CN107566414A - A kind of data encryption cloud system - Google Patents
A kind of data encryption cloud system Download PDFInfo
- Publication number
- CN107566414A CN107566414A CN201711002805.XA CN201711002805A CN107566414A CN 107566414 A CN107566414 A CN 107566414A CN 201711002805 A CN201711002805 A CN 201711002805A CN 107566414 A CN107566414 A CN 107566414A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- encryption
- identity
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
The present invention provides a kind of data encryption cloud system, including client computer, authentication module, client computer first passes around authentication module after sending request, authentication module is used for the identity for analyzing client computer, crypto identity or non-encrypted identity are confirmed as, non-encrypted data access can be carried out by such as directly sending the request to Cloud Server for non-encrypted identity, and such as sending the request to encrypting module for crypto identity is handled;Encrypting module is responsible for data encryption and carries out data interaction with Cloud Server;Cloud Server, it is divided into separate non-encrypted data memory module and encryption data memory module, non-encrypted data memory module is used to store the data without encryption, and encryption data memory module is used to store the data after data processing module is encrypted.The system can not only be that high in the clouds data realize effective encryption, while be designed to by stratification module to increase substantially high in the clouds data transmission efficiency.
Description
Technical field
The invention mainly relates to cloud system field of information security technology, specifically a kind of data encryption cloud system.
Background technology
Cloud computing is centered on internet, provides safety, quick data storage and network calculations service centre.In cloud
In computing system, the storage of mass data is located in Cloud Server.In order to realize the interaction of information security, needed for encryption information
Used after carrying out corresponding encryption for user's access.
In the prior art, usually cloud server is authenticated to the identity of user, for meeting crypto identity
User can just conduct interviews to encryption data.But because the data volume stored in Cloud Server is very big, a series of certifications and
Encryption process is relatively complicated so that the efficiency of transmission of data is very low, has a strong impact on the usage experience of user.
The content of the invention
To solve the deficiency of current technology, the present invention combines prior art, from practical application, there is provided a kind of data add
Miyun system, the system can not only be that high in the clouds data realize effective encryption, while be designed to greatly by stratification module
Amplitude improves high in the clouds data transmission efficiency.
To achieve the above object, technical scheme is as follows:
A kind of data encryption cloud system, including
Client computer, the terminal that client uses, it is divided into data uploading module and data download module, wherein data uploading module
Stored for required data to be uploaded into Cloud Server, data download module is used for required data from Cloud Server
It is downloaded;
Authentication module, client computer first pass around authentication module after sending request, and authentication module is used to divide
The identity of client computer is analysed, confirms as crypto identity or non-encrypted identity, such as directly sends the request to cloud for non-encrypted identity
Server can carry out non-encrypted data access, and such as sending the request to encrypting module for crypto identity is handled;
Encrypting module, is divided into judge module and data processing module, and judge module first determines whether data needed for client
Secret grade, communicated according to respective encrypted grade with data processing module, data processing module enters according to secret grade to data
The corresponding encryption of row or decryption, while be responsible for carrying out data interaction with Cloud Server;
Cloud Server, it is divided into separate non-encrypted data memory module and encryption data memory module, non-encrypted number
It is used to store the data without encryption according to memory module, encryption data memory module is used to store after data processing module is encrypted
Data.
Authentication module regards as crypto identity, provides access permission card, and access permission card has useful life, surpassed
Need to re-start identity identification after crossing useful life.
Data processing module is divided into primary encrypting module and superencipherment module, and encryption data memory module is divided into primary add
Ciphertext data memory module and superencipherment data memory module, judge module can determine that crypto identity is primary crypto identity and height
Level crypto identity, data are formed after the primary encryption for realizing data that communicated with primary encrypting module is realized for primary crypto identity
Ciphertext is stored to primary encryption data memory module, is realized to communicate with superencipherment module for superencipherment identity and is realized number
According to superencipherment after formed data ciphertext store to advanced encryption data memory module.
Client computer need to attach required secret grade when sending encryption data upload request, and authentication module is regarded as encrypting
Sending the request to judge module after identity, judge module judges whether crypto identity meet with the secret grade of request,
Stored if met after data processing module carries out respective level encryption to Cloud Server.
After client computer sends encryption data download request, authentication module is sent the request to after regarding as crypto identity
Judge module, judge module judge crypto identity grade and send the request to data processing module, data processing module and cloud
Asked encryption data grade is obtained after server communication, the data download can be carried out by such as meeting with crypto identity.
Beneficial effects of the present invention:
1st, in the present invention, cloud server is arranged to two parts of encryption data and non-encrypted data independence, when with
Family access Cloud Server before first by authentication module carry out authentication, for non-encrypted identity can directly with it is non-encrypted
Data are communicated, and are realized after being handled for crypto identity by corresponding encrypting and decrypting and are communicated with encryption data, entirely
System level is clearly demarcated, can increase substantially the data communication efficiency between user terminal and Cloud Server, improves the use of user
Experience.
2nd, data encryption is carried out graded encryption processing mode, different brackets encryption number by the present invention according to user's actual need
Handle and do not interfere with each other between, be not only able to ensure the security of data encryption, while be easy to the efficient process of data.
3rd, the data upload requests and data CIPHERING REQUEST in the present invention for user use unique data processing method,
Computational efficiency can be improved, saves time cost.
Brief description of the drawings
Accompanying drawing 1 is the system general structure principle schematic;
Accompanying drawing 2 is authentication module theory diagram of the present invention;
Accompanying drawing 3 is encrypting module theory diagram of the present invention.
Embodiment
With reference to the drawings and specific embodiments, the invention will be further described.It should be understood that these embodiments are merely to illustrate
The present invention rather than limitation the scope of the present invention.In addition, it is to be understood that after the content of the invention lectured has been read, this area
Technical staff can make various changes or modifications to the present invention, and these equivalent form of values equally fall within scope defined herein.
As shown in accompanying drawing 1,2,3, the present invention is a kind of data encryption cloud system, mainly including client computer, authentication mould
Block, encrypting module and Cloud Server.
Wherein client computer is the terminal that client uses, and sets separate data uploading module and data on a client
Download module, wherein data uploading module are stored for required data to be uploaded into Cloud Server, data download module
For being used after required data are downloaded from Cloud Server.
After client computer sends solicited message, either data upload information or data download information, first request can be sent out
Deliver to authentication module and carry out authentication, supply identity being divided into Three Estate after authentication, i.e.,:Non-encrypted identity, just
Level crypto identity and superencipherment identity.For the non-encrypted identity after certification, solicited message can be sent directly to Cloud Server,
With that in Cloud Server communication process, can only be communicated with the non-encrypted data in Cloud Server, and can not be to encryption information
Conduct interviews.If primary crypto identity, server issues primary access permission, can be with the period of validity of licensing
The primary encryption data in Cloud Server is conducted interviews by encrypting module, it is necessary to re-start after license terms expire
Authentication.If superencipherment identity, the advanced access permission of server issues, can be with the period of validity of licensing
The superencipherment data in Cloud Server are conducted interviews by encrypting module, it is necessary to re-start after license terms expire
Authentication.
The encrypting module of the application, is divided into judge module and data processing module, and judge module first determines whether client institute
The secret grade of data is needed, is communicated according to respective encrypted grade with data processing module, data processing module is according to secret grade
Data are carried out with corresponding encryption or decryption, while is responsible for carrying out data interaction with Cloud Server;Data processing therein
Module is divided into primary encrypting module and superencipherment module, encryption data memory module be divided into primary encryption data memory module and
Superencipherment data memory module, judge module can determine that crypto identity is primary crypto identity and superencipherment identity, for
Formation data ciphertext is stored to primary after primary crypto identity realizes the primary encryption for realizing data that communicated with primary encrypting module
In encryption data memory module, after the superencipherment for realizing data that communicated with superencipherment module is realized for superencipherment identity
Data ciphertext is formed to store to advanced encryption data memory module.
Using the data encryption cloud system of the present invention, when user needs uploaded material and encrypting storing, its operation principle is such as
Under:Client computer need to attach required secret grade when sending encryption data upload request, and authentication module regards as crypto identity
After send the request to judge module, judge module judges whether crypto identity meet with the secret grade of request, if
Meet after data processing module carries out respective level encryption and store to Cloud Server.
Using the data encryption cloud system of the present invention, when user needs download access encryption data, its operation principle is as follows:
After client computer sends encryption data download request, authentication module sends the request to judgement mould after regarding as crypto identity
Block, judge module judge crypto identity grade and send the request to data processing module, data processing module and Cloud Server
Asked encryption data grade is obtained after communication, the data download can be carried out by such as meeting with crypto identity.
Claims (5)
- A kind of 1. data encryption cloud system, it is characterised in that:IncludingClient computer, the terminal that client uses are divided into data uploading module and data download module, and wherein data uploading module is used for Required data are uploaded into Cloud Server to be stored, data download module is used to carry out required data from Cloud Server Download;Authentication module, client computer first pass around authentication module after sending request, and authentication module is used to analyze visitor The identity of family machine, crypto identity or non-encrypted identity are confirmed as, such as directly send the request to cloud service for non-encrypted identity Device can carry out non-encrypted data access, and such as sending the request to encrypting module for crypto identity is handled;Encrypting module, is divided into judge module and data processing module, and judge module first determines whether the encryption of data needed for client Grade, communicated according to respective encrypted grade with data processing module, data processing module carries out phase according to secret grade to data The encryption or decryption of grade are answered, while is responsible for carrying out data interaction with Cloud Server;Cloud Server, is divided into separate non-encrypted data memory module and encryption data memory module, non-encrypted data are deposited Store up module to be used to store the data without encryption, encryption data memory module is used to store the number after data processing module is encrypted According to.
- A kind of 2. data encryption cloud system as claimed in claim 1, it is characterised in that:Authentication module is regarded as encrypting body Part, access permission card is provided, access permission card has useful life, more than needing to re-start identity identification after useful life.
- A kind of 3. data encryption cloud system as claimed in claim 1, it is characterised in that:Data processing module is divided into primary encryption Module and superencipherment module, encryption data memory module are divided into primary encryption data memory module and superencipherment data storage Module, judge module can determine that crypto identity is primary crypto identity and superencipherment identity, realized for primary crypto identity Communicated with primary encrypting module and form data ciphertext after the primary encryption for realizing data and store to primary encryption data memory module It is interior, form the storage of data ciphertext after the superencipherment for realizing data that communicated with superencipherment module is realized for superencipherment identity In to advanced encryption data memory module.
- A kind of 4. data encryption cloud system as claimed in claim 3, it is characterised in that:Client computer sends encryption data upload please Secret grade needed for need to being attached when asking, authentication module send the request to judge module after regarding as crypto identity, judged Module judges whether crypto identity meet with the secret grade of request, if meeting data processing module carries out respective level Stored after encryption to Cloud Server.
- A kind of 5. data encryption cloud system as claimed in claim 3, it is characterised in that:Client computer sends encryption data download please After asking, authentication module sends the request to judge module after regarding as crypto identity, and judge module judges crypto identity etc. Level simultaneously sends the request to data processing module, and data processing module obtains asked encryption data after being communicated with Cloud Server Grade, the data download can be carried out by such as meeting with crypto identity.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711002805.XA CN107566414A (en) | 2017-10-24 | 2017-10-24 | A kind of data encryption cloud system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711002805.XA CN107566414A (en) | 2017-10-24 | 2017-10-24 | A kind of data encryption cloud system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107566414A true CN107566414A (en) | 2018-01-09 |
Family
ID=60987357
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711002805.XA Pending CN107566414A (en) | 2017-10-24 | 2017-10-24 | A kind of data encryption cloud system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107566414A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109753810A (en) * | 2018-12-12 | 2019-05-14 | 北京世纪互联宽带数据中心有限公司 | Data classification storage and its device, electronic equipment, computer-readable medium |
CN111191253A (en) * | 2019-05-17 | 2020-05-22 | 延安大学 | Data encryption combination method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101106511A (en) * | 2007-08-24 | 2008-01-16 | 上海可鲁系统软件有限公司 | A secure intercommunication method and device between two independent networks |
US20100185873A1 (en) * | 2007-06-15 | 2010-07-22 | Hiromasa Hashimoto | System and method for file processing and file processing program |
CN102098317A (en) * | 2011-03-22 | 2011-06-15 | 浙江中控技术股份有限公司 | Data transmitting method and system applied to cloud system |
CN103327085A (en) * | 2013-06-05 | 2013-09-25 | 深圳市中博科创信息技术有限公司 | Distributed data processing method, data center and distributed data system |
CN104951407A (en) * | 2014-03-24 | 2015-09-30 | 哈尔滨安天科技股份有限公司 | U disc capable of being encrypted and encryption method thereof |
-
2017
- 2017-10-24 CN CN201711002805.XA patent/CN107566414A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100185873A1 (en) * | 2007-06-15 | 2010-07-22 | Hiromasa Hashimoto | System and method for file processing and file processing program |
CN101106511A (en) * | 2007-08-24 | 2008-01-16 | 上海可鲁系统软件有限公司 | A secure intercommunication method and device between two independent networks |
CN102098317A (en) * | 2011-03-22 | 2011-06-15 | 浙江中控技术股份有限公司 | Data transmitting method and system applied to cloud system |
CN103327085A (en) * | 2013-06-05 | 2013-09-25 | 深圳市中博科创信息技术有限公司 | Distributed data processing method, data center and distributed data system |
CN104951407A (en) * | 2014-03-24 | 2015-09-30 | 哈尔滨安天科技股份有限公司 | U disc capable of being encrypted and encryption method thereof |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109753810A (en) * | 2018-12-12 | 2019-05-14 | 北京世纪互联宽带数据中心有限公司 | Data classification storage and its device, electronic equipment, computer-readable medium |
CN111191253A (en) * | 2019-05-17 | 2020-05-22 | 延安大学 | Data encryption combination method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106209739B (en) | Cloud storage method and system | |
CN105656859B (en) | Tax control equipment software safety online upgrading method and system | |
CN101772024B (en) | User identification method, device and system | |
CN105162772A (en) | IoT equipment authentication and key agreement method and device | |
CN110932854B (en) | Block chain key distribution system and method for Internet of things | |
RU2014137130A (en) | METHODS AND DEVICE FOR LARGE-SCALE DISTRIBUTION OF ELECTRONIC ACCESS CLIENTS | |
CN103957109A (en) | Cloud data privacy protection security re-encryption method | |
CN107454079A (en) | Lightweight device authentication and shared key machinery of consultation based on platform of internet of things | |
CN104980477A (en) | Data access control method and system in cloud storage environment | |
JP2014508456A5 (en) | ||
CN108092761B (en) | Secret key management method and system based on RSA and 3DES | |
CN106789841A (en) | Method for processing business, terminal, server and system | |
CN105812366A (en) | Server, anti-crawler system and anti-crawler verification method | |
CN103226670B (en) | A kind of document access control system based on access control model | |
CN104917723A (en) | Method, apparatus and system for realizing secure sharing of encryption file | |
CN102404337A (en) | Data encryption method and device | |
CN103973440A (en) | File cloud security management method and system based on CPK | |
CN104506527A (en) | Multidimensional information pointer platform and data access method thereof | |
CN105142134A (en) | Parameter obtaining and transmission methods/devices | |
WO2013037329A1 (en) | Secure digital content sharing method, device, and system | |
CN107566414A (en) | A kind of data encryption cloud system | |
CN103354637B (en) | A kind of internet-of-things terminal M2M communication encrypting method | |
CN104869142B (en) | Link sharing method, system and device based on social platform | |
CN106991332A (en) | The method and device that a kind of mass data is stored safely | |
CN104796399A (en) | Key negotiation method of data encryption transmission |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180109 |
|
RJ01 | Rejection of invention patent application after publication |