CN110414267A - BIM design software secure storage and circulation retrospect monitoring technology, system and device - Google Patents

BIM design software secure storage and circulation retrospect monitoring technology, system and device Download PDF

Info

Publication number
CN110414267A
CN110414267A CN201910666403.2A CN201910666403A CN110414267A CN 110414267 A CN110414267 A CN 110414267A CN 201910666403 A CN201910666403 A CN 201910666403A CN 110414267 A CN110414267 A CN 110414267A
Authority
CN
China
Prior art keywords
des
data
design software
service
storage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910666403.2A
Other languages
Chinese (zh)
Other versions
CN110414267B (en
Inventor
李伯宇
郑思龙
于洁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Technology Group Ltd By Share Ltd
Original Assignee
China Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Digital Technology Co Ltd filed Critical China Digital Technology Co Ltd
Priority to CN201910666403.2A priority Critical patent/CN110414267B/en
Publication of CN110414267A publication Critical patent/CN110414267A/en
Application granted granted Critical
Publication of CN110414267B publication Critical patent/CN110414267B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/28Databases characterised by their database models, e.g. relational or object models
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/08Construction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Business, Economics & Management (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Economics (AREA)
  • Data Mining & Analysis (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Strategic Management (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of BIM design software secure storages and circulation retrospect monitoring technology, system and device, by being embedded in DES module in BIM software, instant storage for monitoring user is requested, it was found that log-on data encryption and storage capacity after storage request, construct data volume, storage format is cim, the principle being isolated using model data in cim format with supplemental characteristic, guarantee user data safety and user's later period circulate during retrospect, load balancing module is suitable for processing concurrent request, improve treating capacity speed, multi stage resilient storage service is based on relevant database and non-relational database, it is extending transversely go out unlimited storage capacity concept.

Description

BIM design software secure storage and circulation retrospect monitoring technology, system and device
Technical field
The invention belongs to build software security storage information technology field, more particularly to a kind of BIM design software safety Storage circulation retrospect monitoring technology, system and device.
Background technique
The a large amount of true architecture informations of BIM data record, layout of these information specific to each building, material, people Mouth statistical information.If these data will generate many hidden danger there are in computer.Wherein the most serious is exactly to pass through this A little information can pry through the overall picture of urban construction.Revit, SketchUP, Rhino are common BIM design software, the software The function provided by the field BIM is quite abundant, and designer can design the buildings model of real world using the software. Although Revit, SketchUP, Rhino provide miscellaneous function in terms of architectural design, it is being tracked, record, Authorization, encryption/decryption BIM data/file etc. is quite weak, and this problem up to the present still could not be fine Solution.To find out its cause, it is two big difficult points at all: 1. need to establish huge data storage;2. need to this document into Row encryption/decryption.There are similar software systems on the market and only solve part difficult point, while also having drawn other problems, than The other permission of operating system grade is such as obtained, data can not support the upgrading of design tool software, can not trace and tracking data Circulation, in ciphering process can not batch processing, the reason of unknown initiation design tool software crash etc..Therefore it needs a set of The solution of industrial grade standard prevents the generation of such thing.
Summary of the invention
In order to solve the above technical problems, the invention discloses a kind of BIM design software secure storages and circulation retrospect monitoring Technology, it the following steps are included:
DES example is inserted into BIM design software, the data listened to are based on https agreement and passed through by DES Service Instance DES proxy server is transferred to background server;
Background server constructs data volume using Restful api, and the format of system customization storing data is cim;
By the other registration table of the operating system grade of modification and the cim resolver write, cim file is made to be designed software Load;
In background server setting operation permission threshold value, when opening file, DES example is actively submitted to DES agency service The file information, DES agency service combining geographic location information are sent to background server, and the file information is in given threshold range It is interior, obtain operating right;
Encryption policy is provided by background server, realizes corresponding algorithm for each encryption policy by DES agency service, Open file is subjected to encrypting and decrypting;
The preservation function that band has permission control is replaced into the original preservation function of BIM software, saves file, DES example is backward Platform server request permissions, server decide whether return state authorization code according to request.
It further, further include by being inserted into a digital code in BIM design software data, system is directed to identification code Feature, selectively for design software file encryption and to certain files in batch encrypt.
It further include elastic storage service further, elastic storage service includes three-level, Cache rank, and persistence is deposited Store up rank and data warehouse rank.
Another kind settling mode of the invention is to provide a kind of BIM design software secure storage and the retrospect monitoring system that circulates, It is characterized in that,
It includes:
BIM design software module, the BIM design software loaded by PC machine and thereon form;
DES module, the instant storage for monitoring user are requested, log-on data encryption and storage energy after discovery storage request Power, including DES example and DES agency service, the DES example and DES are integrated into BIM design software;
Load balancing module, for handling concurrent request, including hardware components load balancer and software section pass through collection The load balancing that group's Nginx server is built, the hardware components load balancer are loaded by network with BIM design software PC machine connection;
Message queue module, including several application proxies, each application are set for application service in application cluster module Agency includes several Nginx servers, and to service multiple application service examples, application proxy corresponds to phase in load balancing module Answer Nginx server;
Application service is divided into several application service examples according to business by application cluster module;
L2 cache module, to solve the problems, such as data exchange between application service, hardware components include that multiport turns Change device, software section uses message queue component;
Data warehouse module, for storing and obtaining data.
Further, the data warehouse module includes relevant database and non-relational database, and disposes data Interface service obtains and storing data.
Further, Nginx server and application service example in application cluster module in the message queue module Quantitative proportion is 1:8.
Further, the message queue component in the L2 cache module is RabbitMQ.
Further, the data warehouse module China-African tie type database is implemented by Redish and Couch DB, relationship Type database is implemented by MySql and PostgreSQL.
Another solution disclosed by the invention is to provide a kind of BIM design software secure storage and the retrospect monitoring dress that circulates It sets, it includes PC machine, for loading BIM design software;Load balancer, for handling concurrent request;Multiport converter is used To solve the problems, such as data exchange between application service;Store the equipment of equipment, server, routing device to constitute cloud service And facility.
System of the invention bring it is following several the utility model has the advantages that 1, to the data of design tool software operation or file into Line trace and retrospect;2, system presses region, and the time, user, the permission of the information such as file decision user's operation file can be with logarithm According to or file carry out authorization control;3, system provides encryption policy abundant, by DES agency service for each encryption Strategy realizes corresponding algorithm, user can by open file, by select different Encryption Algorithm to file or data into Row decryption encryption, encryption policy is abundant, so that the difficulty for cracking data increases;4, the seamless implantation design tool software of the system, It is transparent to user;5, user data and file data will not be lost;6, Cim formatted file supports the upgrading of design tool software; 7, system is inserted into a digital code in design tool software data, and system can be directed to the feature of identification code, there is selection It is that design tool software document is encrypted, bulk encryption is supported, for different identification patterns selectively to difference File carries out bulk encryption operation;8, server end has preferable elasticity using the scheme of multistage storage, supports laterally to expand Exhibition.9, the self-defining cim file format of the system, realizes the principle that model data is isolated with supplemental characteristic in cim format.
Detailed description of the invention
Fig. 1 is secure storage of the present invention and circulation retrospect monitoring system flow chart;
Fig. 2 is secure storage of the present invention and circulation retrospect monitoring system structure chart;
Fig. 3 is secure storage of the present invention and circulation retrospect monitoring system guiding plan;
Fig. 4 is the schematic diagram of DES example and DES agency.
Specific embodiment
The present invention is described in detail with reference to the accompanying drawing.
If Fig. 1 is DES secure storage information tracing system construction drawing of the present invention, BIM of the present invention
Design software secure storage and circulation retrospect monitoring system be one and be integrated with cryptography, informatics, memory technology, The complication system of the communication technology needs multiple component cooperations to constitute.Fig. 2 is the guiding plan for implementing the system, such as Fig. 2 and Fig. 3 institute Show that present system includes BIM design software module and background server.BIM design software module is that load BIM is set in PC machine Software sharing is counted, BIM design software includes Revit, SketchUP, Rhino etc..A DES is embedded in BIM design software Module, DES module belong to local service, are mainly used for monitoring the instant storage request of user, start number after discovery storage request According to encryption and storage capacity, DES module includes DES example and DES agency service, and DES example has several functions as follows: (1) DES example is used for monitoring users data, these data include the file information, user information and location information;(2) it detects immediately The operation behavior for listening user automatically wakes up processing unit, is first turned off the original of design software when finding user's storage file Raw store function;Monitoring technique has used socket as communication bridge, and own encryption is established on this communication bridge Instruction takes anonymous way when monitoring users operation, Active Registration Revit event come to user behavior carry out with Track;(3) it is switched to the storage service of oneself by DES example, and start des encryption logic to be stored into the file of disk into Row encryption;(4) after the completion of finally encrypting, user file is encrypted exclusive format cim and is stored, guarantee user data Safety and user's later period circulate during retrospect.These information can be transferred to background server by DES agency service Data volume is constructed, the tracking and retrospect of design tool software data file are realized.DES agency service is an encryption/decryption Service is to carry out encrypting and decrypting to local file using the algorithm of technical grade encryption standard.DES agency service composition is based on Socket is connected to DES example, including encrypting-decrypting module, and is based on https connection background service, and workflow is to connect Encrypted instruction is received, obtains encryption standard from backstage, encrypting and decrypting is carried out to file according to instruction and encryption standard.By DES reality Example is bundled in an installation procedure with DES agency service, and by this installation procedure, it is soft that the two components are integrated into design In part.
Background server includes load balancing module, message queue module, application cluster module, L2 cache module sum number According to memory module.Wherein load balancing module is suitable for processing concurrent request and sets up, and is divided into hardware and software part, hardware Part is load balancer, is connect by internet with PC machine, software section can be built by cluster Nginx server.
Different application proxies is arranged for different application services in message queue module, since each service can start Multiple application service examples, it is therefore desirable to which multiple Nginx servers service multiple application service examples, are obtained by test data Know, the quantitative proportion of Nginx server and application service example is controlled in 1:8.
Application cluster module is according to the cluster of the application service example of delineation of activities, each application service example represents A certain business scenario needs to resolve into service part several junior units, each unit can as business becomes more sophisticated With by multiple application service example services, application service example include user management, file management, encryption policy, usertracking, The application services example such as Version Control and information filing, the application service example of the part need to rely on a large amount of hardware money Source.It generally refers to constitute the equipment and facility of cloud service, for example calculates service, storage service, message-oriented middleware service etc. Infrastructure is specifically exactly fast storage equipment (such as DFS or NAS), server, routing device, data base administration system System etc..
L2 cache module is to solve the problems, such as data exchange between application service example, and hardware components include multiterminal Mouth converter often uses message queue component, such as RabbitMQ, the portion when implementing to dispose this part Divide and needs to extend its scale according to the quantity of application service example and service type.
Data warehouse module is for storing and obtaining data, mainly by relevant database and non-relational database structure At, relevant database and non-relational database respectively for structural data and unstructured data, it can be used Redis and Couch DB implements relevant database portion to implement non-relational database part, MySql and PostgreSQL Point, it additionally needs to dispose data-interface service acquisition and storing data.
As shown in Figure 1, being to realize peace using BIM design software secure storage of the present invention and circulation retrospect monitoring system below Full storage and circulation retrospect monitoring technology:
S101 is embedded in a DES example in BIM design software, the data listened to is transmitted by DES agency service To background server, communication mode is based on https agreement, and the mode of https safe transmission guarantees data in transmission process It is encryption, DES proxy server is based on socket and is connected to DES example.
S102 constructs data volume using restful api, and in order to support data safely to circulate, system customization stores number According to format be cim, model data has a large amount of vertex information to constitute in cim format, the geometry number of these information configuration files According to needing individually specified file progress to be stored in a manner of binary since vertex information quantity is too many;And parameter Data are made of many descriptive informations, are text datas, are sorted out and from geometric data, and text file such as json is arrived in storage In relevant database, the separation of geological information and parameter information is realized.
S103 modifies the other registration table of operating system grade to make design software identify cim file, while writing cim text Part resolver, by an automation installation procedure triggering connection, cim document parser connects cim file and design software; After the completion of connection, user clicks or drag operation cim file, and this document can be designed software load, the system uses Win32 message mechanism obtains window handle, and cim file is pulled processing logic and is registered to dragging event, and this pulls thing Part is provided by window handle.
S104, in order to obtain the permission of file operation, when a file is opened, DES example can be acted on behalf of actively to DES and be taken Business is presented a paper information, and after DES agency service obtains the file information, combining geographic location information is sent to background service Device after background server receives and parses through these information, the timestamp of this document is obtained further according to the file information, finally by file Information, location information, temporal information are uniformly transferred to permission control service, control one state authorization of service creation by permission Code, and DES example is returned to, system is determined the permission of user's operation file by information such as region, time, user, files, is exceeded Given threshold, then user can not obtain the authorization of requested document;Such as: DES agency service according to the IP of current machine come The geographical location for determining user, has exceeded the threshold value of file affiliated area, then the user can not obtain the authorization of this document;This Outside, file management application Service Instance can control the authorization of file according to the life cycle of file, these are specifically awarded Power mode has static opening, and read-only opening is read-write etc..
S105, Fig. 4 are the schematic diagram of DES example and DES agency, and software installation is in disk, in order to support different add Close decipherment algorithm, system provide encryption policy abundant, these strategies are unified to be provided by background service, and is acted on behalf of by DES Service realizes corresponding algorithm for each encryption policy.User can be by open file, by selecting different encryptions Encryption is decrypted to file in algorithm, these algorithms include but is not limited to following several: rc4-md5, salsa20, chacha20、chacha20-ietf、aes-256-cfb、aes-192-cfb、 aes-128-cfb、aes-256-ctr、aes- 192-ctr、aes-128-ctr、bf-cfb、 camellia-128-cfb、camellia-192-cfb、camellia-256- cfb。
The preservation function that band has permission control is replaced primary preservation function by S106, when user saves file, DES Example can return to a state authorization code according to solicited message to backstage service request permission, server, this authorization code can determine Whether this document can be saved.Background server setting saves permission threshold value, if user saves permission to background request, when User does not save permission, then user should be prompted to lack preservation permission at this time, preservation processing is not carried out later.User can To initiate application authorization, pass through through audit, administrator can be modified by background server and be authorized, so that user obtains storage power Limit, convenient for the generation and flowing monitoring and management to file.
The relevant data of a large number of users will be generated, during using design software in order to which these data are effective Storage, system devise a flexible storage service, and elastic storage service is based on relevant database and non-relational Database, it is extending transversely go out unlimited storage capacity concept.Elastic storage service is broadly divided into three-level: 1.Cache rank, this A rank has mainly cached the user information that design tool software is used;2. persistent storage rank, this rank master Syllabus be so that user data can persistent storage, while can support quick-searching data;3. data warehouse rank, This rank main purpose is archiving user's data, and presses region division data, and the data interchange of each rank interconnects, simultaneously The storage capacity of each rank can be extending transversely, and unified data have been run on the basis of this tertiary storage and have been connect Mouthful, the uniformity of data, integrality, atomicity are realized by these interfaces.
User can generate a large amount of file relevant data during using design software, be used with user data Framework it is similar, which also uses three-level, and extendible technology carrys out extension storage service, and by unified data-interface, The relevant data of accessing file.
In addition, further comprising the steps of, system is inserted into a digital code in design software data, is known by data Other code, system can be directed to the feature of identification code, selectively be encrypted for design software file, and there are many moulds for identification code Formula without the file of identification code, does not then need for example, the file of the identification code of insertion F000 beginning can be encrypted Encryption, the step can carry out bulk encryption for certain files.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.

Claims (10)

1. a kind of BIM design software secure storage and circulation retrospect monitoring technology, it is characterised in that, it the following steps are included:
DES example is inserted into BIM design software, the data listened to are based on https agreement and pass through DES generation by DES Service Instance Server transport is managed to background server;
Background server constructs data volume, and the format of system customization storing data is cim;
By the other registration table of the operating system grade of modification and the cim resolver write, cim file is made to be designed software load;
In background server setting operation permission threshold value, when opening file, DES example is actively presented a paper to DES agency service Information, DES agency service combining geographic location information are sent to background server, and the file information within the set threshold range, obtains Obtain operating right;
Encryption policy is provided by background server, corresponding algorithm is realized for each encryption policy by DES agency service, will beat The file opened carries out encrypting and decrypting;
The preservation function that band has permission control is replaced into the original preservation function of BIM software, saves file, DES example takes to backstage Business device request permissions, server decide whether return state authorization code according to request.
2. secure storage and circulation retrospect monitoring technology according to claim 1, it is characterised in that, it further include by BIM A digital code is inserted into design software data, system is directed to the feature of identification code, selectively adds for design software file It is close or to certain files in batch encrypt.
3. secure storage and circulation retrospect monitoring technology according to claim 1, it is characterised in that, the background server makes With use Restful api construct data volume.
4. secure storage and circulation retrospect monitoring technology according to claim 3, it is characterised in that, the clothes of the storing data Business is elastic storage service, including three-level, Cache rank, persistent storage rank and data warehouse rank.
5. a kind of BIM design software secure storage and circulation retrospect monitoring system, which is characterized in that it includes:
BIM design software module, the BIM design software loaded by PC machine and thereon form;
DES module is used to monitor the instant storage request of user, log-on data encryption and storage capacity after discovery storage request, packet DES example and DES agency service are included, the DES example and DES are integrated into BIM design software;
Load balancing module, for handling concurrent request, including hardware components load balancer and software section pass through cluster The load balancing that Nginx server is built, the hardware components load balancer are loaded by network and BIM design software PC machine connection;
Message queue module, including several application proxies, each application proxy are set for application service in application cluster module Including several Nginx servers, to service multiple application service examples, application proxy corresponds to corresponding in load balancing module Nginx server;
Application service is divided into several application service examples according to business by application cluster module;
L2 cache module, to solve the problems, such as data exchange between application service, hardware components include multiport converter, Software section uses message queue component;
Data warehouse module, for storing and obtaining data.
6. BIM design software secure storage and circulation retrospect monitoring system according to claim 5, it is characterised in that: described Data warehouse module includes relevant database and non-relational database, and disposes data-interface service acquisition and storage number According to.
7. BIM design software secure storage and circulation retrospect monitoring system according to claim 5, it is characterised in that: described Nginx server and the quantitative proportion of application service example in application cluster module are 1:8 in message queue module.
8. BIM design software secure storage and circulation retrospect monitoring system according to claim 5, it is characterised in that: described Message queue component in L2 cache module is RabbitMQ.
9. BIM design software secure storage and circulation retrospect monitoring system according to claim 5, it is characterised in that: described Data warehouse module China-African tie type database is implemented by Redish and Couch DB, relevant database by MySql and PostgreSQL is implemented.
10. a kind of BIM design software secure storage and circulation retrospect monitoring device, which is characterized in that it includes PC machine, is used to add Carry BIM design software;
Load balancer, for handling concurrent request;
Multiport converter, to solve the problems, such as data exchange between application service;
Store the equipment and facility of equipment, server, routing device to constitute cloud service.
CN201910666403.2A 2019-07-23 2019-07-23 BIM design software safety storage and circulation tracing monitoring technology, system and device Active CN110414267B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910666403.2A CN110414267B (en) 2019-07-23 2019-07-23 BIM design software safety storage and circulation tracing monitoring technology, system and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910666403.2A CN110414267B (en) 2019-07-23 2019-07-23 BIM design software safety storage and circulation tracing monitoring technology, system and device

Publications (2)

Publication Number Publication Date
CN110414267A true CN110414267A (en) 2019-11-05
CN110414267B CN110414267B (en) 2023-01-13

Family

ID=68362644

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910666403.2A Active CN110414267B (en) 2019-07-23 2019-07-23 BIM design software safety storage and circulation tracing monitoring technology, system and device

Country Status (1)

Country Link
CN (1) CN110414267B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112131635A (en) * 2020-09-08 2020-12-25 重庆中科建设(集团)有限公司 Method for integrating BIM data into manufacturing operation management system
CN113515728A (en) * 2021-05-18 2021-10-19 北京飞利信电子技术有限公司 Internet of things platform software authorization control system and method based on multistage deployment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110179477A1 (en) * 2005-12-09 2011-07-21 Harris Corporation System including property-based weighted trust score application tokens for access control and related methods
CN104166586A (en) * 2014-09-04 2014-11-26 中南大学 Transparent computing method and transparent computing system based on virtualization technology
CN107294955A (en) * 2017-05-24 2017-10-24 创元网络技术股份有限公司 E-file encrypts middleware managing and control system and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110179477A1 (en) * 2005-12-09 2011-07-21 Harris Corporation System including property-based weighted trust score application tokens for access control and related methods
CN104166586A (en) * 2014-09-04 2014-11-26 中南大学 Transparent computing method and transparent computing system based on virtualization technology
CN107294955A (en) * 2017-05-24 2017-10-24 创元网络技术股份有限公司 E-file encrypts middleware managing and control system and method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112131635A (en) * 2020-09-08 2020-12-25 重庆中科建设(集团)有限公司 Method for integrating BIM data into manufacturing operation management system
CN113515728A (en) * 2021-05-18 2021-10-19 北京飞利信电子技术有限公司 Internet of things platform software authorization control system and method based on multistage deployment
CN113515728B (en) * 2021-05-18 2023-08-04 北京飞利信电子技术有限公司 Internet of things platform software authorization control system and method based on multistage deployment

Also Published As

Publication number Publication date
CN110414267B (en) 2023-01-13

Similar Documents

Publication Publication Date Title
US11055442B2 (en) Secure decentralized system utilizing smart contracts, a blockchain, and/or a distributed file system
CN109243583B (en) Method and equipment for decentralized management of medical image data based on block chain
US10868673B2 (en) Network access control based on distributed ledger
US9912753B2 (en) Cloud storage brokering service
US10050968B2 (en) Method, apparatus, and system for access control of shared data
US7792301B2 (en) Access control and encryption in multi-user systems
CN103198090B (en) For optimizing the method and system of the storage distribution in virtual desktop environment
US10223506B2 (en) Self-destructing files in an object storage system
JP4996757B1 (en) Secret sharing system, apparatus and program
CN109858258A (en) Government data based on block chain exchanges method and device
Shakarami et al. Data replication schemes in cloud computing: a survey
US11032062B2 (en) Data processing permits system with keys
CN113711536A (en) Extracting data from a blockchain network
CN103959264A (en) Managing redundant immutable files using deduplication in storage clouds
US20150006893A1 (en) Topic protection policy for publish-subscribe messaging system
CN108520183A (en) A kind of date storage method and device
US11374908B2 (en) Private virtual network replication of cloud databases
CN107211049A (en) Pre-cache on WAP
CN112835977A (en) Database management method and system based on block chain
CN108446976A (en) A kind of common reserve fund transfer method, computer readable storage medium and terminal device
CN110414267A (en) BIM design software secure storage and circulation retrospect monitoring technology, system and device
JP2023520212A (en) Privacy-centric data security in cloud environments
CN107302524A (en) A kind of ciphertext data-sharing systems under cloud computing environment
Liu et al. A consortium medical blockchain data storage and sharing model based on ipfs
CN111625843A (en) Data transparent encryption and decryption system suitable for big data platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240403

Address after: Building A, Desheng Kaixuan Building, No. 36 Deshengmenwai Street, Xicheng District, Beijing, 100032

Patentee after: China Construction Technology Group Limited by Share Ltd.

Country or region after: China

Address before: 430056 Room 1, 10th Floor, Building E4, Phase I Project of Huahua Huihe Science Park (Huazhong Zhigu), Wuhan Economic and Technological Development Zone, Wuhan, Hubei Province

Patentee before: China Digital Technology Co.,Ltd.

Country or region before: China