WO2011050703A1 - Cloud processing system, cloud processing method and cloud computing agent device - Google Patents

Cloud processing system, cloud processing method and cloud computing agent device Download PDF

Info

Publication number
WO2011050703A1
WO2011050703A1 PCT/CN2010/078050 CN2010078050W WO2011050703A1 WO 2011050703 A1 WO2011050703 A1 WO 2011050703A1 CN 2010078050 W CN2010078050 W CN 2010078050W WO 2011050703 A1 WO2011050703 A1 WO 2011050703A1
Authority
WO
WIPO (PCT)
Prior art keywords
cloud
cloud computing
server
application
request message
Prior art date
Application number
PCT/CN2010/078050
Other languages
French (fr)
Chinese (zh)
Inventor
苏红宏
张礼权
Original Assignee
华为终端有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=43921326&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=WO2011050703(A1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by 华为终端有限公司 filed Critical 华为终端有限公司
Publication of WO2011050703A1 publication Critical patent/WO2011050703A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Definitions

  • Cloud processing system Cloud processing method and cloud computing agent device
  • the embodiments of the present invention relate to the field of computer technologies, and in particular, to a cloud processing system, a cloud processing method, and a cloud computing proxy device. Background technique
  • Cloud computing (C l oud Compu t ng) is an emerging business computing model. It distributes computing tasks across resource pools of large numbers of computers, enabling applications to acquire computing power, storage space, and various software services as needed.
  • Cloud is a virtual computing resource that can be self-maintained and managed, usually a large server cluster, including computing servers, storage servers, broadband resources, and so on. Cloud computing centralizes all computing resources and is automatically managed by software without human intervention. This eliminates the need for application providers to worry about cumbersome details and to focus more on their own business, helping to innovate and reduce costs.
  • the basic principle of cloud computing is that enterprise data centers will operate more like the Internet by distributing the computation across a large number of distributed computers rather than local or remote servers. This allows companies to switch resources to the applications they need and access computers and storage systems as needed. This is like a shift from the old single generator mode to the centralized power supply mode of the power plant. It means that computing power can also be circulated as a commodity, just like gas and water, it is easy to use and low cost. The biggest difference is that it is transmitted over the Internet. With cloud computing technology, you only need one laptop or one mobile phone, you can use network services. Achieve everything we need, even tasks like supercomputing. From this perspective, the end user device is the true owner of cloud computing. The application of cloud computing involves the idea of uniting forces and using them for each of them. In the most fundamental sense, cloud computing is the ability to leverage software and data on the Internet. The above cloud computing is a generalized concept, including the concept of storage and computing.
  • the embodiments of the present invention provide a cloud processing system, a cloud processing method, and a cloud computing proxy device, and a cloud storage proxy device and a client, which can improve the security of the cloud computing.
  • the embodiment of the present invention provides a cloud processing system, including a client and a cloud server, and a cloud proxy device, where the cloud proxy device is connected to the client and the cloud server, and the cloud proxy device is configured to receive the cloud sent by the client.
  • the request message is processed, and the cloud server is provided to the client instead of the cloud server.
  • the embodiment of the invention further provides a cloud processing method, including:
  • a cloud processing request message for requesting the cloud server to provide the cloud service, where the cloud processing request message includes a cloud computing request message or a cloud storage request message;
  • the cloud service is provided to the client according to the cloud processing request message instead of the cloud server.
  • the embodiment of the invention further provides another cloud processing method, including:
  • the cloud processing request message is sent to the cloud proxy device according to the preset cloud proxy device address.
  • the embodiment of the invention further provides a cloud computing proxy device, comprising:
  • a first receiving module configured to receive a cloud computing request message sent by the client, where the cloud computing request message includes the requested cloud computing application information
  • An application obtaining module configured to obtain, according to the cloud computing request message, a cloud computing server Using or calling a stored application obtained from a cloud computing server;
  • a calculation processing module configured to perform cloud computing processing according to the application acquired by the application obtaining module or the stored application.
  • the embodiment of the invention further provides a cloud storage proxy device, comprising:
  • a second receiving module configured to receive a storage clearing message that is sent by the client, including pre-stored data information
  • a storage module configured to store the data information
  • the second sending module is configured to send the stored data information to the cloud storage server for storage when the upload condition is met.
  • the embodiment of the invention further provides a client, including:
  • a determining module configured to determine that the request input by the user is a cloud processing request
  • a third sending module configured to send a cloud processing request message to the cloud proxy device according to the preset cloud proxy device address.
  • a cloud processing system, a cloud processing method, and a cloud computing proxy device according to an embodiment of the present invention, and a cloud storage processing device, the cloud proxy device capable of receiving a cloud of a client by setting a cloud proxy device between the client and the cloud server Processing the request message, and performing cloud computing or cloud storage processing according to the cloud processing request message, and setting up the cloud proxy device between the client and the cloud server instead of directly using the public cloud server, thereby improving information in the cloud computing process safety.
  • FIG. 1 is a schematic structural diagram of an embodiment of a cloud processing system according to the present invention.
  • Embodiment 1 is a schematic flowchart of Embodiment 1 of a cloud processing method according to the present invention
  • 3 is a schematic flowchart of Embodiment 2 of a cloud processing method according to the present invention
  • Embodiment 4 is a schematic flowchart of Embodiment 3 of a cloud processing method according to the present invention.
  • FIG. 5 is a schematic flowchart diagram of Embodiment 4 of a cloud processing method according to the present invention.
  • FIG. 6 is a schematic structural diagram of an embodiment of a cloud computing proxy device according to the present invention.
  • FIG. 7 is a schematic structural diagram of an embodiment of a cloud storage proxy device according to the present invention.
  • FIG. 8 is a schematic structural diagram of a client embodiment of the present invention.
  • FIG. 9 is a system architecture diagram of a cloud computing system according to an embodiment of the present invention.
  • FIG. 10 is a schematic flowchart diagram of a cloud computing method according to an embodiment of the present invention.
  • FIG. 1 is a schematic flowchart of an authentication process in a specific embodiment of the present invention.
  • FIG. 12 is a schematic flowchart diagram of a cloud storage method according to an embodiment of the present invention.
  • FIG. 13 is a schematic structural diagram of a cloud proxy device according to an embodiment of the present invention. detailed description
  • FIG. 1 is a schematic structural diagram of an embodiment of a cloud processing system according to the present invention.
  • the client 1 includes a cloud server 2 and a cloud proxy device 3, wherein the cloud proxy device 3 is connected to the client. 1 and the cloud server 2, the cloud proxy device 3 is configured to receive a cloud processing request message sent by the client 1, and provide a cloud service for the client instead of the cloud server.
  • the cloud processing request message includes a cloud computing request message or a cloud storage request message.
  • the cloud proxy device 3 is further configured to perform cloud computing or cloud storage processing according to the cloud processing request message.
  • a cloud proxy device which can receive the cloud processing request message of the client, and provides a cloud service for the client instead of the cloud server, can avoid directly using the public cloud server, and can improve information security in the cloud computing process.
  • a cloud proxy device is provided instead of a cloud server to provide a cloud service, wherein the replacement is directed to providing a cloud service directly to the client by the cloud server in the prior art, and the embodiment of the present invention is provided by the cloud proxy device.
  • the cloud proxy device acquires the application from the cloud computing server or invokes the stored application instead of the cloud computing server for cloud computing processing; receiving the cloud The request message is stored, and the cloud proxy device caches the data information and uploads it to the cloud storage server when the condition is met.
  • the cloud proxy device can provide the cloud service instead of the cloud server.
  • the cloud processing described above may specifically include cloud computing and cloud storage, that is, the cloud processing request message may be a cloud computing request message or a cloud storage request message.
  • the corresponding cloud server may be a cloud computing server
  • the cloud proxy device may be a cloud computing proxy device, where the cloud computing proxy device is configured to receive a cloud computing request message sent by the client, where the cloud computing request message includes the requested cloud computing application information. And being used to acquire an application from the cloud computing server or invoke the stored application according to the cloud computing request message, where the stored application that is invoked is an application obtained from the cloud computing server; and finally performs cloud computing processing according to the requested application or the stored application.
  • the cloud server may be a cloud storage server
  • the cloud proxy device is a cloud storage proxy device
  • the cloud storage proxy device is configured to receive a storage request message that is sent by the client, including pre-stored data information, and store the data information.
  • the uploaded condition is met, the stored data information is sent to the cloud storage server for storage.
  • the above-mentioned cloud proxy device can be further set in the local area network, so that the cloud proxy device and the client in the local area network can be connected through a high-speed local area network, and the speed of the cloud computing can be effectively provided while using the server provided by the public cloud. And security.
  • the embodiment of the present invention further provides a method for performing a cloud processing method on a client and a cloud proxy device
  • FIG. 2 is a flow of the first embodiment of the cloud processing method according to the present invention.
  • the schematic diagram of the process is performed by the cloud proxy device as an example. As shown in FIG. 2, the method includes the following steps:
  • Step 101 The cloud processing request message sent by the client for requesting the cloud server to provide the cloud service, where the cloud processing request message includes a cloud computing request message or a cloud storage request message; in this step, between the client and the cloud server A cloud proxy device is set, and the cloud proxy request message is received by the cloud proxy device.
  • Step 102 Provide a cloud service to the client according to the cloud processing request message instead of the cloud server.
  • the cloud proxy device performs the corresponding processing according to the cloud processing request message, that is, performs cloud computing processing or performs cloud storage processing.
  • a cloud proxy device is disposed between the client and the cloud server, and the cloud proxy device is capable of receiving a cloud processing request message of the client, and performing cloud computing according to the cloud processing request message.
  • cloud storage processing the above establishment of a cloud proxy device between the client and the cloud server, rather than directly using a public cloud server, can improve information security in the cloud computing process.
  • FIG. 3 is a schematic flowchart of a second embodiment of a cloud processing method according to the present invention. As shown in FIG. 3, when the received cloud processing request message is a cloud computing request message, the foregoing method includes:
  • Step 201 Receive a cloud computing request message sent by a client, where the cloud computing request message includes the requested cloud computing application information.
  • Step 202 Request and acquire an application from the cloud computing server according to the cloud computing request message, or invoke the stored application acquired from the cloud computing server;
  • Step 203 Perform cloud computing processing according to an application obtained from a cloud computing server or an stored application.
  • the method may further include: determining whether the cloud computing application included in the cloud computing request message is stored; and using the cloud computing application when the cloud computing application is stored; In the cloud computing application, the cloud computing application is requested from the cloud computing server, and the steps of step 202 and step 203 are performed.
  • the application request message including the identifier and the requested cloud computing application information may be sent to the cloud computing server, and the cloud computing server returns the cloud computing according to the identity identifier. application.
  • the step of authenticating may also be set, that is, the application request message sent to the cloud computing server further includes the authentication information, and the receiving cloud computing server returns according to the identity identifier.
  • the cloud computing application may be specifically: receiving a cloud computing application returned by the cloud computing server according to the identity identifier after the authentication according to the authentication information passes.
  • the cloud computing application returned by the receiving cloud computing server according to the identity identifier may be specifically: receiving the cloud computing application including the command line and/or the graphical interface returned by the cloud server according to the identity identifier.
  • FIG. 4 is a schematic flowchart of a third embodiment of a cloud processing method according to the present invention. As shown in FIG. 4, when the received cloud processing request message is a cloud storage request message, the method includes:
  • Step 301 Receive a cloud storage request message that is sent by the client, including pre-stored data information, and store the data information.
  • the cloud storage proxy device receives the pre-stored data, and caches the data.
  • Step 302 When the upload condition is met, send the stored data information to a cloud storage server for storage.
  • the foregoing conditions may be that the network is idle, the server is idle, and the like, and the data information is uploaded after the conditions are met.
  • the cloud storage proxy device functions as a cache, and the data information pre-uploaded to the cloud storage server is cached first, and the data information is uploaded when the upload condition is met.
  • the embodiment of the present invention further provides a cloud processing method using a client as an example, including: when determining that the request input by the user is a cloud processing request, sending a cloud processing request message to the cloud proxy device according to the preset cloud proxy device address.
  • the specific request for determining the user input as the cloud processing request may be: determining, according to the URL information or the port number of the request, that the request is a cloud processing request.
  • FIG. 5 is a schematic flowchart of Embodiment 4 of a cloud processing method according to the present invention. As shown in FIG. 5, the method includes the following steps:
  • Step 401 Determine, according to the requested URL information or the destination port number, that the request is a cloud processing request.
  • Step 402 Send a cloud processing request message to the cloud proxy device according to the preset cloud proxy device address.
  • the cloud processing request message is sent to the cloud processing device instead of directly using the public cloud server, thereby improving information security in the cloud computing process.
  • the above cloud processing request may be a cloud computing request or a cloud storage request.
  • the sending the cloud processing request message to the cloud proxy device is specifically:
  • FIG. 6 is a schematic structural diagram of Embodiment 1 of a cloud computing proxy device according to the present invention. As shown in FIG. 6, the cloud computing proxy device includes a first receiving module 11 and an application.
  • the obtaining module 12 and the computing processing module 13 are configured to receive the cloud computing request message sent by the client, where the cloud computing request message includes the requested cloud computing application information; and the application obtaining module 12 is configured to use the cloud computing
  • the request message is obtained from the cloud computing server to obtain an application or to invoke the stored from the cloud computing server; the computing processing module 13 is configured to perform cloud computing processing according to the application acquired or the called application obtained from the application obtaining module 12.
  • the cloud computing processing device provided by the foregoing embodiment of the present invention, after receiving the cloud computing request message sent by the client, uses the application stored by itself or requests the application from the cloud computing server, and then performs cloud computing processing, so that the cloud can be implemented locally. Calculation processing to improve the security and processing speed of data information. And further, the above cloud computing processing device can be set in the local area network Inside.
  • the method may further include: a determining module, configured to determine whether the cloud computing application included in the cloud computing request message is stored, where the application acquiring module is configured to store the cloud The cloud computing application is used when computing an application; when the cloud computing application is not stored, the cloud computing application is requested from a cloud computing server.
  • a determining module configured to determine whether the cloud computing application included in the cloud computing request message is stored, where the application acquiring module is configured to store the cloud The cloud computing application is used when computing an application; when the cloud computing application is not stored, the cloud computing application is requested from a cloud computing server.
  • the application obtaining unit may be further divided into a first processing unit, a first sending unit, and a first receiving unit, where the first processing unit is configured to use the cloud computing application when the cloud computing application is stored; An application request message for sending the cloud computing application information including the identity and the request to the cloud computing server; the first receiving unit is configured to receive the cloud computing application returned by the cloud computing server according to the identity identifier.
  • FIG. 7 is a schematic structural diagram of an embodiment of a cloud storage proxy device according to the present invention.
  • the cloud storage proxy device includes a second receiving module 21, a storage module 22, and a second sending module 23, where the second receiving module 21 is used.
  • the storage server is storing.
  • the cloud storage proxy device provided by the foregoing embodiment of the present invention first caches the received pre-stored data information, and sends the foregoing data information to the cloud storage server when the upload condition is met, and the specific upload condition may be that the network is idle. Conditions such as server idleness can increase the speed of cloud data storage by the above-described embodiments.
  • an encryption/decryption module may be further configured to encrypt data information to be uploaded to the cloud storage server, and perform data information downloaded from the cloud storage server. Decrypt.
  • FIG. 8 is a schematic structural diagram of a client embodiment of the present invention.
  • the client includes a determining module 31 and a third sending module 32, where the determining module 31 is used.
  • the request for determining the user input is a cloud processing request;
  • the third sending module 32 is configured to send a cloud processing request message to the cloud proxy device according to the preset cloud proxy device address.
  • the address of the cloud proxy device is stored in the client, and the processing request message is sent to the cloud proxy device for processing, instead of being directly sent to the cloud server, which can improve the information security in the cloud processing process.
  • an identifier adding module may be further configured to add an identifier indicating whether to perform data backup or data confidentiality level to the cloud storage request message when requesting the cloud storage request to the cloud processing request;
  • the third sending module is configured to send, to the cloud proxy device, a cloud storage request message carrying an identifier of whether to perform data backup or data confidentiality level.
  • the data of the cloud storage request message with the high data confidentiality level of the identifier may be used to indicate that the cloud proxy device encrypts when uploading to the cloud storage server.
  • FIG. 9 is a system architecture diagram of a cloud computing system according to an embodiment of the present invention.
  • the technical solution of the present invention is to introduce a cloud computing proxy device between a cloud computing server and a client, and the cloud computing proxy device itself has Computing and/or storage capabilities, which can be used for computing and/or storage instead of cloud computing servers, and upload storage content to a cloud computing server (memory) as needed, since existing cloud computing technologies only transmit results to clients.
  • the application (algorithm) itself is not transmitted, so it is necessary to transform all aspects of the cloud computing, including:
  • the protocol SBS that requests the cloud storage is defined, and after the cloud storage agent device recognizes the cloud storage request, the storage policy is automatically determined.
  • the client can directly point the storage location to the CProxy, and the CProxy further caches to the cloud storage proxy device according to its storage resource usage.
  • step (1) you can also not use a general-purpose computing platform, which requires the agent to
  • the cloud computing server obtains an executable application suitable for its environment (processor, OS).
  • processor OS
  • it is generally required to store an application library consistent with the CProxy processor, OS, etc. on the cloud computing server.
  • the cloud computing server needs to be able to provide different application libraries.
  • Client A can be pre-set the cloud computing proxy device as CProxy (or discover the cloud computing proxy device through the automatic discovery protocol), H does not need Client A to perform matrix inversion calculation, to cloud Cloud A matrix calculation request is initiated, and the URL prefix SBC is defined to represent the cloud computing request.
  • the cloud computing may include the following steps: Step 501: ClientA accesses the URL "SBC: //CloudA/Matr ix" (where CloudA corresponds CloudA's address, Ma tr ix is the specific matrix computing application requested) to initiate a cloud computing request;
  • Step 502 The proxy server that is pre-set with the SBC on Clien is CProxy (the corresponding port number or the predefined default port number is also required when using the TCP/IP protocol), and the cloud computing client on the client A (can be a browser)
  • the judgment is a cloud computing request, which will connect to the cloud computing agent CProxy, and send the cloud computing request to the cloud computing agent CProxy;
  • Step 503 The CProxy, according to the received request identifier (such as the SBC in this example), identifies that the cloud computing request is available, and the local application does not have a corresponding application, and then requests the application to obtain the application, for example, GetMethod: Matrix;
  • Step 504 After the CProxy authentication is passed, the CloudA sends the application Matrix to the CProxy (the application itself may include a command line or a graphical interface), and records the CProxy information (in order to automatically update the application);
  • Step 505 The CProxy executes the Matirx application to provide the Matrix service to Clen.
  • the Matrix can directly output the interactive prompt of the command line or directly interact with the graphical interface.
  • the presentation of the specific interactive interface can use the existing cloud computing method, through WEB, desktop transmission and other technologies. .
  • CProxy may also need to perform pre-processing such as compiling and optimizing the obtained calculations.
  • the cloud computing request is represented by a special protocol port number.
  • the TCP 90 port corresponds to cloud computing.
  • the client automatically considers the TCP connection with the destination port number 90 as a cloud computing request, and automatically connects to the cloud proxy server.
  • CProxy can also be used to carry the cloud computing request directly, and the corresponding cloud proxy URL identification prefix of the client is HUp.
  • the proxy server can be used to identify whether the cloud proxy request or the ordinary netizen browses, for example, the proxy can be based on
  • the pre-configured URL identifies whether it is a cloud computing request. For example, if the user wants to edit the document through cloud computing, request an application for word document editing.
  • the corresponding cloud computing URL is: http: ⁇ docs.clouda.com, pre-configured on the proxy server.
  • Http //docs, clouda.com is a cloud computing request.
  • the client requests the same calculation (application), and the CProxy directly provides the corresponding application, and does not perform step 503 and step 504.
  • the CProxy can also authenticate the user, and the authentication allows the CProxy to execute the cloud computing request message.
  • the CSI authentication of the CProxy (corresponding to the main function of the authentication security module) can be implemented by using a simple shared key method.
  • a CProxy that requires the proxy is assigned a username ID and a shared key SKey.
  • the CProxy requests to obtain an application, the corresponding The request message is signed.
  • the sent request message is M, and the MD5 hash algorithm is used for signature.
  • the authentication process may be as follows:
  • Step 601 The CProxy sends a request application initialization message to the cloud computing server CloudA.
  • Step 602 The CloudA sends a response initialization message (GetMethodlnit) to the CProxy, and carries the parameter random number R, and saves the start time and R of the session;
  • GetMethodlnit a response initialization message
  • Methodl ID I Times tamp I R I Signature where Method is determined according to the application of the specific request, the ratio: ⁇ can be Matrix;
  • MD5 Method, ID, Timestamp, R, Skey
  • MD5 compare Signature' with the Signature in the received message. If the time is valid, R is the same, and the signature is the same, the authentication is passed. Go to step 605. Otherwise, the authentication fails to directly reject the request. ;
  • Step 605 Send an application response message, and send the corresponding application to the CProxy.
  • the MD5 algorithm may also select another hash algorithm, such as HMAC.
  • the digital certificate can also be used for authentication to make it more secure.
  • the digital certificate can be issued by the corresponding management entity of CloudA or by the trusted entity of the third party.
  • the CProxy can be regarded as a standard cloud storage server for the client.
  • the cloud computing server can be regarded as a common client. As shown in Figure 12, the following steps are included:
  • Step 701 Client A transmits the data that needs to be stored to the CProxy.
  • Step 702 The CProxy stores the data in a storage resource of the CProxy.
  • Step 703 The CProxy feeds back the storage confirmation to the ClientA, and confirms that the storage is completed (if there is an abnormality, the storage failure may be fed back);
  • Step 704 When a certain condition is met (if the resource management module determines that the network is idle and the server is idle), the CProxy transmits the stored data to the cloud storage server (CloudB); Step 705, CloudB feedback storage confirmation, confirming that the storage is completed (if there is an abnormality) Feedback storage failure); Step 7 06.
  • CProxy releases the data that has been successfully uploaded to C oudB from the local storage. For storage using backup mode, do not release, keep a backup on CProxy.
  • CProxy can further encrypt the data uploaded to the cloud storage server.
  • the encryption algorithm can use a symmetric key encryption algorithm such as DES/AES/RC4 or an asymmetric key encryption algorithm such as RSA.
  • a symmetric key encryption algorithm such as DES/AES/RC4
  • RSA asymmetric key encryption algorithm
  • the symmetric key encryption algorithm is more efficient and secure, when the data needs to be accessed by streaming to meet real-time.
  • the demand it is more appropriate to select a stream encryption algorithm such as RC4.
  • CProxy can also specify a dynamic selection algorithm according to the type of data or the user.
  • the encryption and encryption strength can be automatically determined by the user setting or CProxy scanning the stored data, such as scanning a normal WORD text document, it is considered as general confidential data, and selecting AES 128-bit key for medium-intensity encryption.
  • AES 256-bit key is used for high-intensity encryption. Since the encrypted key and algorithm may be different, and the security key may be replaced periodically or irregularly, the CProxy needs to be able to store multiple keys and identifiers corresponding to each key. The identifier of the key needs to be attached to the uploaded data, so that when the data is downloaded, the decryption algorithm is determined according to the identifier and the corresponding key is retrieved for decryption.
  • CProxy itself can correspond to multiple cloud storage servers, and can automatically switch between multiple servers, the client does not feel this change.
  • the CProxy may also select another cloud storage server to re-upload.
  • CProxy also functions as a data cache, which will not be described in this embodiment.
  • the data information can be directly sent to C l oudB and returned to the storage confirmation. Message.
  • the CProxy needs to perform decryption corresponding to the encryption, specifically determining the decryption algorithm according to the key identifier in the downloaded data and acquiring the corresponding decryption key, and performing decryption of the downloaded data.
  • FIG. 13 is a schematic structural diagram of the cloud proxy device, including the module shown in FIG. 13.
  • the SBX protocol processing module is configured to process a computing request SBC or a storage request SBS between the client and the cloud proxy device. Relevant protocol interactions, including protocol interaction processing such as associated local user authentication;
  • the local user management module is used to manage users who need to use the proxy service locally, store user account and password, permissions and other information, authenticate the user, and control the permissions.
  • the user interaction management module is used to process input, keys, and output of the user interaction process, generate interface presentations, and the like.
  • the interface presentation can be presented to the user using a web page (browser mode), or can be directly presented to the user in a graphical/video manner.
  • graphics/video should generally be compressed to reduce bandwidth consumption, user input and output.
  • the client can pre-support the processing of the SBX protocol, or download and obtain the client software through a browser, etc.; the software resource management module is used to manage the cached software/application resources, and notify the application when there is no locally cached application resource.
  • the request module requests the software resource from the cloud computing server, and is responsible for updating the cache resource, creating the copy, and the like, monitoring the access of the software resource, and performing necessary load balancing;
  • the software execution environment module is used to provide an environment for executing the application resource, for example, When the application resource is a Ja va program, the Java runtime environment is provided.
  • the execution environment may also be provided by the cloud computing server.
  • the software resource management module determines that the execution environment needs to be downloaded according to the interaction between the application request module and the cloud computing server, the execution environment is downloaded through the application request module, and is installed into the software execution environment module;
  • the copyright management module is a DRM package required by the DRM client and the cloud computing server.
  • the digital rights management module corresponds to the OMA DRM client.
  • the cloud computing server can control the application to run only on the authorized CP roxy; the application requesting module is used to request the corresponding application from the cloud computing server according to the requirements of the software resource management, or request the execution environment.
  • the storage resource management module may further include a sensitive data detection module, based on content detection, identifying confidential data, not uploading confidential data to the cloud storage server, or performing high-intensity confidentiality on the confidential data; the storage resource module provides internal access to the client Network storage, and acts as a two-way storage cache between the cloud storage server and the client to improve client access speed; the encryption/decryption module is used to perform encryption on data uploaded to the cloud storage, and to implement data downloaded from the cloud storage.
  • a sensitive data detection module based on content detection, identifying confidential data, not uploading confidential data to the cloud storage server, or performing high-intensity confidentiality on the confidential data
  • the storage resource module provides internal access to the client Network storage, and acts as a two-way storage cache between the cloud storage server and the client to improve client access speed
  • the encryption/decryption module is used to perform encryption on data uploaded to the cloud storage, and to implement data downloaded from the cloud storage.
  • storage request module is used to upload data in the storage resource to the cloud computing (cloud storage) server, or download data from the cloud computing server to the storage resource, or not through the storage resource
  • the module cache for example, when the storage resource module is full, and directly stores the storage request between the client and the cloud computing server
  • the authentication security module is used to complete the corresponding authentication according to the requirements of the cloud computing server when accessing the cloud computing resource, Based on shared key, digital certificate Book and other methods.
  • the cloud processing system, the cloud processing method, the cloud computing proxy device, and the cloud storage processing device provided by the foregoing embodiments of the present invention, wherein a cloud proxy device is provided between the client and the cloud computing (cloud storage) server, the cloud proxy device has a calculation And the storage capability, when receiving the cloud computing request, first determining whether the application requested by the cloud computing request has been stored, if yes, performing cloud computing according to the stored application, and if not, requesting the application from the cloud computing server And after receiving the corresponding application, the cloud computing is performed.
  • the data information uploaded by the client to the cloud storage server may be cached first, and finally the data is uploaded to the cloud storage server when the upload condition is met. .
  • the above technical solution provided by the foregoing embodiments of the present invention can be set locally in a local area network by using a cloud proxy device, so that the remaining clients have a high-speed network connection, and the public cloud enhanced service on the wide area network can be used in a large amount. , effectively provide the speed and security of cloud computing. And further through the security management of CProxy (such as encryption, content inspection), you can further improve the security of data.
  • CProxy such as encryption, content inspection
  • the foregoing program may be stored in a computer readable storage medium, and the program is executed to perform the steps including the foregoing method embodiments; and the foregoing storage medium includes: a ROM, A variety of media that can store program code, such as RAM, disk, or optical disk.
  • the cloud computing mentioned in the embodiments of the present invention includes various applications such as performing scientific calculations or executing programs through a server, such as performing mathematical operations through a cloud server, editing a document, and playing a game, all of which are in the scope of cloud computing.
  • the use of cloud storage means that the cloud server is used for data storage.

Abstract

A cloud processing system is disclosed. The cloud processing system comprises a client, a cloud server and a cloud agent device. The cloud agent device connects with the client and the cloud server. The cloud agent device is used for receiving a cloud processing request message sent from the client and replacing the cloud server to provide cloud services to the client. A cloud processing method, a cloud computing agent device, a cloud storage processing device and the client are also disclosed. With the method, the devices and the system provided by the solution, information security in cloud processing is improved.

Description

云处理系统、 云处理方法和云计算代理装置  Cloud processing system, cloud processing method and cloud computing agent device
本申请要求于 2009 年 11 月 2 日提交中国专利局、 申请号为 200910207959. 1 , 发明名称为"云处理系统、 云处理方法和云计算代理装置" 的中国专利申请的优先权, 其全部内容通过引用结合在本申请中。 技术领域 This application claims the priority of the Chinese Patent Application entitled "Cloud Processing System, Cloud Processing Method and Cloud Computing Agent Device" submitted by the Chinese Patent Office on November 2, 2009, and the application number is 200910207959. This is incorporated herein by reference. Technical field
本发明实施例涉及计算机技术领域, 尤其涉及一种云处理系统、 云处 理方法和云计算代理装置。 背景技术  The embodiments of the present invention relate to the field of computer technologies, and in particular, to a cloud processing system, a cloud processing method, and a cloud computing proxy device. Background technique
云计算(C l oud Compu t i ng)是一种新兴的商业计算模型。 它将计算任 务分布在大量计算机构成的资源池上,使各种应用系统能够根据需要获取 计算能力、 存储空间和各种软件服务。  Cloud computing (C l oud Compu t ng) is an emerging business computing model. It distributes computing tasks across resource pools of large numbers of computers, enabling applications to acquire computing power, storage space, and various software services as needed.
这种资源池称为 "云" 。 "云" 是一些可以自我维护和管理的虚拟计 算资源, 通常为一些大型服务器集群, 包括计算服务器、 存储服务器、 宽 带资源等。 云计算将所有的计算资源集中起来, 并由软件实现自动管理, 无需人为参与。 这使得应用提供者无需为繁瑣的细节而烦恼, 能够更加专 注于自己的业务, 有利于创新和降低成本。  This resource pool is called a "cloud." "Cloud" is a virtual computing resource that can be self-maintained and managed, usually a large server cluster, including computing servers, storage servers, broadband resources, and so on. Cloud computing centralizes all computing resources and is automatically managed by software without human intervention. This eliminates the need for application providers to worry about cumbersome details and to focus more on their own business, helping to innovate and reduce costs.
云计算的基本原理是, 通过使计算分布在大量的分布式计算机上, 而 非本地计算机或远程服务器中, 企业数据中心的运行将更与互联网相似。 这使得企业能够将资源切换到需要的应用上,根据需求访问计算机和存储 系统。 这就好比是从古老的单台发电机模式转向了电厂集中供电的模式。 它意味着计算能力也可以作为一种商品进行流通, 就像煤气、 水电一样, 取用方便, 费用低廉。 最大的不同在于, 它是通过互联网进行传输的。 通 过云计算技术, 只需要一台笔记本或者一个手机, 就可以通过网络服务来 实现我们需要的一切, 甚至包括超级计算这样的任务。 从这个角度而言, 最终用户设备才是云计算的真正拥有者。云计算的应用包含这样的一种思 想, 把力量联合起来, 给其中的每一个成员使用。 从最根本的意义来说, 云计算就是利用互联网上的软件和数据的能力。 上述的云计算为一个广义 的概念, 包括存储和计算的概念。 The basic principle of cloud computing is that enterprise data centers will operate more like the Internet by distributing the computation across a large number of distributed computers rather than local or remote servers. This allows companies to switch resources to the applications they need and access computers and storage systems as needed. This is like a shift from the old single generator mode to the centralized power supply mode of the power plant. It means that computing power can also be circulated as a commodity, just like gas and water, it is easy to use and low cost. The biggest difference is that it is transmitted over the Internet. With cloud computing technology, you only need one laptop or one mobile phone, you can use network services. Achieve everything we need, even tasks like supercomputing. From this perspective, the end user device is the true owner of cloud computing. The application of cloud computing involves the idea of uniting forces and using them for each of them. In the most fundamental sense, cloud computing is the ability to leverage software and data on the Internet. The above cloud computing is a generalized concept, including the concept of storage and computing.
在实现本发明过程中, 发明人发现现有技术中至少存在如下问题: 现 有技术中在使用公共云时, 需要将数据直接上传到公共云服务器上, 这使 得云计算过程中的安全性能差。 发明内容  In the process of implementing the present invention, the inventors have found that at least the following problems exist in the prior art: In the prior art, when using a public cloud, data needs to be directly uploaded to a public cloud server, which makes the security performance in the cloud computing process poor. . Summary of the invention
本发明实施例提供了一种云处理系统、 云处理方法和云计算代理装 置, 以及一种云存储代理装置和客户端, 能够提高云计算的安全性。  The embodiments of the present invention provide a cloud processing system, a cloud processing method, and a cloud computing proxy device, and a cloud storage proxy device and a client, which can improve the security of the cloud computing.
本发明实施例提供了一种云处理系统, 包括客户端和云服务器, 还包 括云代理装置, 所述云代理装置连接客户端和云服务器, 所述云代理装置 用于接收客户端发送的云处理请求消息, 代替云服务器为客户端提供云服 务。  The embodiment of the present invention provides a cloud processing system, including a client and a cloud server, and a cloud proxy device, where the cloud proxy device is connected to the client and the cloud server, and the cloud proxy device is configured to receive the cloud sent by the client. The request message is processed, and the cloud server is provided to the client instead of the cloud server.
本发明实施例还提供了一种云处理方法, 包括:  The embodiment of the invention further provides a cloud processing method, including:
接收客户端发送的用于请求云服务器提供云服务的云处理请求消息, 所述云处理请求消息包括云计算请求消息或云存储请求消息;  Receiving, by the client, a cloud processing request message for requesting the cloud server to provide the cloud service, where the cloud processing request message includes a cloud computing request message or a cloud storage request message;
根据所述云处理请求消息代替云服务器为客户端提供云服务。  The cloud service is provided to the client according to the cloud processing request message instead of the cloud server.
本发明实施例还提供了另一种云处理方法, 包括:  The embodiment of the invention further provides another cloud processing method, including:
在确定用户输入的请求为云处理请求时, 根据预设的云代理装置地址 向云代理装置发送云处理请求消息。  When it is determined that the request input by the user is a cloud processing request, the cloud processing request message is sent to the cloud proxy device according to the preset cloud proxy device address.
本发明实施例还提供了一种云计算代理装置, 包括:  The embodiment of the invention further provides a cloud computing proxy device, comprising:
第一接收模块, 用于接收客户端发送的云计算请求消息, 所述云计算 请求消息包括请求的云计算应用信息;  a first receiving module, configured to receive a cloud computing request message sent by the client, where the cloud computing request message includes the requested cloud computing application information;
应用获取模块, 用于根据所述云计算请求消息从云计算服务器获取应 用或调用存储的从云计算服务器获取的应用; An application obtaining module, configured to obtain, according to the cloud computing request message, a cloud computing server Using or calling a stored application obtained from a cloud computing server;
计算处理模块, 用于根据所述应用获取模块获取的应用或存储的应用 进行云计算处理。  And a calculation processing module, configured to perform cloud computing processing according to the application acquired by the application obtaining module or the stored application.
本发明实施例还提供了一种云存储代理装置, 包括:  The embodiment of the invention further provides a cloud storage proxy device, comprising:
第二接收模块, 用于接收客户端发送的包括预存储的数据信息的存储 清求消息;  a second receiving module, configured to receive a storage clearing message that is sent by the client, including pre-stored data information;
存储模块, 用于存储所述数据信息;  a storage module, configured to store the data information;
第二发送模块, 用于在满足上传条件时, 将所述存储的数据信息发送 给云存储服务器进行存储。  The second sending module is configured to send the stored data information to the cloud storage server for storage when the upload condition is met.
本发明实施例还提供了一种客户端, 包括:  The embodiment of the invention further provides a client, including:
确定模块, 用于确定用户输入的请求为云处理请求;  a determining module, configured to determine that the request input by the user is a cloud processing request;
第三发送模块, 用于根据预设的云代理装置地址向云代理装置发送云 处理请求消息。  And a third sending module, configured to send a cloud processing request message to the cloud proxy device according to the preset cloud proxy device address.
本发明实施例的云处理系统、 云处理方法和云计算代理装置, 以及一 种云存储处理装置, 通过在客户端和云服务器之间设置了云代理装置, 该 云代理装置能够接收客户端的云处理请求消息, 并根据该云处理请求消息 进行云计算或者云存储处理, 上述在客户端和云服务器之间设立云代理装 置, 而不是直接使用公共的云服务器, 能够提高云计算过程中的信息安全 性。 附图说明  A cloud processing system, a cloud processing method, and a cloud computing proxy device according to an embodiment of the present invention, and a cloud storage processing device, the cloud proxy device capable of receiving a cloud of a client by setting a cloud proxy device between the client and the cloud server Processing the request message, and performing cloud computing or cloud storage processing according to the cloud processing request message, and setting up the cloud proxy device between the client and the cloud server instead of directly using the public cloud server, thereby improving information in the cloud computing process safety. DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案, 下面将对实 施例或现有技术描述中所需要使用的附图作一简单地介绍, 显而易见地, 下 面描述中的附图是本发明的一些实施例, 对于本领域普通技术人员来讲, 在 不付出创造性劳动性的前提下, 还可以根据这些附图获得其他的附图。  In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, a brief description of the drawings used in the embodiments or the prior art description will be briefly described below. Obviously, the drawings in the following description It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any inventive labor.
图 1为本发明云处理系统实施例的结构示意图;  1 is a schematic structural diagram of an embodiment of a cloud processing system according to the present invention;
图 2为本发明云处理方法实施例一的流程示意图; 图 3为本发明云处理方法实施例二的流程示意图; 2 is a schematic flowchart of Embodiment 1 of a cloud processing method according to the present invention; 3 is a schematic flowchart of Embodiment 2 of a cloud processing method according to the present invention;
图 4为本发明云处理方法实施例三的流程示意图;  4 is a schematic flowchart of Embodiment 3 of a cloud processing method according to the present invention;
图 5为本发明云处理方法实施例四的流程示意图;  FIG. 5 is a schematic flowchart diagram of Embodiment 4 of a cloud processing method according to the present invention;
图 6为本发明云计算代理装置实施例的结构示意图;  6 is a schematic structural diagram of an embodiment of a cloud computing proxy device according to the present invention;
图 7为本发明云存储代理装置实施例的结构示意图;  7 is a schematic structural diagram of an embodiment of a cloud storage proxy device according to the present invention;
图 8为本发明客户端实施例的结构示意图;  8 is a schematic structural diagram of a client embodiment of the present invention;
图 9为本发明具体实施例中云计算系统的系统架构图;  9 is a system architecture diagram of a cloud computing system according to an embodiment of the present invention;
图 10为本发明具体实施例中云计算方法的流程示意图;  FIG. 10 is a schematic flowchart diagram of a cloud computing method according to an embodiment of the present invention; FIG.
图 1 1为本发明具体实施例中认证过程的流程示意图;  1 is a schematic flowchart of an authentication process in a specific embodiment of the present invention;
图 12为本发明具体实施例中云存储方法的流程示意图;  FIG. 12 is a schematic flowchart diagram of a cloud storage method according to an embodiment of the present invention; FIG.
图 13为本发明具体实施例中云代理装置的结构示意图。 具体实施方式  FIG. 13 is a schematic structural diagram of a cloud proxy device according to an embodiment of the present invention. detailed description
为使本发明实施例的目的、 技术方案和优点更加清楚, 下面将结合本 发明实施例中的附图, 对本发明实施例中的技术方案进行清楚、 完整地描 述, 显然, 所描述的实施例是本发明一部分实施例, 而不是全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没有作出创造性劳动前提 下所获得的所有其他实施例, 都属于本发明保护的范围。 了一种云处理系统, 图 1为本发明云处理系统实施例的结构示意图, 如图 1所示, 包括客户端 1、 云服务器 2和与云代理装置 3, 其中云代理装置 3 连接客户端 1和云服务器 2, 云代理装置 3用于接收客户端 1发送的云处 理请求消息, 代替云服务器为客户端提供云服务。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is a partial embodiment of the invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention. FIG. 1 is a schematic structural diagram of an embodiment of a cloud processing system according to the present invention. As shown in FIG. 1, the client 1 includes a cloud server 2 and a cloud proxy device 3, wherein the cloud proxy device 3 is connected to the client. 1 and the cloud server 2, the cloud proxy device 3 is configured to receive a cloud processing request message sent by the client 1, and provide a cloud service for the client instead of the cloud server.
该云处理请求消息包括云计算请求消息或云存储请求消息; 云代理装 置 3还用于根据上述云处理请求消息进行云计算或者云存储处理。  The cloud processing request message includes a cloud computing request message or a cloud storage request message. The cloud proxy device 3 is further configured to perform cloud computing or cloud storage processing according to the cloud processing request message.
本发明上述实施例提供的云处理系统, 其中在客户端和云服务器之间 设置了云代理装置, 该云代理装置能够接收客户端的云处理请求消息, 并 代替云服务器为客户端提供云服务, 能够避免直接使用公共的云服务器, 能够提高云计算过程中的信息安全性。 The cloud processing system provided by the foregoing embodiment of the present invention, wherein between the client and the cloud server A cloud proxy device is provided, which can receive the cloud processing request message of the client, and provides a cloud service for the client instead of the cloud server, can avoid directly using the public cloud server, and can improve information security in the cloud computing process.
在本发明的实施例中, 设置了云代理装置代替云服务器提供云服务, 其中的代替是针对现有技术中是由云服务器直接为客户端提供云服务, 而 本发明实施例由云代理装置直接为客户端提供云服务, 具体的针对云计 算, 在接收到云计算请求消息后, 云代理装置从云计算服务器获取应用或 调用存储的应用代替云计算服务器进行云计算处理; 在接收到云存储请求 消息,云代理装置緩存数据信息,并在满足条件时再上传到云存储服务器。 对于客户端而言, 在上述的云计算和云存储过程中, 云代理装置可代替云 服务器提供云服务。 上述的云处理具体的可以包括云计算和云存储, 即上 述云处理请求消息可以为云计算请求消息或云存储请求消息。 相应的上述 的云服务器可以为云计算服务器, 云代理装置可以为云计算代理装置, 该 云计算代理装置用于接收客户端发送的云计算请求消息, 云计算请求消息 包括请求的云计算应用信息; 并用于根据云计算请求消息从云计算服务器 获取应用或调用存储的应用, 上述调用的存储的应用是从云计算服务器获 取的应用; 最后根据请求的应用或存储的应用进行云计算处理。 另外还可 以是上述云服务器为云存储服务器, 云代理装置为云存储代理装置, 上述 云存储代理装置用于接收客户端发送的包括预存储的数据信息的存储请 求消息, 并存储所述数据信息; 在满足上传条件时, 将上述存储的数据信 息发送给云存储服务器进行存储。  In an embodiment of the present invention, a cloud proxy device is provided instead of a cloud server to provide a cloud service, wherein the replacement is directed to providing a cloud service directly to the client by the cloud server in the prior art, and the embodiment of the present invention is provided by the cloud proxy device. Providing a cloud service directly to the client, specifically for the cloud computing, after receiving the cloud computing request message, the cloud proxy device acquires the application from the cloud computing server or invokes the stored application instead of the cloud computing server for cloud computing processing; receiving the cloud The request message is stored, and the cloud proxy device caches the data information and uploads it to the cloud storage server when the condition is met. For the client, in the above cloud computing and cloud storage processes, the cloud proxy device can provide the cloud service instead of the cloud server. The cloud processing described above may specifically include cloud computing and cloud storage, that is, the cloud processing request message may be a cloud computing request message or a cloud storage request message. The corresponding cloud server may be a cloud computing server, and the cloud proxy device may be a cloud computing proxy device, where the cloud computing proxy device is configured to receive a cloud computing request message sent by the client, where the cloud computing request message includes the requested cloud computing application information. And being used to acquire an application from the cloud computing server or invoke the stored application according to the cloud computing request message, where the stored application that is invoked is an application obtained from the cloud computing server; and finally performs cloud computing processing according to the requested application or the stored application. In addition, the cloud server may be a cloud storage server, and the cloud proxy device is a cloud storage proxy device, where the cloud storage proxy device is configured to receive a storage request message that is sent by the client, including pre-stored data information, and store the data information. When the upload condition is met, the stored data information is sent to the cloud storage server for storage.
上述的云代理装置可以进一步的设置在局域网中, 即可实现云代理装 置和局域网内的客户端之间通过高速的局域网连接, 能够在使用公共云提 供的服务器的同时, 有效提供云计算的速度和安全性。  The above-mentioned cloud proxy device can be further set in the local area network, so that the cloud proxy device and the client in the local area network can be connected through a high-speed local area network, and the speed of the cloud computing can be effectively provided while using the server provided by the public cloud. And security.
与上述云处理系统对应的, 本发明实施例还分别提供了在客户端和云 代理装置进行云处理方法的方法, 图 2为本发明云处理方法实施例一的流 程示意图, 本实施例是以云代理装置进行云处理为例, 如图 2所示, 包括 如下步骤: Corresponding to the cloud processing system, the embodiment of the present invention further provides a method for performing a cloud processing method on a client and a cloud proxy device, and FIG. 2 is a flow of the first embodiment of the cloud processing method according to the present invention. The schematic diagram of the process is performed by the cloud proxy device as an example. As shown in FIG. 2, the method includes the following steps:
步骤 101、 接收客户端发送的用于请求云服务器提供云服务的云处理 请求消息, 上述云处理请求消息包括云计算请求消息或云存储请求消息; 本步骤中是在客户端和云服务器之间设置云代理装置, 由该云代理装置接 收云处理请求消息。  Step 101: The cloud processing request message sent by the client for requesting the cloud server to provide the cloud service, where the cloud processing request message includes a cloud computing request message or a cloud storage request message; in this step, between the client and the cloud server A cloud proxy device is set, and the cloud proxy request message is received by the cloud proxy device.
步骤 102、 根据所述云处理请求消息代替云服务器为客户端提供云服 务。 本步骤中是有上述的云代理装置根据云处理请求消息进行相应的处 理, 即进行云计算处理或者进行云存储处理。  Step 102: Provide a cloud service to the client according to the cloud processing request message instead of the cloud server. In this step, the cloud proxy device performs the corresponding processing according to the cloud processing request message, that is, performs cloud computing processing or performs cloud storage processing.
本发明上述实施例提供的云处理处理方法, 其中在客户端和云服务器 之间设置了云代理装置, 该云代理装置能够接收客户端的云处理请求消 息, 并根据该云处理请求消息进行云计算或者云存储处理, 上述在客户端 和云服务器之间设立云代理装置, 而不是直接使用公共的云服务器, 能够 提高云计算过程中的信息安全性。  The cloud processing method provided by the foregoing embodiment of the present invention, wherein a cloud proxy device is disposed between the client and the cloud server, and the cloud proxy device is capable of receiving a cloud processing request message of the client, and performing cloud computing according to the cloud processing request message. Or cloud storage processing, the above establishment of a cloud proxy device between the client and the cloud server, rather than directly using a public cloud server, can improve information security in the cloud computing process.
图 3为本发明云处理方法实施例二的流程示意图, 如图 3所示, 在接 收到的云处理请求消息为云计算请求消息时, 上述方法包括:  3 is a schematic flowchart of a second embodiment of a cloud processing method according to the present invention. As shown in FIG. 3, when the received cloud processing request message is a cloud computing request message, the foregoing method includes:
步骤 201、 接收客户端发送的云计算请求消息, 所述云计算请求消息 包括请求的云计算应用信息;  Step 201: Receive a cloud computing request message sent by a client, where the cloud computing request message includes the requested cloud computing application information.
步骤 202、根据所述云计算请求消息向云计算服务器请求并获取应用, 或调用存储的从云计算服务器获取的应用;  Step 202: Request and acquire an application from the cloud computing server according to the cloud computing request message, or invoke the stored application acquired from the cloud computing server;
步骤 203、 根据从云计算服务器获得的应用或存储的应用进行云计算 处理。  Step 203: Perform cloud computing processing according to an application obtained from a cloud computing server or an stored application.
具体的上述在步骤 201之后还可以包括: 判断是否存储有所述云计算 请求消息中包括的请求的云计算应用; 并在存储有所述云计算应用时使用 该云计算应用; 在未存储有所述云计算应用时, 向云计算服务器请求所述 云计算应用, 执行步骤 202和步骤 203的步骤。 上述步骤 202中向云计算服务器请求所述云计算应用时可以具体为向 云计算服务器发送包括身份标识和请求的云计算应用信息的应用请求消 息, 并接收云计算服务器根据身份标识返回的云计算应用。 Specifically, after the step 201, the method may further include: determining whether the cloud computing application included in the cloud computing request message is stored; and using the cloud computing application when the cloud computing application is stored; In the cloud computing application, the cloud computing application is requested from the cloud computing server, and the steps of step 202 and step 203 are performed. When the cloud computing application is requested by the cloud computing server in the foregoing step 202, the application request message including the identifier and the requested cloud computing application information may be sent to the cloud computing server, and the cloud computing server returns the cloud computing according to the identity identifier. application.
另外在云计算袋装装置向云计算服务器发送应用请求消息时, 还可以 设置认证的步骤, 即上述向云计算服务器发送的应用请求消息还包括认证 信息, 上述接收云计算服务器根据身份标识返回的云计算应用可以具体 为: 接收云计算服务器在根据所述认证信息认证通过后根据所述身份标识 返回的云计算应用。  In addition, when the cloud computing bagging device sends the application request message to the cloud computing server, the step of authenticating may also be set, that is, the application request message sent to the cloud computing server further includes the authentication information, and the receiving cloud computing server returns according to the identity identifier. The cloud computing application may be specifically: receiving a cloud computing application returned by the cloud computing server according to the identity identifier after the authentication according to the authentication information passes.
在上述的接收云计算服务器根据身份标识返回的云计算应用可以具 体为:接收云服务器根据身份标识返回的包括命令行和 /或图形界面的云计 算应用。  The cloud computing application returned by the receiving cloud computing server according to the identity identifier may be specifically: receiving the cloud computing application including the command line and/or the graphical interface returned by the cloud server according to the identity identifier.
图 4为本发明云处理方法实施例三的流程示意图, 如图 4所示, 在接 收到的云处理请求消息为云存储请求消息时, 包括:  4 is a schematic flowchart of a third embodiment of a cloud processing method according to the present invention. As shown in FIG. 4, when the received cloud processing request message is a cloud storage request message, the method includes:
步骤 301、 接收客户端发送的包括预存储的数据信息的云存储请求消 息,并存储所述数据信息;本步骤是由云存储代理装置接收预存储的数据, 并将上述数据进行緩存;  Step 301: Receive a cloud storage request message that is sent by the client, including pre-stored data information, and store the data information. In this step, the cloud storage proxy device receives the pre-stored data, and caches the data.
步骤 302、 在满足上传条件时, 将所述存储的数据信息发送给云存储 服务器进行存储。 上述的上述条件可以是网络空闲、 服务器空闲等条件, 在满足这些条件进行数据信息的上传。  Step 302: When the upload condition is met, send the stored data information to a cloud storage server for storage. The foregoing conditions may be that the network is idle, the server is idle, and the like, and the data information is uploaded after the conditions are met.
本方法实施例中云存储代理装置起到一个緩存的作用, 将预上传到云 存储服务器的数据信息先进行緩存, 并在满足上传条件时将数据信息上 传。  In the embodiment of the method, the cloud storage proxy device functions as a cache, and the data information pre-uploaded to the cloud storage server is cached first, and the data information is uploaded when the upload condition is met.
本发明实施例还提供了以客户端为例的云处理方法, 包括在确定用户 输入的请求为云处理请求时, 根据预设的云代理装置地址向云代理装置发 送云处理请求消息。 具体的上述确定用户输入的请求为云处理请求可以 为: 根据上述请求的 URL信息或端口号判断确定所述请求为云处理请求。 图 5为本发明云处理方法实施例四的流程示意图, 如图 5所示, 包括 如下步骤: The embodiment of the present invention further provides a cloud processing method using a client as an example, including: when determining that the request input by the user is a cloud processing request, sending a cloud processing request message to the cloud proxy device according to the preset cloud proxy device address. The specific request for determining the user input as the cloud processing request may be: determining, according to the URL information or the port number of the request, that the request is a cloud processing request. FIG. 5 is a schematic flowchart of Embodiment 4 of a cloud processing method according to the present invention. As shown in FIG. 5, the method includes the following steps:
步骤 401、根据所述请求的 URL信息或目的端口号判断确定所述请求 为云处理请求;  Step 401: Determine, according to the requested URL information or the destination port number, that the request is a cloud processing request.
步骤 402、 根据预设的云代理装置地址向云代理装置发送云处理请求 消息。  Step 402: Send a cloud processing request message to the cloud proxy device according to the preset cloud proxy device address.
本实施例中的客户端判断用户输入的业务请求为云处理请求时, 将云 处理请求消息发送云处理装置, 而不是直接使用公共的云服务器, 能够提 高云计算过程中的信息安全性。  When the client in this embodiment determines that the service request input by the user is a cloud processing request, the cloud processing request message is sent to the cloud processing device instead of directly using the public cloud server, thereby improving information security in the cloud computing process.
另外上述的云处理请求可以为云计算请求或者是云存储请求。 并且在 上述运处理请求为云存储请求时, 上述的向云代理装置发送云处理请求消 息具体为:  In addition, the above cloud processing request may be a cloud computing request or a cloud storage request. And when the foregoing processing request is a cloud storage request, the sending the cloud processing request message to the cloud proxy device is specifically:
向云代理装置发送携带是否进行数据备份或数据机密等级的标识的 云存储请求消息, 所述标识用于指示云存储代理服务器执行备份或加密操 作。 本发明实施例还提供了与上述的方法相对应的装置, 图 6为本发明云 计算代理装置实施例一的结构示意图, 如图 6所示, 云计算代理装置包括 第一接收模块 11、 应用获取模块 12和计算处理模块 13, 其中第一接收模 块 1 1用于接收客户端发送的云计算请求消息, 该云计算请求消息包括请 求的云计算应用信息; 应用获取模块 12用于根据云计算请求消息从云计 算服务器获取应用或调用存储的从云计算服务器获取的;计算处理模块 13 用于根据上述从应用获取模块 12获取的应用或调用的应用进行云计算处 理。  A cloud storage request message carrying an identifier of whether to perform data backup or data confidentiality level is sent to the cloud proxy device, the identifier being used to instruct the cloud storage proxy server to perform a backup or encryption operation. The embodiment of the present invention further provides a device corresponding to the foregoing method. FIG. 6 is a schematic structural diagram of Embodiment 1 of a cloud computing proxy device according to the present invention. As shown in FIG. 6, the cloud computing proxy device includes a first receiving module 11 and an application. The obtaining module 12 and the computing processing module 13 are configured to receive the cloud computing request message sent by the client, where the cloud computing request message includes the requested cloud computing application information; and the application obtaining module 12 is configured to use the cloud computing The request message is obtained from the cloud computing server to obtain an application or to invoke the stored from the cloud computing server; the computing processing module 13 is configured to perform cloud computing processing according to the application acquired or the called application obtained from the application obtaining module 12.
本发明上述实施例提供的云计算处理装置, 在接收到客户端发送的云 计算请求消息后, 利用自身存储的应用或者向云计算服务器请求应用, 然 后进行云计算处理, 能够实现在本地进行云计算处理, 提高数据信息的安 全性和处理速度。 并进一步的可将上述的云计算处理装置设置在局域网 内。 The cloud computing processing device provided by the foregoing embodiment of the present invention, after receiving the cloud computing request message sent by the client, uses the application stored by itself or requests the application from the cloud computing server, and then performs cloud computing processing, so that the cloud can be implemented locally. Calculation processing to improve the security and processing speed of data information. And further, the above cloud computing processing device can be set in the local area network Inside.
在上述实施例的基础上, 可以进一步包括判断模块, 该模块用于判断 是否存储有上述云计算请求消息中包括的请求的云计算应用, 则上述的应 用获取模块用于在存储有所述云计算应用时使用所述云计算应用; 在未存 储有所述云计算应用时, 向云计算服务器请求所述云计算应用。  On the basis of the foregoing embodiment, the method may further include: a determining module, configured to determine whether the cloud computing application included in the cloud computing request message is stored, where the application acquiring module is configured to store the cloud The cloud computing application is used when computing an application; when the cloud computing application is not stored, the cloud computing application is requested from a cloud computing server.
应用获取单元可以进一步的分为第一处理单元, 第一发送单元和第一 接收单元, 其中第一处理单元用于在存储有所述云计算应用时使用所述云 计算应用; 第一发送单元用于向云计算服务器发送包括身份标识和请求的 云计算应用信息的应用请求消息; 第一接收单元用于接收云计算服务器根 据身份标识返回的云计算应用。  The application obtaining unit may be further divided into a first processing unit, a first sending unit, and a first receiving unit, where the first processing unit is configured to use the cloud computing application when the cloud computing application is stored; An application request message for sending the cloud computing application information including the identity and the request to the cloud computing server; the first receiving unit is configured to receive the cloud computing application returned by the cloud computing server according to the identity identifier.
图 7为本发明云存储代理装置实施例的结构示意图, 如图 7所示, 云 存储代理装置包括第二接收模块 21, 存储模块 22和第二发送模块 23, 其 中第二接收模块 21用于接收客户端发送的包括预存储的数据信息的存储 请求消息; 存储模块 22用于存储所述数据信息; 第二发送模块 23用于在 满足上传条件时, 将所述存储的数据信息发送给云存储服务器进行存储。  FIG. 7 is a schematic structural diagram of an embodiment of a cloud storage proxy device according to the present invention. As shown in FIG. 7, the cloud storage proxy device includes a second receiving module 21, a storage module 22, and a second sending module 23, where the second receiving module 21 is used. Receiving, by the client, a storage request message including pre-stored data information; the storage module 22 is configured to store the data information; and the second sending module 23 is configured to send the stored data information to the cloud when the upload condition is met The storage server is storing.
本发明上述实施例提供的云存储代理装置, 先緩存接收到的预存储的 数据信息, 并在满足上传条件时将上述的数据信息发送给云存储服务器, 具体的上述上传条件可以是网络空闲、 服务器空闲等条件, 通过上述的实 施方式能够提高云数据存储的速度。  The cloud storage proxy device provided by the foregoing embodiment of the present invention first caches the received pre-stored data information, and sends the foregoing data information to the cloud storage server when the upload condition is met, and the specific upload condition may be that the network is idle. Conditions such as server idleness can increase the speed of cloud data storage by the above-described embodiments.
在上述实施例提供的云存储代理装置的基础上, 还可以进一步设置加 密 /解密模块, 该模块用于对要上传给云存储服务器的数据信息进行加密, 对从云存储服务器下载的数据信息进行解密。  On the basis of the cloud storage proxy device provided by the foregoing embodiment, an encryption/decryption module may be further configured to encrypt data information to be uploaded to the cloud storage server, and perform data information downloaded from the cloud storage server. Decrypt.
另外本发明实施例还提供了一种客户端, 图 8为本发明客户端实施例 的结构示意图, 如图 8所示, 客户端包括确定模块 31和第三发送模块 32, 其中确定模块 31用于确定用户输入的请求为云处理请求; 第三发送模块 32用于根据预设的云代理装置地址向云代理装置发送云处理请求消息。 本实施例中客户端中存储云代理装置的地址, 并将运处理请求消息发 送给云代理装置进行处理, 而不是直接发送给云服务器, 能够提高提高云 处理过程中的信息安全性。 In addition, the embodiment of the present invention further provides a client. FIG. 8 is a schematic structural diagram of a client embodiment of the present invention. As shown in FIG. 8, the client includes a determining module 31 and a third sending module 32, where the determining module 31 is used. The request for determining the user input is a cloud processing request; the third sending module 32 is configured to send a cloud processing request message to the cloud proxy device according to the preset cloud proxy device address. In this embodiment, the address of the cloud proxy device is stored in the client, and the processing request message is sent to the cloud proxy device for processing, instead of being directly sent to the cloud server, which can improve the information security in the cloud processing process.
在上述实施例的基础上, 还可以进一步设置标识添加模块, 该模块用 于在向所述云处理请求为云存储请求时向云存储请求消息添加指示是否 进行数据备份或数据机密等级的标识; 则上述的第三发送模块用于向云代 理装置发送携带是否进行数据备份或数据机密等级的标识的云存储请求 消息。 其中对于标识的数据机密等级高的云存储请求消息的数据, 可以提 示云代理装置在上传给云存储服务器时进行加密。  On the basis of the foregoing embodiment, an identifier adding module may be further configured to add an identifier indicating whether to perform data backup or data confidentiality level to the cloud storage request message when requesting the cloud storage request to the cloud processing request; The third sending module is configured to send, to the cloud proxy device, a cloud storage request message carrying an identifier of whether to perform data backup or data confidentiality level. The data of the cloud storage request message with the high data confidentiality level of the identifier may be used to indicate that the cloud proxy device encrypts when uploading to the cloud storage server.
图 9为本发明具体实施例中云计算系统的系统架构图, 如图 9所示, 本发明的技术方案是在云计算服务器和客户端之间引入云计算代理装置, 云计算代理装置本身具有运算和 /或存储能力, 可以代替云计算服务器进 行计算和 /或存储, 并按需将存储内容上传到云计算服务器 (存储器) , 由于现有云计算技术中, 只会向客户端传送结果, 不会传送应用 (算法) 本身, 因此需要对云计算的各环节实施改造, 包括:  FIG. 9 is a system architecture diagram of a cloud computing system according to an embodiment of the present invention. As shown in FIG. 9, the technical solution of the present invention is to introduce a cloud computing proxy device between a cloud computing server and a client, and the cloud computing proxy device itself has Computing and/or storage capabilities, which can be used for computing and/or storage instead of cloud computing servers, and upload storage content to a cloud computing server (memory) as needed, since existing cloud computing technologies only transmit results to clients. The application (algorithm) itself is not transmitted, so it is necessary to transform all aspects of the cloud computing, including:
( 1 )在云计算代理装置和云计算服务器之间建立公共的计算平台(运 行环境), 可以使用 Java、或 C语言, 并可以预先构建一些基本的公共库; ( 2 )对云计算, 定义请求进行云计算的协议 SBC, 代理能够根据协议 识别出是云计算请求以及请求的应用 /方法;  (1) Establish a common computing platform (running environment) between the cloud computing agent device and the cloud computing server, which can use Java, or C language, and can pre-build some basic public libraries; (2) define the cloud computing Requesting a cloud computing protocol SBC, the agent can identify the cloud computing request and the requested application/method according to the protocol;
( 3 )定义云计算代理装置和云计算服务器之间获取应用 /算法应用的 方法, 云计算代理装置通过此方法获取云计算应用 /算法  (3) defining a method for acquiring an application/algorithm application between the cloud computing proxy device and the cloud computing server, and the cloud computing proxy device obtaining the cloud computing application/algorithm by using the method
对于存储的代理, 定义请求云存储的协议 SBS, 云存储代理装置识别 出云存储请求后, 自动确定存储策略。 另外也可以客户端直接将存储位置 指向 CProxy , CProxy根据自身的存储资源使用情况进一步向云存储代理 装置緩存。  For the stored agent, the protocol SBS that requests the cloud storage is defined, and after the cloud storage agent device recognizes the cloud storage request, the storage policy is automatically determined. In addition, the client can directly point the storage location to the CProxy, and the CProxy further caches to the cloud storage proxy device according to its storage resource usage.
第 (1 ) 步中也可以不采用通用的计算平台, 这样就要求代理能够从 云计算服务器获取到适合自身环境(处理器、 OS) 的可执行应用程序。 这 种情况, 一般需要在云计算服务器上存储有和 CProxy处理器、 OS等一致 的应用库。 当不同类型的代理需要从同一个云计算服务器获取应用时, 则 云计算服务器需要能够提供不同的应用库。 In step (1), you can also not use a general-purpose computing platform, which requires the agent to The cloud computing server obtains an executable application suitable for its environment (processor, OS). In this case, it is generally required to store an application library consistent with the CProxy processor, OS, etc. on the cloud computing server. When different types of agents need to get applications from the same cloud computing server, the cloud computing server needs to be able to provide different application libraries.
在上述的云计算系统的基础上, 可以将 Client A预先设置云计算代理 装置为 CProxy(或者通过自动发现协议发现云计算代理装置), H没 Client A需要进行矩阵求逆的计算,向云 Cloud发起一个矩阵计算请求,定义 URL 前缀 SBC表示云计算请求, 如图 10所示, 云计算可以包括如下的步骤: 步骤 501、 ClientA通过访问 URL "SBC: //CloudA/Matr ix" (其中 CloudA对应 CloudA的地址, Ma t r ix是请求的具体矩阵计算应用)发起云 计算请求;  On the basis of the above cloud computing system, Client A can be pre-set the cloud computing proxy device as CProxy (or discover the cloud computing proxy device through the automatic discovery protocol), H does not need Client A to perform matrix inversion calculation, to cloud Cloud A matrix calculation request is initiated, and the URL prefix SBC is defined to represent the cloud computing request. As shown in FIG. 10, the cloud computing may include the following steps: Step 501: ClientA accesses the URL "SBC: //CloudA/Matr ix" (where CloudA corresponds CloudA's address, Ma tr ix is the specific matrix computing application requested) to initiate a cloud computing request;
步骤 502、 由于 Clien 上预先设置了 SBC的代理服务器为 CProxy (采用 TCP/IP协议时还需要设置对应的端口号或预定义默认端口号) , Client A 上的云计算客户端 (可以是浏览器)判断是云计算请求, 将连接云计算代 理 CProxy, 将云计算请求发送到云计算代理 CProxy;  Step 502: The proxy server that is pre-set with the SBC on Clien is CProxy (the corresponding port number or the predefined default port number is also required when using the TCP/IP protocol), and the cloud computing client on the client A (can be a browser) The judgment is a cloud computing request, which will connect to the cloud computing agent CProxy, and send the cloud computing request to the cloud computing agent CProxy;
步骤 503、 CProxy根据接收到的请求标识 (如本例中的 SBC ) , 识别 出是云计算请求, 且本地没有相应的应用, 则向 CloudA请求获取应用, 例如 GetMethod: Matrix;  Step 503: The CProxy, according to the received request identifier (such as the SBC in this example), identifies that the cloud computing request is available, and the local application does not have a corresponding application, and then requests the application to obtain the application, for example, GetMethod: Matrix;
步骤 504、 CloudA对 CProxy认证通过后向 CProxy发送应用 Matrix (应用本身可以是包含命令行或图形界面的) , 并记录 CProxy信息 (以 便后续自动更新应用) ;  Step 504: After the CProxy authentication is passed, the CloudA sends the application Matrix to the CProxy (the application itself may include a command line or a graphical interface), and records the CProxy information (in order to automatically update the application);
步骤 505、CProxy执行 Matirx应用向 Clen 提供 Matrix服务, Matrix 可以直接输出命令行的交互提示或直接以图形界面交互呈现, 具体交互界 面的呈现可以使用现有云计算方法, 通过 WEB、 桌面传送等技术。 在运行 应用提供服务前, CProxy可能还需要对获取的算进行编译优化等预处理。  Step 505: The CProxy executes the Matirx application to provide the Matrix service to Clen. The Matrix can directly output the interactive prompt of the command line or directly interact with the graphical interface. The presentation of the specific interactive interface can use the existing cloud computing method, through WEB, desktop transmission and other technologies. . Before running the application to provide services, CProxy may also need to perform pre-processing such as compiling and optimizing the obtained calculations.
除了上面提到的通过定义特殊的 URL前缀来识别云代理请求外, 也可 以通过一个特殊的协议端口号来表示云计算请求, 比如 TCP 90端口对应 为云计算, 此时客户端将自动把目的端口号为 90的 TCP连接视为云计算 请求, 自动连接到云代理服务器 CProxy。 另外, 也可以直接使用 HUp承 载云计算请求, 客户端相应的云代理 URL识别前缀就是 HUp, 此时需要代 理服务器能够以其他方式识别出是云代理请求还是普通的网友浏览, 比 如, 代理可以基于预先配置的 URL识别是否为云计算请求, 如用户想通过 云计算进行文档编辑, 请求一个 word文档编辑的应用, 对应云计算 URL 为: http:〃docs. clouda. com, 在代理服务器上预先配置 In addition to the above mentioned by identifying a special URL prefix to identify cloud proxy requests, The cloud computing request is represented by a special protocol port number. For example, the TCP 90 port corresponds to cloud computing. At this time, the client automatically considers the TCP connection with the destination port number 90 as a cloud computing request, and automatically connects to the cloud proxy server. CProxy. In addition, the HUp can also be used to carry the cloud computing request directly, and the corresponding cloud proxy URL identification prefix of the client is HUp. In this case, the proxy server can be used to identify whether the cloud proxy request or the ordinary netizen browses, for example, the proxy can be based on The pre-configured URL identifies whether it is a cloud computing request. For example, if the user wants to edit the document through cloud computing, request an application for word document editing. The corresponding cloud computing URL is: http:〃docs.clouda.com, pre-configured on the proxy server.
http: //docs, clouda. com为云计算清求, 当收到清求次 URL的清求时通过 匹配预先的设置, 就可以知道这是一个云计算请求。 Http: //docs, clouda.com is a cloud computing request. When you receive the clear request for the URL, you can know that this is a cloud computing request by matching the previous settings.
当 CProxy上已经具有应用 CloudA/Matr ix后, 有客户端请求相同的 计算 (应用) , CProxy直接提供相应的应用, 不在进行步骤 503和步骤 504。 在上述步骤 502中, CProxy也可以对用户进行认证, 通过认证才允 许访问 CProxy执行云计算请求消息。  When the application has CloudA/Matrix on the CProxy, the client requests the same calculation (application), and the CProxy directly provides the corresponding application, and does not perform step 503 and step 504. In the above step 502, the CProxy can also authenticate the user, and the authentication allows the CProxy to execute the cloud computing request message.
云计算服务器对 CProxy的认证(对应认证安全模块完成的主要功能) 可以采用简单共享密钥方式, 首先为需要代理的 CProxy分配一个用户名 ID和共享密钥 SKey, CProxy请求获取应用时, 对相应的请求消息进行签 名, 比如发送的请求消息为 M, 使用 MD5散列算法签名, 认证的过程具体 可以如图 11所述的步骤:  The CSI authentication of the CProxy (corresponding to the main function of the authentication security module) can be implemented by using a simple shared key method. First, a CProxy that requires the proxy is assigned a username ID and a shared key SKey. When the CProxy requests to obtain an application, the corresponding The request message is signed. For example, the sent request message is M, and the MD5 hash algorithm is used for signature. The authentication process may be as follows:
步骤 601、 CProxy向云计算服务器 CloudA发送请求应用初始化消息 Step 601: The CProxy sends a request application initialization message to the cloud computing server CloudA.
( GetMethodlnit ) ; ( GetMethodlnit ) ;
步骤 602、 CloudA向 CProxy发送响应初始化消息( GetMethodlnit ), 并携带参数随机数 R, 并保存本次会话的起始时间和 R;  Step 602: The CloudA sends a response initialization message (GetMethodlnit) to the CProxy, and carries the parameter random number R, and saves the start time and R of the session;
步骤 603、 CProxy向 CloudA发送获取应用的请求 GetMethod,携带参 数需要获取的应用名 (Method) 、 身份标识 ( ID ) , 时戳(Timestamp) , 随机数 R和相应对参数的签名 Signature, 其中签名 Signature= MD5 (Method, ID, Times tamp, R, Skey), 清求消息 GetMethod Step 603: The CProxy sends a request GetMethod for acquiring the application to the CloudA, and the application name (Method), the identity identifier (ID), the time stamp (Timestamp), the random number R, and the signature of the corresponding parameter Signature, where the parameter needs to be acquired, where the signature is signed = MD5 (Method, ID, Times tamp, R, Skey), clear message GetMethod
为: Methodl ID I Times tamp I R I Signature , 这里 Method才艮据具体清求的应 用确定, 比:^可以是 Matrix; For: Methodl ID I Times tamp I R I Signature , where Method is determined according to the application of the specific request, the ratio: ^ can be Matrix;
步骤 604、 CloudA收到获取应用请求后首先进行认证, 判断时间是否 在有效范围内, 并检查 R是否和保存的一致, 在上述两个条件满足的情况 下进一步判断消息中携带的参数是否和签名一致, 具体为: 使用 CloudA 存储的与 ID对应的共享密钥 SKey计算获取签名 Signature' =  Step 604: After receiving the application request, the cloudA first performs authentication, determines whether the time is within the valid range, and checks whether the R is consistent with the saved one. If the two conditions are satisfied, further determining whether the parameter carried in the message and the signature are further determined. Consistently, specifically: Use the shared key SKey corresponding to the ID stored in CloudA to calculate the signature Signature' =
MD5 (Method, ID, Timestamp, R, Skey), 然后比较 Signature' 和接收到消息 中的 Signature是否相同, 如果时间有效、 R相同且签名一致则认证通过, 转步骤 605, 否则认证失败直接拒绝请求; MD5 (Method, ID, Timestamp, R, Skey), and then compare Signature' with the Signature in the received message. If the time is valid, R is the same, and the signature is the same, the authentication is passed. Go to step 605. Otherwise, the authentication fails to directly reject the request. ;
步骤 605、 发送获取应用响应消息, 将相应应用发送给 CProxy, 上述 MD5算法也可以选择其他散列算法, 如 HMAC。  Step 605: Send an application response message, and send the corresponding application to the CProxy. The MD5 algorithm may also select another hash algorithm, such as HMAC.
另外在进行认证时也可以采用数字证书方式进行认证, 使其具有更高 的安全性, 数字证书可以由 CloudA相应的管理实体发放, 也可以通过第 三方可信实体发放。  In addition, when the authentication is performed, the digital certificate can also be used for authentication to make it more secure. The digital certificate can be issued by the corresponding management entity of CloudA or by the trusted entity of the third party.
CProxy对客户端可以看作一个标准的云存储服务器,对云计算服务器可以 看作一个普通的客户端, 如图 12所示, 具体的包括如下步骤: The CProxy can be regarded as a standard cloud storage server for the client. The cloud computing server can be regarded as a common client. As shown in Figure 12, the following steps are included:
步骤 701、 ClientA向 CProxy传送需要存储的数据;  Step 701: Client A transmits the data that needs to be stored to the CProxy.
步骤 702、 CProxy将数据存储在 CProxy的存储资源中;  Step 702: The CProxy stores the data in a storage resource of the CProxy.
步骤 703、 CProxy向 ClientA反馈存储确认, 确认存储完成(如果有 异常可反馈存储失败) ;  Step 703: The CProxy feeds back the storage confirmation to the ClientA, and confirms that the storage is completed (if there is an abnormality, the storage failure may be fed back);
步骤 704、 当满足一定条件时 (如存在资源管理模块判断网络比较空 闲和服务器空闲) , CProxy向云存储服务器 (CloudB)传送存储数据; 步骤 705、 CloudB反馈存储确认, 确认存储完成(如果有异常可反馈 存储失败) ; 步骤 7 06、 CProxy将已经成功上传到 C l oudB的数据从本地存储中释 放。 对于使用备份模式的存储, 不用释放, 在 CProxy上保留一份备份。 Step 704: When a certain condition is met (if the resource management module determines that the network is idle and the server is idle), the CProxy transmits the stored data to the cloud storage server (CloudB); Step 705, CloudB feedback storage confirmation, confirming that the storage is completed (if there is an abnormality) Feedback storage failure); Step 7 06. CProxy releases the data that has been successfully uploaded to C oudB from the local storage. For storage using backup mode, do not release, keep a backup on CProxy.
在步骤 7 04中, CProxy可以进一步对上传到云存储服务器的数据实施 加密,加密算法可以采用 DES/AES/RC4等对称密钥加密算法,也可以才 RSA 等非对称密钥加密算法。 当密钥只在 CProxy中保存, 上传数据由 CProxy 加密, 相应的下载数据也由 CProxy解密时, 则使用对称密钥加密算法是 比较高效安全的, 当数据需要以流方式进行存取以满足实时性等需求时, 选择 RC4等流加密算法更为合适, 当然 CProxy也可以根据数据的类型或 用户明确的指定动态的选择算法。 是否加密以及加密强度可以由用户设置 或 CProxy对存储数据进行扫描以自动确定, 如扫描到传送的是普通 WORD 文本文档, 则视为一般机密的数据, 选择 AES 128位密钥进行中等强度的 加密, 当进一步扫描到有 "详细设计" 等字样的文件时, 确定为高度机密 文档, 采用 AES 256位密钥进行高强度加密。 由于加密的密钥和算法都可 能不同, 而且为了提高安全性密钥也可能定期或不定期更换, 因此 CProxy 上还需要能够存储多个密钥以及各密钥对应的标识, 在上传数据加密时, 需要将密钥的标识附加在上传数据中, 以便下载数据时根据标识确定解密 算法并取出对应的密钥进行解密。  In step 7 04, CProxy can further encrypt the data uploaded to the cloud storage server. The encryption algorithm can use a symmetric key encryption algorithm such as DES/AES/RC4 or an asymmetric key encryption algorithm such as RSA. When the key is only saved in CProxy, the uploaded data is encrypted by CProxy, and the corresponding download data is also decrypted by CProxy, then the symmetric key encryption algorithm is more efficient and secure, when the data needs to be accessed by streaming to meet real-time. When the demand is equal, it is more appropriate to select a stream encryption algorithm such as RC4. Of course, CProxy can also specify a dynamic selection algorithm according to the type of data or the user. Whether the encryption and encryption strength can be automatically determined by the user setting or CProxy scanning the stored data, such as scanning a normal WORD text document, it is considered as general confidential data, and selecting AES 128-bit key for medium-intensity encryption. When further scanning to a file with the words "detailed design", it is determined to be a highly confidential document, and AES 256-bit key is used for high-intensity encryption. Since the encrypted key and algorithm may be different, and the security key may be replaced periodically or irregularly, the CProxy needs to be able to store multiple keys and identifiers corresponding to each key. The identifier of the key needs to be attached to the uploaded data, so that when the data is downloaded, the decryption algorithm is determined according to the identifier and the corresponding key is retrieved for decryption.
CProxy本身可以对应多个云存储服务器,并可以自动在多个服务器之 间切换, 客户端感觉不到这种变化。 上述 步骤 605中, 当 C l oudB反馈存 储失败时, CProxy也可以选择另外一个云存储服务器重新上传。  CProxy itself can correspond to multiple cloud storage servers, and can automatically switch between multiple servers, the client does not feel this change. In the above step 605, when the C oudB feedback storage fails, the CProxy may also select another cloud storage server to re-upload.
在数据下载过程中, CProxy也是充当一个数据緩存的功能, 本实施例 中不再赘述, 另外如果上传的数据不需要在 CProxy存储, 则可直接将数 据信息发送给 C l oudB , 并返回存储确认消息。 当下载数据是加密的, 则 CProxy需要执行与加密对应的解密,具体为根据下载数据中的密钥标识确 定解密算法并获取对应的解密密钥, 执行对下载的数据解密。  In the data downloading process, CProxy also functions as a data cache, which will not be described in this embodiment. In addition, if the uploaded data does not need to be stored in CProxy, the data information can be directly sent to C l oudB and returned to the storage confirmation. Message. When the download data is encrypted, the CProxy needs to perform decryption corresponding to the encryption, specifically determining the decryption algorithm according to the key identifier in the downloaded data and acquiring the corresponding decryption key, and performing decryption of the downloaded data.
上述实施例中云计算和云存储代理可以一个统一的云代理装置实现, 图 1 3给出了该云代理装置的结构示意图, 包括如图 1 3所示的模块, 其中 的 SBX协议处理模块用于处理前述客户端与云代理装置之间的计算请求 SBC或存储请求 SBS相关的协议交互, 包括相关联的本地用户认证等协议 交互处理; 本地用户管理模块用于管理本地需要使用代理服务的用户, 存 储有用户帐号和密码、 权限等信息, 对用户进行认证, 权限控制; 用户交 互管理模块用于处理用户交互过程的输入、 按键, 以及输出, 生成界面呈 现等。 界面呈现可以使用网页呈现给用户 (浏览器模式) , 也可以直接以 图形 /视频方式呈现给用户, 当使用图形 /视频方式时, 一般应当对图形 / 视频进行压缩以减少带宽消耗, 用户输入输出可以通过 SBX协议承载。 客 户端可以预先支持 SBX协议的处理, 也可以通过浏览器等方式下载获取客 户端软件后运行; 软件资源管理模块用于管理緩存的软件 /应用资源, 当 没有本地緩存的应用资源时, 通知应用请求模块向云计算服务器请求软件 资源, 并负责对緩存资源的更新, 副本的创建等, 监控软件资源的访问情 况, 进行必要的负荷均衡; 软件执行环境模块用于提供应用资源执行的环 境, 比如应用资源是 Ja va程序时, 则提供 J ava运行环境。 执行环境也可 以由云计算服务器提供, 当软件资源管理模块根据应用请求模块与云计算 服务器的交互判断需要下载执行环境时, 会通过应用请求模块下载执行环 境, 并安装到软件执行环境模块; 数字版权管理模块为 DRM客户端和云计 算服务器要求的 DRM配套, 比如云计算服务器采用 0MA标准的 DRM, 则数 字版权管理模块对应为 OMA DRM客户端。 通过和 DRM服务器连接, 以获得 对受 DRM保护的应用执行的权利,在执行环境中执行。通过数字版权管理, 云计算服务器可以控制应用只能在经过授权的 CP roxy上运行; 应用请求 模块用于根据软件资源管理的要求, 向云计算服务器请求相应的应用, 或 请求执行环境。 接收应用服务器发送的应用 /执行环境更新, 并通知软件 资源管理模块; 存储资源管理模块用于管理存储资源, 针对用户的权限、 存储空间等管理。 确定緩存策略, 按需 (比如存储空间达到预设阀值, 用 户访问量少时, 有长时间未使用的数据)将需要上传到云计算服务器的数 据同步到云计算服务器, 对从云计算服务器下载緩存的内容, 如果长时间 没有使用, 自动释放。 存储资源管理模块, 还可以进一步包括敏感数据检 测模块, 基于内容检测, 识别机密数据, 对机密数据不上传到云存储服务 器, 或对机密数据执行高强度的机密; 存储资源模块为客户端提供内部网 络存储, 并充当云存储服务器和客户端之间的双向的存储緩存, 提高客户 端存取速度; 加密 /解密模块用于对向云存储上传的数据执行加密, 对从 云存储下载的数据实施相应的解密, 提高用户数据的安全性; 存储请求模 块用于将存储资源中的数据上传到云计算(云存储)服务器, 或从云计算 服务器下载数据到存储资源中, 也可以不经过存储资源模块緩存(比如存 储资源模块满时) , 直接在客户端和云计算服务器之间代理存储请求; 认 证安全模块用于在访问云计算资源时, 根据云计算服务器的要求, 完成相 应的认证, 可以基于共享密钥、 数字证书等方式进行。 In the above embodiment, the cloud computing and cloud storage agent can be implemented by a unified cloud proxy device. FIG. 13 is a schematic structural diagram of the cloud proxy device, including the module shown in FIG. 13. The SBX protocol processing module is configured to process a computing request SBC or a storage request SBS between the client and the cloud proxy device. Relevant protocol interactions, including protocol interaction processing such as associated local user authentication; The local user management module is used to manage users who need to use the proxy service locally, store user account and password, permissions and other information, authenticate the user, and control the permissions. The user interaction management module is used to process input, keys, and output of the user interaction process, generate interface presentations, and the like. The interface presentation can be presented to the user using a web page (browser mode), or can be directly presented to the user in a graphical/video manner. When using the graphic/video method, graphics/video should generally be compressed to reduce bandwidth consumption, user input and output. Can be carried by the SBX protocol. The client can pre-support the processing of the SBX protocol, or download and obtain the client software through a browser, etc.; the software resource management module is used to manage the cached software/application resources, and notify the application when there is no locally cached application resource. The request module requests the software resource from the cloud computing server, and is responsible for updating the cache resource, creating the copy, and the like, monitoring the access of the software resource, and performing necessary load balancing; the software execution environment module is used to provide an environment for executing the application resource, for example, When the application resource is a Ja va program, the Java runtime environment is provided. The execution environment may also be provided by the cloud computing server. When the software resource management module determines that the execution environment needs to be downloaded according to the interaction between the application request module and the cloud computing server, the execution environment is downloaded through the application request module, and is installed into the software execution environment module; The copyright management module is a DRM package required by the DRM client and the cloud computing server. For example, if the cloud computing server adopts the DMA of the 0MA standard, the digital rights management module corresponds to the OMA DRM client. By executing with the DRM server to obtain the right to execute on DRM-protected applications, it is executed in the execution environment. Through digital rights management, the cloud computing server can control the application to run only on the authorized CP roxy; the application requesting module is used to request the corresponding application from the cloud computing server according to the requirements of the software resource management, or request the execution environment. Receiving an application/execution environment update sent by the application server, and notifying the software resource management module; the storage resource management module is configured to manage the storage resource, and manage the user's authority, storage space, and the like. Determine the caching strategy, as needed (for example, the storage space reaches the preset threshold, When there is a small amount of traffic, there is a long-term unused data. The data that needs to be uploaded to the cloud computing server is synchronized to the cloud computing server, and the content downloaded from the cloud computing server is automatically released if it is not used for a long time. The storage resource management module may further include a sensitive data detection module, based on content detection, identifying confidential data, not uploading confidential data to the cloud storage server, or performing high-intensity confidentiality on the confidential data; the storage resource module provides internal access to the client Network storage, and acts as a two-way storage cache between the cloud storage server and the client to improve client access speed; the encryption/decryption module is used to perform encryption on data uploaded to the cloud storage, and to implement data downloaded from the cloud storage. Corresponding decryption, improve user data security; storage request module is used to upload data in the storage resource to the cloud computing (cloud storage) server, or download data from the cloud computing server to the storage resource, or not through the storage resource The module cache (for example, when the storage resource module is full), and directly stores the storage request between the client and the cloud computing server; the authentication security module is used to complete the corresponding authentication according to the requirements of the cloud computing server when accessing the cloud computing resource, Based on shared key, digital certificate Book and other methods.
本发明上述实施例提供的云处理系统、 云处理方法、 云计算代理装置 和云存储处理装置, 其中在客户端和云计算(云存储)服务器之间设置云 代理装置,该云代理装置具有计算和存储的能力,在接收到云计算请求时, 首先判断是否已经存储有云计算请求所请求的应用, 若已经存在则根据存 储的应用进行云计算, 若没有存储则向云计算服务器请求上述应用, 并在 接收到相应的应用后进行云计算, 另外对于云存储的处理过程, 可以将客 户端上传给云存储服务器的数据信息先进行緩存, 最后在满足上传条件时 将数据上传到云存储服务器。 本发明上述实施例提供的上述技术方案通过 在本地设置云代理装置, 并具体的可以设置在局域网内, 使得其余客户端 之间有着高速的网络连接, 能够大量使用广域网上的公共云提高的服务, 有效提供云计算的速度和安全性。 并且进一步的通过 CProxy的安全管理 (如加密、 内容检查) , 可以进一步提高数据的安全性。  The cloud processing system, the cloud processing method, the cloud computing proxy device, and the cloud storage processing device provided by the foregoing embodiments of the present invention, wherein a cloud proxy device is provided between the client and the cloud computing (cloud storage) server, the cloud proxy device has a calculation And the storage capability, when receiving the cloud computing request, first determining whether the application requested by the cloud computing request has been stored, if yes, performing cloud computing according to the stored application, and if not, requesting the application from the cloud computing server And after receiving the corresponding application, the cloud computing is performed. In addition, for the cloud storage processing process, the data information uploaded by the client to the cloud storage server may be cached first, and finally the data is uploaded to the cloud storage server when the upload condition is met. . The above technical solution provided by the foregoing embodiments of the present invention can be set locally in a local area network by using a cloud proxy device, so that the remaining clients have a high-speed network connection, and the public cloud enhanced service on the wide area network can be used in a large amount. , effectively provide the speed and security of cloud computing. And further through the security management of CProxy (such as encryption, content inspection), you can further improve the security of data.
本领域普通技术人员可以理解: 实现上述方法实施例的全部或部分步 骤可以通过程序指令相关的硬件来完成, 前述的程序可以存储于一计算机 可读取存储介质中, 该程序在执行时, 执行包括上述方法实施例的步骤; 而前述的存储介质包括: ROM、 RAM , 磁碟或者光盘等各种可以存储程 序代码的介质。 One of ordinary skill in the art can understand that all or part of the steps of the above method embodiments are implemented. The foregoing program may be stored in a computer readable storage medium, and the program is executed to perform the steps including the foregoing method embodiments; and the foregoing storage medium includes: a ROM, A variety of media that can store program code, such as RAM, disk, or optical disk.
需要说明, 本发明实施例中提到的云计算包括通过服务器执行科学计 算或执行程序等各种应用,如通过云服务器进行数学运算、进行文档编辑、 进行游戏等均是云计算的范畴。 为了便于进行技术表述, 使用云存储表示 使用云服务器进行数据存储。  It should be noted that the cloud computing mentioned in the embodiments of the present invention includes various applications such as performing scientific calculations or executing programs through a server, such as performing mathematical operations through a cloud server, editing a document, and playing a game, all of which are in the scope of cloud computing. In order to facilitate technical presentation, the use of cloud storage means that the cloud server is used for data storage.
最后应说明的是: 以上实施例仅用以说明本发明的技术方案, 而非对 其限制; 尽管参照前述实施例对本发明进行了详细的说明, 本领域的普通 技术人员应当理解: 其依然可以对前述各实施例所记载的技术方案进行修 改, 或者对其中部分技术特征进行等同替换; 而这些修改或者替换, 并不 使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。  It should be noted that the above embodiments are only for explaining the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art that: The technical solutions described in the foregoing embodiments are modified, or some of the technical features are equivalently replaced. The modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

权 利 要 求 Rights request
1、 一种云处理系统, 包括客户端和云服务器, 其特征在于, 还包括 云代理装置, 所述云代理装置连接客户端和云服务器, 所述云代理装置用 于接收客户端发送的云处理请求消息, 代替云服务器为客户端提供云服 务。 A cloud processing system, comprising a client and a cloud server, further comprising a cloud proxy device, wherein the cloud proxy device is connected to a client and a cloud server, and the cloud proxy device is configured to receive a cloud sent by the client The request message is processed, and the cloud server is provided to the client instead of the cloud server.
2、 根据权利要求 1所述的云处理系统, 其特征在于, 所述云处理请 求消息包括云计算请求消息或云存储请求消息。  2. The cloud processing system according to claim 1, wherein the cloud processing request message comprises a cloud computing request message or a cloud storage request message.
3、 根据权利要求 1所述的云处理系统, 其特征在于, 所述云服务器 为云计算服务器, 所述云代理装置为云计算代理装置, 所述云计算代理装 置用于接收客户端发送的云计算请求消息, 所述云计算请求消息包括请求 的云计算应用信息; 根据所述云计算请求消息从云计算服务器获取应用或 调用存储的应用; 根据所述获取的应用或存储的应用进行云计算处理。  The cloud processing system according to claim 1, wherein the cloud server is a cloud computing server, the cloud proxy device is a cloud computing proxy device, and the cloud computing proxy device is configured to receive a a cloud computing request message, where the cloud computing request message includes the requested cloud computing application information; acquiring an application from the cloud computing server according to the cloud computing request message or calling the stored application; performing cloud according to the acquired application or the stored application Calculation processing.
4、 根据权利要求 1所述的云处理系统, 其特征在于, 所述云服务器 为云存储服务器, 所述云代理装置为云存储代理装置, 所述云存储代理装 置用于接收客户端发送的包括预存储的数据信息的存储请求消息, 并存储 所述数据信息; 在满足上传条件时, 将所述存储的数据信息发送给云存储 服务器进行存储。  The cloud processing system according to claim 1, wherein the cloud server is a cloud storage server, the cloud proxy device is a cloud storage proxy device, and the cloud storage proxy device is configured to receive a a storage request message including pre-stored data information, and storing the data information; when the upload condition is met, the stored data information is sent to a cloud storage server for storage.
5、 根据权利要求 1所述的云处理系统, 其特征在于, 所述云代理装 置设置在局域网中。  The cloud processing system according to claim 1, wherein the cloud proxy device is disposed in a local area network.
6、 一种云处理方法, 其特征在于, 包括:  6. A cloud processing method, comprising:
接收客户端发送的用于请求云服务器提供云服务的云处理请求消息, 所述云处理请求消息包括云计算请求消息或云存储请求消息;  Receiving, by the client, a cloud processing request message for requesting the cloud server to provide the cloud service, where the cloud processing request message includes a cloud computing request message or a cloud storage request message;
根据所述云处理请求消息代替云服务器为客户端提供云服务。  The cloud service is provided to the client according to the cloud processing request message instead of the cloud server.
7、 根据权利要求 6所述的云处理方法, 其特征在于, 在接收到云处 理请求消息为云计算请求消息时, 所述方法包括: 接收客户端发送的云计算请求消息, 所述云计算请求消息包括请求的 云计算应用信息; The cloud processing method according to claim 6, wherein when the cloud processing request message is received as a cloud computing request message, the method includes: Receiving a cloud computing request message sent by the client, where the cloud computing request message includes the requested cloud computing application information;
根据所述云计算请求消息向云计算服务器请求应用或调用存储的从 云计算服务器获取的应用;  And requesting, by the cloud computing request message, an application to the cloud computing server or calling the stored application acquired from the cloud computing server;
根据所述请求的应用或存储的应用进行云计算处理。  Cloud computing processing is performed according to the requested application or the stored application.
8、 根据权利要求 7所述的云处理方法, 其特征在于, 所述接收客户 端发送的云计算请求消息之后, 包括:  The cloud processing method according to claim 7, wherein after receiving the cloud computing request message sent by the client, the method includes:
判断是否存储有所述云计算请求消息中包括的请求的云计算应用; 在存储有所述云计算应用时使用所述云计算应用;  Determining whether a cloud computing application including the request included in the cloud computing request message is stored; using the cloud computing application when the cloud computing application is stored;
在未存储有所述云计算应用时, 向云计算服务器请求所述云计算应 用。  When the cloud computing application is not stored, the cloud computing application is requested from the cloud computing server.
9、 根据权利要求 8所述的云处理方法, 其特征在于, 所述向云计算 服务器请求所述云计算应用时还包括:  The cloud processing method according to claim 8, wherein the requesting the cloud computing application to the cloud computing server further includes:
向云计算服务器发送包括身份标识和请求的云计算应用信息的应用 请求消息, 并接收云计算服务器根据身份标识返回的云计算应用。  Sending an application request message including the identity identifier and the requested cloud computing application information to the cloud computing server, and receiving the cloud computing application returned by the cloud computing server according to the identity identifier.
10、 根据权利要求 9所述的云处理方法, 其特征在于, 所述接收云计 算服务器根据身份标识返回的云计算应用包括  The cloud processing method according to claim 9, wherein the cloud computing application returned by the receiving cloud computing server according to the identity identifier comprises:
接收云服务器根据身份标识返回的包括命令行和 /或图形界面的云计 算应用。  Receives a cloud computing application that includes a command line and/or graphical interface returned by the cloud server based on the identity.
1 1、 根据权利要求 9所述的云处理方法, 其特征在于, 向云计算服务 器发送的应用请求消息还包括认证信息, 所述接收云计算服务器根据身份 标识返回的云计算应用包括:  The cloud processing method according to claim 9, wherein the application request message sent to the cloud computing server further includes the authentication information, and the cloud computing application received by the receiving cloud computing server according to the identity identifier comprises:
接收云计算服务器在根据所述认证信息认证通过后根据所述身份标 识返回的云计算应用。  Receiving, by the cloud computing server, the cloud computing application returned according to the identity identifier after the authentication is authenticated according to the authentication information.
12、 根据权利要求 1 1所述的云处理方法, 其特征在于, 云计算服务 器根据认证信息进行认证包括: 云计算服务器根据共享密钥计算签名信息, 并在计算获取的签名信息 与接收到的认证信息一致时通过认证。 The cloud processing method according to claim 11, wherein the cloud computing server performs authentication according to the authentication information, including: The cloud computing server calculates the signature information according to the shared key, and passes the authentication when the calculated signature information is consistent with the received authentication information.
13、 根据权利要求 7所述的云处理方法, 其特征在于, 在接收到的云 处理请求消息为云存储请求消息时, 所述方法包括:  The cloud processing method according to claim 7, wherein, when the received cloud processing request message is a cloud storage request message, the method includes:
接收客户端发送的包括预存储的数据信息的云存储请求消息, 并存储 所述数据信息;  Receiving a cloud storage request message that is sent by the client, including pre-stored data information, and storing the data information;
在满足上传条件时, 将所述存储的数据信息发送给云存储服务器进行 存储。  When the upload condition is met, the stored data information is sent to the cloud storage server for storage.
14、 根据权利要求 13所述的云处理方法, 其特征在于, 所述将存储 的数据信息发送给云存储服务器进行存储包括:  The cloud processing method according to claim 13, wherein the storing the stored data information to the cloud storage server for storage comprises:
对所述存储的数据信息进行加密后发送给云存储服务器进行存储。 The stored data information is encrypted and sent to a cloud storage server for storage.
15、 一种云处理方法, 其特征在于, 包括: 15. A cloud processing method, comprising:
在确定用户输入的请求为云处理请求时, 根据预设的云代理装置地址 向云代理装置发送云处理请求消息。  When it is determined that the request input by the user is a cloud processing request, the cloud processing request message is sent to the cloud proxy device according to the preset cloud proxy device address.
16、 根据权利要求 15所述的云处理方法, 其特征在于, 所述确定用 户输入的请求为云处理请求具体为:  The cloud processing method according to claim 15, wherein the determining the user input request for the cloud processing request is specifically:
根据所述请求的 URL信息或目的端口号判断确定所述请求为云处理请求。  Determining that the request is a cloud processing request according to the requested URL information or the destination port number.
17、 根据权利要求 15所述的云处理方法, 其特征在于, 所述云处理 请求为云计算请求或云存储请求。 The cloud processing method according to claim 15, wherein the cloud processing request is a cloud computing request or a cloud storage request.
18、 根据权利要求 17所述的云处理方法, 其特征在于, 在所述云处 理请求为云存储请求时, 所述向云代理装置发送云处理请求消息具体为: 向云代理装置发送携带是否进行数据备份或数据机密等级的标识的 云存储请求消息, 所述标识用于指示云存储代理服务器执行备份或加密操 作。  The cloud processing method according to claim 17, wherein when the cloud processing request is a cloud storage request, the sending the cloud processing request message to the cloud proxy device is: sending the carrying to the cloud proxy device A cloud storage request message for performing data backup or data confidentiality level identification, the identifier being used to instruct the cloud storage proxy server to perform a backup or encryption operation.
19、 一种云计算代理装置, 其特征在于, 包括:  19. A cloud computing proxy device, comprising:
第一接收模块, 用于接收客户端发送的云计算请求消息, 所述云计算 请求消息包括请求的云计算应用信息; a first receiving module, configured to receive a cloud computing request message sent by the client, where the cloud computing The request message includes the requested cloud computing application information;
应用获取模块, 用于根据所述云计算请求消息从云计算服务器获取应 用或调用存储的从云计算服务器获取的应用;  An application obtaining module, configured to acquire an application obtained from the cloud computing server according to the cloud computing request message or invoke the stored application acquired from the cloud computing server;
计算处理模块, 用于根据所述应用获取模块获取或调用的应用进行云 计算处理。  The calculation processing module is configured to perform cloud computing processing according to the application acquired or invoked by the application obtaining module.
20、 根据权利要求 19所述的云计算代理装置, 其特征在于, 还包括: 判断模块, 用于判断是否存储有所述云计算请求消息中包括的请求的 云计算应用;  The cloud computing proxy device according to claim 19, further comprising: a determining module, configured to determine whether the cloud computing application included in the cloud computing request message is stored;
所述应用获取模块用于在存储有所述云计算应用时使用所述云计算 应用; 在未存储有所述云计算应用时, 向云计算服务器请求所述云计算应 用。  The application obtaining module is configured to use the cloud computing application when the cloud computing application is stored; and when the cloud computing application is not stored, request the cloud computing application from a cloud computing server.
21、 根据权利要求 20所述的云计算处理装置, 其特征在于, 所述应 用获取模块包括:  The cloud computing processing device according to claim 20, wherein the application obtaining module comprises:
第一处理单元, 用于在存储有所述云计算应用时使用所述云计算应 用;  a first processing unit, configured to use the cloud computing application when the cloud computing application is stored;
第一发送单元, 用于向云计算服务器发送包括身份标识和请求的云计 算应用信息的应用请求消息;  a first sending unit, configured to send, to the cloud computing server, an application request message that includes the identity identifier and the requested cloud computing application information;
第一接收单元, 用于接收云计算服务器根据身份标识返回的云计算应 用。  The first receiving unit is configured to receive a cloud computing application returned by the cloud computing server according to the identity identifier.
22、 一种云存储代理装置, 其特征在于, 包括:  22. A cloud storage agent device, comprising:
第二接收模块, 用于接收客户端发送的包括预存储的数据信息的存储 清求消息;  a second receiving module, configured to receive a storage clearing message that is sent by the client, including pre-stored data information;
存储模块, 用于存储所述数据信息;  a storage module, configured to store the data information;
第二发送模块, 用于在满足上传条件时, 将所述存储的数据信息发送 给云存储服务器进行存储。  The second sending module is configured to send the stored data information to the cloud storage server for storage when the upload condition is met.
23、 根据权利要求 22所述的云存储代理装置, 其特征在于, 还包括: 加密 /解密模块, 用于对要上传给云存储服务器的数据信息进行加密, 对从云存储服务器下载的数据信息进行解密。 The cloud storage proxy device according to claim 22, further comprising: The encryption/decryption module is configured to encrypt data information to be uploaded to the cloud storage server, and decrypt the data information downloaded from the cloud storage server.
24、 一种客户端, 其特征在于, 包括:  24. A client, characterized in that:
确定模块, 用于确定用户输入的请求为云处理请求;  a determining module, configured to determine that the request input by the user is a cloud processing request;
第三发送模块, 用于根据预设的云代理装置地址向云代理装置发送云 处理请求消息。  And a third sending module, configured to send a cloud processing request message to the cloud proxy device according to the preset cloud proxy device address.
25、 根据权利要求 24所述的客户端, 其特征在于, 还包括: 标识添加模块, 用于当所述云处理请求为云存储请求时, 向云存储请 求消息添加指示是否进行数据备份或数据机密等级的标识;  The client according to claim 24, further comprising: an identifier adding module, configured to add, when the cloud processing request is a cloud storage request, an indication of whether to perform data backup or data The classification of the confidentiality level;
所述第三发送模块用于向云代理装置发送携带是否进行数据备份或 数据机密等级的标识的云存储请求消息。  The third sending module is configured to send, to the cloud proxy device, a cloud storage request message carrying an identifier of whether to perform data backup or data confidentiality level.
PCT/CN2010/078050 2009-11-02 2010-10-25 Cloud processing system, cloud processing method and cloud computing agent device WO2011050703A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910207959.1 2009-11-02
CN 200910207959 CN102055730B (en) 2009-11-02 2009-11-02 Cloud processing system, cloud processing method and cloud computing agent device

Publications (1)

Publication Number Publication Date
WO2011050703A1 true WO2011050703A1 (en) 2011-05-05

Family

ID=43921326

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/078050 WO2011050703A1 (en) 2009-11-02 2010-10-25 Cloud processing system, cloud processing method and cloud computing agent device

Country Status (2)

Country Link
CN (1) CN102055730B (en)
WO (1) WO2011050703A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647470A (en) * 2012-04-01 2012-08-22 杭州格畅科技有限公司 Cloud download method in on-line application platform and on-line application platform system
CN103944883A (en) * 2014-03-19 2014-07-23 华存数据信息技术有限公司 System and method for cloud application access control under cloud computing environment
CN104426996A (en) * 2013-09-11 2015-03-18 腾讯科技(深圳)有限公司 Cloud business processing method and related equipment as well as communication system
CN105072134A (en) * 2015-08-31 2015-11-18 成都卫士通信息产业股份有限公司 Cloud disk system file secure transmission method based on three-level key
US10706642B2 (en) 2015-09-24 2020-07-07 Ford Global Technologies, Llc Efficient telematics data upload

Families Citing this family (61)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012161980A1 (en) * 2011-05-20 2012-11-29 Citrix Systems, Inc. Providing multiple layers of security to file storage by an external storage provider
WO2011144096A2 (en) 2011-05-26 2011-11-24 华为技术有限公司 Service acquirement method and terminal, input method and device, cloud service card and system
CN102271161A (en) * 2011-08-02 2011-12-07 北京远特科技有限公司 User centre, telematics system with same and method of telematics system
CN102255974A (en) * 2011-08-24 2011-11-23 无锡中科方德软件有限公司 Cloud storage method for cloud computing server
CN102307233A (en) * 2011-08-24 2012-01-04 无锡中科方德软件有限公司 Cloud computing method for cloud computing server
CN102957725A (en) * 2011-08-25 2013-03-06 上海科斗电子科技有限公司 Local area network cloud computing system
CN102546741B (en) * 2011-08-31 2014-08-13 苏州华谷电子科技有限公司 Cloud computing system
WO2012149718A1 (en) * 2011-08-31 2012-11-08 华为技术有限公司 Method for cloud terminal to access cloud server in cloud computing system, and cloud computing system
CN102368737A (en) * 2011-11-25 2012-03-07 裘嘉 Cloud storage system and data access method thereof
CN102404407A (en) * 2011-12-07 2012-04-04 成都英黎科技有限公司 Data transmission method and system based on cloud platform
US9858149B2 (en) * 2012-01-03 2018-01-02 Microsoft Technology Licensing, Llc Accessing overlay media over a network connection
CN103207815B (en) * 2012-01-11 2016-06-08 精品科技股份有限公司 Management main frame, data management system and data back up method
CN102592061A (en) * 2012-03-13 2012-07-18 河北师范大学 TCM (traditional Chinese medicine) data collection and diagnosis intermediate system based on cloud computation and realization method thereof
CN102685122B (en) * 2012-05-06 2016-05-04 北京深思数盾科技股份有限公司 The method of the software protection based on cloud server
US20130311597A1 (en) * 2012-05-16 2013-11-21 Apple Inc. Locally backed cloud-based storage
CN102739671B (en) * 2012-06-26 2015-11-04 中国电力科学研究院 Desktop virtual in a kind of electric power system cooperated computing and application display platform
CN103533006B (en) * 2012-07-06 2019-09-24 中兴通讯股份有限公司 A kind of joint cloud disk client, server, system and joint cloud disk service method
CN102833229B (en) * 2012-07-30 2015-01-21 北京中电普华信息技术有限公司 Data interaction method and device for information system
CN103685436B (en) * 2012-09-26 2017-05-24 联想(北京)有限公司 Data acquisition method and terminal equipment
CN103701834A (en) * 2012-09-27 2014-04-02 中国人民解放军国防科学技术大学 Proxy based mobile cloud service access system and method
CN102929489B (en) * 2012-11-09 2016-08-03 北京奇虎科技有限公司 Client browser implementation method and client browser
CN103023981B (en) * 2012-11-21 2015-07-15 北京航空航天大学 Cloud computation system
CN103856539A (en) * 2012-12-06 2014-06-11 海尔集团公司 Private cloud system, intelligent home system and home data protection method
CN103051614A (en) * 2012-12-14 2013-04-17 无锡华御信息技术有限公司 Secure access and data transmission method for cloud platform
CN103209189A (en) * 2013-04-22 2013-07-17 哈尔滨工业大学深圳研究生院 Distributed file system-based mobile cloud storage safety access control method
CN103246521B (en) * 2013-05-24 2017-08-25 西安电子科技大学 A kind of SaaS based on cloud computing platform and its application method
CN104284141B (en) * 2013-07-08 2018-11-02 株式会社日立制作所 Video monitoring system
CN103414605A (en) * 2013-08-14 2013-11-27 上海兆民云计算科技有限公司 Desktop cloud monitoring method based on exchange gateway
CN104426876B (en) * 2013-09-02 2018-10-19 华为技术有限公司 Obtain the method and device that security information reports in security information method, cloud in cloud
CN104468458B (en) * 2013-09-12 2018-09-11 中国电信股份有限公司 Method and system and migration agency of the Client Work load migration to cloud environment
CN103632094B (en) * 2013-11-04 2017-11-14 天津汉柏信息技术有限公司 A kind of cloud computing big data uploads virus defense system
CN103631680A (en) * 2013-12-10 2014-03-12 浪潮电子信息产业股份有限公司 Personnel desktop synchronous backup system based on cloud computing
US9231998B2 (en) * 2014-01-22 2016-01-05 Ford Global Technologies, Llc Vehicle-specific computation management system for cloud computing
EP3349418B1 (en) * 2014-05-29 2019-07-24 Huawei Technologies Co., Ltd. Service processing method, related device, and system
CN104092731A (en) * 2014-06-20 2014-10-08 裴兆欣 Cloud computing system
CN104408048B (en) * 2014-10-27 2017-06-13 清华大学 A kind of method and apparatus of buffer-type cloud storage data syn-chronization
CN107113313A (en) * 2015-03-02 2017-08-29 微软技术许可有限责任公司 Data are uploaded to the agency service of destination from source
CN104794239A (en) * 2015-05-08 2015-07-22 成都博元科技有限公司 Cloud platform data processing method
CN104966006A (en) * 2015-05-14 2015-10-07 苏州市公安局苏州工业园区分局 Intelligent face identification system based on cloud variation platform
CN106528489A (en) * 2015-09-14 2017-03-22 上海羽视澄蓝信息科技有限公司 System for vehicle detection machine learning based on cloud computing
CN106856467A (en) * 2015-12-08 2017-06-16 中国科学院声学研究所 A kind of TSM Security Agent device for being deployed in cloud storage client and TSM Security Agent method
CN106856468A (en) * 2015-12-08 2017-06-16 中国科学院声学研究所 A kind of TSM Security Agent device for being deployed in cloud storage service end and TSM Security Agent method
CN105610979B (en) * 2016-02-23 2021-01-05 山东乾云启创信息科技股份有限公司 Network resource transmission system and method based on virtualization technology
CN106161637A (en) * 2016-07-21 2016-11-23 广州杰赛科技股份有限公司 A kind of cloud backup method and device
CN106060099A (en) * 2016-08-15 2016-10-26 北京奇虎科技有限公司 Data access method and system, and devices
CN106357601A (en) * 2016-08-15 2017-01-25 北京奇虎科技有限公司 Method for data access, device and system thereof
CN106503556A (en) * 2016-10-25 2017-03-15 广东欧珀移动通信有限公司 The method of data storage, apparatus and system
CN106657267B (en) * 2016-11-15 2019-10-08 华中科技大学 Cloud storage system based on Edge Server
CN108668148A (en) * 2017-03-28 2018-10-16 北京雷石天地电子技术有限公司 A kind of method and apparatus that KTV plays film
CN107070931B (en) * 2017-04-21 2020-08-18 北京奇安信科技有限公司 Cloud application data uploading/accessing method and system and cloud proxy server
CN107438071A (en) * 2017-07-28 2017-12-05 北京信安世纪科技有限公司 cloud storage security gateway and access method
CN107948201B (en) * 2017-12-29 2020-11-13 平安科技(深圳)有限公司 Authority authentication method and system for Docker mirror warehouse
CN111376255B (en) * 2018-12-29 2022-06-24 深圳市优必选科技有限公司 Robot data acquisition method and device and terminal equipment
CN111490997B (en) * 2019-01-25 2023-05-12 北京京东尚科信息技术有限公司 Task processing method, proxy system, service system and electronic equipment
CN110191158A (en) * 2019-05-09 2019-08-30 厦门网宿有限公司 A kind of cloud desktop services method and system
CN112115495A (en) * 2020-09-25 2020-12-22 平安国际智慧城市科技股份有限公司 Offline cloud data storage method and system, computer equipment and storage medium
CN112953930A (en) * 2021-02-09 2021-06-11 苏宁易购集团股份有限公司 Cloud storage data processing method and device and computer system
CN113178238B (en) * 2021-05-24 2024-01-09 北京天健源达科技股份有限公司 Body temperature list generation method of cloud electronic medical record
CN113296798B (en) * 2021-05-31 2022-04-15 腾讯科技(深圳)有限公司 Service deployment method, device and readable storage medium
CN114189530A (en) * 2021-12-14 2022-03-15 南京讯天游科技有限公司 Resource cooperation method and system based on Internet
CN116483252A (en) * 2022-01-14 2023-07-25 华为云计算技术有限公司 Data reading and writing method and system of cloud storage device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080016198A1 (en) * 2006-06-12 2008-01-17 Enigmatec Corporation Self-managed distributed mediation networks
US20090177514A1 (en) * 2008-01-08 2009-07-09 Microsoft Corporation Services using globally distributed infrastructure for secure content management
CN101557551A (en) * 2009-05-11 2009-10-14 成都市华为赛门铁克科技有限公司 Cloud service accessing method, device and communication system thereof for mobile terminal

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2001276932B2 (en) * 2000-07-27 2007-06-21 Oracle International Corporation System and method for concentration and load-balancing of requests
GB0322877D0 (en) * 2003-09-30 2003-10-29 British Telecomm Search system and method
CN1645799A (en) * 2005-01-31 2005-07-27 北京北大方正电子有限公司 Distributed unified data access system based on long-range authority

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080016198A1 (en) * 2006-06-12 2008-01-17 Enigmatec Corporation Self-managed distributed mediation networks
US20090177514A1 (en) * 2008-01-08 2009-07-09 Microsoft Corporation Services using globally distributed infrastructure for secure content management
CN101557551A (en) * 2009-05-11 2009-10-14 成都市华为赛门铁克科技有限公司 Cloud service accessing method, device and communication system thereof for mobile terminal

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647470A (en) * 2012-04-01 2012-08-22 杭州格畅科技有限公司 Cloud download method in on-line application platform and on-line application platform system
CN104426996A (en) * 2013-09-11 2015-03-18 腾讯科技(深圳)有限公司 Cloud business processing method and related equipment as well as communication system
CN104426996B (en) * 2013-09-11 2018-12-11 腾讯科技(深圳)有限公司 Cloud method for processing business and relevant device and communication system
CN103944883A (en) * 2014-03-19 2014-07-23 华存数据信息技术有限公司 System and method for cloud application access control under cloud computing environment
CN105072134A (en) * 2015-08-31 2015-11-18 成都卫士通信息产业股份有限公司 Cloud disk system file secure transmission method based on three-level key
US10706642B2 (en) 2015-09-24 2020-07-07 Ford Global Technologies, Llc Efficient telematics data upload

Also Published As

Publication number Publication date
CN102055730B (en) 2013-09-11
CN102055730A (en) 2011-05-11

Similar Documents

Publication Publication Date Title
WO2011050703A1 (en) Cloud processing system, cloud processing method and cloud computing agent device
US10917234B2 (en) Blockchain for on-chain management of off-chain storage
US10263855B2 (en) Authenticating connections and program identity in a messaging system
WO2019237796A1 (en) Resource acquisition method and apparatus, resource distribution method and apparatus, and resource downloading method and apparatus, and device and storage medium
EP3404891B1 (en) Method and system for distributing digital content in peer-to-peer network
US9276926B2 (en) Secure and automated credential information transfer mechanism
US10142395B2 (en) Accessing hardware devices using web server abstractions
JP4965747B2 (en) Distributing secure dynamic credentials over the network
WO2020042822A1 (en) Cryptographic operation method, method for creating work key, and cryptographic service platform and device
US11140140B2 (en) Virtual cryptographic module with load balancer and cryptographic module fleet
US11632247B2 (en) User security token invalidation
CN103748556A (en) Communication with a virtual trusted runtime bios
WO2022170810A1 (en) Method and apparatus for processing cloud storage data, and computer system
WO2020042798A1 (en) Cryptographic operation and working key creation method and cryptographic service platform and device
CN104969201A (en) Secure interface for invoking privileged operations
CN112422532A (en) Business communication method, system, device and electronic equipment
Mohta et al. Cloud data security while using third party auditor
TWI416923B (en) Secure data communications in web services
CN110581829A (en) Communication method and device
US20230244797A1 (en) Data processing method and apparatus, electronic device, and medium
Resende et al. Enforcing privacy and security in public cloud storage
Siopi et al. DeCStor: A Framework for Privately and Securely Sharing Files Using a Public Blockchain
CN114329574B (en) Encrypted partition access control method and system based on domain management platform and computing equipment
WO2022063213A1 (en) Network access method and system based on cloud delivery, and medium and device
WO2023015412A1 (en) Cross-domain access control method and system, storage medium, and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10826066

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10826066

Country of ref document: EP

Kind code of ref document: A1