CN109067697A - A kind of user account management-control method and readable medium for mixed cloud - Google Patents
A kind of user account management-control method and readable medium for mixed cloud Download PDFInfo
- Publication number
- CN109067697A CN109067697A CN201810528732.6A CN201810528732A CN109067697A CN 109067697 A CN109067697 A CN 109067697A CN 201810528732 A CN201810528732 A CN 201810528732A CN 109067697 A CN109067697 A CN 109067697A
- Authority
- CN
- China
- Prior art keywords
- account
- user
- resource
- management module
- isolation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000002955 isolation Methods 0.000 claims abstract description 52
- 238000012795 verification Methods 0.000 claims abstract description 22
- 239000000463 material Substances 0.000 claims description 15
- 230000008520 organization Effects 0.000 claims description 7
- 238000004590 computer program Methods 0.000 claims description 6
- 239000000284 extract Substances 0.000 claims description 3
- 238000007689 inspection Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 3
- 235000013399 edible fruits Nutrition 0.000 claims 1
- 238000007726 management method Methods 0.000 description 69
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of user account management-control methods for mixed cloud, verification step: user management module verifies user and judges the type of user, if the type of user is resource user, the account of the user is sent to sequestered account management module by user management module;Corresponding step is isolated: sequestered account management module searches corresponding isolation account according to the account of the user, and the account corresponding resource account of the user is determined according to the isolation account found, and resource account is sent to resource account management module;Resource account is sent to corresponding cloud resource and obtains corresponding resource by resource acquisition step, resource account management module.The present invention realizes the isolation and connection of user account and resource account, so that so that cloud resource application becomes safety, and preventing the leakage of resource account and password by the accessible multiple cloud resources of an account, user is simultaneously logged in using three-dimensional number of people image, and safety is improved.
Description
Technical field
The present invention relates to cloud security technical field, especially a kind of user account management-control method for mixed cloud and readable
Medium.
Background technique
With the application of cloud computing technology, cloud mode is mixed gradually into the important IT strategy of IT application in enterprises.Mixing
Cloud is private clound, public cloud, a kind of computing resource deployment mode except community cloud.Its main feature is that cloud environment is by a variety of deployment
What mode cloud was constituted.
Public cloud is to build and run cloud infrastructure and software and hardware resources by third party, the side leased by internet
Formula is supplied to multiple tissues or the personal service being used in conjunction with.Public cloud can save the up-front investment expense of user, simplify multiple
Miscellaneous setting and management role, and guarantee the reliability of data to a certain extent.But data storage is put into external uncontrollable
Storage pool in, for more secret data, user will necessarily use the doubt of private data leakage;In addition public cloud be very much
The general demand that user provides, user is only limitted to the interface of its public cloud offer to data manipulation, for user individual
Demand would become hard to meet.
Private clound is to establish cloud infrastructure and software and hardware resources inside tissue or its data center that can be managed,
To organize the resource in interior each department's shared data center.The infrastructure that private clound usually only operates for specific organize,
Manager may be internal IT personnel, can also be outsourced to third parties O&M.Private cloud storage may be implemented to storage equipment and
Storing data it is fully controllable, and can satisfy user to the individual demand of data.But the self-built data center of user
The professional experiences and ability of condition and operation maintenance personnel are irregular, so usually comparing in terms of guaranteeing data reliability
It is weak.
Existing mixed cloud or cloudy management, substantially each cloud resource account directly log in management backstage and carry out pipe
Reason, due to different above-mentioned cloud resources there are the problem of, directly access cloud resource exists as follows: multiple cloud resource accounting number users record
Difficulty, all cloud resource account number ciphers of some users use identical account and password, and user account password is caused to be revealed
Risk increases, and user applies needing repeatedly to log in different cloud pipe platforms when the resource of multiple clouds using resource management account, operation
It is cumbersome;Because the fortune pipe platform of most of private clound is held when ordinary user is using resource management account towards O&M and administrator
Easily freeing operation error leads to risk;Resource management account by too many people in use, the risk of password leakage, and in the prior art
The general of user logs in cloud resource platform using password, fingerprint etc., causes the safety of system low.
Summary of the invention
The present invention is directed to above-mentioned defect in the prior art, proposes following technical solution.
A kind of user account management-control method for mixed cloud,
The mixed cloud includes multiple publicly-owned cloud resources and multiple privately owned cloud resources, and account manages server and passes through gateway point
Be not connected with multiple publicly-owned cloud resources and multiple privately owned cloud resources, account control server include user management module,
Sequestered account management module and resource account management module;
The management-control method includes:
Verification step: account and verification information are sent to user management module by client and verified by user, are tested
After card passes through, user management module judges the type of user, if the type of user is resource user, user management module will
The account of the user is sent to sequestered account management module;
Corresponding step is isolated: sequestered account management module searches corresponding isolation account, and root according to the account of the user
The corresponding one or more resource accounts of account of the user, sequestered account management module are determined according to the isolation account found
One or more of resource accounts are sent to resource account management module;
Resource acquisition step, the resource account management module determine public affairs corresponding to one or more of resource accounts
Have cloud resource and/or a privately owned cloud resource, and by one or more of resource accounts be sent to corresponding publicly-owned cloud resource and/
Or privately owned cloud resource is verified, after being verified, the user obtains corresponding publicly-owned cloud resource and/or privately owned cloud resource.
Further, the verification information includes at least one password, fingerprint, iris and three-dimensional number of people image.
Further, if the verification information is three-dimensional number of people image, the user is adopted by the image of client
Acquisition means acquire one section of one section of video including user's number of people of the user, and the processor of client is to each frame in video
It is handled, extracts the n width two dimension number of people image of the user;Then by n width two dimension number of people image according to three-dimensional headform
N width three-dimensional number of people image is generated, and the n width three-dimensional number of people image superposition is generated into a width mean value three-dimensional number of people image, client
The mean value three-dimensional number of people image is sent to user management module to verify, user management module is by mean value three-dimensional number of people figure
As being matched in three-dimensional number of people image library, if successful match, it is verified, wherein n is the integer greater than 2.
Further, sequestered account management module is isolated and is connect with resource account for providing user account, and one
Tissue is assigned an isolation account, which corresponds to one or more user accounts in the tissue, the isolation account
The publicly-owned cloud resource account of corresponding one or more and/or privately owned cloud resource account, the isolation account and one or more user's accounts
Number incidence relation and the isolation account and one or more publicly-owned cloud resource accounts and/or privately owned cloud resource account be associated with
System is stored in the sequestered account management module after being encrypted.
Further, the tissue is an enterprise, a company, a government organization or a public organization.
Further, the method used that encrypts is AES, RAS or DES, and the isolation account and one or more
Account and one or more publicly-owned cloud resource accounts and/or private clound are isolated with this for the encryption method of the incidence relation of user account
The encryption method of the incidence relation of resource account is different.
Further, in the verification step, if the user management module judges that the type of user is used to be common
Family, the user management module send prompt user to the client of user and do not have the message of resources use right limit to remind use
Family upgrades user right.
Further, after the user receives the message without resources use right limit by client, pass through institute
It states client and sends to authenticate to the user management module and apply, the certification application includes the certification of user place tissue
Material and user are intended to apply for the mixing cloud resource of access;
The user management module checks the authentication material that inspection sends out the authentication material after passing through automatically
It send to examining in the client of customer administrator, the authentication material and user are intended to apply for the mixed of access after passing through by examination & approval
It closes cloud resource and is sent to sequestered account management module;
Sequestered account management module carries out searching whether that there are the tissues in first database according to the authentication material
Corresponding isolation account,
If it is present establishing the incidence relation of user account isolation account corresponding with the tissue, the sequestered account
Management module, which searches whether to exist in the second database, is intended to apply the corresponding resource account of the mixing cloud resource of access with user,
If it does, by the first data are stored in after the incidence relation encryption of user account isolation account corresponding with the tissue
In, if it does not, it is that user is intended to apply that the sequestered account management module, which calls the interface of the resource account management module,
The corresponding resource account of the mixed cloud asset creation of access, and the resource account and the incidence relation that account is isolated are established,
And it will be stored in the second database after the described resource account and the incidence relation encryption that account is isolated;
If it does not, the sequestered account management module is that the tissue automatically creates an isolation account, and establish this every
Incidence relation from the account user account, and first will be stored in after the incidence relation encryption of the isolation account user account
In data, then, it is that user is intended to apply visiting that the sequestered account management module, which calls the interface of the resource account management module,
The corresponding resource account of the mixed cloud asset creation asked, and the resource account and the incidence relation that account is isolated are established, and
It will be stored in the second database after the described resource account and the incidence relation encryption that account is isolated;
Resource is arranged the isolation account by the user management module using administrator and accesses the mixing cloud resource
Quota;
It is resource user by the type that the user management module updates the user.
Further, the resource account cannot pass through manual creation with account is isolated.
The invention also provides a kind of computer readable storage medium, computer program generation is stored on the storage medium
Above-mentioned any method can be performed when the computer program code is computer-executed for code.
Technical effect of the invention are as follows: the invention proposes the user account management-control methods of mixed cloud, manage and take in account
It is engaged in being provided with user management module, sequestered account management module and resource account management module, sequestered account management module in device
Isolation and connection user account and resource account, so that user improves use by the accessible multiple cloud resources of an account
Family experience so that ordinary user can also light safe application cloud resource, and prevent the leakage of resource account and password, user
And logged in using the three-dimensional number of people as verification information, improve safety.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of the mixed cloud of embodiment according to the present invention.
Fig. 2 is the structural schematic diagram of the account control server of embodiment according to the present invention.
Fig. 3 is a kind of flow chart of user account management-control method for mixed cloud of embodiment according to the present invention.
Specific embodiment
1-3 is specifically described with reference to the accompanying drawing.
Fig. 1 shows the structure of mixed cloud (system), and described includes multiple publicly-owned cloud resources and multiple privately owned cloud resources, account
Family control server is connected with multiple publicly-owned cloud resources and multiple privately owned cloud resources respectively by gateway, for example, public cloud provides
Source includes publicly-owned cloud resource C and publicly-owned cloud resource D, and privately owned cloud resource includes privately owned cloud resource A and privately owned cloud resource B.
Fig. 2 shows the structure of account control server, account control server be realize it is of the invention for mixing
The core equipment of the user account management-control method of cloud, the account control server includes user management module 21, sequestered account
Management module 22 and resource account management module 23.
Fig. 3 shows a kind of user account management-control method for mixed cloud of the invention, comprising:
Verification step S1: account and verification information are sent to user management module by client and verified by user,
After being verified, user management module judges the type of user, if the type of user is resource user, user management module
The account of the user is sent to sequestered account management module.
User management module is used for the verifying of user identity, modification etc., stores the account and verifying letter of user thereon
It ceases (such as password, fingerprint, iris), it is different according to the permission of user, user can be divided into such as Types Below:
1, ordinary user, the permission in a certain tissue is minimum, can login user, but any resource-related operations cannot be done.
2, resource user can apply for the user using resource in a certain tissue.
3, user administrator can manage user, and the additions and deletions including user, which change, looks into, examination & approval certification, resource authorization range etc..
4, resource uses manager.Disclosed specific resource and quota of configurable resourceoriented user etc., for example, it is private
There is cloud A to build to finish, cloud host resource is abundant, so that it may private clound A be arranged as open resource and disclose to mixing cloud system.
Comparing conventional verification information includes password, fingerprint, iris etc., but these conventional verification mode safeties
It is low, it is easy to cause system to reveal, for the verification information safety for improving user, the invention proposes using dimension number of people image conduct
Verification information improves the safety of system, this is one of emphasis of the invention, and concrete operations are as follows.
The verification information is three-dimensional number of people image, and the user (for example is imaged by the image collecting device of client
Head) acquire one section of the user include user's number of people one section of video, the processor of client to each frame in video into
Row processing, extracts the n width two dimension number of people image of the user;Then n width two dimension number of people image is raw according to three-dimensional headform
A width mean value three-dimensional number of people image is generated at n width three-dimensional number of people image, and by the n width three-dimensional number of people image superposition, client will
The mean value three-dimensional number of people image is sent to user management module and is verified, and user management module is by mean value three-dimensional number of people image
It is matched in three-dimensional number of people image library, if successful match, is verified, wherein n is the integer greater than 2.Using real-time
Three-dimensional number of people image, so as to avoid the leakage of verification information, improves the safety of system as verification information.
Corresponding step S2 is isolated: sequestered account management module searches corresponding isolation account according to the account of the user, and
The corresponding one or more resource accounts of account of the user are determined according to the isolation account found, sequestered account manages mould
One or more of resource accounts are sent to resource account management module by block.By the way that corresponding step S2 is isolated, realize every
From account by user account and resource account be isolated and connection so that user passes through the accessible multiple clouds moneys of an account
Source improves user experience so that ordinary user can also light safe application cloud resource, and prevent resource account and password
Leakage, this is another invention emphasis of the invention.
Sequestered account management module is isolated and is connect with resource account for providing user account, and a tissue is assigned one
A isolation account, the isolation account correspond to one or more user accounts in the tissue, and the isolation account is one or more corresponding
A publicly-owned cloud resource account and/or privately owned cloud resource account, the incidence relation of the isolation account and one or more user accounts
And the isolation account be encrypted with the incidence relation of one or more publicly-owned cloud resource accounts and/or privately owned cloud resource account after protect
There are in the sequestered account management module.
One specific embodiment are as follows: encrypt the method used as AES, RAS or DES, and the isolation account and one
Or the encryption method of the incidence relation of multiple user accounts be isolated with this account and one or more publicly-owned cloud resource accounts and/or
The encryption method of the incidence relation of privately owned cloud resource account is different, due to using different cipher modes, improves security of system.
Specific parameter, when such as using AES encryption algorithm, password group mode can be arranged in the use of Encryption Algorithm according to the data of encryption
For CBC, fill pattern PKCS5PADDING.
One specific embodiment are as follows: only 1 isolation account in a tissue, isolation account and user account are 1:
The relationship of M, i.e., one isolation account can be associated with multiple user accounts.The relationship that isolation account and resource account are 1:K, i.e., one
Isolation account can be associated with multiple resource accounts, and associated resource account can be the resource account of different clouds, and M, K are to be greater than
1 integer.
The meaning organized in the present invention be an enterprise, a company, a government organization or a public organization, or
It is that a non-government organization is also possible.
Be described below user account how to pass through isolation account realize with resource account be isolated and connection, this is this hair
Bright emphasis it is another.Concrete operations are as follows:
In the verification step, if the user management module judge the type of user for ordinary user, the user
Management module sends prompt user to the client of user and does not have the message of resources use right limit to remind customer upgrade user
Permission.
After the user receives the message without resources use right limit by client, by the client to institute
It states user management module and sends to authenticate and apply, the certification application includes that the authentication material of user place tissue and user are intended to
Apply for the mixing cloud resource of access;
The user management module checks the authentication material that inspection sends out the authentication material after passing through automatically
It send to examining in the client of customer administrator, the authentication material and user are intended to apply for the mixed of access after passing through by examination & approval
It closes cloud resource and is sent to sequestered account management module;
Sequestered account management module carries out searching whether that there are the tissues in first database according to the authentication material
Corresponding isolation account,
If it is present establishing the incidence relation of user account isolation account corresponding with the tissue, the sequestered account
Management module, which searches whether to exist in the second database, is intended to apply the corresponding resource account of the mixing cloud resource of access with user,
If it does, by the first data are stored in after the incidence relation encryption of user account isolation account corresponding with the tissue
In, if it does not, it is that user is intended to apply that the sequestered account management module, which calls the interface of the resource account management module,
The corresponding resource account of the mixed cloud asset creation of access (establishes resource account in for example private clound A and private clound B) respectively, and
Establish the resource account and the incidence relation that account is isolated, and by the described resource account and the association that account is isolated
It is stored in the second database after relationship encryption;
If it does not, the sequestered account management module is that the tissue automatically creates an isolation account, and establish this every
Incidence relation from the account user account, and first will be stored in after the incidence relation encryption of the isolation account user account
In data, then, it is that user is intended to apply visiting that the sequestered account management module, which calls the interface of the resource account management module,
The corresponding resource account of the mixed cloud asset creation asked (establishes resource account in for example private clound A and private clound B) respectively, and builds
The resource account and the incidence relation that account is isolated are found, and the described resource account is closed with the association that account is isolated
It is stored in the second database after system's encryption;
Resource is arranged the isolation account by the user management module using administrator and accesses the mixing cloud resource
Quota;
It is resource user by the type that the user management module updates the user.
Further, the resource account cannot pass through manual creation with account is isolated.
Resource acquisition step S3, the resource account management module determine corresponding to one or more of resource accounts
Publicly-owned cloud resource and/or privately owned cloud resource, and one or more of resource accounts are sent to corresponding publicly-owned cloud resource
And/or privately owned cloud resource is verified, after being verified, the user obtains corresponding publicly-owned cloud resource and/or private clound money
Source.
A specific embodiment of the invention are as follows: resource user's login system, user management module verify this account
Identity, and check the type of this user, if it is the type of resource user:
Show resource panel;
Resource bid is initiated, inter-process is as follows:
A. by sequestered account layer, resource account is searched;
B. resource account is used, applies for resource.
If not the type of resource user, then enter the processing of other roles.
The invention also provides a kind of computer readable storage medium, computer program generation is stored on the storage medium
Code, one of above-mentioned method can be performed when the computer program code is computer-executed.
For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this
The function of each unit can be realized in the same or multiple software and or hardware when application, the present invention in so-called client,
Client refers to identical content, and the server-side, server, server end in the present invention refer to identical content.
As seen through the above description of the embodiments, those skilled in the art can be understood that the application can
It realizes by means of software and necessary general hardware platform.Based on this understanding, the technical solution essence of the application
On in other words the part that contributes to existing technology can be embodied in the form of software products, the computer software product
It can store in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are used so that a computer equipment
(can be personal computer, server or the network equipment etc.) executes the certain of each embodiment of the application or embodiment
Method described in part.
It should be noted last that: above embodiments only illustrate and not to limitation technical solution of the present invention, although reference
Above-described embodiment describes the invention in detail, those skilled in the art should understand that: it still can be to this hair
It is bright to be modified or replaced equivalently, it without departing from the spirit or scope of the invention, or any substitutions, should all
It is included within the scope of the claims of the present invention.
Claims (10)
1. a kind of user account management-control method for mixed cloud, it is characterised in that:
The mixed cloud includes multiple publicly-owned cloud resources and multiple privately owned cloud resources, account manage server by gateway respectively with
Multiple publicly-owned cloud resources are connected with multiple privately owned cloud resources, and the account control server includes user management module, isolation
Account management module and resource account management module;
The management-control method includes:
Verification step: account and verification information are sent to user management module by client and verified by user, and verifying is logical
Later, user management module judges the type of user, if the type of user is resource user, user management module is by the use
The account at family is sent to sequestered account management module;
Corresponding step is isolated: sequestered account management module searches corresponding isolation account according to the account of the user, and according to institute
The isolation account found determines the corresponding one or more resource accounts of the account of the user, and sequestered account management module is by institute
It states one or more resource accounts and is sent to resource account management module;
Resource acquisition step, the resource account management module determine public cloud corresponding to one or more of resource accounts
Resource and/or privately owned cloud resource, and one or more of resource accounts are sent to corresponding publicly-owned cloud resource and/or private
There is cloud resource to be verified, after being verified, the user obtains corresponding publicly-owned cloud resource and/or privately owned cloud resource.
2. the method according to claim 1, which is characterized in that the verification information includes password, fingerprint, iris and the three-dimensional number of people
At least one image.
3. method according to claim 2, which is characterized in that if the verification information is three-dimensional number of people image, the user
Pass through one section of one section of video including user's number of people of the image acquisition device of the client user, the processing of client
Device handles each frame in video, extracts the n width two dimension number of people image of the user;Then by n width two dimension number of people figure
As generating n width three-dimensional number of people image according to three-dimensional headform, and the n width three-dimensional number of people image superposition is generated into a width mean value three
Number of people image is tieed up, the mean value three-dimensional number of people image is sent to user management module and verified by client, user management mould
Block matches mean value three-dimensional number of people image in three-dimensional number of people image library, if successful match, is verified, wherein n is
Integer greater than 2.
4. according to the method in claim 3, which is characterized in that sequestered account management module is for providing user account and resource account
Number isolation with connect, a tissue is assigned an isolation account, which corresponds to the one or more use in the tissue
Family account, the corresponding one or more publicly-owned cloud resource accounts of the isolation account and/or privately owned cloud resource account, the isolation account with
The incidence relation of one or more user accounts and the isolation account and one or more publicly-owned cloud resource accounts and/or private clound
The incidence relation of resource account is stored in the sequestered account management module after being encrypted.
5. method according to claim 4, which is characterized in that the tissue is an enterprise, a company, a government organization
An or public organization.
6. method according to claim 5, which is characterized in that the method that uses of encrypting for AES, RAS or DES, and this every
Account and one or more public clouds are isolated with this with the encryption method of the incidence relation of one or more user accounts from account
The encryption method of the incidence relation of resource account and/or privately owned cloud resource account is different.
7. method according to claim 5, which is characterized in that in the verification step, if the user management module judges
The type of user is ordinary user, and the user management module sends prompt user to the client of user and uses without resource
The message of permission is to remind customer upgrade user right.
8. method according to claim 7, it is characterised in that:
After the user receives the message without resources use right limit by client, by the client to the use
Family management module sends certification and applies, the certification application includes that the authentication material of tissue and user where the user are intended to apply
The mixing cloud resource of access;
The user management module checks the authentication material that the authentication material is sent to by inspection after passing through automatically
It is examined in the client of customer administrator, the authentication material and user are intended to apply for the mixed cloud of access after passing through by examination & approval
Resource is sent to sequestered account management module;
Sequestered account management module carries out searching whether that there are the tissues to correspond in first database according to the authentication material
Isolation account,
If it is present establishing the incidence relation of user account isolation account corresponding with the tissue, the sequestered account management
Module, which searches whether to exist in the second database, is intended to apply the corresponding resource account of the mixing cloud resource of access with user, if
In the presence of, will the user account it is corresponding with the tissue isolation account incidence relation encryption after be stored in the first data, such as
Fruit is not present, and it is that user is intended to apply for access that the sequestered account management module, which calls the interface of the resource account management module,
The corresponding resource account of mixed cloud asset creation, and establish the resource account and the incidence relation that account is isolated, and by institute
It is stored in the second database after stating the resource account and the incidence relation encryption that account is isolated;
If it does not, the sequestered account management module is that the tissue automatically creates an isolation account, and establishes the isolation account
The incidence relation of number user account, and the first data will be stored in after the incidence relation encryption of the isolation account user account
In, then, it is that user is intended to apply for access that the sequestered account management module, which calls the interface of the resource account management module,
The corresponding resource account of mixed cloud asset creation, and establish the resource account and the incidence relation that account is isolated, and by institute
It is stored in the second database after stating the resource account and the incidence relation encryption that account is isolated;
The quota that the isolation account accesses the mixing cloud resource is arranged by the user management module using administrator in resource;
It is resource user by the type that the user management module updates the user.
9. method according to claim 8, which is characterized in that the resource account cannot pass through manual creation with account is isolated.
10. a kind of computer readable storage medium, which is characterized in that it is stored with computer program code on the storage medium,
Any method of claim 1-9 can be performed when the computer program code is computer-executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810528732.6A CN109067697B (en) | 2018-05-29 | 2018-05-29 | User account management and control method for hybrid cloud and readable medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810528732.6A CN109067697B (en) | 2018-05-29 | 2018-05-29 | User account management and control method for hybrid cloud and readable medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109067697A true CN109067697A (en) | 2018-12-21 |
| CN109067697B CN109067697B (en) | 2021-01-08 |
Family
ID=64819811
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810528732.6A Expired - Fee Related CN109067697B (en) | 2018-05-29 | 2018-05-29 | User account management and control method for hybrid cloud and readable medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109067697B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109525605A (en) * | 2019-01-03 | 2019-03-26 | 杭州数梦工场科技有限公司 | A kind of account management method, device, system and computer readable storage medium |
| CN110727664A (en) * | 2019-09-18 | 2020-01-24 | 上海联蔚信息科技有限公司 | Method and device for executing target operation on public cloud data |
| CN111049904A (en) * | 2019-12-12 | 2020-04-21 | 上海联蔚信息科技有限公司 | Method and equipment for monitoring multiple public cloud resources |
| CN111352737A (en) * | 2020-02-28 | 2020-06-30 | 网思科技股份有限公司 | Container cloud computing service platform based on resource pool |
| CN113190818A (en) * | 2021-05-14 | 2021-07-30 | 广州诚为信息技术有限公司 | Hybrid cloud management platform |
| CN113452722A (en) * | 2021-08-30 | 2021-09-28 | 统信软件技术有限公司 | User isolation method, data transmission method, computing device and storage medium |
| CN114915463A (en) * | 2022-04-29 | 2022-08-16 | 杭州赛赋科技有限公司 | Computer system account management device and method based on cloud computing |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101969475A (en) * | 2010-11-15 | 2011-02-09 | 张军 | Business data controllable distribution and fusion application system based on cloud computing |
| CN103067406A (en) * | 2013-01-14 | 2013-04-24 | 暨南大学 | Access control system and access control method between public cloud and private cloud |
| US8931041B1 (en) * | 2011-07-29 | 2015-01-06 | Symantec Corporation | Method and system for visibility and control over access transactions between clouds using resource authorization messages |
| CN105577656A (en) * | 2015-12-17 | 2016-05-11 | 北京荣之联科技股份有限公司 | Unified identity authentication method based on cloud platform |
| CN106506244A (en) * | 2016-12-20 | 2017-03-15 | 郑州云海信息技术有限公司 | A kind of unified supervision device of mixed cloud |
| CN107181808A (en) * | 2017-06-01 | 2017-09-19 | 安徽祥云科技有限公司 | A kind of privately owned cloud system and operation method |
| CN107770173A (en) * | 2017-10-20 | 2018-03-06 | 国信嘉宁数据技术有限公司 | Subscriber Management System, related identification information creation method and request method of calibration |
-
2018
- 2018-05-29 CN CN201810528732.6A patent/CN109067697B/en not_active Expired - Fee Related
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101969475A (en) * | 2010-11-15 | 2011-02-09 | 张军 | Business data controllable distribution and fusion application system based on cloud computing |
| US8931041B1 (en) * | 2011-07-29 | 2015-01-06 | Symantec Corporation | Method and system for visibility and control over access transactions between clouds using resource authorization messages |
| CN103067406A (en) * | 2013-01-14 | 2013-04-24 | 暨南大学 | Access control system and access control method between public cloud and private cloud |
| CN105577656A (en) * | 2015-12-17 | 2016-05-11 | 北京荣之联科技股份有限公司 | Unified identity authentication method based on cloud platform |
| CN106506244A (en) * | 2016-12-20 | 2017-03-15 | 郑州云海信息技术有限公司 | A kind of unified supervision device of mixed cloud |
| CN107181808A (en) * | 2017-06-01 | 2017-09-19 | 安徽祥云科技有限公司 | A kind of privately owned cloud system and operation method |
| CN107770173A (en) * | 2017-10-20 | 2018-03-06 | 国信嘉宁数据技术有限公司 | Subscriber Management System, related identification information creation method and request method of calibration |
Non-Patent Citations (2)
| Title |
|---|
| SHIXING YAN. ET.AL: "Infrastructure Management of Hybrid Cloud for Enterprise Users", 《2011 5TH INTERNATIONAL DMTF ACADEMIC ALLIANCE WORKSHOP ON SYSTEMS AND VIRTUALIZATION MANAGEMENT: STANDARDS AND THE CLOUD (SVM)》 * |
| 伍治平,王磊,毛淑华: "面向传统大型企业集团的私有云解决方案研究与设计", 《冶金自动化》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109525605A (en) * | 2019-01-03 | 2019-03-26 | 杭州数梦工场科技有限公司 | A kind of account management method, device, system and computer readable storage medium |
| CN110727664A (en) * | 2019-09-18 | 2020-01-24 | 上海联蔚信息科技有限公司 | Method and device for executing target operation on public cloud data |
| CN111049904A (en) * | 2019-12-12 | 2020-04-21 | 上海联蔚信息科技有限公司 | Method and equipment for monitoring multiple public cloud resources |
| CN111352737A (en) * | 2020-02-28 | 2020-06-30 | 网思科技股份有限公司 | Container cloud computing service platform based on resource pool |
| CN113190818A (en) * | 2021-05-14 | 2021-07-30 | 广州诚为信息技术有限公司 | Hybrid cloud management platform |
| CN113190818B (en) * | 2021-05-14 | 2022-02-01 | 广州诚为信息技术有限公司 | Hybrid cloud management platform |
| CN113452722A (en) * | 2021-08-30 | 2021-09-28 | 统信软件技术有限公司 | User isolation method, data transmission method, computing device and storage medium |
| CN114915463A (en) * | 2022-04-29 | 2022-08-16 | 杭州赛赋科技有限公司 | Computer system account management device and method based on cloud computing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109067697B (en) | 2021-01-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109067697A (en) | A kind of user account management-control method and readable medium for mixed cloud | |
| CN114600419B (en) | Encrypted asset hosting system with rights proving blockchain support | |
| CN109257209A (en) | A kind of data center server centralized management system and method | |
| CN111415163B (en) | Block chain-based service processing and verifying method, system and verifying node | |
| CN109729168A (en) | A kind of data share exchange system and method based on block chain | |
| CN114631286B (en) | Encrypted asset hosting system with custom logic | |
| CN111931144B (en) | Unified safe login authentication method and device for operating system and service application | |
| CN103455763B (en) | A kind of internet log record system and method protecting individual subscriber privacy | |
| WO2021139338A1 (en) | Data access permission verification method and apparatus, computer device, and storage medium | |
| CN113094730A (en) | Medical data safety management platform based on internet | |
| CN109525570A (en) | A kind of data hierarchy safety access control method of Cargo Oriented on Group client | |
| CN109714348A (en) | Permission processing method, device, equipment and the medium realized based on block chain | |
| CN108449320A (en) | The safe office system of intelligent automation and method | |
| CN107862198A (en) | One kind accesses verification method, system and client | |
| CN111666591A (en) | Online underwriting data security processing method, system, equipment and storage medium | |
| WO2019184232A1 (en) | Seat quality management method, device, and storage medium | |
| CN107545188A (en) | The management method of application, apparatus and system | |
| CN109462572A (en) | Multi-factor authentication method and system based on encryption card and UsbKey and security gateway | |
| CN116192481A (en) | Analysis method for secure communication mechanism between cloud computing server models | |
| CN106911744A (en) | The management method and managing device of a kind of image file | |
| CN110855664A (en) | Network certificate system | |
| CN110290125A (en) | Data security system and data safety processing method based on block chain | |
| CN106529216B (en) | Software authorization system and software authorization method based on public storage platform | |
| CN107370761A (en) | A kind of safe and secret management method of LCA systems | |
| CN112214772A (en) | Privilege certificate centralized management and control and service system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210108 |