CN108737377A - Data guard method, server and computer readable storage medium - Google Patents

Data guard method, server and computer readable storage medium Download PDF

Info

Publication number
CN108737377A
CN108737377A CN201810343083.2A CN201810343083A CN108737377A CN 108737377 A CN108737377 A CN 108737377A CN 201810343083 A CN201810343083 A CN 201810343083A CN 108737377 A CN108737377 A CN 108737377A
Authority
CN
China
Prior art keywords
service request
server
smart machine
service
cloud service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810343083.2A
Other languages
Chinese (zh)
Inventor
朱秀军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Onething Technology Co Ltd
Original Assignee
Shenzhen Onething Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Onething Technology Co Ltd filed Critical Shenzhen Onething Technology Co Ltd
Priority to CN201810343083.2A priority Critical patent/CN108737377A/en
Priority to PCT/CN2018/091899 priority patent/WO2019200690A1/en
Publication of CN108737377A publication Critical patent/CN108737377A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/143Termination or inactivation of sessions, e.g. event-controlled end of session

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a kind of data guard method, this method includes:Server receives the service request that cloud service smart machine is sent out, and the service request is encrypted using predetermined Encryption Algorithm;The service request is decoded using the Encryption Algorithm;Judge whether decoding succeeds;When the service request successfully decoded, the service request is forwarded to backstage processing server;When the service request decodes failure, the connection with the cloud service smart machine is disconnected.The present invention also provides a kind of server and computer readable storage mediums.Data guard method, server and computer readable storage medium provided by the invention can improve the Information Security of the service request between cloud service smart machine and server.

Description

Data guard method, server and computer readable storage medium
Technical field
The present invention relates to block chain technical field more particularly to a kind of data guard method, servers and computer-readable Storage medium.
Background technology
Cloud service smart machine, such as mine machine (mining machine) are frequent in block chain (Blockchain) network The electronic equipment that can be used.In practical applications, cloud service smart machine needs are communicated with access server, send out service Request, is then forwarded to background process server, intelligently to be set for the cloud service by access server by the service request It is standby that the service supports such as the data needed are provided, to allow the cloud service smart machine to provide the service at the ends APP to the user. But existing service request is in the cloud service smart machine and access server communication process, it is likely that is trapped, leads Cause information leakage and counterfeit, it is also possible to it is replicated and resets, the risk for causing equipment state and information to be tampered.
Invention content
In view of this, a kind of data guard method of present invention proposition, server and computer readable storage medium, to solve The problem of how improving the Information Security of the service request between cloud service smart machine and server.
First, to achieve the above object, the present invention proposes a kind of data guard method, be applied to cloud service smart machine with The communication process of server, the method comprising the steps of:
The server receives the service request that the cloud service smart machine is sent out, and the service request is using true in advance Fixed Encryption Algorithm is encrypted;
The service request is decoded using the Encryption Algorithm;
Judge whether decoding succeeds;
When the service request successfully decoded, the service request is forwarded to backstage processing server;And
When the service request decodes failure, the connection with the cloud service smart machine is disconnected.
Optionally, this method further includes step in the service request successfully decoded:
Judge whether the timeliness of the service request is expired, if not out of date, executes described to backstage processing server turn The step of sending out service request described, if out of date, the step of executing the disconnection and the connection of the cloud service smart machine.
Optionally, the Encryption Algorithm is AES symmetric encipherment algorithms, and the cloud service smart machine and the server are adopted The service request described in identical key pair is encrypted and decodes.
Optionally, the service request includes effective time point.
Optionally, the whether expired step of the timeliness for judging the service request includes:
The effective time point is obtained from the decoded service request;
Judge current point in time whether earlier than or be equal to the effective time point;
If current point in time earlier than or be equal to the effective time point, it is determined that the service request is not out of date and has Effect;
If current point in time is later than the effective time point, it is determined that the service request is out of date and fails.
In addition, to achieve the above object, the present invention also provides a kind of server, including memory, processor, the storages The data protection program that can be run on the processor is stored on device, the data protection program is executed by the processor Shi Shixian following steps:
Receive the service request that sends out of cloud service smart machine, the service request using predetermined Encryption Algorithm into Row encryption;
The service request is decoded using the Encryption Algorithm;
Judge whether decoding succeeds;
When the service request successfully decoded, the service request is forwarded to backstage processing server;And
When the service request decodes failure, the connection with the cloud service smart machine is disconnected.
Optionally, step is also realized when the data protection program is executed by the processor:
When the service request successfully decoded, judge whether the timeliness of the service request is expired, if not out of date, holds It goes described the step of forwarding the service request to backstage processing server, if out of date, executes the disconnection and cloud clothes The step of connection of business smart machine.
Optionally, the Encryption Algorithm is AES symmetric encipherment algorithms, and the cloud service smart machine and the server are adopted The service request described in identical key pair is encrypted and decodes.
Optionally, the service request includes effective time point.
Optionally, the whether expired step of the timeliness for judging the service request includes:
The effective time point is obtained from the decoded service request;
Judge current point in time whether earlier than or be equal to the effective time point;
If current point in time earlier than or be equal to the effective time point, it is determined that the service request is not out of date and has Effect;
If current point in time is later than the effective time point, it is determined that the service request is out of date and fails.
Further, to achieve the above object, the present invention also provides a kind of computer readable storage medium, the computers Readable storage medium storing program for executing is stored with data protection program, and the data protection program can be executed by least one processor, so that institute At least one processor is stated to execute such as the step of above-mentioned data guard method.
Compared to the prior art, data guard method proposed by the invention, server and computer readable storage medium, Encryption and decryption is carried out to service request using dedicated algorithm, reduces equipment with during server communication, message is acquired, and is led Cause information leakage and counterfeit risk.In addition, increasing timestamp verification in the service request, equipment and service are reduced In device communication process, message is replicated, and playback leads to the risk that equipment state and information are tampered.
Description of the drawings
Fig. 1 is each one optional application environment schematic diagram of embodiment of the present invention;
Fig. 2 is the schematic diagram of one optional hardware structure of access server in Fig. 1;
Fig. 3 is the program module schematic diagram of data protection system first embodiment and second embodiment of the present invention;
Fig. 4 is the flow diagram of data guard method first embodiment of the present invention;
Fig. 5 is the flow diagram of data guard method second embodiment of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, not For limiting the present invention.Based on the embodiments of the present invention, those of ordinary skill in the art are not before making creative work The every other embodiment obtained is put, shall fall within the protection scope of the present invention.
It should be noted that the description for being related to " first ", " second " etc. in the present invention is used for description purposes only, and cannot It is interpreted as indicating or implying its relative importance or implicitly indicates the quantity of indicated technical characteristic.Define as a result, " the One ", the feature of " second " can explicitly or implicitly include at least one of the features.In addition, the skill between each embodiment Art scheme can be combined with each other, but must can be implemented as basis with those of ordinary skill in the art, when technical solution Will be understood that the combination of this technical solution is not present in conjunction with there is conflicting or cannot achieve when, also not the present invention claims Protection domain within.
As shown in fig.1, being each one optional application environment schematic diagram of embodiment of the present invention.
In the present embodiment, present invention can apply to include but are not limited to, background process server 1, access server 2, in the application environment of cloud service smart machine 4.The background process server 1, access server 2, cloud service smart machine 4 Between by network into row data communication.
Wherein, cloud service smart machine 4 is used to send service request, such as connection request, number to the access server 2 According to request, and the feedback of the access server 2 is received, to provide the service at the ends APP to the user.The cloud service is intelligently set Standby 4 can be mine machine (mining machine) etc..
Access server 2 is used to receive the service request that the cloud service smart machine 4 is sent, and is transmitted to background process Server 1 is forwarded to the cloud service smart machine 4 after then receiving the feedback of background process server 1, or according to other The feedback of server determines whether to keep connecting with the cloud service smart machine 4.
The background process server 1, access server 2 can be computer, can also be single network server, is more The server group of a network server composition either cloud being made of a large amount of hosts or network server based on cloud computing.
As shown in fig.2, being the schematic diagram of 2 one optional hardware structure of access server in Fig. 1.In the present embodiment, institute It states access server 2 may include, but is not limited only to, connection memory 11, processor 12, net can be in communication with each other by system bus Network interface 13.It should be pointed out that Fig. 2 illustrates only the access server 2 with component 11-13, it should be understood that simultaneously All components shown realistic are not applied, the implementation that can be substituted is more or less component.
Wherein, the memory 11 includes at least a type of readable storage medium storing program for executing, and the readable storage medium storing program for executing includes Flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memories etc.), random access storage device (RAM), it is static with Machine accesses memory (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), may be programmed only Read memory (PROM), magnetic storage, disk, CD etc..In some embodiments, the memory 11 can be described connects Enter the internal storage unit of server 2, such as the hard disk or memory of the access server 2.In further embodiments, described to deposit Reservoir 11 can also be the External memory equipment of the access server 2, such as the plug-in type being equipped on the access server 2 is hard Disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card) etc..Certainly, the memory 11 can also both include the internal storage unit of the access server 2 or wrap Include its External memory equipment.In the present embodiment, the memory 11 is installed on the behaviour of the access server 2 commonly used in storage Make system and types of applications software, such as the program code etc. of data protection system 200.In addition, the memory 11 can be with For temporarily storing the Various types of data that has exported or will export.
The processor 12 can be in some embodiments central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor or other data processing chips.The processor 12 is commonly used in connecing described in control Enter the overall operation of server 2.In the present embodiment, the processor 12 is for running the program generation stored in the memory 11 Code or processing data, such as run the data protection system 200 etc..
The network interface 13 may include radio network interface or wired network interface, which is commonly used in Communication connection is established between the access server 2 and other electronic equipments.In the present embodiment, the network interface 13 is mainly used In by network by the access server 2 and one or more background process servers 1,4 phase of cloud service smart machine Even, the foundation between the access server 2 and one or more of background process servers 1, cloud service smart machine 4 Data transmission channel and communication connection.
So far, oneself is through describing the hardware configuration and work(of the application environment and relevant device of each embodiment of the present invention in detail Energy.In the following, above application environment and relevant device will be based on, each embodiment of the present invention is proposed.
First, the present invention proposes a kind of data protection system 200.
As shown in fig.3, being the program module of data protection system 200 first embodiment and second embodiment of the present invention Figure.
In the first embodiment, the data protection system 200 includes a series of meter being stored on memory 11 The data of various embodiments of the present invention may be implemented when the computer program instructions are executed by processor 12 in calculation machine program instruction Protection operation.In some embodiments, the specific operation realized based on the computer program instructions each section, data protection System 200 can be divided into one or more modules.For example, in figure 3, the data protection system 200 can be divided At receiving module 201, decoder module 202, judgment module 203, processing module 204.Wherein:
The receiving module 201, the service request sent out for receiving cloud service smart machine 4.
Specifically, it when the cloud service smart machine 4 needs to ask to service to the access server 3, is connect to described Enter server 3 and sends service request, such as connection request, request of data etc..Include the cloud service intelligence in the service request Device mac address, device identification, the equipment cipher mode etc. of energy equipment 4.In order to ensure the data safety of the service request, In the present embodiment, the service request will be encrypted using predetermined Encryption Algorithm, then retransmited to described and connect Enter server 2, to reduce the risk being tampered.The Encryption Algorithm can be AES symmetric encipherment algorithms or other similar encryptions Algorithm.
The decoder module 202, for decoding the service request.
Specifically, after receiving module 201 receives the service request, decoder module 202 uses and the cloud service intelligence It can the identical Encryption Algorithm decoding in 4 end of the equipment service request.
The principle of the Encryption Algorithm includes:It is transmitted using the binary coding mode obscured;The cloud service is intelligently set Standby 4 are encrypted data using key key;The access server 2 is decrypted data using identical key key.
The judgment module 203, for judging whether the decoder module 202 succeeds to the decoding of the service request.
Specifically, if the service request is tampered, the decoder module 202 is used and is intelligently set with the cloud service When standby 4 identical Encryption Algorithm and key key are decoded the service request, decoding is failed.When judging to be decoded into When work(, indicate that the service request is not tampered with.
The processing module 204, for when the service request successfully decoded, institute to be forwarded to backstage processing server 1 Service request is stated, (or refusal) and the cloud service smart machine 4 are either disconnected when the service request decodes failure Connection.
Further, in a second embodiment, the judgment module 203 is additionally operable to work as the service request successfully decoded When, judge whether the timeliness of the service request is expired.
Specifically, when the service request successfully decoded, the judgment module 203 further judges the service request Timeliness.In the present embodiment, in the service request further include effective time point.When the decoder module 202 is successfully right After the service request is decoded, the effective time point is therefrom obtained, the judgment module 203 judges that current point in time is It is no earlier than or be equal to the effective time point.If current point in time earlier than or be equal to the effective time point, it is determined that institute It is not out of date and effective to state service request.If current point in time is later than the effective time point, it is determined that the service request is already expired Phase and failure.
It is worth noting that, being long connection between the cloud service smart machine 4 and the access server 2, that is, connect After being successfully established, do not discharge for a long time.Therefore, mainly in the cloud service smart machine 4 connection is sent out to the access server 3 When request, the access server 3 verifies the timeliness of the connection request, after this is proved to be successful, the access server 3 When subsequently receiving other service requests of the cloud service smart machine 4 again, only with judging whether decoding succeeds, verification is not had to Timeliness.
The processing module 204, be additionally operable to when the service request successfully decoded and the service request timeliness not When expired, the service request is forwarded to backstage processing server 1, either when judge service request decoding failure or When the timeliness of the service request is out of date, the connection of (or refusal) with the cloud service smart machine 4 is disconnected.
In addition, the present invention also proposes a kind of data guard method.
As shown in fig.4, being the flow diagram of data guard method first embodiment of the present invention.In the present embodiment, The execution sequence of the step in flow chart shown in Fig. 4 can change according to different requirements, and certain steps can be omitted.It should Method includes the following steps:
Step S100 receives the service request that cloud service smart machine 4 is sent out.
Specifically, it when the cloud service smart machine 4 needs to ask to service to the access server 3, is connect to described Enter server 3 and sends service request, such as connection request, request of data etc..Include the cloud service intelligence in the service request Device mac address, device identification, the equipment cipher mode etc. of energy equipment 4.In order to ensure the data safety of the service request, In the present embodiment, the service request will be encrypted using predetermined Encryption Algorithm, then retransmited to described and connect Enter server 2, to reduce the risk being tampered.The Encryption Algorithm can be AES symmetric encipherment algorithms or other similar encryptions Algorithm.
Step S102 decodes the service request.
Specifically, after the access server 2 receives the service request, using with the cloud service smart machine 4 Identical Encryption Algorithm is held to decode the service request.
The principle of the Encryption Algorithm includes:It is transmitted using the binary coding mode obscured;The cloud service is intelligently set Standby 4 are encrypted data using key key;The access server 2 is decrypted data using identical key key.
Step S104, judges whether decoding succeeds.If success executes step S106.If unsuccessful, step S108 is executed.
Specifically, if the service request is tampered, the access server 2 is used and is intelligently set with the cloud service When standby 4 identical Encryption Algorithm and key key are decoded the service request, decoding is failed.When judging to be decoded into When work(, indicate that the service request is not tampered with.
Step S106 forwards the service request to backstage processing server 1.
Specifically, when the service request successfully decoded, the access server 2 and the cloud service smart machine 4 Long connection is kept, and the service request is forwarded to the background process server 1, so that the background process server 1 Respective service is provided for the cloud service smart machine 4, such as feeds back the data etc. of needs.
Step S108 disconnects the connection with the cloud service smart machine 4.
Specifically, when judging service request decoding failure, the access server 2 disconnect (or refusal) with The connection of the cloud service smart machine 4.In the present embodiment, described to be connected as TCP (Transmission Control Protocol, transmission control protocol) connection.The access server 2 is by the cloud service smart machine 4 from TCP connection list Middle rejecting.
Data guard method provided in this embodiment may be used dedicated algorithm and carry out encryption and decryption, drop to service request With during server communication, message is acquired low equipment, leads to information leakage and counterfeit risk.
As shown in figure 5, being the flow diagram of the second embodiment of data guard method of the present invention.In the present embodiment, institute It is similar to state the step of part steps of data guard method are with first embodiment, further includes step difference lies in this method S206。
This approach includes the following steps:
Step S200 receives the service request that cloud service smart machine 4 is sent out.
Specifically, it when the cloud service smart machine 4 needs to ask to service to the access server 3, is connect to described Enter server 3 and sends service request, such as connection request, request of data etc..Include the cloud service intelligence in the service request Device mac address, device identification, the equipment cipher mode etc. of energy equipment 4.In order to ensure the data safety of the service request, In the present embodiment, the service request will be encrypted using predetermined Encryption Algorithm, then retransmited to described and connect Enter server 2, to reduce the risk being tampered.The Encryption Algorithm can be AES symmetric encipherment algorithms or other similar encryptions Algorithm.
Step S202 decodes the service request.
Specifically, after the access server 2 receives the service request, using with the cloud service smart machine 4 Identical Encryption Algorithm is held to decode the service request.
The principle of the Encryption Algorithm includes:It is transmitted using the binary coding mode obscured;The cloud service is intelligently set Standby 4 are encrypted data using key key;The access server 2 is decrypted data using identical key key.
Step S204, judges whether decoding succeeds.If success executes step S206.If unsuccessful, step S210 is executed.
Specifically, if the service request is tampered, the access server 2 is used and is intelligently set with the cloud service When standby 4 identical Encryption Algorithm and key key are decoded the service request, decoding is failed.When judging to be decoded into When work(, indicate that the service request is not tampered with.
Step S206 judges whether the timeliness of the service request is expired.If not out of date, step S208 is executed.If crossing Phase executes step S210.
Specifically, when the service request successfully decoded, the access server 2 further judges the service request Timeliness.In the present embodiment, further include timestamp in the service request, i.e., the effective time point of the described service request. After the access server 2 is successfully decoded the service request, the effective time point is therefrom obtained, is then judged Current point in time whether earlier than or be equal to the effective time point.If current point in time earlier than or be equal to the effective time Point, it is determined that the service request is not out of date and effective.If current point in time is later than the effective time point, it is determined that the clothes Business request is out of date and fails.
It is worth noting that, being long connection between the cloud service smart machine 4 and the access server 2, that is, connect After being successfully established, do not discharge for a long time.Therefore, mainly in the cloud service smart machine 4 connection is sent out to the access server 3 When request, the access server 3 verifies the timeliness of the connection request, after this is proved to be successful, the access server 3 When subsequently receiving other service requests of the cloud service smart machine 4 again, only with judging whether decoding succeeds, verification is not had to Timeliness.
Step S208 forwards the service request to backstage processing server 1.
Specifically, when the timeliness of the service request successfully decoded and the service request is not out of date, the access Server 2 keeps long connection with the cloud service smart machine 4, and the service request is forwarded to the background process service Device 1 so that the background process server 1, which is the cloud service smart machine 4, provides respective service, such as feeds back the number of needs According to etc..
Step S210 disconnects the connection with the cloud service smart machine 4.
Specifically, when judging that the timeliness of the service request decoding failure or the service request is out of date, The access server 2 disconnects the connection of (or refusal) with the cloud service smart machine 4.In the present embodiment, the company It is connected in TCP connection.The access server 2 rejects the cloud service smart machine 4 from TCP connection list.
Data guard method provided in this embodiment is carrying out encryption and decryption by using dedicated algorithm to service request, On the basis of preventing bogus attack, timestamp verification is also increased in the service request, reduces equipment and server In communication process, message is replicated, and playback leads to the risk that equipment state and information are tampered.
The embodiments of the present invention are for illustration only, can not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on this understanding, technical scheme of the present invention substantially in other words does the prior art Going out the part of contribution can be expressed in the form of software products, which is stored in a storage medium In (such as ROM/RAM, magnetic disc, CD), including some instructions are used so that a client (can be mobile phone, computer, service Device, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
It these are only the preferred embodiment of the present invention, be not intended to limit the scope of the invention, it is every to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (11)

1. a kind of data guard method is applied to the communication process of cloud service smart machine and server, the method includes steps Suddenly:
The server receives the service request that the cloud service smart machine is sent out, and the service request is using predetermined Encryption Algorithm is encrypted;
The service request is decoded using the Encryption Algorithm;
Judge whether decoding succeeds;
When the service request successfully decoded, the service request is forwarded to backstage processing server;And
When the service request decodes failure, the connection with the cloud service smart machine is disconnected.
2. data guard method as described in claim 1, which is characterized in that this method is in the service request successfully decoded It further include step:
Judge whether the timeliness of the service request is expired, if not out of date, executes described to backstage processing server forwarding institute The step of stating service request executes the step of disconnection is with the connection of the cloud service smart machine if out of date.
3. data guard method as claimed in claim 1 or 2, which is characterized in that the Encryption Algorithm is calculated for AES symmetric cryptographies Method, the cloud service smart machine and the server are encrypted and are decoded using service request described in identical key pair.
4. data guard method as claimed in claim 2, which is characterized in that the service request includes effective time point.
5. data guard method as claimed in claim 4, which is characterized in that described to judge that the timeliness of the service request is No expired step includes:
The effective time point is obtained from the decoded service request;
Judge current point in time whether earlier than or be equal to the effective time point;
If current point in time earlier than or be equal to the effective time point, it is determined that the service request is not out of date and effective;
If current point in time is later than the effective time point, it is determined that the service request is out of date and fails.
6. a kind of server, which is characterized in that the server includes memory, processor, and being stored on the memory can The data protection program run on the processor realizes following step when the data protection program is executed by the processor Suddenly:
The service request that cloud service smart machine is sent out is received, the service request is added using predetermined Encryption Algorithm It is close;
The service request is decoded using the Encryption Algorithm;
Judge whether decoding succeeds;
When the service request successfully decoded, the service request is forwarded to backstage processing server;And
When the service request decodes failure, the connection with the cloud service smart machine is disconnected.
7. server as claimed in claim 6, which is characterized in that when the data protection program is executed by the processor also Realize step:
When the service request successfully decoded, judge whether the timeliness of the service request is expired, if not out of date, executes institute The step of forwarding the service request to backstage processing server is stated, if out of date, executes the disconnection and the cloud service intelligence The step of connection of energy equipment.
8. server as claimed in claims 6 or 7, which is characterized in that the Encryption Algorithm is AES symmetric encipherment algorithms, institute Cloud service smart machine and the server is stated to be encrypted and decode using service request described in identical key pair.
9. server as claimed in claim 7, which is characterized in that the service request includes effective time point.
10. server as claimed in claim 9, which is characterized in that the timeliness for judging the service request whether mistake The step of phase includes:
The effective time point is obtained from the decoded service request;
Judge current point in time whether earlier than or be equal to the effective time point;
If current point in time earlier than or be equal to the effective time point, it is determined that the service request is not out of date and effective;
If current point in time is later than the effective time point, it is determined that the service request is out of date and fails.
11. a kind of computer readable storage medium, the computer-readable recording medium storage has data protection program, the number It can be executed by least one processor according to protective program, so that at least one processor is executed as appointed in claim 1-5 The step of data guard method described in one.
CN201810343083.2A 2018-04-17 2018-04-17 Data guard method, server and computer readable storage medium Pending CN108737377A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810343083.2A CN108737377A (en) 2018-04-17 2018-04-17 Data guard method, server and computer readable storage medium
PCT/CN2018/091899 WO2019200690A1 (en) 2018-04-17 2018-06-20 Data protection method, server and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810343083.2A CN108737377A (en) 2018-04-17 2018-04-17 Data guard method, server and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN108737377A true CN108737377A (en) 2018-11-02

Family

ID=63938986

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810343083.2A Pending CN108737377A (en) 2018-04-17 2018-04-17 Data guard method, server and computer readable storage medium

Country Status (2)

Country Link
CN (1) CN108737377A (en)
WO (1) WO2019200690A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11184436B2 (en) 2020-03-02 2021-11-23 International Business Machines Corporation Automated storage selection with blockchain and NLP

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1744511A (en) * 2005-10-10 2006-03-08 中兴通讯股份有限公司 Flow media service request authentication method and system
CN102571702A (en) * 2010-12-22 2012-07-11 中兴通讯股份有限公司 Key generation method, system and equipment in Internet of things
CN102571771A (en) * 2011-12-23 2012-07-11 华中科技大学 Safety authentication method of cloud storage system
CN102724207A (en) * 2012-06-28 2012-10-10 上海西本网络科技有限公司 Method and device for transmitting/processing service request, client end and service end
CN102833253A (en) * 2012-08-29 2012-12-19 五八同城信息技术有限公司 Method and server for establishing safe connection between client and server
CN103401872A (en) * 2013-08-05 2013-11-20 北京工业大学 Method for preventing and detecting man-in-the-middle attack based on improved RDP (Remote Desktop Protocol)
CN103986735A (en) * 2014-06-05 2014-08-13 北京赛维安讯科技发展有限公司 CDN (content distribution network) antitheft system and antitheft method
CN104009987A (en) * 2014-05-21 2014-08-27 南京邮电大学 Fine-grained cloud platform security access control method based on user identity capacity
US20150100789A1 (en) * 2013-10-09 2015-04-09 Microsoft Corporation Proof Of Device Genuineness
CN105337935A (en) * 2014-07-09 2016-02-17 阿里巴巴集团控股有限公司 Method of establishing long connection of client and server and apparatus thereof
CN105376062A (en) * 2015-10-26 2016-03-02 努比亚技术有限公司 Communication safety interaction method, device and system
CN106101133A (en) * 2016-07-14 2016-11-09 观止云(北京)信息技术有限公司 A kind of method and system of Streaming Media door chain
CN106357659A (en) * 2016-09-30 2017-01-25 山东浪潮商用系统有限公司 Cloud storage certification system, cloud storage certification method and data transmission method
CN106603508A (en) * 2016-11-30 2017-04-26 青岛海尔科技有限公司 Wireless encryption communication method, intelligent household electrical appliance, server, and terminal
US20180041483A1 (en) * 2016-08-02 2018-02-08 Samsung Electronics Co., Ltd. Systems, devices, and methods for preventing unauthorized access to storage devices

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE60140014D1 (en) * 2000-08-25 2009-11-05 Research In Motion Ltd System and method for implementing an improved transport layer security protocol
US9628455B2 (en) * 2014-12-09 2017-04-18 Akamai Technologies, Inc. Filtering TLS connection requests using TLS extension and federated TLS tickets

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1744511A (en) * 2005-10-10 2006-03-08 中兴通讯股份有限公司 Flow media service request authentication method and system
CN102571702A (en) * 2010-12-22 2012-07-11 中兴通讯股份有限公司 Key generation method, system and equipment in Internet of things
CN102571771A (en) * 2011-12-23 2012-07-11 华中科技大学 Safety authentication method of cloud storage system
CN102724207A (en) * 2012-06-28 2012-10-10 上海西本网络科技有限公司 Method and device for transmitting/processing service request, client end and service end
CN102833253A (en) * 2012-08-29 2012-12-19 五八同城信息技术有限公司 Method and server for establishing safe connection between client and server
CN103401872A (en) * 2013-08-05 2013-11-20 北京工业大学 Method for preventing and detecting man-in-the-middle attack based on improved RDP (Remote Desktop Protocol)
US20150100789A1 (en) * 2013-10-09 2015-04-09 Microsoft Corporation Proof Of Device Genuineness
CN104009987A (en) * 2014-05-21 2014-08-27 南京邮电大学 Fine-grained cloud platform security access control method based on user identity capacity
CN103986735A (en) * 2014-06-05 2014-08-13 北京赛维安讯科技发展有限公司 CDN (content distribution network) antitheft system and antitheft method
CN105337935A (en) * 2014-07-09 2016-02-17 阿里巴巴集团控股有限公司 Method of establishing long connection of client and server and apparatus thereof
CN105376062A (en) * 2015-10-26 2016-03-02 努比亚技术有限公司 Communication safety interaction method, device and system
CN106101133A (en) * 2016-07-14 2016-11-09 观止云(北京)信息技术有限公司 A kind of method and system of Streaming Media door chain
US20180041483A1 (en) * 2016-08-02 2018-02-08 Samsung Electronics Co., Ltd. Systems, devices, and methods for preventing unauthorized access to storage devices
CN106357659A (en) * 2016-09-30 2017-01-25 山东浪潮商用系统有限公司 Cloud storage certification system, cloud storage certification method and data transmission method
CN106603508A (en) * 2016-11-30 2017-04-26 青岛海尔科技有限公司 Wireless encryption communication method, intelligent household electrical appliance, server, and terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
蒋迪: "《KVM私有云架构设计与实践》", 30 April 2017, 上海交通大学出版社 *

Also Published As

Publication number Publication date
WO2019200690A1 (en) 2019-10-24

Similar Documents

Publication Publication Date Title
CN107770182B (en) Data storage method of home gateway and home gateway
CN109948347B (en) Data storage method and device, server and readable storage medium
WO2021196915A1 (en) Encryption and decryption operation-based data transmission methods and systems, and computer device
CN104765999A (en) User resource information processing method, terminal and server
CN102572815B (en) Method, system and device for processing terminal application request
CN111355684B (en) Internet of things data transmission method, device and system, electronic equipment and medium
CN106789841A (en) Method for processing business, terminal, server and system
CN111641563B (en) Flow self-adaption method and system based on distributed scene
CN103905194A (en) Identity traceability authentication method and system
CN108462700A (en) Background server, terminal device, safe early warning method and storage medium suitable for recognition of face
CN104615929A (en) Security key device for secure cloud services, and system and method of providing security cloud services
CN109729000B (en) Instant messaging method and device
CN112257093A (en) Authentication method of data object, terminal and storage medium
CN111541776A (en) Safe communication device and system based on Internet of things equipment
CN113259429A (en) Session keeping control method, device, computer equipment and medium
CN107872315B (en) Data processing method and intelligent terminal
CN101807237B (en) Signature method and device
CN113868713B (en) Data verification method and device, electronic equipment and storage medium
CN104796399A (en) Key negotiation method of data encryption transmission
CN104506552B (en) A kind of information system security monitoring and access control method
CN108737377A (en) Data guard method, server and computer readable storage medium
CN110519217A (en) Across company-data transmission method, device, computer equipment and storage medium
EP3355546B1 (en) Device identification encryption
CN108833342A (en) device authentication method, authentication server and computer readable storage medium
CN114465825B (en) Online monitoring system, method and device for power transmission line and master station

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181102

RJ01 Rejection of invention patent application after publication