CN116614312A - Security verification method and system for cloud computing system - Google Patents
Security verification method and system for cloud computing system Download PDFInfo
- Publication number
- CN116614312A CN116614312A CN202310882483.1A CN202310882483A CN116614312A CN 116614312 A CN116614312 A CN 116614312A CN 202310882483 A CN202310882483 A CN 202310882483A CN 116614312 A CN116614312 A CN 116614312A
- Authority
- CN
- China
- Prior art keywords
- entity
- network
- trusted
- verification
- measurement
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012795 verification Methods 0.000 title claims abstract description 270
- 238000000034 method Methods 0.000 title claims abstract description 56
- 238000005259 measurement Methods 0.000 claims abstract description 209
- 238000007726 management method Methods 0.000 description 52
- 230000006870 function Effects 0.000 description 31
- 238000004891 communication Methods 0.000 description 8
- 238000012545 processing Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 6
- 238000004590 computer program Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 5
- 238000012512 characterization method Methods 0.000 description 4
- 238000013461 design Methods 0.000 description 4
- 230000000717 retained effect Effects 0.000 description 4
- 230000001360 synchronised effect Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000000977 initiatory effect Effects 0.000 description 3
- 238000000638 solvent extraction Methods 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 230000003190 augmentative effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 235000019800 disodium phosphate Nutrition 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- OOXMVRVXLWBJKF-DUXPYHPUSA-N n-[3-[(e)-2-(5-nitrofuran-2-yl)ethenyl]-1,2,4-oxadiazol-5-yl]acetamide Chemical compound O1C(NC(=O)C)=NC(\C=C\C=2OC(=CC=2)[N+]([O-])=O)=N1 OOXMVRVXLWBJKF-DUXPYHPUSA-N 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
The application provides a security verification method and a security verification system for a cloud computing system, which are used for guaranteeing service security in a multi-network scene through remote measurement. In the method, aiming at the IDC service in a multi-network scene, for example, a third network signs up with a second network and does not sign up with a first network, if a service entity in the second network requests a service from a cloud computing management entity in the first network, the cloud computing management entity can sign up with the third network according to the second network, so that the service entity is verified through the third network, namely, remote measurement is initiated to the service entity, so that the service entity is provided with the service under the condition that the service entity is credible, and the service safety of the IDC service in the multi-network scene is ensured.
Description
Technical Field
The present application relates to the field of cloud computing technologies, and in particular, to a security verification method and system for a cloud computing system.
Background
Currently, internet data centers (Internet Data Center, IDC) are capable of providing cloud services as clouds, i.e. cloud computing of IDC services. IDC services can deploy network function virtualization (network functions virtualization, NFV) architecture to perform trusted metrics on entities requesting services to secure the services. For example, a cloud management system under the NFV architecture may initiate a trusted metric for a device in the network, such as a network element, an entity, or a function, through a measurement entity according to a service requirement, so as to verify whether the device in the network is currently trusted, thereby ensuring service security.
However, IDC services may face multiple networks in the future, and how to ensure service security of IDC services in multiple network scenarios is a hotspot problem of current research.
Disclosure of Invention
The embodiment of the application provides a security verification method and a security verification system for a cloud computing system, which are used for guaranteeing service security of IDC service in a multi-network scene through remote measurement.
In order to achieve the above purpose, the application adopts the following technical scheme:
in a first aspect, an embodiment of the present application provides a security verification method for a cloud computing system, where the method includes: the cloud computing management entity obtains a service request of a service entity from the service entity, wherein the cloud computing management entity is positioned in a first network, and the service entity is positioned in a second network; the cloud computing management entity sends a verification request to a verification entity, wherein the verification entity is located in a second network, and the verification request is used for requesting the verification entity to initiate trusted verification on a service entity; the verification entity determines a trusted verification result of the service entity through a third network according to the verification request, wherein the third network is a network which is signed with the second network and is not signed with the first network, and the trusted verification result is used for representing whether the service entity is trusted or not; the verification entity sends a trusted verification result to the cloud computing management entity; and under the condition that the service entity is credible, the cloud computing management entity provides services for the service entity according to the service request.
Based on the method of the first aspect, it can be known that, for IDC service in a multi-network scenario, for example, the third network signs up with the second network and does not sign up with the first network, if the service entity in the second network requests a service from the cloud computing management entity in the first network, the cloud computing management entity may sign up with the third network according to the second network, so as to verify the service entity through the third network, that is, initiate a remote measurement to the service entity, so as to provide a service for the service entity under the condition that the service entity is trusted, and ensure service security of IDC service in the multi-network scenario.
In one possible design, the verifying entity determines, according to the verification request, a trusted verification result of the service entity through the third network, including: the verification entity determines whether the second network is a trusted network or not through a third network according to the verification request; under the condition that the second network is an untrusted network, the verification entity obtains a trusted verification result of the service entity through a third network; or under the condition that the second network is a trusted network, the verification entity obtains a trusted verification result of the service entity through the second network so as to avoid the trusted verification failure caused by the initiation of verification through an untrusted network.
Optionally, the verifying entity obtains a trusted verifying result of the service entity through a third network, including: the verification entity requests the measurement entity in the third network to perform the credible measurement on the business entity; the verification entity obtains first trusted evidence of the service entity from the measurement entity in the third network, wherein the first trusted evidence is obtained by the measurement entity in the third network through trusted measurement of the service entity; and the verification entity determines a trusted verification result of the service entity according to the first trusted evidence. It can be seen that in the remote measurement process, the verification entity can trigger the measurement entity in the third network to collect the trusted evidence, such as the first trusted evidence of the service entity, so that the verification entity only needs to verify the trusted evidence, thereby reducing the load and improving the measurement efficiency.
Further, the method of the first aspect may further include: the verification entity sends a first trusted evidence to a measurement entity in the second network; the verification entity obtains second trusted evidence of the business entity from the measurement entity in the second network, wherein the second trusted evidence is the trusted evidence obtained by the measurement entity in the second network for carrying out the trusted measurement on the business entity according to the first trusted evidence. Correspondingly, the verification entity determines a trusted verification result of the service entity according to the first trusted evidence, and the method comprises the following steps: and the verification entity determines a trusted verification result of the business entity according to the first trusted evidence and the second trusted evidence. It can be seen that in the event that the second network is not trusted, the verifying entity may still instruct the measuring entity in the second network to perform the auxiliary measurement, e.g. the measuring entity in the second network may perform the measurement within the scope of the first trusted evidence characterization, to avoid inaccurate measurement due to the non-trusted second network. In addition, the accuracy of the measurement can be further improved by assisting the measurement through the measurement entity in the second network.
Further, the second trusted evidence is a trusted evidence obtained by performing trusted measurement on the business entity by the measurement entity in the second network and within a measurement evidence threshold. The metric evidence threshold is determined by the metric entity in the second network from the first trusted evidence. For example, the measurement entity in the second network may determine the value of each parameter in the first trusted evidence as a threshold for the measurement entity in the second network to measure the business entity, i.e. a measurement evidence threshold. In the process of measuring the service entity, if the value of the parameter collected by the measuring entity in the second network exceeds the corresponding threshold value, the measuring entity in the second network discards the parameter, otherwise, the parameter is reserved. In this way, all parameters ultimately retained by the metrology entity in the second network are the second proof of trust.
Optionally, the verifying entity obtains a trusted verification result of the service entity through the second network, including: the verification entity requests the measurement entity in the second network to perform the credible measurement on the business entity; the verification entity obtains third trusted evidence of the service entity from the measurement entity in the second network, wherein the third trusted evidence is the trusted evidence obtained by the measurement entity in the second network through trusted measurement of the service entity; and the verification entity determines a trusted verification result of the service entity according to the third trusted evidence, so that the verification entity only verifies the trusted evidence, the load is reduced, and the measurement efficiency is improved.
Further, the method of the first aspect may further include: the verification entity sends a third trusted evidence to the measurement entity in a third network; the verification entity obtains fourth trusted evidence of the service entity from the measurement entity in the third network, wherein the fourth trusted evidence is the trusted evidence obtained by the measurement entity in the third network for carrying out trusted measurement on the service entity according to the third trusted evidence; correspondingly, the verification entity determines a trusted verification result of the service entity according to the third trusted evidence, including: and the verification entity determines a trusted verification result of the business entity according to the third trusted evidence and the fourth trusted evidence. It can be seen that, similar to the above case, in case the third network is not trusted, the verifying entity may still instruct the measuring entity in the third network to perform the auxiliary measurement, e.g. the measuring entity in the third network may perform the measurement within the scope of the third trusted evidence characterization, to avoid inaccurate measurement due to the non-trusted third network. In addition, the accuracy of the measurement can be further improved by assisting the measurement through the measurement entity in the third network.
Further, the fourth trusted evidence is trusted evidence obtained by performing trusted measurement on the business entity by the measurement entity in the second network and is within the measurement evidence threshold. The metric evidence threshold is determined by the metric entity in the third network from the third trusted evidence. For example, the measurement entity in the third network may determine the value of each parameter in the third trusted evidence as a threshold for the measurement entity in the third network to measure the business entity, i.e. a measurement evidence threshold. In the process of measuring the service entity, if the value of the parameter collected by the measuring entity in the third network exceeds the corresponding threshold value, the measuring entity in the third network discards the parameter, otherwise, the parameter is reserved. In this way, all parameters ultimately retained by the metrology entity in the third network are the second proof of trust.
Optionally, the verifying entity determines, according to the verification request, whether the second network is a trusted network through the third network, including: the verification entity requests the measurement entity in the third network to perform trusted measurement on the second network according to the verification request; the verification entity obtains the trusted evidence of the second network from the measurement entity in the third network, wherein the trusted evidence of the second network is obtained by the measurement entity in the third network through trusted measurement on the second network; the verifying entity determines whether the second network is a trusted network based on the proof of trust of the second network.
In a second aspect, an embodiment of the present application provides a cloud computing system, including: the cloud computing management entity is used for acquiring a service request of the service entity from the service entity, wherein the cloud computing management entity is positioned in a first network, and the service entity is positioned in a second network; the cloud computing management entity is further used for sending a verification request to the verification entity, wherein the verification entity is located in the second network, and the verification request is used for requesting the verification entity to initiate trusted verification on the service entity; the verification entity is used for determining a trusted verification result of the service entity through a third network according to the verification request, wherein the third network is a network which is signed with the second network and is not signed with the first network, and the trusted verification result is used for representing whether the service entity is trusted or not; the verification entity is also used for sending a trusted verification result to the cloud computing management entity; and under the condition that the service entity is also used for being trusted, the cloud computing management entity provides services for the service entity according to the service request.
In one possible design, the verification entity is specifically configured to determine, according to the verification request, whether the second network is a trusted network through the third network; under the condition that the second network is an unreliable network, the verification entity is specifically used for obtaining a trusted verification result of the service entity through the third network; or, in case the second network is a trusted network, the verification entity is specifically configured to obtain a trusted verification result of the service entity through the second network.
Optionally, the verifying entity obtains a trusted verifying result of the service entity through a third network, including: the verification entity requests the measurement entity in the third network to perform the credible measurement on the business entity; the verification entity obtains first trusted evidence of the service entity from the measurement entity in the third network, wherein the first trusted evidence is obtained by the measurement entity in the third network through trusted measurement of the service entity; and the verification entity determines a trusted verification result of the service entity according to the first trusted evidence. It can be seen that in the remote measurement process, the verification entity can trigger the measurement entity in the third network to collect the trusted evidence, such as the first trusted evidence of the service entity, so that the verification entity only needs to verify the trusted evidence, thereby reducing the load and improving the measurement efficiency.
Further, the verification entity is further configured to send the first trusted evidence to a measurement entity in the second network, and obtain the second trusted evidence of the business entity from the measurement entity in the second network. The second trusted evidence is trusted evidence obtained by the measurement entity in the second network by carrying out trusted measurement on the service entity according to the first trusted evidence. Correspondingly, the verification entity is specifically configured to determine a trusted verification result of the service entity according to the first trusted evidence and the second trusted evidence.
Further, the second trusted evidence is a trusted evidence obtained by performing trusted measurement on the business entity by the measurement entity in the second network and within a measurement evidence threshold. The metric evidence threshold is determined by the metric entity in the second network from the first trusted evidence.
Optionally, the verification entity is specifically configured to request the measurement entity in the second network to perform trusted measurement on the service entity; the verification entity is in particular adapted to obtain a third trusted proof of the business entity from the measurement entity in the second network. The third trusted evidence is trusted evidence obtained by the measurement entity in the second network through trusted measurement of the service entity. The verification entity is specifically configured to determine a trusted verification result of the service entity according to the third trusted evidence.
Further, the verification entity is further configured to send a third trusted evidence to the measurement entity in the third network, and obtain a fourth trusted evidence of the service entity from the measurement entity in the third network, where the fourth trusted evidence is a trusted evidence obtained by the measurement entity in the third network performing trusted measurement on the service entity according to the third trusted evidence. The verification entity is specifically configured to determine a trusted verification result of the service entity according to the third trusted evidence and the fourth trusted evidence.
Further, the fourth trusted evidence is trusted evidence obtained by performing trusted measurement on the business entity by the measurement entity in the second network and is within the measurement evidence threshold. The metric evidence threshold is determined by the metric entity in the third network from the third trusted evidence.
Optionally, the verification entity is specifically configured to request, according to the verification request, the measurement entity in the third network to perform trusted measurement on the second network; the verification entity is specifically configured to obtain a trusted evidence of the second network from the measurement entity in the third network, where the trusted evidence of the second network is obtained by performing trusted measurement on the second network by the measurement entity in the third network; the verification entity is specifically configured to determine whether the second network is a trusted network according to the trusted evidence of the second network.
The technical effects of the second aspect may be referred to the related description of the first aspect, which is not repeated herein.
In a third aspect, an embodiment of the present application provides a computer readable storage medium having stored thereon program code which, when executed by the computer, performs the method according to the first aspect.
Drawings
Fig. 1 is a schematic architecture diagram of a cloud computing system according to an embodiment of the present application;
fig. 2 is a flowchart of a security verification method of a cloud computing system according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a network entity according to an embodiment of the present application.
Detailed Description
The technical scheme of the application will be described below with reference to the accompanying drawings.
Referring to fig. 1, an embodiment of the present application provides a cloud computing system, which may include: cloud computing management entity, business entity, verification entity and measurement entity.
The cloud computing management system may be a management system under a network function virtualization (network functions virtualization, NFV) architecture. The cloud computing management entity may be deployed in management, automation and network orchestration (management and orchestration, MANO), for example, the cloud computing management entity may be a network function virtualization orchestrator (network functions virtualization orchestrator, NFVO), virtualization infrastructure management (virtualized infrastructure management, VIM), and virtual network function manager (network functions virtualization manager, VNFM) in MANO, or may also be a function in NFVO, VIM, or VNFM. The cloud computing management entity may be located on a first network. The first network may be a administrative domain network or the first network may be a service network, such as a public land mobile network (public land mobile network, PLMN), denoted PLMN1.
The verification entity may be located in the same network as the cloud computing management system, i.e. the first network. The verification entity may be a functional entity under the NFV architecture, which may also be referred to as a verification function. The verification function is mainly used for verifying the trusted evidence collected by the measuring entity to determine whether the measured device is trusted or not.
The measurement entity may be a plurality of measurement entities, each deployed in a different network, such as a first network, a second network, such as PLMN2, and a third network, such as PLMN3. The measurement entity may be a functional entity under NFV architecture, which may also be referred to as a measurement function. The verification function is mainly used for measuring the equipment in the network to which the verification function belongs, namely, the trusted evidence is collected from the measured equipment and returned to the verification entity.
The business entity may be located in the second network. The second network may be a different service network than the first network, such as PLMN2. The service entity may be a virtual device, such as a Virtual Machine (VM) or container, or any other possible virtualized functional entity, which is not specifically limited. Alternatively, the service entity may be a physical device, such as a terminal or a network device.
The terminal is a terminal with wireless receiving and transmitting function and can be a chip or a chip system arranged on the terminal. The terminal device may also be referred to as a User Equipment (UE), an access terminal, a subscriber unit, a subscriber station, a mobile station, a remote terminal, a mobile device, a user terminal, a wireless communication device, a user agent, or a user device. The terminal device in the embodiment of the present application may be a mobile phone (mobile phone), a tablet computer (Pad), a computer with a wireless transceiving function, a Virtual Reality (VR) terminal device, an augmented reality (augmented reality, AR) terminal device, a wireless terminal in industrial control (industrial control), a wireless terminal in unmanned driving (self driving), a wireless terminal in remote medical (remote medical), a wireless terminal in smart grid (smart grid), a wireless terminal in transportation security (transportation safety), a wireless terminal in smart city (smart city), a wireless terminal in smart home (smart home), a vehicle-mounted terminal, an RSU with a terminal function, or the like. The terminal device of the present application may also be an in-vehicle module, an in-vehicle component, an in-vehicle chip, or an in-vehicle unit that is built in a vehicle as one or more components or units, and the vehicle may implement the method provided by the present application through the in-vehicle module, the in-vehicle component, the in-vehicle chip, or the in-vehicle unit.
The network device may be a device located on the network side of the communication system and having a wireless transceiver function, or may be a chip or a chip system disposed on the device. The network devices include, but are not limited to: an Access Point (AP) in a wireless fidelity (wireless fidelity, wiFi) system, such as a home gateway, a router, a server, a switch, a bridge, etc., an evolved Node B (eNB), a radio network controller (radio network controller, RNC), a Node B (Node B, NB), a base station controller (base station controller, BSC), a base transceiver station (base transceiver station, BTS), a home base station (e.g., home evolved NodeB, or home Node B, HNB), a baseband unit (BBU), a wireless relay Node, a wireless backhaul Node, a transmission point (transmission and reception point, TRP, transmission point, TP), etc., may also be a 5G, such as a gbb in a new air interface (NR) system, or a transmission point (TRP, TP), one or a group of base stations (including multiple antenna panels) antenna panels in a 5G system, or may also be network nodes constituting a gbb or transmission point, such as a baseband unit (BBU), or a distributed base station unit (base station unit), a distributed unit (rsdu), etc., a base station unit (rsdu), etc.
In the embodiment of the application, aiming at a multi-network scene, such as that a third network signs up with a second network and does not sign up with a first network, if a service entity in the second network requests a service from a cloud computing management entity in the first network, the cloud computing management entity can sign up with the third network according to the second network, so that the service entity is verified through the third network, namely, remote measurement is initiated on the service entity, so that the service entity is provided with service under the condition that the service entity is credible, and the service safety under the multi-network scene is ensured.
The interaction of the entities in the cloud computing system will be described in detail below in connection with the method.
Referring to fig. 2, an embodiment of the present application provides a security verification method for a cloud computing system. The method is mainly suitable for interaction among entities in the cloud computing system. The method comprises the following steps:
s201, the cloud computing management entity obtains a service request of the service entity from the service entity.
The service request may carry identity information of the service entity, such as a unique device identifier, and is used to request a network element or a device in the first network, such as an access and mobility management function (Access and Mobility Management Function, AMF) or a session management function (Session Management Function, SMF), to provide a corresponding service, or a service, such as an access service, a mobility management service, a session service, or the like, for the service entity, which is not limited specifically.
The service entity may send the service request to the first network at any possible occasion. At this time, the service request may be transferred to the cloud computing management entity through a network element in the first network. The cloud computing management entity may determine, according to identity information of the service entity, whether the service entity is a trusted device, e.g., determine whether a historical trusted verification result of the service entity is locally stored. If the cloud computing management entity holds the historical trusted verification result of the service entity and the historical trusted verification result indicates that the service entity is trusted, S205 is executed, otherwise, the cloud computing management entity is executed to determine that the trusted verification needs to be initiated on the service entity, and S202 is continuously indicated.
S202, the cloud computing management entity sends a verification request to a verification entity.
Under the condition that the verification entity can identify the information directly provided by the service entity, the verification request can directly carry the identity information of the service entity and is used for requesting the verification entity to initiate the trusted verification on the service entity. Of course, if the verification entity cannot identify the information directly provided by the service entity, the cloud computing management entity may convert the identity information of the service entity into information that can be identified by the verification entity, and then carry the information to the verification request. In addition, the authentication request may further carry information for identifying the second network, such as an identification of the second network, and specifically may be a PLMN2 ID.
S203, the verification entity determines a trusted verification result of the service entity through a third network according to the verification request.
The third network may be a network subscribed to the second network and not subscribed to the first network. The trust verification result may be used to characterize whether the business entity is trusted. For example, the trust verification result may be a 1-bit cell, two of which are used to characterize whether the service entity is trusted.
The verification entity may determine, according to the verification request, whether the second network is a trusted network through the third network. For example, the verifying entity may determine whether the verifying entity locally holds the historical trusted verification result of the second network based on the identity of the second network. If the verification entity locally stores the historical trusted verification result of the second network, the verification entity determines whether the second network is a trusted network according to the historical trusted verification result, otherwise, the verification entity can request a measurement entity in the third network to perform trusted measurement on the second network. At this point, the measurement entity in the third network may perform a trusted measurement on the second network. For example, the measurement entity in the third network may collect the trusted evidence of the second network through an interface network element developed by the second network, such as a network opening function (Network Exposure Fuction, NEF), that is, the trusted evidence of the second network is obtained by the measurement entity in the third network through performing a trusted measurement on the second network, such as the number of times a device or network element within the second network triggers an alarm, the amount of data transmission between the second network and other network elements, and so on. In this manner, the verifying entity obtains the trust evidence of the first network from the metrology entity in the third network, thereby determining whether the second network is a trusted network based on the trust evidence of the second network. For example, the verification entity may match the value of each parameter in the trusted proof of the second network with a threshold corresponding to the parameter, if the number of parameters that do not match the threshold is greater than the threshold number, the second network is an untrusted network, otherwise the second network is a trusted network.
In a possible implementation manner, in the case that the second network is an untrusted network, the verification entity obtains a trusted verification result of the service entity through the third network, so as to avoid a trusted verification failure caused by initiating verification through the untrusted network.
Mode 1: the verifying entity may request the measuring entity in the third network to perform a trusted measurement on the business entity to obtain a first trusted proof of the business entity from the measuring entity in the third network. Wherein the first trusted evidence is obtained by the measurement entity in the third network through trusted measurement of the service entity. For example, the first trusted evidence may be operation evidence of the service entity, such as a starting sequence of the service entity, a memory calling sequence of the service entity, and the like, and/or the first trusted evidence may also be communication evidence of the service entity, such as a total amount of communication data of the service entity, a real-time communication data amount of the service entity, and the like. Thus, the verification entity determines the trusted verification result of the service entity according to the first trusted evidence. For example, the verification entity may match the value of each parameter in the first trusted evidence with a threshold corresponding to the parameter, and if the number of parameters that do not match the threshold is greater than the threshold number, determine that the trusted verification result of the service entity indicates that the service entity is not trusted, otherwise, the trusted verification result of the service entity indicates that the service entity is trusted.
It can be seen that in the remote measurement process, the verification entity can trigger the measurement entity in the third network to collect the trusted evidence, such as the first trusted evidence of the service entity, so that the verification entity only needs to verify the trusted evidence, thereby reducing the load and improving the measurement efficiency.
Mode 2: similar to the above-described mode 1, in case the verifying entity obtains the first trust evidence through the measuring entity in the third network, the verifying entity may also send the first trust evidence to the measuring entity in the second network. In this manner, the metric entity in the second network can initiate a metric on the business entity based on the first trusted evidence to obtain second trusted evidence for the business entity. For example, the measurement entity in the second network can determine a measurement evidence threshold for the service entity according to the first trusted evidence, for example, the value of each parameter in the first trusted evidence is determined as a threshold for measuring the service entity by the measurement entity in the second network, that is, the measurement evidence threshold. For another example, the metric evidence threshold for a business entity may also refer to a hierarchical relationship of a metric entity in the second network with a metric entity in the third network. If the level of the measurement entity in the second network is lower than that of the measurement entity in the third network, that is, the authority of the measurement entity in the second network is higher, the measurement entity in the second network can generally determine the value of each parameter in the first trusted evidence as a measurement evidence threshold value, otherwise, the measurement entity in the second network can refer to the policy of the measurement entity in the second network to perform certain adjustment on the value of the first trusted evidence, so as to obtain the measurement evidence threshold value. And then, in the process of measuring the service entity, if the value of the parameter acquired by the measurement entity in the second network exceeds the corresponding threshold value, discarding the parameter by the measurement entity in the second network, otherwise, reserving the parameter. In this way, all parameters ultimately retained by the metrology entity in the second network are the second proof of trust. The verifying entity may obtain a second trust evidence of the business entity from the measuring entity in the second network. Thus, the verification entity can determine the trusted verification result of the business entity according to the first trusted evidence and the second trusted evidence. For example, the verification entity may match the value of each parameter in the second trusted evidence with the threshold corresponding to the parameter, and if the number of parameters that do not match the threshold is greater than the threshold number, and/or if the number of parameters in the second trusted evidence is less than the threshold number, determine that the trusted verification result of the service entity is indicative of the service entity being untrusted, otherwise, the trusted verification result of the service entity is indicative of the service entity being trusted.
It can be seen that in the event that the second network is not trusted, the verifying entity may still instruct the measuring entity in the second network to perform the auxiliary measurement, e.g. the measuring entity in the second network may perform the measurement within the scope of the first trusted evidence characterization, to avoid inaccurate measurement due to the non-trusted second network. In addition, the accuracy of the measurement can be further improved by assisting the measurement through the measurement entity in the second network.
Or in another possible implementation manner, in the case that the second network is a trusted network, the verification entity obtains a trusted verification result of the service entity through the second network, so as to avoid a trusted verification failure caused by initiating verification through an untrusted network.
Mode a: the verifying entity may request the measuring entity in the second network to perform a trusted measurement on the business entity to obtain a third trusted proof of the business entity from the measuring entity in the second network. The third trusted evidence is trusted evidence obtained by the measurement entity in the second network through trusted measurement of the service entity. And the verification entity determines a trusted verification result of the service entity according to the third trusted evidence, so that the verification entity only verifies the trusted evidence, the load is reduced, and the measurement efficiency is improved.
It will be appreciated that the implementation of the mode a is similar to the mode 1, and reference will be made to understanding, and details will not be repeated.
Mode B: similar to the above-described manner a, in the case where the verifying entity obtains the third trusted evidence through the measuring entity in the second network, the verifying entity sends the third trusted evidence to the measuring entity in the third network to obtain the fourth trusted evidence of the business entity from the measuring entity in the third network. The fourth trusted evidence is trusted evidence obtained by the measurement entity in the third network by performing trusted measurement on the service entity according to the third trusted evidence. For example, the fourth trusted evidence is a trusted evidence obtained by the measurement entity in the second network performing a trusted measurement on the business entity and within a measurement evidence threshold. The metric evidence threshold is determined by the metric entity in the third network from the third trusted evidence. For example, the measurement entity in the third network may determine the value of each parameter in the third trusted evidence as a threshold for the measurement entity in the third network to measure the business entity, i.e. a measurement evidence threshold. In the process of measuring the service entity, if the value of the parameter collected by the measuring entity in the third network exceeds the corresponding threshold value, the measuring entity in the third network discards the parameter, otherwise, the parameter is reserved. In this way, all parameters ultimately retained by the metrology entity in the third network are the second proof of trust. Thus, the verification entity can determine the trusted verification result of the business entity according to the third trusted evidence and the fourth trusted evidence. It can be seen that, similar to the above case, in case the third network is not trusted, the verifying entity may still instruct the measuring entity in the third network to perform the auxiliary measurement, e.g. the measuring entity in the third network may perform the measurement within the scope of the third trusted evidence characterization, to avoid inaccurate measurement due to the non-trusted third network. In addition, the accuracy of the measurement can be further improved by assisting the measurement through the measurement entity in the third network.
It will be appreciated that the specific implementation of the mode B is similar to the mode 2, and reference will be made to understanding, and details will not be repeated.
S204, the verification entity sends the credible verification result of the business entity to the cloud computing management entity.
S205, under the condition that the service entity is credible, the cloud computing management entity provides service for the service entity according to the service request.
It will be appreciated that the above S201-S205 is only one possible scheme, which may be replaced by other schemes. For example, the cloud computing management entity may also determine which network to initiate the trust verification based on the relationship of the second network to the third network. If the third network includes a second network, such as the third network is a private network, and the second network is a subnet in the private network, the cloud computing management entity may request the validation entity to initiate a trusted validation for the third network. If the third network is determined to be trusted through the trusted verification, the second network is trusted, and the service entity in the second network is also trusted, namely the cloud computing management entity does not need to request the verification entity to perform the trusted verification on the service entity. If the third network is determined to be not trusted by the trusted verification, further trusted verification of the second network is required. If the second network is determined to be trusted through the trusted verification, the service entity in the second network is also trusted, namely the cloud computing management entity does not need to request the verification entity to perform the trusted verification on the service entity, otherwise, the cloud computing management entity needs to request the verification entity to perform the trusted verification on the service entity.
In summary, for IDC service in a multi-network scenario, for example, the third network signs up with the second network and does not sign up with the first network, if the service entity in the second network requests the service from the cloud computing management entity in the first network, the cloud computing management entity may sign up with the third network according to the second network, so as to verify the service entity through the third network, that is, initiate a remote measurement to the service entity, so as to provide service for the service entity under the condition that the service entity is trusted, and ensure service security of IDC service in the multi-network scenario.
According to the above method embodiment, in the cloud computing system provided in this embodiment, it can be seen that:
the cloud computing management entity is used for acquiring a service request of the service entity from the service entity, wherein the cloud computing management entity is positioned in a first network, and the service entity is positioned in a second network; the cloud computing management entity is further used for sending a verification request to the verification entity, wherein the verification entity is located in the second network, and the verification request is used for requesting the verification entity to initiate trusted verification on the service entity; the verification entity is used for determining a trusted verification result of the service entity through a third network according to the verification request, wherein the third network is a network which is signed with the second network and is not signed with the first network, and the trusted verification result is used for representing whether the service entity is trusted or not; the verification entity is also used for sending a trusted verification result to the cloud computing management entity; and under the condition that the service entity is also used for being trusted, the cloud computing management entity provides services for the service entity according to the service request.
In one possible design, the verification entity is specifically configured to determine, according to the verification request, whether the second network is a trusted network through the third network; under the condition that the second network is an unreliable network, the verification entity is specifically used for obtaining a trusted verification result of the service entity through the third network; or, in case the second network is a trusted network, the verification entity is specifically configured to obtain a trusted verification result of the service entity through the second network.
Optionally, the verifying entity obtains a trusted verifying result of the service entity through a third network, including: the verification entity requests the measurement entity in the third network to perform the credible measurement on the business entity; the verification entity obtains first trusted evidence of the service entity from the measurement entity in the third network, wherein the first trusted evidence is obtained by the measurement entity in the third network through trusted measurement of the service entity; and the verification entity determines a trusted verification result of the service entity according to the first trusted evidence. It can be seen that in the remote measurement process, the verification entity can trigger the measurement entity in the third network to collect the trusted evidence, such as the first trusted evidence of the service entity, so that the verification entity only needs to verify the trusted evidence, thereby reducing the load and improving the measurement efficiency.
Further, the verification entity is further configured to send the first trusted evidence to a measurement entity in the second network, and obtain the second trusted evidence of the business entity from the measurement entity in the second network. The second trusted evidence is trusted evidence obtained by the measurement entity in the second network by carrying out trusted measurement on the service entity according to the first trusted evidence. Correspondingly, the verification entity is specifically configured to determine a trusted verification result of the service entity according to the first trusted evidence and the second trusted evidence.
Further, the second trusted evidence is a trusted evidence obtained by performing trusted measurement on the business entity by the measurement entity in the second network and within a measurement evidence threshold. The metric evidence threshold is determined by the metric entity in the second network from the first trusted evidence.
Optionally, the verification entity is specifically configured to request the measurement entity in the second network to perform trusted measurement on the service entity; the verification entity is in particular adapted to obtain a third trusted proof of the business entity from the measurement entity in the second network. The third trusted evidence is trusted evidence obtained by the measurement entity in the second network through trusted measurement of the service entity. The verification entity is specifically configured to determine a trusted verification result of the service entity according to the third trusted evidence.
Further, the verification entity is further configured to send a third trusted evidence to the measurement entity in the third network, and obtain a fourth trusted evidence of the service entity from the measurement entity in the third network, where the fourth trusted evidence is a trusted evidence obtained by the measurement entity in the third network performing trusted measurement on the service entity according to the third trusted evidence. The verification entity is specifically configured to determine a trusted verification result of the service entity according to the third trusted evidence and the fourth trusted evidence.
Further, the fourth trusted evidence is trusted evidence obtained by performing trusted measurement on the business entity by the measurement entity in the second network and is within the measurement evidence threshold. The metric evidence threshold is determined by the metric entity in the third network from the third trusted evidence.
Optionally, the verification entity is specifically configured to request, according to the verification request, the measurement entity in the third network to perform trusted measurement on the second network; the verification entity is specifically configured to obtain a trusted evidence of the second network from the measurement entity in the third network, where the trusted evidence of the second network is obtained by performing trusted measurement on the second network by the measurement entity in the third network; the verification entity is specifically configured to determine whether the second network is a trusted network according to the trusted evidence of the second network.
The network entity performing the method shown in fig. 2 is specifically described below with reference to fig. 3:
the processor 301 is a control center of the network entity 300, and may be one processor or a generic name of a plurality of processing elements. For example, processor 301 is one or more central processing units (central processing unit, CPU), but may also be an integrated circuit (application specific integrated circuit, ASIC), or one or more integrated circuits configured to implement embodiments of the present application, such as: one or more microprocessors (digital signal processor, DSPs), or one or more field programmable gate arrays (field programmable gate array, FPGAs).
Alternatively, the processor 301 may perform various functions of the network entity 300, such as the functions in the method shown in fig. 2 described above, by running or executing a software program stored in the memory 302 and invoking data stored in the memory 302.
In a particular implementation, as one embodiment, processor 301 may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 3.
In a specific implementation, as an embodiment, the network entity 300 may also comprise a plurality of processors, such as the processor 301 and the processor 304 shown in fig. 3. Each of these processors may be a single-core processor (single-CPU) or a multi-core processor (multi-CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).
The memory 302 is configured to store a software program for executing the solution of the present application, and the processor 301 controls the execution of the software program, and the specific implementation may refer to the above method embodiment, which is not described herein again.
Alternatively, memory 302 may be, but is not limited to, read-only memory (ROM) or other type of static storage device that may store static information and instructions, random access memory (random access memory, RAM) or other type of dynamic storage device that may store information and instructions, electrically erasable programmable read-only memory (electrically erasable programmable read-only memory, EEPROM), compact disc read-only memory (compact disc read-only memory) or other optical disk storage, optical disk storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 302 may be integrated with the processor 301, or may exist separately, and an interface circuit (not shown in fig. 3) of the network entity 300 is coupled to the processor 301, which is not limited in detail by the embodiment of the present application.
A transceiver 303 for communication with other devices. For example, the multi-beam based positioning device is a terminal and the transceiver 303 may be used to communicate with a network device or with another terminal.
Alternatively, the transceiver 303 may include a receiver and a transmitter (not separately shown in fig. 3). The receiver is used for realizing the receiving function, and the transmitter is used for realizing the transmitting function.
Alternatively, transceiver 303 may be integrated with processor 301 or may exist separately and be coupled to processor 301 through an interface circuit (not shown in fig. 3) of network entity 300, as embodiments of the present application are not limited in this regard.
It should be noted that the structure of the network entity 300 shown in fig. 3 does not constitute a limitation of the apparatus, and an actual network entity 300 may include more or less components than those shown, or may combine some components, or may be different arrangements of components.
In addition, the technical effects of the method according to the above method embodiment may be referred to for the technical effects of the network entity 300, which are not described herein.
It should be appreciated that the processor in embodiments of the application may be a central processing unit (central processing unit, CPU), which may also be other general purpose processors, digital signal processors (digital signal processor, DSP), application specific integrated circuits (application specific integrated circuit, ASIC), off-the-shelf programmable gate arrays (field programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It should also be appreciated that the memory in embodiments of the present application may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. The volatile memory may be random access memory (random access memory, RAM) which acts as an external cache. By way of example but not limitation, many forms of random access memory (random access memory, RAM) are available, such as Static RAM (SRAM), dynamic Random Access Memory (DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate synchronous dynamic random access memory (DDR SDRAM), enhanced Synchronous Dynamic Random Access Memory (ESDRAM), synchronous Link DRAM (SLDRAM), and direct memory bus RAM (DR RAM).
The above embodiments may be implemented in whole or in part by software, hardware (e.g., circuitry), firmware, or any other combination. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. When the computer instructions or computer program are loaded or executed on a computer, the processes or functions in accordance with embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center by wired (e.g., infrared, wireless, microwave, etc.) means. Computer readable storage media can be any available media that can be accessed by a computer or data storage devices, such as servers, data centers, etc. that contain one or more collections of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.
It should be understood that the term "and/or" is merely an association relationship describing the associated object, and means that three relationships may exist, for example, a and/or B may mean: there are three cases, a alone, a and B together, and B alone, wherein a, B may be singular or plural. In addition, the character "/" herein generally indicates that the associated object is an "or" relationship, but may also indicate an "and/or" relationship, and may be understood by referring to the context.
In the present application, "at least one" means one or more, and "a plurality" means two or more. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.
It should be understood that, in various embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the partitioning of elements is merely a logical functional partitioning, and there may be additional partitioning in actual implementation, e.g., multiple elements or components may be combined or integrated into another system, or some feature fields may be omitted, or not implemented. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely illustrative embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about variations or substitutions within the technical scope of the present application, and the application should be covered. Therefore, the protection scope of the application is subject to the protection scope of the claims.
Claims (10)
1. A security verification method of a cloud computing system, the method comprising:
a cloud computing management entity obtains a service request of a service entity from the service entity, wherein the cloud computing management entity is positioned in a first network, and the service entity is positioned in a second network;
the cloud computing management entity sends a verification request to a verification entity, wherein the verification entity is located in the second network, and the verification request is used for requesting the verification entity to initiate trusted verification on the business entity;
the verification entity determines a trusted verification result of the service entity through a third network according to the verification request, wherein the third network is a network which is signed with the second network and is not signed with the first network, and the trusted verification result is used for representing whether the service entity is trusted or not;
The verification entity sends the trusted verification result to the cloud computing management entity;
and under the condition that the service entity is trusted, the cloud computing management entity provides service for the service entity according to the service request.
2. The method according to claim 1, wherein the verifying entity determines a trusted verification result of the business entity through a third network according to the verification request, comprising:
the verification entity determines whether the second network is a trusted network or not through the third network according to the verification request;
the verification entity obtains a trusted verification result of the service entity through the third network under the condition that the second network is an untrusted network; or if the second network is a trusted network, the verification entity obtains a trusted verification result of the service entity through the second network.
3. The method according to claim 2, wherein the verifying entity obtaining the trusted verification result of the service entity through the third network comprises:
the verification entity requests a measurement entity in the third network to perform trusted measurement on the service entity;
The verification entity obtains first trusted evidence of the business entity from a measurement entity in the third network, wherein the first trusted evidence is obtained by the measurement entity in the third network through trusted measurement of the business entity;
and the verification entity determines a trusted verification result of the service entity according to the first trusted evidence.
4. A method according to claim 3, characterized in that the method further comprises:
the verification entity sending the first trusted evidence to a measurement entity in the second network;
the verification entity obtains second trusted evidence of the service entity from the measurement entity in the second network, wherein the second trusted evidence is trusted evidence obtained by the measurement entity in the second network for carrying out trusted measurement on the service entity according to the first trusted evidence;
correspondingly, the verification entity determines a trusted verification result of the service entity according to the first trusted evidence, and the method comprises the following steps:
and the verification entity determines a trusted verification result of the service entity according to the first trusted evidence and the second trusted evidence.
5. The method of claim 4, wherein the second trusted evidence is a trusted evidence obtained by a measurement entity in the second network that performs a trusted measurement on the business entity and is within a measurement evidence threshold determined by the measurement entity in the second network from the first trusted evidence.
6. The method according to claim 2, wherein the verifying entity obtaining the trusted verification result of the service entity through the second network comprises:
the verification entity requests a measurement entity in the second network to perform trusted measurement on the service entity;
the verification entity obtains third trusted evidence of the business entity from the measurement entity in the second network, wherein the third trusted evidence is the trusted evidence obtained by the measurement entity in the second network through carrying out trusted measurement on the business entity;
and the verification entity determines a trusted verification result of the service entity according to the third trusted evidence.
7. The method of claim 6, wherein the method further comprises:
the verification entity sending the third trusted evidence to a measurement entity in the third network;
The verification entity obtains a fourth trusted evidence of the service entity from the measurement entity in the third network, wherein the fourth trusted evidence is a trusted evidence obtained by the measurement entity in the third network for carrying out trusted measurement on the service entity according to the third trusted evidence;
correspondingly, the verification entity determines a trusted verification result of the service entity according to the third trusted evidence, and the method comprises the following steps:
and the verification entity determines a trusted verification result of the service entity according to the third trusted evidence and the fourth trusted evidence.
8. The method of claim 7, wherein the fourth proof of trust is a proof of trust obtained by a measurement entity in the second network that performs a trust measurement on the business entity and is within a measurement proof threshold determined by a measurement entity in the third network based on the third proof of trust.
9. The method according to any of claims 2-8, wherein the verifying entity determining, by the third network, whether the second network is a trusted network based on the verification request, comprises:
The verification entity requests a measurement entity in the third network to perform trusted measurement on the second network according to the verification request;
the verification entity obtains the trusted evidence of the second network from the measurement entity in the third network, wherein the trusted evidence of the second network is obtained by the measurement entity in the third network through trusted measurement on the second network;
the verification entity determines whether the second network is a trusted network according to the trusted evidence of the second network.
10. A security verification system for a cloud computing system, the system comprising:
the cloud computing management entity is used for acquiring a service request of the service entity from the service entity, wherein the cloud computing management entity is positioned in a first network, and the service entity is positioned in a second network;
the cloud computing management entity is further configured to send a verification request to a verification entity, where the verification entity is located in the second network, and the verification request is used to request the verification entity to initiate trusted verification on the service entity;
the verification entity is configured to determine a trusted verification result of the service entity through a third network according to the verification request, where the third network is a network signed with the second network and not signed with the first network, and the trusted verification result is used to characterize whether the service entity is trusted;
The verification entity is further configured to send the trusted verification result to the cloud computing management entity;
and under the condition that the service entity is also used for being trusted, the cloud computing management entity provides service for the service entity according to the service request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310882483.1A CN116614312B (en) | 2023-07-19 | 2023-07-19 | Security verification method and system for cloud computing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310882483.1A CN116614312B (en) | 2023-07-19 | 2023-07-19 | Security verification method and system for cloud computing system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116614312A true CN116614312A (en) | 2023-08-18 |
| CN116614312B CN116614312B (en) | 2024-04-09 |
Family
ID=87685657
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310882483.1A Active CN116614312B (en) | 2023-07-19 | 2023-07-19 | Security verification method and system for cloud computing system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116614312B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110299996A (en) * | 2018-03-22 | 2019-10-01 | 阿里巴巴集团控股有限公司 | Authentication method, equipment and system |
| CN111949986A (en) * | 2020-02-19 | 2020-11-17 | 华控清交信息科技(北京)有限公司 | Service processing method, system and storage medium |
| CN114285582A (en) * | 2021-12-22 | 2022-04-05 | 中国电信股份有限公司 | Information validity checking method and device, storage medium and electronic equipment |
| WO2022213605A1 (en) * | 2021-04-07 | 2022-10-13 | 中国电信股份有限公司 | Method and apparatus for providing cloud service security access, and medium |
| CN115296938A (en) * | 2022-10-09 | 2022-11-04 | 湖南警云智慧信息科技有限公司 | Cloud computing management system and cloud computing management method |
| US20230056432A1 (en) * | 2020-11-05 | 2023-02-23 | Tencent Technology (Shenzhen) Company Limited | Service communication method, system, apparatus, electronic device, and storage medium |
-
2023
- 2023-07-19 CN CN202310882483.1A patent/CN116614312B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110299996A (en) * | 2018-03-22 | 2019-10-01 | 阿里巴巴集团控股有限公司 | Authentication method, equipment and system |
| CN111949986A (en) * | 2020-02-19 | 2020-11-17 | 华控清交信息科技(北京)有限公司 | Service processing method, system and storage medium |
| US20230056432A1 (en) * | 2020-11-05 | 2023-02-23 | Tencent Technology (Shenzhen) Company Limited | Service communication method, system, apparatus, electronic device, and storage medium |
| WO2022213605A1 (en) * | 2021-04-07 | 2022-10-13 | 中国电信股份有限公司 | Method and apparatus for providing cloud service security access, and medium |
| CN114285582A (en) * | 2021-12-22 | 2022-04-05 | 中国电信股份有限公司 | Information validity checking method and device, storage medium and electronic equipment |
| CN115296938A (en) * | 2022-10-09 | 2022-11-04 | 湖南警云智慧信息科技有限公司 | Cloud computing management system and cloud computing management method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116614312B (en) | 2024-04-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111865598B (en) | Identity verification method and related device for network function service | |
| CN110312305B (en) | Method and device for determining position of terminal device | |
| US20220159446A1 (en) | Event Report Sending Method, Apparatus, and System | |
| US11855977B2 (en) | Systems and methods for configuring a network function proxy for secure communication | |
| US20210377054A1 (en) | Systems and methods for managing public key infrastructure certificates for components of a network | |
| CA3117004C (en) | Method for obtaining capability information of terminal, apparatus, and system | |
| EP4142328A1 (en) | Network authentication method and apparatus, and system | |
| TWI685267B (en) | Method and equipment for access control | |
| CN115296938B (en) | Cloud computing management system and cloud computing management method | |
| CN116614312B (en) | Security verification method and system for cloud computing system | |
| US11797712B2 (en) | Verifying data integrity | |
| US11343244B2 (en) | Method and apparatus for multi-factor verification of a computing device location within a preset geographic area | |
| CN117081928A (en) | Communication method and device | |
| CN115567899B (en) | Error analysis method and device for intelligent ammeter | |
| CN117221884B (en) | Base station system information management method and system | |
| US20220405384A1 (en) | Blockchain-based method and system for securing a network of virtual wireless base stations | |
| CN117560743A (en) | Trusted data storage method and device based on blockchain | |
| CN117320002A (en) | Communication method and device | |
| CN117641342A (en) | Communication method and device | |
| CN116980218A (en) | Building equipment life cycle control SaaS system and method | |
| CN116074822A (en) | Communication method, device and system | |
| CN117202135A (en) | Communication method, device and system | |
| CN113630390A (en) | Network security communication method and device of terminal equipment based on big data | |
| CN117202134A (en) | Communication method, device and system | |
| CN117156610A (en) | Transmission control method for heterogeneous fusion of space network and ground multi-hop network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |