHERING REQUEST in the present invention for user use unique data processing method, Computational efficiency can be improved, saves time cost.
Brief description of the drawings
Accompanying drawing 1 is the system general structure principle schematic;
Accompanying drawing 2 is authentication module theory diagram of the present invention;
Accompanying drawing 3 is encrypting module theory diagram of the present invention.
Embodiment
With reference to the drawings and specific embodiments, the invention will be further described.It should be understood that these embodiments are merely to illustrate The present invention rather than limitation the scope of the present invention.In addition, it is to be understood that after the content of the invention lectured has been read, this area Technical staff can make various changes or modifications to the present invention, and these equivalent form of values equally fall within scope defined herein.
As shown in accompanying drawing 1,2,3, the present invention is a kind of data encryption cloud system, mainly including client computer, authentication mould Block, encrypting module and Cloud Server.
Wherein client computer is the terminal that client uses, and sets separate data uploading module and data on a client Download module, wherein data uploading module are stored for required data to be uploaded into Cloud Server, data download module For being used after required data are downloaded from Cloud Server.
After client computer sends solicited message, either data upload information or data download information, first request can be sent out Deliver to authentication module and carry out authentication, supply identity being divided into Three Estate after authentication, i.e.,:Non-encrypted identity, just Level crypto identity and superencipherment identity.For the non-encrypted identity after certification, solicited message can be sent directly to Cloud Server, With that in Cloud Server communication process, can only be communicated with the non-encrypted data in Cloud Server, and can not be to encryption information Conduct interviews.If primary crypto identity, server issues primary access permission, can be with the period of validity of licensing The primary encryption data in Cloud Server is conducted interviews by encrypting module, it is necessary to re-start after license terms expire Authentication.If superencipherment identity, the advanced access permission of server issues, can be with the period of validity of licensing The superencipherment data in Cloud Server are conducted interviews by encrypting module, it is necessary to re-start after license terms expire Authentication.
The encrypting module of the application, is divided into judge module and data processing module, and judge module first determines whether client institute The secret grade of data is needed, is communicated according to respective encrypted grade with data processing module, data processing module is according to secret grade Data are carried out with corresponding encryption or decryption, while is responsible for carrying out data interaction with Cloud Server;Data processing therein Module is divided into primary encrypting module and superencipherment module, encryption data memory module be divided into primary encryption data memory module and Superencipherment data memory module, judge module can determine that crypto identity is primary crypto identity and superencipherment identity, for Formation data ciphertext is stored to primary after primary crypto identity realizes the primary encryption for realizing data that communicated with primary encrypting module In encryption data memory module, after the superencipherment for realizing data that communicated with superencipherment module is realized for superencipherment identity Data ciphertext is formed to store to advanced encryption data memory module.
Using the data encryption cloud system of the present invention, when user needs uploaded material and encrypting storing, its operation principle is such as Under:Client computer need to attach required secret grade when sending encryption data upload request, and authentication module regards as crypto identity After send the request to judge module, judge module judges whether crypto identity meet with the secret grade of request, if Meet after data processing module carries out respective level encryption and store to Cloud Server.
Using the data encryption cloud system of the present invention, when user needs download access encryption data, its operation principle is as follows: After client computer sends encryption data download request, authentication module sends the request to judgement mould after regarding as crypto identity Block, judge module judge crypto identity grade and send the request to data processing module, data processing module and Cloud Server Asked encryption data grade is obtained after communication, the data download can be carried out by such as meeting with crypto identity.

Claims (5)

  1. A kind of 1. data encryption cloud system, it is characterised in that:Including
    Client computer, the terminal that client uses are divided into data uploading module and data download module, and wherein data uploading module is used for Required data are uploaded into Cloud Server to be stored, data download module is used to carry out required data from Cloud Server Download;
    Authentication module, client computer first pass around authentication module after sending request, and authentication module is used to analyze visitor The identity of family machine, crypto identity or non-encrypted identity are confirmed as, such as directly send the request to cloud service for non-encrypted identity Device can carry out non-encrypted data access, and such as sending the request to encrypting module for crypto identity is handled;
    Encrypting module, is divided into judge module and data processing module, and judge module first determines whether the encryption of data needed for client Grade, communicated according to respective encrypted grade with data processing module, data processing module carries out phase according to secret grade to data The encryption or decryption of grade are answered, while is responsible for carrying out data interaction with Cloud Server;
    Cloud Server, is divided into separate non-encrypted data memory module and encryption data memory module, non-encrypted data are deposited Store up module to be used to store the data without encryption, encryption data memory module is used to store the number after data processing module is encrypted According to.
  2. A kind of 2. data encryption cloud system as claimed in claim 1, it is characterised in that:Authentication module is regarded as encrypting body Part, access permission card is provided, access permission card has useful life, more than needing to re-start identity identification after useful life.
  3. A kind of 3. data encryption cloud system as claimed in claim 1, it is characterised in that:Data processing module is divided into primary encryption Module and superencipherment module, encryption data memory module are divided into primary encryption data memory module and superencipherment data storage Module, judge module can determine that crypto identity is primary crypto identity and superencipherment identity, realized for primary crypto identity Communicated with primary encrypting module and form data ciphertext after the primary encryption for realizing data and store to primary encryption data memory module It is interior, form the storage of data ciphertext after the superencipherment for realizing data that communicated with superencipherment module is realized for superencipherment identity In to advanced encryption data memory module.
  4. A kind of 4. data encryption cloud system as claimed in claim 3, it is characterised in that:Client computer sends encryption data upload please Secret grade needed for need to being attached when asking, authentication module send the request to judge module after regarding as crypto identity, judged Module judges whether crypto identity meet with the secret grade of request, if meeting data processing module carries out respective level Stored after encryption to Cloud Server.
  5. A kind of 5. data encryption cloud system as claimed in claim 3, it is characterised in that:Client computer sends encryption data download please After asking, authentication module sends the request to judge module after regarding as crypto identity, and judge module judges crypto identity etc. Level simultaneously sends the request to data processing module, and data processing module obtains asked encryption data after being communicated with Cloud Server Grade, the data download can be carried out by such as meeting with crypto identity.
CN201711002805.XA 2017-10-24 2017-10-24 A kind of data encryption cloud system Pending CN107566414A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711002805.XA CN107566414A (en) 2017-10-24 2017-10-24 A kind of data encryption cloud system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711002805.XA CN107566414A (en) 2017-10-24 2017-10-24 A kind of data encryption cloud system

Publications (1)

Publication Number Publication Date
CN107566414A true CN107566414A (en) 2018-01-09

Family

ID=60987357

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711002805.XA Pending CN107566414A (en) 2017-10-24 2017-10-24 A kind of data encryption cloud system

Country Status (1)

Country Link
CN (1) CN107566414A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109753810A (en) * 2018-12-12 2019-05-14 北京世纪互联宽带数据中心有限公司 Data classification storage and its device, electronic equipment, computer-readable medium
CN111191253A (en) * 2019-05-17 2020-05-22 延安大学 Data encryption combination method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101106511A (en) * 2007-08-24 2008-01-16 上海可鲁系统软件有限公司 A secure intercommunication method and device between two independent networks
US20100185873A1 (en) * 2007-06-15 2010-07-22 Hiromasa Hashimoto System and method for file processing and file processing program
CN102098317A (en) * 2011-03-22 2011-06-15 浙江中控技术股份有限公司 Data transmitting method and system applied to cloud system
CN103327085A (en) * 2013-06-05 2013-09-25 深圳市中博科创信息技术有限公司 Distributed data processing method, data center and distributed data system
CN104951407A (en) * 2014-03-24 2015-09-30 哈尔滨安天科技股份有限公司 U disc capable of being encrypted and encryption method thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100185873A1 (en) * 2007-06-15 2010-07-22 Hiromasa Hashimoto System and method for file processing and file processing program
CN101106511A (en) * 2007-08-24 2008-01-16 上海可鲁系统软件有限公司 A secure intercommunication method and device between two independent networks
CN102098317A (en) * 2011-03-22 2011-06-15 浙江中控技术股份有限公司 Data transmitting method and system applied to cloud system
CN103327085A (en) * 2013-06-05 2013-09-25 深圳市中博科创信息技术有限公司 Distributed data processing method, data center and distributed data system
CN104951407A (en) * 2014-03-24 2015-09-30 哈尔滨安天科技股份有限公司 U disc capable of being encrypted and encryption method thereof

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109753810A (en) * 2018-12-12 2019-05-14 北京世纪互联宽带数据中心有限公司 Data classification storage and its device, electronic equipment, computer-readable medium
CN111191253A (en) * 2019-05-17 2020-05-22 延安大学 Data encryption combination method

Similar Documents

Publication Publication Date Title
CN106209739B (en) Cloud storage method and system
CN105656859B (en) Tax control equipment software safety online upgrading method and system
CN101772024B (en) User identification method, device and system
CN105162772A (en) IoT equipment authentication and key agreement method and device
CN110932854B (en) Block chain key distribution system and method for Internet of things
RU2014137130A (en) METHODS AND DEVICE FOR LARGE-SCALE DISTRIBUTION OF ELECTRONIC ACCESS CLIENTS
CN103957109A (en) Cloud data privacy protection security re-encryption method
CN107454079A (en) Lightweight device authentication and shared key machinery of consultation based on platform of internet of things
CN104980477A (en) Data access control method and system in cloud storage environment
JP2014508456A5 (en)
CN108092761B (en) Secret key management method and system based on RSA and 3DES
CN106789841A (en) Method for processing business, terminal, server and system
CN105812366A (en) Server, anti-crawler system and anti-crawler verification method
CN103226670B (en) A kind of document access control system based on access control model
CN104917723A (en) Method, apparatus and system for realizing secure sharing of encryption file
CN102404337A (en) Data encryption method and device
CN103973440A (en) File cloud security management method and system based on CPK
CN104506527A (en) Multidimensional information pointer platform and data access method thereof
CN105142134A (en) Parameter obtaining and transmission methods/devices
WO2013037329A1 (en) Secure digital content sharing method, device, and system
CN107566414A (en) A kind of data encryption cloud system
CN103354637B (en) A kind of internet-of-things terminal M2M communication encrypting method
CN104869142B (en) Link sharing method, system and device based on social platform
CN106991332A (en) The method and device that a kind of mass data is stored safely
CN104796399A (en) Key negotiation method of data encryption transmission

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180109

RJ01 Rejection of invention patent application after publication