CN108156175A - To the access method of shared storage information under cloud computing platform - Google Patents
To the access method of shared storage information under cloud computing platform Download PDFInfo
- Publication number
- CN108156175A CN108156175A CN201810061041.XA CN201810061041A CN108156175A CN 108156175 A CN108156175 A CN 108156175A CN 201810061041 A CN201810061041 A CN 201810061041A CN 108156175 A CN108156175 A CN 108156175A
- Authority
- CN
- China
- Prior art keywords
- data
- web application
- access
- application
- copy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides the access method of shared storage information, this method are included under a kind of cloud computing platform:Terminal access address is parsed, obtains the authentication information of access;The type of access data is judged according to the authentication information, if the type is control data, the processing of control data is carried out by the main control module of private clound;Address requests if the type is Transaction Information are transmitted to the cluster engine of private clound, the processing of Transaction Information is carried out by cluster engine.The present invention is proposed under a kind of cloud computing platform to the access method of shared storage information, and the basic cluster environment of cloud platform is carried out space instances, more fully using the system resource of cluster, solves the problems, such as to take using caused by the private clound of virtual machine.Both it ensure that private data was isolated with clustered node, and also ensured isolation of the private data between application is had verified that, ensure the safety of privately owned storage.
Description
Technical field
The present invention relates to cloud computing, to the access method of shared storage information under more particularly to a kind of cloud computing platform.
Background technology
The affairs of mobile terminal processing extend to office, the contour security affairs field of payment from traditional communications field.It moves
Dynamic terminal, which needs to handle, includes user account information, individual privacy information, pay invoice information, secret file etc..How effectively
Ensureing the safety of private data becomes the problem that mobile terminal device carries out safety, secret affairs face.Existing solution
Scheme is that private data is encrypted by high intensity cryptographic algorithm, and controls to limit data visit using the permission of clustered node
It asks.But the complexity of mobile terminal clustered node and opening make it that can not create safe running environment, clustered node is certainly
Body and application are easily subject to malicious attack.In addition by private data be stored encrypted in generic file system there is also by
Unauthorised broken leads to risk of attacks.Although credible isolated area technology provides the operation of security isolation for application processing private data
When environment, but application and development and the web application and development failed to have verified that provides unified secure access interface, while to sending
Safety detection is done in the web applications of Data Access Security request.
Invention content
To solve the problems of above-mentioned prior art, the present invention is proposed under a kind of cloud computing platform to shared storage
The access method of information, including:
Terminal access address is parsed, obtains the authentication information of access;
The type of access data is judged according to the authentication information,
If the type is control data, the processing of control data is carried out by the main control module of private clound;
Address requests are transmitted to the cluster engine of private clound if the type is Transaction Information, by cluster engine into
The processing of row Transaction Information.
Preferably, the processing that Transaction Information is carried out by cluster engine, further comprises:
Access request is forwarded to specific space instances by cluster engine, after carrying out issued transaction by specific space instances
Return to cluster engine.
Preferably, it after the processing for completing Transaction Information, further includes:
Handling result is directly returned to mobile terminal by cluster engine.
Preferably, cluster engine maintenance addressing list, the addressing list include web application IDs, scheduling rule,
Web application operation copy addresses and recent renewal time.
Preferably, the web application IDs are the web application IDs being deployed in space instances, and a web application is one corresponding
Or multiple web application operations copies, and provide specific processing by web application operations copy.
Preferably, processing rule of the scheduling rule for task scheduling.
Preferably, used address when the web application operations copy address is addressing space exemplary application.
Preferably, nearest renewal time when the web application operations Replica updating time is space instances application.
The present invention compared with prior art, has the following advantages:
The present invention is proposed to the access method of shared storage information under a kind of cloud computing platform, by the baseset of cloud platform
Group rings border carries out space instances, more fully using the system resource of cluster, solves the private clound institute using virtual machine
The time-consuming problem brought.Both it ensure that private data was isolated with clustered node, and also ensured that private data was being had verified that using it
Between isolation, ensure the safety of privately owned storage.
Description of the drawings
Fig. 1 is the flow chart of the access method to shared storage information under cloud computing platform according to embodiments of the present invention.
Specific embodiment
Retouching in detail to one or more embodiment of the invention is hereafter provided together with the attached drawing for illustrating the principle of the invention
It states.The present invention is described with reference to such embodiment, but the present invention is not limited to any embodiments.The scope of the present invention is only by right
Claim limits, and the present invention covers many replacements, modification and equivalent.Illustrate in the following description many details with
Just it provides a thorough understanding of the present invention.These details are provided for exemplary purposes, and without in these details
Some or all details can also realize the present invention according to claims.
An aspect of of the present present invention is provided under a kind of cloud computing platform to the access method of shared storage information.Fig. 1 is root
According to the access method flow chart to sharing storage information under the cloud computing platform of the embodiment of the present invention.
The present invention sets task distributor in privately owned cloud computing system first, is connect with cluster engine and main control module,
Task distributor is used to control data and the access distribution of Transaction Information and the Authority Verification of access request in privately owned cloud platform,
Cluster engine is connect with group space instantiating unit;Main control module further comprises permission control node and management control section
Point;
The access of control data and Transaction Information is distributed, is as follows:
1. being parsed to access address, the authentication information of access is got;
2. authentication information is passed to main control module, testing for authentication information is carried out by the permission control node of main control module
Card, verification result return to task distributor.
3. if verification result fails, task distributor returns to failure information to mobile terminal;If verification result into
Work(, then task distributor analysis access the type of data, analyze control data or Transaction Information;
4. if control data are then carried out the processing of control data by main control module;
5. if Address requests are then transmitted to cluster engine by Transaction Information, Transaction Information is carried out by cluster engine
Reason;
Access request is forwarded to specific space instances by cluster engine, after carrying out issued transaction by specific space instances
Cluster engine is returned to, handling result is returned to mobile terminal by cluster engine;
Cluster engine safeguards addressing list in memory, and the addressing list includes web application IDs, scheduling rule, web should
With operation copy address and recent renewal time.Web application IDs are the web application IDs being deployed in space instances, and a web should
With corresponding one or more web application operation copies, and provided by web application operations copy and specifically handled;Scheduling rule is
The processing rule of task scheduling;Used address when web application operation copies address is addressing space exemplary application;Web should
It it is renewal time nearest when space instances are applied with the operation Replica updating time;
Processing is as follows:
After the success of cluster engine start, cluster engine start success message is issued to main control module;
Group space instantiating unit intercepts cluster engine start success message, after receiving message, group space example
Change the specifying information that unit timing sends the web application operation copies of the machine operation;
After cluster engine receives the message of group space instantiating unit, web application IDs, web application operations are parsed
Copy address and port;
If had existed in the addressing list that the web application operation copy addresses are safeguarded in cluster engine memory,
Update the recent renewal time of web application operation copies.
If be not present in the addressing list that the web application operation copy addresses are safeguarded in memory in cluster engine,
A record is increased newly in the addressing list that colony dispatching is safeguarded in memory;
According to Address requests, cluster engine parses the web application IDs of access;It is set according to the web application IDs of access
Scheduling rule, select suitable web application operations copy and handled;The web that access request is redirected to selection should
With operation copy;
Web application operations replica processes are asked, and complete specific calling, and handling result will be called to return to cluster engine;
Call result is returned into mobile terminal by cluster engine;
Cluster is carried out space instances by group space instantiating unit, and carries out pool volume to all space instances
Row, records and safeguards the application run in current platform and web application operation copy lists, and main control module receives data information simultaneously
Maintenance application and web application operation copies list, the monitoring and state for feeding back web application operation copies;
Wherein, group space instantiating unit is transmitted to after the control data for receiving main control module forwarding at response
Reason, the control data include obtaining web list of application, structure web applications, delete web applications, update copy amount;
Operation is deployed in cloud cluster in group space instantiating unit, and operation is built according to the message content that server-side forwards
Copy, deletion operation copy, the operating status for monitoring operation copy, meanwhile, the fresh information of back-to-back running copy, feedback place
The resource status of cluster is run, is server-side processes acquisition web list of application, structure application, deletes and apply, update application
Copy amount provides support.
It is as follows specifically, obtaining web list of application:
1. group space instantiating unit accesses database table and obtains application ID, application state, corresponding operation copy;
2. the unidirectional amount organization data of group space instantiation returns to mobile terminal;
Structure application is as follows:
1. group space instantiating unit sends the message of structure application resource request;
2. group space instantiating unit intercepts the message, the operation number of copies that this cluster can be built is obtained by calculation
Amount;
3. setting time-out time, the Response List in the range of certain time is obtained, according to the operation number of copies that can be built,
Proportionally distribute the number of copies for asking structure to each clustered node;Wherein, the operation pair that can be built for clustered node distribution
This number is as follows:
I, record is every time to the structure number of copies of clustered node distribution;
Ii, if the sum of number of copies having been built up add will distribute that operation number of copies summation is more than to clustered node should
The operation number of copies built with needs, then the number of copies to clustered node distribution structure is equal to applies using the web for needing to build
Operation number of copies subtracts the number of copies of the allocated structure.
4. the web application operation number of copies for needing to build is sent to the clustered node specified;
5. clustered node obtains image file structure operation copy, structure notice server end, and in cluster tune after the completion
The access path of web application operation copies is registered in degree;
6. information in record tables of data is changed according to feedback, after the completion of the required operation number of copies of application is all built,
The state of modification application is starts.
Wherein, application is deleted to be as follows:
1. space instances engine analysis goes out the web application IDs to be deleted;
2. space instances engine sends the message for deleting application;
Whether 3. clustered node intercepts the message for deleting application, receiving the cluster where judging itself after message has and should answer
Operation copy, if the not operation copy of the application, terminates;If there is the operation copy of the application, deleting should answer
Operation copy.
Wherein, update web application operation copy amounts are as follows:
1. space instances engine calculate web application IDs, the operation copy amount of change, change operation type (increase or
Person is reduced);
2. if action type is to increase operation copy, build using copy;
3. if action type is to reduce operation copy, concrete operations are as follows:
I, current operation copy list is obtained from record sheet;
Ii, the operation copy to be deleted is randomly choosed out;
Iii, transmission will delete the message of web application operation copies;
Iv, space instances engine cluster node intercept the message, and receiving the cluster where judging itself after message is
It is no to have the operation copy, if the not operation copy, without any operation;If there is the operation copy, the operation is deleted
Copy.
Wherein, during the access request that cloud platform is collected into is dispatched to the target clustered node of cloud platform, first
The service performance of current whole clustered nodes is calculated according to the fitness function of evaluation performance cluster, according to terminal request
Affairs amount carries out condition filter to the clustered node inside cloud platform, and clustered node remaining space amount is more than access request set
The clustered node of gross space amount form a set, which is to the constraint of the entirety of cloud platform.By k in clustered node set
Platform clustered node is abstracted into k cluster point and is clustered respectively with clustered nodes whole in cloud platform, according to clustered node
Two spaces amount attribute computing cluster node between similarity, a threshold value is then given by similarity, by clustered node
Between clustered node of the similarity in threshold value be added to a new set.When the element in set no longer changes, this
A set is exactly the final result clustered.Finally, by the clustered node in pending transaction scheduling to final set.
1:Assuming that forming a set H by n platform clustered nodes, whole clustered nodes are carried out with a constraints limitation,
By the remaining space amount L of clustered nodeiAs module, LiIt is defined as follows:
Li=α Lc+βLm
Wherein alpha+beta=1
LcIt is measured for web application spaces;LmTo have verified that application space is measured;α and β is respectively the two weight, and the determining of value is adopted
Learn to obtain with BP neural network, according to the fitness function of performance cluster, obtain clustered node in entire private clound
Properties monitoring data calculates the remaining space amount of n platforms clustered node in current cloud platform.Binding occurrence is defined as:It is special
The gross space amount of the access request set received in section of fixing time, i.e.,:
Wherein, LR is expressed as the gross space amount of access request set,It is expressed as i-th of affairs in access request set
Amount of space.An empty set Φ is defined, the gross space amount LR of access request set is calculated, works as Li>During LR, by i clustered nodes
It is dispatched in set Φ, otherwise continually looks for, when the set Φ that n platforms clustered node and binding occurrence relatively obtain after the completion, set
Φ={ s1,s2,s3....,sm, as cluster set a little, m < n.
Step 2:The performance number of each clustered node is obtained according to the fitness function of performance cluster, by and constraint
The relatively good clustered node of performance is dispatched in set Φ by the restriction of value.If Φ={ s1,s2,s3....,smCollect for m
The set of group node composition carries out descending sort, it is assumed that s to the web application spaces residue of the clustered node in set ΦjFor
The remaining maximum clustered node in web application spaces, by sjAs cluster point, then the formula for calculating similarity is:
s(si,sj)=1/d (si,sj)
For k-th of attribute of clustered node j, the similarity s between clustered node j and clustered node i is thus calculated
(si,sj):
Step 3:With sjTo cluster point, s is calculatedjWith the similarity value between element each in set H.It is given according to similarity
If similarity is more than threshold value U, which is added in new set Φ ' by a fixed threshold value U.Then set Φ is according to cluster
The remaining descending of modal processor selects cluster point successively, calculates the similarity with element in set H respectively, and threshold value is more than U
Element be dispatched in set Φ ', when element no longer changes in the set Φ ', then iteration terminates, and set Φ ' is final gathers
Class is as a result, i.e. Φ '={ s1', s2'...sq', wherein q < m < n.
Step 4:The access request of reception is dispatched to the clustered node in set Φ ', then the cluster section in set Φ '
The affairs set of point processing request, user is returned result to after the completion of processing.The clustered node beginning director from set Φ '
It is engaged in processing completing, using the access request number received in this period as next time pending affairs.
The permission control node of the main control module allows web to apply by calling management interface to having verified that using sending
The privately owned access request of data.For credible performing environment is enable to be carried out in web application transmission data access requests to its process
Safety detection, permission control node provide the finger print information of web applications as test criterion, and specific implementation step is:
(1) web application binary fileinfos are read, obtain code segment size Sizecode;
HASH operations are carried out to web application code sections binary message using HASH algorithms, generate code segment HASH values
Hcode=Hash (Code), wherein Code represent web application code sections;
By code segment size SizecodeWith code segment HASH values HcodeFinger print information Fpr as web applicationsapp=
(Sizecode||Hcode);
(2) using the finger print information Fpr of credible license signature web applicationsapp, generation finger print information signature Sgapp=Sg
(Sizecode||Hcode);
(3) finger print information is signed SgappIt stores and has verified that in the particular piece of data of application.It is described to have verified that application is
Receive the request of web application data access has verified that application.
When web is applied to when having verified that using transmission data access request, the process exception that clustered node applies web is believed
Breath is sent to the credible isolated area monitoring process of credible performing environment;Credible isolated area monitoring process captures process exception information
Afterwards, the process exception information of web applications is detected, specific implementation step is as follows:
(1) obtain web application process exception information (including interface call data address, process code segment base address, into
Range code section size and have verified that application ID), and according to having verified that application ID from the corresponding particular piece of data for having verified that application
Load web employing fingerprint Information Signature Sgapp;
(2) HASH is carried out to the code segment data between process code section size to proceeding internal memory address using HASH algorithms
Operation calculates the code segment HASH values H' of web application processescode=Hash (Code) obtains the process finger print information of web applications
Fpr'app=(CodeSize||H'code);Wherein Code table shows the code segment of web application processes;
(3) using credible license public key to finger print information signature SgappIt is verified, obtains the finger print information of web applications
Fprapp=(Sizecode||Hcode);
(4) compare finger print information FprappAnd Fpr'appIt is whether equal.If equal, judge that current web application process is
Legal, and will detection Status Flag position 1;Otherwise judgement current web application process is illegal, then will detect Status Flag
Position 0;
Wherein whether detection state flag bit represents current web application process by safety detection, if detection flag bit
It is 1, then it represents that pass through detection;Otherwise it represents not passing through detection.
After safety detection is completed, following permission control node, which is realized, applies data processing and key management, further
Including:
A) have verified that, using the far call for initiating data storage operations, required parameter includes having verified that application ID, treat
The private data Data of processingpvWith cryptographic algorithm Typeen;
B) it receives after having verified that the data access request of application, state flag bit is detected by judgement to determine remotely to adjust
With whether being handled by receiving.If it is 0 to detect state flag bit, refuse far call;If it is 1 to detect state flag bit,
Then handle far call;
C) safety detection is by rear, according to cryptographic algorithm TypeenInitiate key generation request;
D) after receiving key generation request, first according to cryptographic algorithm TypeenCall key generator generation symmetric cryptography
Random key KEY=KeyGenerator (the IDType of algorithmen);
Secondly loading has verified that the license public key PK of applicationpyTo cryptographic algorithm TypeenIt is encrypted with random key KEY, generation
Encrypted data EPKpy=RSA (PKpy, (ID | | KEY));
Then loading has verified that the license private key PPK of applicationpyTo encrypted data EPKpySignature generates key signature
Data SPKpy=Sg (PPKpy, EPKpy);
Finally to have verified that application ID is index by encrypted data EPKpyWith key signature data SPKpyAccording to specific
In organizational form storage to the nonvolatile memory in credible performing environment, and return to the random key KEY of generation.
Wherein, KeyGenerator is Symmetric key generation device algorithm;RSA is public key encryption algorithm;Sg is public key signature
Algorithm;
E) after key is successfully generated, according to cryptographic algorithm TypeenCall corresponding symmetric password encryption algorithm and use with
Secret key KEY is to private data DatapvIt is encrypted, generation encryption data EDatapv=SymEn (KEY, Datapv);
Secondly using HASH algorithms to computing with encrypted data HASH values HDatapv=Hash (EDatapv);
Then using the license private key PPK for having verified that applicationpyIt signs to HASH values, generation signed data SDatapv=Sg
(PPKpy, HDatapv);
Final data processing module 103 is to have verified that application ID is index by encryption data EDatapvAnd signed data
SDatapvAccording to the storage of specific organizational form on the nonvolatile memory in credible performing environment, and to having verified that application
Returned data storage result.
Wherein, SymEn is symmetric encipherment algorithm;Sg is public key signature algorithm.
The permission control node of the main control module also controls the authentication information of access address to verify, provides management interface,
Including obtaining web list of application, structure application, deleting application, update web application operation copy amounts, it is as follows:
Main control module maintenance application authentication information table, the weight discriminating information table include web application IDs and authentication information;
Receive authentication information;The authentication information includes following features:128 bit lengths, have uniqueness, correspond to unique
Using having time response, have verifying function to authentication information;
Corresponding weight discriminating information has been looked for whether in weight discriminating information table;
If finding the authentication information of application, return successfully;If not finding the authentication information of application, failure is returned;
Parse address required parameter, the interface of analysis operation;If action type obtains web list of application, structure is applied,
Application, update web application operation copy amounts are deleted, then Address requests are forwarded to group space instantiation engine;
Group space instantiation engine is specifically operated, and handling result is fed back to the management control of master controller
Node;
Call result is returned into mobile terminal by master controller.
In addition, if finding that the operating status of application and preset state are inconsistent, then space instances unit is notified to carry out
Processing, step are as follows:
Start two threads, intercepting thread intercepts the new information of space instances engine publication, and for that will update letter
Breath message is stored in key-value pair system, it is found that thread the preset state of application and operating status is compared, and notify space
Instantiate engine processing state difference;
Intercepting thread intercepts messaging bus always, after receiving fresh information message, analyzes web application IDs, web applications
The state of copy access address, web application operation copies is run, is stored in the form of key-value pair in key-value pair system;
It was found that thread timing obtains the preset state of current application and preset operation copy from space instances engine, and
The actual motion state for obtaining current application from key-value pair system simultaneously is compared, and judges the difference with preset state,
And notify that space instances engine is handled, it is as follows:
It was found that thread timing is obtained from key-value pair system using actual motion state, each operating status got
Moment is as a snapshot;
Record applies nearest N number of snapshot of actual motion state, and N number of snapshot is compared, if N number of snapshot state
It is inconsistent, it is judged as that current network is unstable or is carrying out failure transfer and causes, in this case without processing;
If N number of snapshot state is consistent, start to judge whether are web application operations copy actual motion state and preset state
Unanimously, after the completion of judgement, judge whether the copy amount of application is consistent with preset quantity.
Wherein, it is described to check operation copy actual motion state and whether preset state is consistent is as follows:
The web application operation copy lists that i is provided according to space instances engine, one by one with recorded in key-value pair system into
Row compares, if the operation copy state of the two record is inconsistent, calls the management interface completion status of space instances engine
Change;
Ii only compares the web application operation copies in operation and halted state, to be in the application of intermediate state not into
Row processing;
Situation 1:Transcript in space instances engine does not have in key-value pair system, finds thread notice space
Instantiate engine newly one copy of structure;
Situation 2:Transcript state in key-value pair system is inconsistent in space instances engine, finds thread notice
Space instances engine changes copy state;
Situation 3:It is not recorded in space instances engine, but has fresh information in key-value pair system, find thread notice
Space instances engine removes the copy;
Whether the copy amount for judging application is consistent with preset quantity to be as follows:
I obtains the desired value of the application operation quantity recorded in space instances unit and the pair of key-value pair system record
This fresh information quantity is compared;
Ii only compares the application in operation and halted state, other states are not handled.
The two is compared existing possible situation and includes:
Situation 1:If space instances engine transcript preset quantity is more than key-value pair system transcript number
Amount, notice space instances engine reduce operation copy;
Situation 2:If space instances engine transcript preset quantity is less than key-value pair system transcript number
Amount, notice space instances engine increase operation copy.
After the verification label generation of application operation copy data, for each copy RjEstablish Hash tree TREEj, TREEjLeaf
Child node is orderly vectorial HASH value sets { h (H (r in major keyij)), tree root hRj。
Utilize the root node HASH values { h of all copy Hash tree TREERj1≤j≤m generation signatures Sg1=(IDR|hR)α。
The verification tag set of same data copy is collectively stored in cloud with application operation copy Hash tree with application operation copy data
In middle same cluster node.
Web applications simultaneously send out clustered node data copy sample request, carry out integrity verification.The stream of sample examination
Journey includes:
(1) trusted third party's verification node of web applications commission determines number of vectors c, 1≤c≤N to be sampled and random
Generate permutation function πkeyThe key k of ()1With random mapping function ψkeyThe key k of ()2.Verify node using it is identical with
Machine permutation function and random mapping function, and according to identical key k1, k2Generation challenge value set C={ (i, vi), C is represented
The vectorial key value i ∈ [1, N] verified and corresponding random value vi.Wherein { i }=πkey(k) 1≤k≤c,
{ vi }=ψkey(k)1≤k≤c.Verify node by sample information (C, k1, k2) it is sent to clustered node.
(2) after clustered node receives the sample information that verification node is sent out, experimental evidence P is generated to prove each cluster section
It has put correct and has stored the copy data that web is applied.Generation experimental evidence P=σ, μ,<H(r)ij), Iij>(i, *) ∈ C, 1≤j≤m, S },
Wherein:
1. σ is the aggregate label value of vector of samples, σ=Π(i, vi) ∈ Cσi viLabel aggregation value is verified for sampling copy vector,
Wherein σi=Πj∈[1,m]σij, the aggregate label of the homomorphism label of multiple data copies for the same vector of correspondence, σ ∈ G;
2. μ is the verification information for the sample data vectors for being able to demonstrate that clustered node storage web applications, applied for web
All data copy μ={ μj}1≤j≤m, wherein vector data calculating process is μ in each copyj=∑(i, vi) ∈ Cvi·rij;
③IijAuxiliary to correspond to each data copy vector of samples on Hash tree TREE verifies routing information, information note
All brotgher of node information from TREE root node to sample data vectors on corresponding leaf node path and position are recorded
Confidence ceases.
(3) after verification node receives the validation value P of clustered node return, the correctness of P is verified:
1. basis<H(r)ij), Iij>(i, *) ∈ C, 1≤j≤mWith application operation copy number information, V=ID is reconstructedR|hR;
2. determining whether the information of check value that web applications return is correct, check whether equation is true:
E () is bilinear map, if the verification passes, then returns to true, otherwise returns to false.
In conclusion the present invention is proposed under a kind of cloud computing platform to the access method of shared storage information, cloud is put down
The basic cluster environment of platform carries out space instances, more fully using the system resource of cluster, solves and utilizes virtual machine
Private clound caused by take problem.Both it ensure that private data was isolated with clustered node, and also ensured private data
Isolation between verification application, ensures the safety of privately owned storage.
It obviously, can be with general it should be appreciated by those skilled in the art each module or each step of, the above-mentioned present invention
Computing system realize that they can concentrate in single computing system or be distributed in multiple computing systems and be formed
Network on, optionally, they can be realized with the program code that computing system can perform, it is thus possible to which they are stored
It is performed within the storage system by computing system.It to be combined in this way, the present invention is not limited to any specific hardware and softwares.
It should be understood that the above-mentioned specific embodiment of the present invention is used only for exemplary illustration or explains the present invention's
Principle, without being construed as limiting the invention.Therefore, that is done without departing from the spirit and scope of the present invention is any
Modification, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.In addition, appended claims purport of the present invention
Covering the whole variations fallen into scope and boundary or this range and the equivalent form on boundary and repairing
Change example.
Claims (8)
1. to the access method of shared storage information under a kind of cloud computing platform, which is characterized in that including:
Terminal access address is parsed, obtains the authentication information of access;
The type of access data is judged according to the authentication information,
If the type is control data, the processing of control data is carried out by the main control module of private clound;
Address requests are transmitted to the cluster engine of private clound if the type is Transaction Information, by cluster engine into behaviour
The processing for data of being engaged in.
2. according to the method described in claim 1, it is characterized in that, it is described by cluster engine carry out Transaction Information processing, into
One step includes:
Access request is forwarded to specific space instances by cluster engine, is returned after carrying out issued transaction by specific space instances
Give cluster engine.
3. according to the method described in claim 1, it is characterized in that, after the processing for completing Transaction Information, further include:
Handling result is directly returned to mobile terminal by cluster engine.
4. according to the method described in claim 1, it is characterized in that, the cluster engine maintenance addresses list, the addressed column
Table includes web application IDs, scheduling rule, web application operation copy addresses and recent renewal time.
5. according to the method described in claim 4, it is characterized in that, the web application IDs are the web being deployed in space instances
Application ID, a corresponding one or more web application operation copy of web applications, and provided specifically by web application operations copy
Processing.
6. according to the method described in claim 4, it is characterized in that, processing rule of the scheduling rule for task scheduling.
7. according to the method described in claim 4, it is characterized in that, the web application operations copy address is addressing space reality
Used address during example application.
8. according to the method described in claim 4, it is characterized in that, the web application operations Replica updating time is space reality
Nearest renewal time during example application.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810061041.XA CN108156175B (en) | 2018-01-22 | 2018-01-22 | Method for accessing shared storage information under cloud computing platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810061041.XA CN108156175B (en) | 2018-01-22 | 2018-01-22 | Method for accessing shared storage information under cloud computing platform |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108156175A true CN108156175A (en) | 2018-06-12 |
CN108156175B CN108156175B (en) | 2021-05-14 |
Family
ID=62461838
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810061041.XA Active CN108156175B (en) | 2018-01-22 | 2018-01-22 | Method for accessing shared storage information under cloud computing platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108156175B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109918907A (en) * | 2019-01-30 | 2019-06-21 | 国家计算机网络与信息安全管理中心 | Linux platform proceeding internal memory malicious code evidence collecting method, controller and medium |
CN111324588A (en) * | 2018-12-17 | 2020-06-23 | 中兴通讯股份有限公司 | File sharing method and device |
CN111953637A (en) * | 2019-05-16 | 2020-11-17 | 阿里巴巴集团控股有限公司 | Application service method and device |
CN112888915A (en) * | 2018-08-31 | 2021-06-01 | 伟摩有限责任公司 | Verifying a road intersection |
CN113419671A (en) * | 2021-05-20 | 2021-09-21 | 佛山市禅城区政务服务数据管理局 | Personal data space access control method and system |
CN117097568A (en) * | 2023-10-19 | 2023-11-21 | 睿至科技集团有限公司 | Cloud platform and data management method thereof |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102202102A (en) * | 2011-07-05 | 2011-09-28 | 施昊 | Network service polymerization system and polymerization method thereof based on cloud computing configuration |
CN102831156A (en) * | 2012-06-29 | 2012-12-19 | 浙江大学 | Distributed transaction processing method on cloud computing platform |
CN104219318A (en) * | 2014-09-15 | 2014-12-17 | 北京联创信安科技有限公司 | Distributed file storage system and method thereof |
CN104767813A (en) * | 2015-04-08 | 2015-07-08 | 江苏国盾科技实业有限责任公司 | Public bank big data service platform based on openstack |
CN104901799A (en) * | 2014-03-04 | 2015-09-09 | 中兴通讯股份有限公司 | Method and device for achieving SDN certificate resource configuration |
CN105282043A (en) * | 2014-06-20 | 2016-01-27 | 中国电信股份有限公司 | Global network load balancing system, device and method |
CN106569895A (en) * | 2016-10-24 | 2017-04-19 | 华南理工大学 | Construction method of multi-tenant big data platform based on container |
US20170142113A1 (en) * | 2015-11-12 | 2017-05-18 | Hubstor Inc. | Methods and systems relating to network based storage |
CN107426034A (en) * | 2017-08-18 | 2017-12-01 | 国网山东省电力公司信息通信公司 | A kind of extensive container scheduling system and method based on cloud platform |
-
2018
- 2018-01-22 CN CN201810061041.XA patent/CN108156175B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102202102A (en) * | 2011-07-05 | 2011-09-28 | 施昊 | Network service polymerization system and polymerization method thereof based on cloud computing configuration |
CN102831156A (en) * | 2012-06-29 | 2012-12-19 | 浙江大学 | Distributed transaction processing method on cloud computing platform |
CN104901799A (en) * | 2014-03-04 | 2015-09-09 | 中兴通讯股份有限公司 | Method and device for achieving SDN certificate resource configuration |
CN105282043A (en) * | 2014-06-20 | 2016-01-27 | 中国电信股份有限公司 | Global network load balancing system, device and method |
CN104219318A (en) * | 2014-09-15 | 2014-12-17 | 北京联创信安科技有限公司 | Distributed file storage system and method thereof |
CN104767813A (en) * | 2015-04-08 | 2015-07-08 | 江苏国盾科技实业有限责任公司 | Public bank big data service platform based on openstack |
US20170142113A1 (en) * | 2015-11-12 | 2017-05-18 | Hubstor Inc. | Methods and systems relating to network based storage |
CN106569895A (en) * | 2016-10-24 | 2017-04-19 | 华南理工大学 | Construction method of multi-tenant big data platform based on container |
CN107426034A (en) * | 2017-08-18 | 2017-12-01 | 国网山东省电力公司信息通信公司 | A kind of extensive container scheduling system and method based on cloud platform |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112888915A (en) * | 2018-08-31 | 2021-06-01 | 伟摩有限责任公司 | Verifying a road intersection |
CN111324588A (en) * | 2018-12-17 | 2020-06-23 | 中兴通讯股份有限公司 | File sharing method and device |
CN109918907A (en) * | 2019-01-30 | 2019-06-21 | 国家计算机网络与信息安全管理中心 | Linux platform proceeding internal memory malicious code evidence collecting method, controller and medium |
CN111953637A (en) * | 2019-05-16 | 2020-11-17 | 阿里巴巴集团控股有限公司 | Application service method and device |
CN111953637B (en) * | 2019-05-16 | 2022-08-26 | 阿里巴巴集团控股有限公司 | Application service method and device |
CN113419671A (en) * | 2021-05-20 | 2021-09-21 | 佛山市禅城区政务服务数据管理局 | Personal data space access control method and system |
CN113419671B (en) * | 2021-05-20 | 2022-02-18 | 佛山市禅城区政务服务数据管理局 | Personal data space access control method |
CN117097568A (en) * | 2023-10-19 | 2023-11-21 | 睿至科技集团有限公司 | Cloud platform and data management method thereof |
CN117097568B (en) * | 2023-10-19 | 2024-01-26 | 睿至科技集团有限公司 | Cloud platform and data management method thereof |
Also Published As
Publication number | Publication date |
---|---|
CN108156175B (en) | 2021-05-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108156175A (en) | To the access method of shared storage information under cloud computing platform | |
JP6703539B2 (en) | Device verification method and device | |
JP5522307B2 (en) | System and method for remote maintenance of client systems in electronic networks using software testing with virtual machines | |
US7487348B2 (en) | System for authenticating and screening grid jobs on a computing grid | |
US11658982B2 (en) | Efficient authentication in a file system with multiple security groups | |
US11121876B2 (en) | Distributed access control | |
CN114363352B (en) | Cross-chain interaction method of Internet of things system based on block chain | |
CN110290150A (en) | A kind of login validation method and login authentication device of Virtual Private Network VPN | |
CN108600149A (en) | Cloud computing high availability cluster method for managing resource | |
US10158623B2 (en) | Data theft deterrence | |
CN113922975B (en) | Security control method, server, terminal, system and storage medium | |
CN106529216B (en) | Software authorization system and software authorization method based on public storage platform | |
CN116260595B (en) | Cloud password detection method and system | |
CN108270865A (en) | The job scheduling method of high-performance cloud computing platform | |
JP3756397B2 (en) | ACCESS CONTROL METHOD, ACCESS CONTROL DEVICE, AND RECORDING MEDIUM | |
CN116170199A (en) | Equipment access verification system based on gateway of Internet of things | |
CN1760914A (en) | Network gridding service system of national geolopy spatial data | |
CN107770200A (en) | A kind of storage system process access safety guard method and system | |
CN110572371B (en) | Identity uniqueness check control method based on HTML5 local storage mechanism | |
Konoplev et al. | Access control method in distributed grid computing networks | |
CN111917801A (en) | Petri network-based user behavior authentication method in private cloud environment | |
CN112765588A (en) | Identity recognition method and device, electronic equipment and storage medium | |
CN112118290A (en) | Program analysis-based data resource management and control method | |
KR102521684B1 (en) | metaverse platform system of transactions authentication associated with biometrics certification | |
CN117040930B (en) | Resource processing method, device, product, equipment and medium of block chain network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20210428 Address after: 3 / F, Sunshine Golf building, 7008 Shennan Avenue, Futian District, Shenzhen, Guangdong 518000 Applicant after: China Securities PENGYUAN credit rating Co.,Ltd. Address before: 610000 Sichuan city of Chengdu province high tech Zone Kyrgyzstan Road No. 666 Building 2 floor 13 No. 2 Applicant before: CHENGDU HUIZHI YUANJING TECHNOLOGY Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |