CN112906027A - Cloud computing data center access management method - Google Patents
Cloud computing data center access management method Download PDFInfo
- Publication number
- CN112906027A CN112906027A CN202110241200.6A CN202110241200A CN112906027A CN 112906027 A CN112906027 A CN 112906027A CN 202110241200 A CN202110241200 A CN 202110241200A CN 112906027 A CN112906027 A CN 112906027A
- Authority
- CN
- China
- Prior art keywords
- client
- data
- information
- cloud computing
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000007726 management method Methods 0.000 title claims abstract description 27
- 238000000034 method Methods 0.000 claims abstract description 23
- 238000012795 verification Methods 0.000 claims abstract description 19
- 238000012797 qualification Methods 0.000 claims abstract description 4
- 238000012544 monitoring process Methods 0.000 claims description 9
- 230000000903 blocking effect Effects 0.000 claims description 3
- 238000001514 detection method Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 4
- 238000012790 confirmation Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013523 data management Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention discloses a cloud computing data center access management method, which relates to the technical field of information access and comprises the following steps: the method comprises the following steps that firstly, a request is made for accessing a data center, and the cloud computing center performs identity verification on a client making the request to ensure that the identity has the qualification for accessing the cloud computing center; and step two, sending a resource target to be searched to the cloud computing system through the local server, and comparing resources of the local data center. The invention adopts digital signature, and then secondary determination is carried out on the account holder through the mobile phone short message, if the account is logged in by a foreign person, the account holder can also block the account through the mobile phone, so as to prevent the loss of the account information, the invention has the characteristic of carrying out personnel determination on the account which is logged in by the account holder, solves the problem that the information is lost because the account is not determined to be logged in by the person when information is transmitted, and achieves the effect that the account holder can search the information from diversification.
Description
Technical Field
The invention relates to a computing center access management method, relates to the technical field of information access, and particularly relates to a cloud computing data center access management method.
Background
The access control technology realizes the requirement of shared data management of the system by defining the access authority of a subject of the system to an object, and well prevents the stealing and the damage of information, particularly confidential information.
The following problems exist in the prior art:
1. when the existing account is modified, the password is usually adopted, and the password is easy to leak out, which can cause the problem that the client information is leaked out;
2. when the traditional account is logged in, a user who logs in cannot be determined to be the owner, and the user may be maliciously logged in by other people, so that the problems of economy and information leakage are caused to the owner.
Disclosure of Invention
The invention provides a cloud computing data center access management method, which aims to have the characteristic of carrying out multi-aspect safety guarantee on account numbers of a user owner and solve the problem of information leakage caused by single access to a data center; the other purpose is to solve the problem that the user can not determine whether to log in himself or not when information is transmitted, so that information is lost, and the effect that the user can search the information of the data in a diversified manner is achieved.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows:
a cloud computing data center access management method comprises the following steps:
step one, a request is made for accessing the data center, and the cloud computing center performs identity verification on the client making the request, so that the identity is guaranteed to have the qualification for accessing the cloud computing center.
And step two, sending a resource target to be searched to the cloud computing system through the local server, and comparing resources of the local data center.
And step three, after data comparison, sorting the data meeting the requirements of the client, and displaying the resource information in front of the client.
The technical scheme of the invention is further improved as follows: the process of the first step further comprises the following steps: and the client performs identity verification on the client through the security password, accesses the client after the verification is successful, and performs cloud computing resource tilting on the client through the local server.
The customer identity verification comprises: and calling customer attribute information of data center attributes in the local and cloud computing systems, wherein the attribute information comprises identification information of the customer, and the identification information provided by logging in the terminal is compared with the attribute information in the local and cloud computing systems, and if the identification information is the same, the identification information passes authentication.
If the identity information is not in accordance with the information in the local cloud computing system, a safety password set during registration can be provided, if the password is correct, information can be modified through the password, if the password is incorrect, information access is refused, if the client needs to be continuously accessed, personal identity information and a mobile phone number reserved during registration need to be provided, and original information is rechecked.
When the client accesses information, the client needs to pay attention to the current access environment of the client, if the current operating environment meets the preset conditions, the information access or the number of people currently accessing can be performed, and when the number conditions are met, authorized access to the information can be performed.
The technical scheme of the invention is further improved as follows: the process of the second step further comprises the following steps: when the client accesses system data, the client can be divided into a private secure client and a public client for access.
The private client is a mobile client of the mobile phone, the mobile phone client accesses the cloud computing client by adopting a private account and a private APP, required resources are encrypted and transmitted to the PC port, and then the received information resources are decrypted through the PC port.
The public client is a PC port of a computer, and the public information resources are collected on the computer, and the collected resources are sent to the mobile client of the mobile phone through encryption.
And if the target resource required by the client is found, the information of the target of the client is transferred through a central system of the cloud computing center and the local server, and the client is authorized to access.
And when the searched local data center does not have the corresponding target resource of the access request, establishing the required target data center for data authorized access through the data center of the local data center and the interior of the cloud computing system.
The technical scheme of the invention is further improved as follows: the process of the third step further comprises: the data required by the client in the cloud computing system is compared with the data in the local client, useless or repeated data in the cloud computing system are removed, and the data are encrypted and then sent to the client.
And copying the extracted data, and respectively storing the copied data in a local client and a cloud computing client for subsequent clients to search the data.
The technical scheme of the invention is further improved as follows: the process of the first step further comprises the following steps: when the customer modifies the account password security, the security module receives the request of the customer, and sends the received request to the monitoring management module to process the request of the customer.
When the request of the client is processed, real-name authentication and digital signature authentication are carried out on the client through a secure information channel of the network, the secure information of the client is changed through the cloud after the signature authentication, and the changed information is stored by matching with the local client.
And when the security authentication and the signature authentication are carried out in the later period, the authentication is the same as the previous authentication, the security authentication can be passed, if the authentication is different from the previous authentication, three opportunities are provided for the authentication, the current account is sent to the monitoring management module, an alarm is given to the monitoring management module, the current account is blocked after the three opportunities are met, the account needs to be unlocked, personal identity information needs to be provided to the customer service center for unfreezing, and if the provided information is not consistent, the account is permanently blocked.
The technical scheme of the invention is further improved as follows: the process of the first step further comprises the following steps: if the digital signature is successful, a short message with successful authentication is sent to the mobile phone of the user, and the short message is sent for confirmation, the accuracy of the digital signature is denied if the mobile phone is not confirmed through the request, and a warning is sent to a service module with safe access, if the same operation is repeated for multiple times, the service of the account is stopped, the data request of the account is forbidden, and the data of the account is checked.
After the signature is successful, the account number is successfully confirmed, the security module sends corresponding data to the internal signature verification and encryption module, the internal signature verification and encryption module verifies the signature of the data through the cloud computing system, the data is sent to the security front-end module in a matching mode of being matched with the encryption module, otherwise, a signal is sent to the security front-end to block the data, the data request of the data to the corresponding module is forbidden, and after the data of the account number is unlocked in the later period, the data is replied through a local client.
The technical scheme of the invention is further improved as follows: the process of the first step further comprises the following steps: and checking the data of the user to ensure the integrity of the data, checking the validity and the fairness of the digital signature, blocking a signal to the security client if the detection fails, contacting the user through customer service, and solving the problem.
Due to the adoption of the technical scheme, compared with the prior art, the invention has the technical progress that:
1. the invention provides a cloud computing data center access management method, which is characterized in that a householder performs safety protection on the safety of an account number through digital signature, and determines the identity of the householder through the signature, has the characteristic of performing multi-aspect safety guarantee on the account number of the householder, solves the problem of information leakage when the householder accesses a data center in a single mode, and achieves the effect of performing diversified authentication on the login of the householder.
2. The invention provides a cloud computing data center access management method, which adopts a digital signature, secondarily determines a householder through a mobile phone short message, if the householder logs in an account by outsiders, the householder can also block the account through a mobile phone, so as to prevent the loss of account information, has the characteristic of determining personnel of the account logged in by the householder, solves the problem that the information is lost because the householder cannot determine whether to log in by himself or herself when information is transmitted, and achieves the effect that the householder can search information from diversification.
Detailed Description
The present invention will be described in further detail with reference to the following examples:
example 1
The invention provides a cloud computing data center access management method, which comprises the following steps:
step one, a request is made for accessing the data center, and the cloud computing center performs identity verification on the client making the request, so that the identity is guaranteed to have the qualification for accessing the cloud computing center.
And step two, sending a resource target to be searched to the cloud computing system through the local server, and comparing resources of the local data center.
And step three, after data comparison, sorting the data meeting the requirements of the client, and displaying the resource information in front of the client.
The process of the first step further comprises the following steps: and the client performs identity verification on the client through the security password, accesses the client after the verification is successful, and performs cloud computing resource tilting on the client through the local server.
The customer identity verification comprises: and calling customer attribute information of data center attributes in the local and cloud computing systems, wherein the attribute information comprises identification information of the customer, and the identification information provided by logging in the terminal is compared with the attribute information in the local and cloud computing systems, and if the identification information is the same, the identification information passes authentication.
If the identity information is not in accordance with the information in the local cloud computing system, a safety password set during registration can be provided, if the password is correct, information can be modified through the password, if the password is incorrect, information access is refused, if the client needs to be continuously accessed, personal identity information and a mobile phone number reserved during registration need to be provided, and original information is rechecked.
When the client accesses information, the client needs to pay attention to the current access environment of the client, if the current operating environment meets the preset conditions, the information access or the number of people currently accessing can be performed, and when the number conditions are met, authorized access to the information can be performed.
The process of the second step further comprises the following steps: when the client accesses system data, the client can be divided into a private secure client and a public client for access.
The private client is a mobile client of the mobile phone, the mobile phone client accesses the cloud computing client by adopting a private account and a private APP, required resources are encrypted and transmitted to the PC port, and then the received information resources are decrypted through the PC port.
The process of the third step further comprises: the data required by the client in the cloud computing system is compared with the data in the local client, useless or repeated data in the cloud computing system are removed, and the data are encrypted and then sent to the client.
And copying the extracted data, and respectively storing the copied data in a local client and a cloud computing client for subsequent clients to search the data.
The public client is a PC port of a computer, and the public information resources are collected on the computer, and the collected resources are sent to the mobile client of the mobile phone through encryption.
And if the target resource required by the client is found, the information of the target of the client is transferred through a central system of the cloud computing center and the local server, and the client is authorized to access.
And when the searched local data center does not have the corresponding target resource of the access request, establishing the required target data center for data authorized access through the data center of the local data center and the interior of the cloud computing system.
In the embodiment, when the user logs in from any client, the user is authenticated by information, identity and short message service, the user is ensured to be the user himself, the information required by the user is protected by encryption, and the economic loss of the user is prevented from being caused by the fact that the information of the user is leaked out.
In this embodiment, preferably, the process of the first step further includes: and checking the data of the user to ensure the integrity of the data, checking the validity and the fairness of the digital signature, blocking a signal to the security client if the detection fails, contacting the user through customer service, and solving the problem.
Example 2
On the basis of embodiment 1, the invention provides a technical scheme that: preferably, the process of the first step further includes: when the customer modifies the account password security, the security module receives the request of the customer, and sends the received request to the monitoring management module to process the request of the customer.
When the request of the client is processed, real-name authentication and digital signature authentication are carried out on the client through a secure information channel of the network, the secure information of the client is changed through the cloud after the signature authentication, and the changed information is stored by matching with the local client.
And when the security authentication and the signature authentication are carried out in the later period, the authentication is the same as the previous authentication, the security authentication can be passed, if the authentication is different from the previous authentication, three opportunities are provided for the authentication, the current account is sent to the monitoring management module, an alarm is given to the monitoring management module, the current account is blocked after the three opportunities are met, the account needs to be unlocked, personal identity information needs to be provided to the customer service center for unfreezing, and if the provided information is not consistent, the account is permanently blocked.
In this embodiment, the digital signature and real-name authentication of the cloud computer of the user owner are protected.
Example 3
On the basis of embodiment 1, the invention provides a technical scheme that: preferably, the process of the first step further includes: if the digital signature is successful, a short message with successful authentication is sent to the mobile phone of the user, and the short message is sent for confirmation, the accuracy of the digital signature is denied if the mobile phone is not confirmed through the request, and a warning is sent to a service module with safe access, if the same operation is repeated for multiple times, the service of the account is stopped, the data request of the account is forbidden, and the data of the account is checked.
After the signature is successful, the account number is successfully confirmed, the security module sends corresponding data to the internal signature verification and encryption module, the internal signature verification and encryption module verifies the signature of the data through the cloud computing system, the data is sent to the security front-end module in a matching mode of being matched with the encryption module, otherwise, a signal is sent to the security front-end to block the data, the data request of the data to the corresponding module is forbidden, and after the data of the account number is unlocked in the later period, the data is replied through a local client.
In the embodiment, personnel determination is carried out on the account number logged in by the user owner, and the problem that whether the user logs in by himself or herself cannot be determined when information is transferred is solved, so that information loss is caused, and the user owner can search data information in a diversified mode.
The present invention has been described in general terms in the foregoing, but it will be apparent to those skilled in the art that modifications and improvements can be made thereto based on the present invention. Therefore, modifications or improvements are within the scope of the invention without departing from the spirit of the inventive concept.
Claims (7)
1. A cloud computing data center access management method is characterized in that: the cloud computing data center access management method comprises the following steps:
the method comprises the following steps that firstly, a request is made for accessing a data center, and the cloud computing center performs identity verification on a client making the request to ensure that the identity has the qualification for accessing the cloud computing center;
sending a resource target to be searched to the cloud computing system through the local server, and comparing resources of the local data center;
and step three, after data comparison, sorting the data meeting the requirements of the client, and displaying the resource information in front of the client.
2. The cloud computing data center access management method according to claim 1, wherein: the process of the first step further comprises the following steps: the client performs identity verification on the client through the security password, accesses the client after the verification is successful, and performs cloud computing resource tilting on the client through the local server;
the customer identity verification comprises: calling customer attribute information of data center attributes in a local and cloud computing system, wherein the attribute information comprises identity identification information of a customer, and comparing the identity information provided by logging in a terminal with the attribute information in the local and cloud computing systems, if the identity information is the same, the identity information passes identity authentication;
if the identity information is not in accordance with the information in the local cloud computing system, a safety password set during registration can be provided, if the password is correct, information can be modified through the password, if the password is incorrect, information access is refused, if the client needs to be continuously accessed, personal identity information and a mobile phone number reserved during registration need to be provided, and original information is rechecked;
when the client accesses information, the client needs to pay attention to the current access environment of the client, if the current operating environment meets the preset conditions, the information access or the number of people currently accessing can be performed, and when the number conditions are met, authorized access to the information can be performed.
3. The cloud computing data center access management method according to claim 1, wherein: the process of the second step further comprises the following steps: when the client accesses system data, the client can be divided into a private safe client and a public client for accessing;
the private client is a mobile client of the mobile phone, the mobile phone clients all adopt private accounts and private APP to perform cloud computing client access, encrypt and transmit required resources to a PC port, and decrypt the received information resources through the PC port;
the public client is a PC port of a computer, and the public information resources are collected on the computer and sent to the mobile client of the mobile phone by encryption;
if the target resource required by the client is found, the information of the target of the client is transferred through a central system of the cloud computing center and a local server, and the client is authorized to access;
and when the searched local data center does not have the corresponding target resource of the access request, establishing the required target data center for data authorized access through the data center of the local data center and the interior of the cloud computing system.
4. The cloud computing data center access management method according to claim 1, wherein: the process of the third step further comprises: comparing the data required by the client in the cloud computing system with the data in the local client, eliminating useless or repeated data in the cloud computing system, encrypting the data and sending the encrypted data to the hand of the client;
and copying the extracted data, and respectively storing the copied data in a local client and a cloud computing client for subsequent clients to search the data.
5. The cloud computing data center access management method according to claim 2, wherein: the process of the first step further comprises the following steps: when the customer modifies the account password security, the security module receives the request of the customer, sends the received request to the monitoring management module and processes the request of the customer;
when the request of the client is processed, real-name authentication and digital signature authentication are carried out on the client through a security information channel of the network, the security information of the client is changed through the cloud after the signature authentication, and the changed information is stored by matching with the local client;
and when the security authentication and the signature authentication are carried out in the later period, the authentication is the same as the previous authentication, the security authentication can be passed, if the authentication is different from the previous authentication, three opportunities are provided for the authentication, the current account is sent to the monitoring management module, an alarm is given to the monitoring management module, the current account is blocked after the three opportunities are met, the account needs to be unlocked, personal identity information needs to be provided to the customer service center for unfreezing, and if the provided information is not consistent, the account is permanently blocked.
6. The cloud computing data center access management method according to claim 5, wherein: the process of the first step further comprises the following steps: if the digital signature is successful, sending a short message with successful authentication to the mobile phone of the user, and determining through the short message sending, then through the request, if the mobile phone is not determined, denying the accuracy of the digital signature, and sending a warning to a service module with safe access, if the same operation is repeated for multiple times, stopping the service of the account, prohibiting the data request of the account, and checking the data of the account;
after the signature is successful, the account number is successfully confirmed, the security module sends corresponding data to the internal signature verification and encryption module, the internal signature verification and encryption module verifies the signature of the data through the cloud computing system, the data is sent to the security front-end module in a matching mode of being matched with the encryption module, otherwise, a signal is sent to the security front-end to block the data, the data request of the data to the corresponding module is forbidden, and after the data of the account number is unlocked in the later period, the data is replied through a local client.
7. The cloud computing data center access management method according to claim 6, wherein: the process of the first step further comprises the following steps: and checking the data of the user to ensure the integrity of the data, checking the validity and the fairness of the digital signature, blocking a signal to the security client if the detection fails, contacting the user through customer service, and solving the problem.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110241200.6A CN112906027A (en) | 2021-03-04 | 2021-03-04 | Cloud computing data center access management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110241200.6A CN112906027A (en) | 2021-03-04 | 2021-03-04 | Cloud computing data center access management method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112906027A true CN112906027A (en) | 2021-06-04 |
Family
ID=76107674
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110241200.6A Withdrawn CN112906027A (en) | 2021-03-04 | 2021-03-04 | Cloud computing data center access management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112906027A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114826746A (en) * | 2022-04-28 | 2022-07-29 | 济南浪潮数据技术有限公司 | Cloud platform identity authentication method, device and medium |
-
2021
- 2021-03-04 CN CN202110241200.6A patent/CN112906027A/en not_active Withdrawn
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114826746A (en) * | 2022-04-28 | 2022-07-29 | 济南浪潮数据技术有限公司 | Cloud platform identity authentication method, device and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9578025B2 (en) | Mobile network-based multi-factor authentication | |
| CN106888084B (en) | Quantum fort machine system and authentication method thereof | |
| US5056140A (en) | Communication security accessing system and process | |
| WO2020000786A1 (en) | Voting method and apparatus, and computer device and computer readable storage medium | |
| CN107231346A (en) | A kind of method of cloud platform identification | |
| CN106302328B (en) | Sensitive user data processing system and method | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| CN102215221A (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
| US20210352101A1 (en) | Algorithmic packet-based defense against distributed denial of service | |
| GB2516939A (en) | Access authorisation system and secure data communications system | |
| CN114553540A (en) | Zero-trust-based Internet of things system, data access method, device and medium | |
| CN109936555A (en) | A kind of date storage method based on cloud platform, apparatus and system | |
| US8752157B2 (en) | Method and apparatus for third party session validation | |
| CN113473458A (en) | Equipment access method, data transmission method and computer readable storage medium | |
| CN108667800B (en) | Access authority authentication method and device | |
| CN112272089B (en) | Cloud host login method, device, equipment and computer readable storage medium | |
| CN112906027A (en) | Cloud computing data center access management method | |
| CN111538973A (en) | Personal authorization access control system based on state cryptographic algorithm | |
| KR20110128371A (en) | Mobile authentication system and central control system, and the method of operating them for mobile clients | |
| US11853443B1 (en) | Systems and methods for providing role-based access control to web services using mirrored, secluded web instances | |
| CN105743883B (en) | A kind of the identity attribute acquisition methods and device of network application | |
| KR102355708B1 (en) | Method for processing request based on user authentication using blockchain key and system applying same | |
| CN113468591A (en) | Data access method, system, electronic device and computer readable storage medium | |
| CN110233859B (en) | Novel wind control method and wind control system | |
| CN112818326A (en) | USB device permission determining method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20210604 |