CN102467617A - Data isolation method of software as a service (SaaS) application software - Google Patents
Data isolation method of software as a service (SaaS) application software Download PDFInfo
- Publication number
- CN102467617A CN102467617A CN2010105308078A CN201010530807A CN102467617A CN 102467617 A CN102467617 A CN 102467617A CN 2010105308078 A CN2010105308078 A CN 2010105308078A CN 201010530807 A CN201010530807 A CN 201010530807A CN 102467617 A CN102467617 A CN 102467617A
- Authority
- CN
- China
- Prior art keywords
- data
- database
- software
- user
- isolation method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a data isolation method of application software, in particular to a data isolation method of software as a service (SaaS) application software in a multi-tenant mode, belonging to the field of computer network communication. By setting different operation authorities of tenants to database objects through a data management component, each tenant accesses to different data through different operation authorities and therefore the isolation of all data in a database is realized.
Description
Technical field
The present invention relates to the data isolation method of SaaS application software, especially a kind of data isolation method that the SaaS application software is realized under many tenants pattern belongs to computer network communication field.
Background technology
Solve the method for SaaS application system security, essence is a kind of database is managed and controlled, thereby realizes the management software of SaaS application system security.At secure data area, this kind software can be isolated all data in the database, through different user is set in database the different operation authority of database object is conducted interviews.For client's data, adopt the md5 encryption algorithm to encrypt use especially, it is particularly outstanding that the advantage of this software seems.Because the electronic data characteristic of computer software is brought many remarkable facilities to the user, applied rapidly simultaneously.
SaaS use to be fully to use based on the internet, all will pass through the internet with data alternately, and this compares with traditional local area network applications or stand-alone application, and meeting receive hacker's attack more easily, big many of the safe test meeting that receives.So, how to reduce and avoid the attack of network?
The present invention is based on the SaaS pattern, and to this technical barrier of the ubiquitous security of present SaaS software, this solves the safety problem of SaaS application system on the one hand from data security.The user guarantees the integrality and the confidentiality of data through using native system, strengthens the security of self.Obviously, the security of existing SaaS application system is lower, can not satisfy the requirement of current each enterprise.
Summary of the invention
The objective of the invention is to: the deficiency to above prior art exists, a kind of can the isolation all data in the database proposed, through different user is set in database the different operation authority of database object is conducted interviews.For client's data, adopt the md5 encryption algorithm to encrypt use especially, guarantee the integrality and the confidentiality of data, thereby realize the security of SaaS application system.
In order to reach above purpose, the present invention contains following assembly:
Client operating software---be used for carrying out mutual software terminal system with client;
The server end operating software---be used for carrying out mutual software terminal system with server end
Database---be used for storage system to want data recorded information.
More than three assemblies form by following each widget:
Client operating software is made up of following assembly:
Client end interface---be used for carrying out the mutual of input and output with the user of system;
The data encryption assembly---being used for the md5 encryption algorithm carries out data encryption;
Data management component---in order to the data of accessing database with database is set;
Database consists of the following components:
User basic information table--the system user's the in-record enforcement project basic data;
Authentication table--client identity information in the-register system, this is the basis that guarantees the total system application safety.Through the authentication of strictness, prevent disabled user's using system, or other users that disguise oneself as come using system.
Operating right table--the access control of-recording user using system function when guaranteeing the normal using system of validated user, prevents the disabled user and haves no right to the use of user to systemic-function.
The customer data table--all customer datas of-record, customer data adopt the md5 encryption algorithm to encrypt use, and the layman can't crack content wherein, have also avoided viral threat simultaneously.
The user uses step to be:
Step 1: use the server end operating software; Utilize system manager's identity login system server admin end; Newly-built some user profile comprise user's user name, password; Name or the like, server operating software will call data management component and user basic information be saved in the subscriber's meter of database;
Step 2: use the server end operating software; The user of authentication oneself; Realize the single-sign-on between each system of user; Accomplish the matching operation of user system spendable with it, the server operating software will call data management component and authentication information will be saved in the authentication table of database;
Step 3: use client operating software, client operating software will call data management component the operating right of login user is taken out from the operating right table, and whether the verification login user has bought the corresponding function in the SaaS application system.If the user does not buy the corresponding function in the SaaS application system; The operating right information that function corresponding in the SaaS application system that the user selects need to buy, client operating software will be called corresponding function in the SaaS application system that data management component buys the user is saved in the operating right table of database;
Step 4: use the client end operating software; Client operating software will be called data management component the operating right of login user will be taken out from the operating right table; The user uses function corresponding; Client operating software will be called the data encryption assembly and all adopt the md5 encryption algorithm to carry out data encryption all data of user; And call data management component data encrypted is saved in the customer data table of database, and the field of a field CustomerID sign client uniqueness is wherein arranged, all data of different clients in the database are isolated with realization.
So, when the user opens management system, just can control the operating position of current user effectively to SaaS application system function.Through using native system, all data in the database are isolated, through different user is set in database the different operation authority of database object is conducted interviews.For client's data, adopt the md5 encryption algorithm to encrypt use especially, guarantee the integrality and the confidentiality of data.
Embodiment
Embodiment one
Use Microsoft Visual Studio 2008 SDKs exploitation client and server operating software; Use database management tools special-purpose on the market; SqlServer2005 sets up the needed database of system, adopts WPF as IDK, and concrete mode is:
In order to reach above purpose, the present invention contains following assembly:
Client operating software---be used for carrying out mutual software terminal system with client;
The server end operating software---be used for carrying out mutual software terminal system with server end
Database---be used for storage system to want data recorded information.
More than three assemblies form by following each widget:
Client operating software is made up of following assembly:
Client end interface---be used for carrying out the mutual of input and output with the user of system;
The data encryption assembly---being used for the md5 encryption algorithm carries out data encryption;
Data management component---in order to the data of accessing database with database is set;
Database consists of the following components:
User basic information table--the system user's the in-record enforcement project basic data;
Authentication table--client identity information in the-register system, this is the basis that guarantees the total system application safety.Through the authentication of strictness, prevent disabled user's using system, or other users that disguise oneself as come using system.
Operating right table--the access control of-recording user using system function when guaranteeing the normal using system of validated user, prevents the disabled user and haves no right to the use of user to systemic-function.
The customer data table--all customer datas of-record, customer data adopt the md5 encryption algorithm to encrypt use, and the layman can't crack content wherein, have also avoided viral threat simultaneously.
The user uses step to be:
Step 1: use the server end operating software; Utilize system manager's identity login system server admin end; Newly-built some user profile comprise user's user name, password; Name or the like, server operating software will call data management component and user basic information be saved in the subscriber's meter of database;
Step 2: use the server end operating software; The user of authentication oneself; Realize the single-sign-on between each system of user; Accomplish the matching operation of user system spendable with it, the server operating software will call data management component and authentication information will be saved in the authentication table of database;
Step 3: use client operating software, client operating software will call data management component the operating right of login user is taken out from the operating right table, and whether the verification login user has bought the corresponding function in the SaaS application system.If the user does not buy the corresponding function in the SaaS application system; The operating right information that function corresponding in the SaaS application system that the user selects need to buy, client operating software will be called corresponding function in the SaaS application system that data management component buys the user is saved in the operating right table of database;
Step 4: use the client end operating software; Client operating software will be called data management component the operating right of login user will be taken out from the operating right table; The user uses function corresponding; Client operating software will be called the data encryption assembly and all adopt the md5 encryption algorithm to carry out data encryption all data of user; And call data management component data encrypted is saved in the customer data table of database, and the field of a field CustomerID sign client uniqueness is wherein arranged, all data of different clients in the database are isolated with realization.
Except that the foregoing description, the present invention can also have other embodiments.All employings are equal to the technical scheme of replacement or equivalent transformation formation, all drop on the protection domain of requirement of the present invention.
Claims (5)
1.SaaS the data isolation method of application software; It is characterized in that and through data management component the different rights of each tenant to the database Object Operations to be set; Each tenant is through the different data of different operation authority visit, thereby realization is isolated all data in the database.
2. according to the data isolation method of the said SaaS application software of claim 1, it is characterized in that: comprise following assembly: database, want data recorded information in order to storage system; The server end operating software is in order to carry out mutual software terminal system with server end; The data encryption assembly carries out data encryption in order to the md5 encryption algorithm; Data management component, in order to the data of accessing database with database is set.
3. according to the data isolation method of the said SaaS application software of claim 1, it is characterized in that: all data in the database are isolated.
4. according to the data isolation method of the said SaaS application software of claim 1, it is characterized in that: adopt the md5 encryption algorithm to carry out data encryption.
5. according to the data isolation method of the said SaaS application software of claim 1, it is characterized in that: the different operation authority of database object is conducted interviews through different user is set in database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105308078A CN102467617A (en) | 2010-11-04 | 2010-11-04 | Data isolation method of software as a service (SaaS) application software |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105308078A CN102467617A (en) | 2010-11-04 | 2010-11-04 | Data isolation method of software as a service (SaaS) application software |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102467617A true CN102467617A (en) | 2012-05-23 |
Family
ID=46071247
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010105308078A Pending CN102467617A (en) | 2010-11-04 | 2010-11-04 | Data isolation method of software as a service (SaaS) application software |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102467617A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103810444A (en) * | 2012-11-15 | 2014-05-21 | 中兴通讯股份有限公司 | Method and system for multi-tenant application isolation in cloud computing platform |
| CN103973632A (en) * | 2013-01-25 | 2014-08-06 | 苏州精易会信息技术有限公司 | Browser device for improving outer network data application security |
| WO2021169112A1 (en) * | 2020-02-28 | 2021-09-02 | 平安国际智慧城市科技股份有限公司 | Shared permission-based service data procesing method, apparatus and device, and medium |
| CN116861463A (en) * | 2023-07-25 | 2023-10-10 | 江苏中卫信软件科技有限公司 | Processing method for SaaS transformation of general information system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101510888A (en) * | 2009-03-19 | 2009-08-19 | 阿里巴巴集团控股有限公司 | Method, device and system for improving data security for SaaS application |
| CN101588366A (en) * | 2009-06-25 | 2009-11-25 | 用友软件股份有限公司 | System and method for accessing enterprise information system based on SaaS |
-
2010
- 2010-11-04 CN CN2010105308078A patent/CN102467617A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101510888A (en) * | 2009-03-19 | 2009-08-19 | 阿里巴巴集团控股有限公司 | Method, device and system for improving data security for SaaS application |
| CN101588366A (en) * | 2009-06-25 | 2009-11-25 | 用友软件股份有限公司 | System and method for accessing enterprise information system based on SaaS |
Non-Patent Citations (1)
| Title |
|---|
| 田维珍等: "SaaS安全技术研究", 《计算机安全》, 31 July 2010 (2010-07-31), pages 25 - 26 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103810444A (en) * | 2012-11-15 | 2014-05-21 | 中兴通讯股份有限公司 | Method and system for multi-tenant application isolation in cloud computing platform |
| CN103973632A (en) * | 2013-01-25 | 2014-08-06 | 苏州精易会信息技术有限公司 | Browser device for improving outer network data application security |
| WO2021169112A1 (en) * | 2020-02-28 | 2021-09-02 | 平安国际智慧城市科技股份有限公司 | Shared permission-based service data procesing method, apparatus and device, and medium |
| CN116861463A (en) * | 2023-07-25 | 2023-10-10 | 江苏中卫信软件科技有限公司 | Processing method for SaaS transformation of general information system |
| CN116861463B (en) * | 2023-07-25 | 2024-01-23 | 江苏中卫信软件科技有限公司 | Processing method for SaaS transformation of general information system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101986599B (en) | Network security control method based on cloud service and cloud security gateway | |
| CN106055967A (en) | SAAS platform user organization permission management method and system | |
| CN106657011A (en) | Business server authorized secure access method | |
| CN103535007A (en) | Managed authentication on a distributed network | |
| CN104253810A (en) | Safe login method and system | |
| CN105046125A (en) | OA system application access method based on leveling system | |
| Sindiren et al. | Application model for privileged account access control system in enterprise networks | |
| Samaras et al. | An enterprise security architecture for accessing SaaS cloud services with BYOD | |
| CN102467617A (en) | Data isolation method of software as a service (SaaS) application software | |
| Patil Madhubala | Survey on security concerns in Cloud computing | |
| Vignesh et al. | Secured Data Access and Control Abilities Management over Cloud Environment using Novel Cryptographic Principles | |
| Alouane et al. | Security, privacy and trust in cloud computing: A comparative study | |
| Hörbe et al. | Privacy by design in federated identity management | |
| KR101404537B1 (en) | A server access control system by automatically changing user passwords and the method thereof | |
| CN102469061A (en) | Method for solving security of SaaS application system | |
| Iverson et al. | Cybersecurity hot topics for closely held businesses | |
| Giri et al. | E-government Use in Nepal: Issues of Database Management and Data Security | |
| Hart | Remote working: managing the balancing act between network access and data security | |
| Rotondi et al. | Distributed ledger technology and European Union General Data Protection Regulation compliance in a flexible working context | |
| Pleiter et al. | Security in an evolving European HPC Ecosystem | |
| Butler | Privileged password sharing:“root” of all evil | |
| Bajwa | A concern towards data security in cloud computing | |
| CN104519073A (en) | AAA multi-factor security-enhanced authentication method | |
| Motawie et al. | Security Problems in Cloud Computing. | |
| Neubauer et al. | Security risk analysis of the cloud infrastructure of smart grid and iot-4-level-trust-model as a security solution |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| DD01 | Delivery of document by public notice |
Addressee: Zhenjiang Jinruan Computer Technology Co.,Ltd. Document name: the First Notification of an Office Action |
|
| DD01 | Delivery of document by public notice | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120523 |