CN115396496A - Tenant cryptographic service session affinity method, system, medium and device in cloud environment - Google Patents
Tenant cryptographic service session affinity method, system, medium and device in cloud environment Download PDFInfo
- Publication number
- CN115396496A CN115396496A CN202211322274.3A CN202211322274A CN115396496A CN 115396496 A CN115396496 A CN 115396496A CN 202211322274 A CN202211322274 A CN 202211322274A CN 115396496 A CN115396496 A CN 115396496A
- Authority
- CN
- China
- Prior art keywords
- service
- password
- cryptographic
- cipher
- micro
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
- H04L67/1023—Server selection for load balancing based on a hash applied to IP addresses or costs
Abstract
The invention discloses a tenant password service session affinity method, a system, a medium and equipment in a cloud environment, wherein the system comprises a password application SDK, a password service gateway, a password micro-service and server password machine; the server cipher machine and the cipher micro-service are in one-to-one binding relationship; and the password application SDK is in communication connection with the server cipher machine through the password service gateway and the password microservice in sequence. The invention relates the context of the cryptographic operation performed by the tenant by using the cryptographic service and the process of opening the session, and solves the problems that multiple requests of the cryptographic operation service for the same session are randomly scheduled and the load balance cannot be performed.
Description
Technical Field
The invention relates to the technical field of key management, in particular to a tenant cryptographic service session affinity method, a system, a medium and equipment in a cloud environment.
Background
The password is an important component of a network space security system, and is a 'gene' and a key technology of a network space security and trust mechanism. The construction of traditional password application needs to introduce various password devices and password products with different types and a large number to interface various password application services. The direct consequence of this traditional cryptographic application building model is: the equipment is distributed and deployed and is difficult to manage; the password application docking integration is complex; lack of intensive use and scheduling of cryptographic resources; not adapted to a cloud computing environment; the password service lacks quantification, the password application lacks supervision, and the requirements of compliance construction are difficult to meet.
In order to solve the problems, a cloud password service technology is promoted, various password devices are integrated, and password services which are managed in a unified mode and are convenient to use are provided for users through flexible multi-mode service aggregation capability.
In a cloud password service scenario, a traditional password device mode is no longer applicable, because in the traditional mode, a user of the password device is changed from a device owner to a service renter, and various requirements of multi-tenant such as isolation, authentication, current limiting and the like need to be met. Therefore, the industry standard GMT 0104-2021 cloud server cipher machine technical specification of the cloud server cipher machine recommends using http protocol to provide service, and the invention also uses http as a transmission protocol.
In a cloud password service scene, service resources can be provided for a plurality of tenants for use, the tenants pay for purchasing one or more service resources and establish password applications on the basis of the service resources, when most applications use the password services, the operation is not completed at one time, but a plurality of steps of session opening, operation executing, session closing and the like are provided, the steps have context association relations, servers providing the password operation for the same context must be always the same, otherwise, the context states must be synchronized before a plurality of servers, the time consumption of server synchronization waiting is too long due to the context state synchronization, and the performance is seriously influenced in a high concurrency scene. Another idea is to use a session affinity mechanism to ensure that the back-end resources that provide the service are the same when using the same context. Meanwhile, the performance of service resources in a cloud password service scene is not balanced, and due to the large performance difference of password equipment, in order to fully utilize the password equipment resources, a method or a system is needed to ensure that both session affinity and weighted load balance can be realized.
Disclosure of Invention
Therefore, the technical problem to be solved by the present invention is to provide a method, a system, a medium, and a device for tenant cryptographic service session affinity in a cloud environment, in which a context for a tenant to use a cryptographic service to perform cryptographic operation and a process for opening a session are associated, thereby solving the problems that multiple requests of the cryptographic operation service for the same session are randomly scheduled and load balancing cannot be performed.
In order to solve the technical problems, the invention provides the following technical scheme:
the tenant password service affinity method in the cloud environment comprises the following steps:
s1) importing a password micro-service unit through a password service gatewayAddress information ofAnd setting a password micro-service unitWeight of (2)Wherein, in the process,=0,1,2,3,…n;
s2) the cryptographic service gateway receives the SDK from the cryptographic application m Obtaining a cookie request according to the weightThe size of the password micro-service unit is random toInitiating weight polling, wherein m is an integer greater than zero; wherein the weight isThe probability of the large password micro-service unit obtaining the weight polling is higher, and the weight polling is carried outThe probability that a small cryptographic microserver will obtain a weighted poll is small, i.e., the weight is weightedThe large password micro-service unit has a high probability of preferentially obtaining the weight polling;
s3) when the weight polling of the password service gateway is received, the password micro-service unitFirst generation with address informationAnd a time stampInformation of (2)Then according to the informationGenerate a correspondingThen will beFeeding back to the cryptographic service gateway, wherein,containing address informationAnd a time stampTime stampFor polled cryptographic microservicesA point in time at which a response is made;
S5) cryptographic application SDK m Issuing a challenge to a cryptographic service gatewayCryptographic service request, cryptographic service gateway resolutionObtaining address informationThen through the password micro service unitServer cipher machine for initiating cipher service callApplying SDK for cryptography m Providing a cryptographic service; wherein, the server cipher machineWith password micro-service unitAnd (4) correspondingly.
In the tenant password service affinity method in the cloud environment, in step S5), the password applies the SDK m The number of the password service requests sent to the password service gateway at the same time is more than or equal to 1; when simultaneously issuing a cryptographic service requestAt numbers greater than 1, each cryptographic service request carries a unique cookie.
According to the tenant password service affinity method in the cloud environment, before the password service call session is initiated, the password applies the SDK m The cookie is retrieved once again.
In step S5), the tenant password service affinity method in the cloud environment specifically includes:
s5-1) cryptographic application SDK m Issuing a challenge to a cryptographic service gatewayOpen password service call session request;
s5-2) cipher service gateway resolutionObtaining address informationAnd forwards the request for opening the cryptographic service call session to the address informationCorresponding cipher micro service unit;
S5-3) cipher micro-service unitResponsive to opening the cryptographic service invocation session, the cryptographic microserver unit upon allowing the cryptographic service invocation session to be openedExecution opening and server cipher machineA cryptographic service session therebetween;
s5-4) obtaining the password micro-service unitAfter allowing the response of the cryptographic service invocation session to open, the cryptographic application SDK m Issuing a challenge to a cryptographic service gatewayTo invoke cryptographic services;
s5-5) cipher service gateway parsingObtaining address informationAnd forwards the cryptographic operation request to the address informationCorresponding cipher micro-service unit;
S5-6) password micro-service unitConverting the http or https request in the cryptographic operation request into a custom protocol and sending the custom protocol to the server cryptographic engineInitiating a cryptographic operation request;
s5-7) server cipher machineAfter receiving the password operation request, the password operation is carried out and the operation result is returned to the password micro-service unitMicro serviceUnit cellReturning the operation result to the SDK of the password application through the password service gateway m 。
In the tenant password service affinity method in the cloud environment, in step S5-3), when the password service call session is allowed to be opened, the tenant password service affinity method in the cloud environment is to be used for providing a password service call sessionOne-to-one binding with a handle to a cryptographic service call session and use in cryptographic operation requestsA handle to a cryptographic service call session.
The tenant password service affinity method in the cloud environment is used when the password operation service is calledA handle to the cryptographic service call session to confirm and distinguish the issuer calling the cryptographic operation service.
Tenant cipher service session affinity system in cloud environment, including:
the password application SDK is used for providing a dynamic function library example for a cloud password service manufacturer and is responsible for converting input parameters into http or https calls for password services;
the password service gateway is a general entrance of the cloud password service and is responsible for processing transmission flow, wherein the processing comprises authentication, current limiting and load balancing;
the password microservice is used for providing a service instance of http or https operation and is responsible for converting parameters in an http or https request into parameters required by a server password machine standard function interface library;
the server cipher machine is a cipher module for really providing cipher operation and is responsible for providing hardware-level hardware operation capability for the cloud cipher service; the server cipher machine and the cipher micro-service are in one-to-one binding relationship;
and the password application SDK is in communication connection with the server cipher machine through the password service gateway and the password micro-service in sequence.
A computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the tenant cryptographic service affinity method in a cloud environment described above.
The computer device comprises a readable storage medium, a processor and a computer program which is stored on the readable storage medium and can run on the processor, and when the computer program is executed by the processor, the computer program realizes the tenant cryptographic service affinity method in the cloud environment.
The technical scheme of the invention achieves the following beneficial technical effects:
1. supporting a specified service weight;
2. the performance is extremely high, the traditional cookie scheme uses a consistent hash algorithm to determine the back-end service, the digest operation needs to be carried out on the cookie, then the back-end service is selected by using the algorithm, the ip address is directly analyzed from the cookie, and the performance is obviously improved;
3. when the service instance is newly added, part of normally operated services can be loaded on the new service instance to cause service errors.
Drawings
FIG. 1 is a working schematic diagram of a tenant cryptographic service session affinity system in a cloud environment according to the present invention;
FIG. 2 is a flow diagram of a cryptographic service call using a tenant cryptographic service session affinity system in a cloud environment;
FIG. 3 is a flow chart of cookie retrieval in the present invention;
FIG. 4 is a flow chart of the use of the get cookie of FIG. 3;
FIG. 5 is a flow chart of a cryptographic service based on a session affinity method of a tenant cryptographic service in a cloud environment;
FIG. 6 is another flow chart of a cryptographic service based on a session affinity method of a tenant cryptographic service in a cloud environment;
FIG. 7 is a schematic diagram of a tenant application invoking a cryptographic service logic interface;
fig. 8 is a schematic diagram of a computer device capable of performing session affinity processing of tenant cryptographic services in a cloud environment according to the present invention.
Detailed Description
The present invention is further described below with reference to examples.
As shown in fig. 1, the tenant cryptographic service session affinity system in the cloud environment includes a cryptographic application SDK, a cryptographic service gateway, a cryptographic micro-service and a server cryptographic engine, the cryptographic application SDK is in communication connection with the server cryptographic engine sequentially through the cryptographic service gateway and the cryptographic micro-service, and the server cryptographic engine and the cryptographic micro-service are in a one-to-one binding relationship. In the actual application process, the server cryptographic machine can be replaced by other cryptographic devices, such as a signature verification server, a timestamp server, a virtual server cryptographic machine and the like.
The password application SDK is a dynamic function library instance provided by a cloud password service manufacturer and is responsible for converting input parameters into http or https calls for the password service; the cloud password service gateway is a main inlet of the cloud password service and is responsible for processing transmission flow, wherein the processing comprises authentication, flow limitation and load balancing; the password microservice is used for providing a service instance for http or https operation and is responsible for converting parameters in an http or https request into parameters required by a server password machine standard function interface library; and the server cipher machine is a cipher module for really providing cipher operation and is responsible for providing hardware-level hardware operation capability for the cloud cipher service. In fig. 1, arrow 1 indicates a service call of the cryptographic application SDK1, and arrow 2 indicates a service application of the cryptographic application SDK 2.
As shown in fig. 2, when the cryptographic application SDK calls the cryptographic service, the present invention first obtains the cookie, opens the cryptographic service call session, then executes the cryptographic operation by the server cryptographic engine and returns the operation result, and then closes the cryptographic service call session. Fig. 2 shows only two threads, and in the case of a plurality of threads, the processing flow of the cryptographic application SDK is completely the same as that of the two threads.
As shown in fig. 3 and 4, the cryptographic application SDK obtains a cookie containing an IP address of a device providing cryptographic service or a proxy device and uses the cookie to complete cryptographic service invocation in a cryptographic service invocation process, thereby implementing cryptographic service session affinity, and the specific steps are as follows:
s1) importing the password micro-service unit through the password service gatewayAddress information ofAnd setting a password micro-service unitWeight of (2)Wherein, in the process,=0,1,2,3, \8230n; wherein, the password micro-service unitExpressed as the first of n cryptographic micro-service unitsA password micro-service unit;
s2) the cryptographic service gateway receives the SDK from the cryptographic application m Obtain a cookie request by weightRandom cipher micro service unitInitiating weight polling, wherein m is an integer greater than zero;
s3) upon receiving the secretWhen the weight of the code service gateway is polled, the password micro service unitFirst generation with address informationAnd a time stampInformation of (2)Then according to the informationGenerate a correspondingThen will beFeeding back to the cryptographic service gateway, wherein,containing address informationAnd a time stampTime stampAs polled cryptographic microservicesA point in time at which a response is made;
S5) cryptographic application SDK m Issuing a challenge to a cryptographic service gatewayCryptographic service request, cryptographic service gateway resolutionObtaining address informationThen through the password micro-service unitInitiate cryptographic service call, server cryptographic engineApplying SDK for cryptography m Providing a cryptographic service; wherein, the server cipher machineWith password micro-service unitCorresponding; cryptographic application SDK m The specific operation of invoking the cryptographic service comprises the following steps:
s5-1) cryptographic application SDK m Issuing a challenge to a cryptographic service gatewayOpen password service call session request;
s5-2) cipher service gateway resolutionObtaining address informationAnd forwards the request for opening the cryptographic service call session to the address informationCorresponding cipher micro-service unit;
S5-3) cipher micro-service unitResponsive to opening the cryptographic service invocation session, the cryptographic microserver unit upon allowing the cryptographic service invocation session to be openedExecution opening and server cipher machineA cryptographic service session therebetween; when a cryptographic service call session is allowed to open, it willOne-to-one binding with a handle to a cryptographic service call session and use in cryptographic operation requestsA handle to a cryptographic service call session;
s5-4) obtaining the password micro service unitAfter allowing a response to open the cryptographic service invocation session, the cryptographic application SDK m Issuing a challenge to a cryptographic service gatewayTo invoke cryptographic services;
s5-5) cipher service gateway resolutionObtaining address informationAnd forwards the cryptographic operation request to the address informationCorresponding cipher micro-service unit;
S5-6) password micro-service unitConverting the http or https request in the cryptographic operation request into a custom protocol and sending the custom protocol to the server cryptographic engineInitiating a cryptographic operation request;
s5-7) server cipher machineAfter receiving the password operation request, the password operation is carried out and the operation result is returned to the password micro-service unitMicro service unitReturning the operation result to the SDK of the password application through the password service gateway m . Use in invoking cryptographic operation servicesA handle to the cryptographic service call session to confirm and distinguish the issuer calling the cryptographic operation service.
In this embodiment, in the stepS5), the code applies SDK m The number of the password service requests sent to the password service gateway at the same time is more than or equal to 1; when the number of the simultaneously sent password service requests is more than 1, each password service request is provided with a unique cookie. And each time before initiating a cryptographic service invocation session, the cryptographic application SDK m The cookie is retrieved once again. In one cryptographic service call session, multiple cryptographic service requests can be initiated, and the cookies used by the cryptographic service requests initiated in the same cryptographic service call session are the same cookie. Fig. 5 and fig. 6 show the whole process of the cryptographic application SDK invoking cryptographic service in the present invention, where the process shown in fig. 5 uses a cryptographic micro-service unit to perform protocol conversion, and the process shown in fig. 6 uses a protocol conversion server to perform protocol conversion. As can be seen from the combination of the two flowcharts shown in FIG. 5 and FIG. 6, the load is applied to the server cryptographic engine when the cookie is obtainedSubsequent session opening and cryptographic operation are carried out to the server cipher machineThe effect of session affinity is realized, and when the cookie is obtained, the cookie is loaded to the server cipher machineThe probability of (A) being specifiable on demand, weight-polled selective server crypto engineThe probability of (c) is:thus, a session affinity that can be assigned a weight is achieved.
In the invention, theOne-to-one binding with a handle of a cryptographic service invocation sessionEach cryptographic service invocation session can have a cookie of its own, so that even if only one cryptographic application SDK is used, the effect of load balancing can be achieved.
For example, fig. 7 shows that a tenant application calls a certain cryptographic service logical interface on a certain public cloud, wherein the cryptographic application SDK uses cryptographic services, the cryptographic microservers are two in total, and the administrator uses the cryptographic microserver P 1 Weight Q of 1 Set to 6, cryptographic microservice unit P 2 Weight Q of 2 Set to 4.
When the password application SDK calls the password service, 5 password service call sessions are needed, 5 cookies are obtained first, a weight polling strategy is adopted to poll two password micro-service units when the cookies are obtained, the cookies are generated by the polled password micro-service units according to rules, and five cookies are shown in a table 1.
TABLE 1 polled cryptographic microservice generated cookie
Wherein the cookie 1 、cookie 3 And a cookie 4 By cryptographic microservice unit P 1 Generating, cookies 2 And a cookie 5 By cryptographic microservice unit P 2 And (4) generating. Cryptographic microservice unit P 1 The reason why the generated cookies are more is that the password micro service unit P 1 The weight of (c) is relatively high. If the total number of cookies generated by the two cryptographic microservice units is enough, the ratio of the number of cookies generated by the two cryptographic microservice units approaches 6 infinitely.
After obtaining the cookie, the cryptographic application SDK opens 5 cryptographic service call sessions, when the cryptographic service call sessions are opened, one cookie is introduced into each cryptographic service call request, the cookie in each cryptographic service call request is different from the cookies in other cryptographic service call requests, and after the cryptographic service call sessions are opened, handles of the cryptographic service call sessions and the cookies used by the cryptographic service call sessions are bound in a one-to-one mode. The SDK uses the handle of the cryptographic service calling session in all cryptographic calling service requests in the cryptographic service calling session, and the handle of the cryptographic service calling session and the cookie used by the cryptographic service calling session need to be brought into the cryptographic service calling requests. In the cloud environment, the number of sessions is huge, and thus the load of performing the cryptographic operation per session can be considered to be the same, so in the above example, the load ratio of the cryptographic operation can be considered to be 6.
Based on the above tenant password session affinity method in the cloud environment, correspondingly, this example further provides a computer readable storage medium storing a computer program, where the computer program when executed by a processor implements the following steps: the method comprises the steps of obtaining a cookie containing IP address information of a password micro-service unit and time information of the request cookie, calling password service by using the cookie, carrying out password operation, analyzing the cookie when the password service is called, obtaining the IP address information contained in the cookie, sending a request for calling the password service to the password micro-service unit with the IP address information, calling a server cipher machine by the password micro-service unit to complete the password operation, and returning a password operation result to a password application SDK.
As shown in fig. 8, based on the tenant cryptographic service session affinity method in the cloud environment and the computer readable storage medium, in this embodiment, a computer device is further provided, which includes a readable storage medium, a processor, and a computer program stored on the readable storage medium and executable on the processor, where the readable storage medium and the processor are both disposed on a bus, and the processor executes the computer program to implement the following steps: the method comprises the steps of obtaining a cookie containing IP address information of a password micro-service unit and time information of the cookie request, calling the password service by using the cookie, carrying out password operation, analyzing the cookie when the password service is called, obtaining the IP address information contained in the cookie, sending a request for calling the password service to the password micro-service unit with the IP address information, calling a server password machine by the password micro-service unit to complete the password operation, and returning a password operation result to a password application SDK.
It should be understood that the above examples are only for clarity of illustration and are not intended to limit the embodiments. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. This need not be, nor should it be exhaustive of all embodiments. And obvious variations or modifications are possible which remain within the scope of the appended claims.
Claims (9)
1. The tenant password service affinity method under the cloud environment is characterized by comprising the following steps:
s1) importing the password micro-service unit through the password service gatewayAddress information ofAnd setting a password micro-service unitWeight of (2)Wherein, in the step (A),=0,1,2,3,…n;
s2) the cryptographic service gateway receives the SDK from the cryptographic application m Obtain a cookie request by weightThe size of the password micro-service unit is random toInitiate weight Polling, mIs an integer greater than zero;
s3) when the weight polling of the password service gateway is received, the password micro-service unitFirst generation with address informationAnd time stampInformation ofThen according to the informationGenerate a correspondingThen will beFeeding back to the cryptographic service gateway, wherein,containing address informationAnd a time stampTime stampFor polled cryptographic microservicesA point in time at which a response is made;
S5) cryptographic application SDK m Issuing a challenge to a cryptographic service gatewayCryptographic service request, cryptographic service gateway resolutionObtaining address informationThen through the password micro-service unitInitiate cryptographic service call, server cryptographic engineApplying SDK for password m Providing a cryptographic service; wherein, the server cipher machineMicro service unit with cipherAnd correspondingly.
2. The tenant password service affinity method in the cloud environment according to claim 1, wherein in step S5), the password applies SDK m The number of the password service requests sent to the password service gateway at the same time is more than or equal to 1; when number of simultaneous requests for cryptographic services is issuedAbove 1, each cryptographic service request carries a unique cookie.
3. The tenant password service affinity method in the cloud environment of claim 1, wherein the password application SDK is applied each time before the password service call session is initiated m The cookie is retrieved once again.
4. The tenant cryptographic service affinity method in the cloud environment according to claim 1, wherein in step S5), the specific operations are:
s5-1) cryptographic application SDK m Issuing a challenge to a cryptographic service gatewayOpen a cryptographic service call session request;
s5-2) cipher service gateway parsingObtaining address informationAnd forwards the request for opening the cryptographic service call session to the address informationCorresponding cipher micro service unit;
S5-3) cipher micro-service unitResponsive to opening the cryptographic service invocation session, the cryptographic microserver unitExecution opening and server cipher machineA cryptographic service session therebetween;
s5-4) obtaining the password micro service unitAfter allowing the response of the cryptographic service invocation session to open, the cryptographic application SDK m Issuing a challenge to a cryptographic service gatewayTo invoke cryptographic services;
s5-5) cipher service gateway parsingObtaining address informationAnd forwards the cryptographic operation request to the address informationCorresponding cipher micro service unit;
S5-6) password micro-service unitThe http or https request in the cryptographic operation request is converted into a custom protocol and sent to the server cryptographic engineInitiating a cryptographic operation request;
5. The tenant password service affinity method in the cloud environment according to claim 4, wherein in step S5-3), when the password service call session is allowed to be opened, the tenant password service affinity method is further performedOne-to-one binding with a handle of a cryptographic service invocation session and use in cryptographic operation requestsA handle to a cryptographic service call session.
7. Tenant cryptographic service session affinity system under cloud environment, characterized by, includes:
the password application SDK is used for providing a dynamic function library example for a cloud password service manufacturer and is responsible for converting input parameters into http or https calls for password services;
the cloud password service gateway is a main inlet of the cloud password service and is responsible for processing transmission flow, wherein the processing comprises authentication, flow limitation and load balancing;
the password microservice is used for providing a service instance for http or https operation and is responsible for converting parameters in an http or https request into parameters required by a server password machine standard function interface library;
the server cipher machine is a cipher module for really providing cipher operation and is responsible for providing hardware operational capability of a hardware level for the cloud cipher service; the server cipher machine and the cipher micro-service are in one-to-one binding relationship;
and the password application SDK is in communication connection with the server cipher machine through the password service gateway and the password microservice in sequence.
8. A computer-readable storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the tenant cryptographic service affinity method in a cloud environment of any one of claims 1 to 6.
9. Computer device comprising a readable storage medium, a processor and a computer program stored on the readable storage medium and executable on the processor, wherein the computer program, when executed by the processor, implements the tenant cryptographic service affinity method in a cloud environment as claimed in any one of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211322274.3A CN115396496B (en) | 2022-10-27 | 2022-10-27 | Tenant password service session affinity method, system, medium and device in cloud environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211322274.3A CN115396496B (en) | 2022-10-27 | 2022-10-27 | Tenant password service session affinity method, system, medium and device in cloud environment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115396496A true CN115396496A (en) | 2022-11-25 |
CN115396496B CN115396496B (en) | 2023-01-17 |
Family
ID=84127606
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211322274.3A Active CN115396496B (en) | 2022-10-27 | 2022-10-27 | Tenant password service session affinity method, system, medium and device in cloud environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115396496B (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103563294A (en) * | 2011-06-30 | 2014-02-05 | 国际商业机器公司 | Authentication and authorization methods for cloud computing platform security |
CN105071936A (en) * | 2010-09-20 | 2015-11-18 | 安全第一公司 | Systems and methods for secure data sharing |
CN108701182A (en) * | 2016-08-31 | 2018-10-23 | 甲骨文国际公司 | The data management of multi-tenant identity cloud service |
US20180337914A1 (en) * | 2017-05-18 | 2018-11-22 | Oracle International Corporation | User authentication using kerberos with identity cloud service |
CN109314704A (en) * | 2016-09-14 | 2019-02-05 | 甲骨文国际公司 | Function is nullified for multi-tenant identity and the single-sign-on and single-point of data safety management cloud service |
CN109565505A (en) * | 2016-08-05 | 2019-04-02 | 甲骨文国际公司 | Tenant's Self-Service troubleshooting for multi-tenant identity and data safety management cloud service |
CN113821305A (en) * | 2021-09-15 | 2021-12-21 | 中国电信集团系统集成有限责任公司 | Cloud password service calling method based on Docker and middleware system |
-
2022
- 2022-10-27 CN CN202211322274.3A patent/CN115396496B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105071936A (en) * | 2010-09-20 | 2015-11-18 | 安全第一公司 | Systems and methods for secure data sharing |
CN103563294A (en) * | 2011-06-30 | 2014-02-05 | 国际商业机器公司 | Authentication and authorization methods for cloud computing platform security |
CN109565505A (en) * | 2016-08-05 | 2019-04-02 | 甲骨文国际公司 | Tenant's Self-Service troubleshooting for multi-tenant identity and data safety management cloud service |
CN108701182A (en) * | 2016-08-31 | 2018-10-23 | 甲骨文国际公司 | The data management of multi-tenant identity cloud service |
CN109314704A (en) * | 2016-09-14 | 2019-02-05 | 甲骨文国际公司 | Function is nullified for multi-tenant identity and the single-sign-on and single-point of data safety management cloud service |
US20180337914A1 (en) * | 2017-05-18 | 2018-11-22 | Oracle International Corporation | User authentication using kerberos with identity cloud service |
CN113821305A (en) * | 2021-09-15 | 2021-12-21 | 中国电信集团系统集成有限责任公司 | Cloud password service calling method based on Docker and middleware system |
Also Published As
Publication number | Publication date |
---|---|
CN115396496B (en) | 2023-01-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9215229B2 (en) | Systems and methods for establishing cloud-based instances with independent permissions | |
US7330872B2 (en) | Method for distributed program execution with web-based file-type association | |
US9124569B2 (en) | User authentication in a cloud environment | |
US8555339B2 (en) | Identifying guests in web meetings | |
Khan et al. | OpenID authentication as a service in OpenStack | |
US8606897B2 (en) | Systems and methods for exporting usage history data as input to a management platform of a target cloud-based network | |
JP5714690B2 (en) | Pluggable token provider model that enforces authentication across multiple web services | |
US9641340B2 (en) | Certificateless multi-proxy signature method and apparatus | |
US20030074393A1 (en) | Methods for distributed program execution with file-type association in a client-server network | |
WO2010087829A1 (en) | Selectively communicating data of a peripheral device to plural sending computers | |
CN106533932A (en) | Method and device for pushing instant message | |
US20230013371A1 (en) | Data communication method, apparatus, and device, storage medium, and computer program product | |
CN107453872A (en) | A kind of unified safety authentication method and system based on Mesos container cloud platforms | |
CN113778499B (en) | Method, apparatus, device and computer readable medium for publishing services | |
US11683166B2 (en) | Secure file modification with supervision | |
CN115396496B (en) | Tenant password service session affinity method, system, medium and device in cloud environment | |
CA3120889A1 (en) | Computing system with gateway data transfer based upon device data flow characteristics and related methods | |
CN110351333B (en) | Request queue method and system with verification mechanism | |
JP2001282737A (en) | Job load dispersion system | |
Tusa et al. | Federation between CLEVER clouds through SASL/Shibboleth authentication | |
WO2014140116A1 (en) | System and method for managing computational task sets | |
US20220405245A1 (en) | User-based access to content of files | |
US20220385718A1 (en) | Computing system with data transfer based upon device data flow characteristics and related methods | |
US20230300135A1 (en) | Generation of multiple limited-scope access tokens | |
Put et al. | Priman: Facilitating the development of secure and privacy-preserving applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |