CN106856468A - A kind of TSM Security Agent device for being deployed in cloud storage service end and TSM Security Agent method - Google Patents

A kind of TSM Security Agent device for being deployed in cloud storage service end and TSM Security Agent method Download PDF

Info

Publication number
CN106856468A
CN106856468A CN201510898258.2A CN201510898258A CN106856468A CN 106856468 A CN106856468 A CN 106856468A CN 201510898258 A CN201510898258 A CN 201510898258A CN 106856468 A CN106856468 A CN 106856468A
Authority
CN
China
Prior art keywords
cloud storage
service end
data
security agent
tsm security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510898258.2A
Other languages
Chinese (zh)
Inventor
叶晓舟
李静南
任静思
尚秋里
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Acoustics CAS
Beijing Intellix Technologies Co Ltd
Original Assignee
Institute of Acoustics CAS
Beijing Intellix Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Acoustics CAS, Beijing Intellix Technologies Co Ltd filed Critical Institute of Acoustics CAS
Priority to CN201510898258.2A priority Critical patent/CN106856468A/en
Publication of CN106856468A publication Critical patent/CN106856468A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of TSM Security Agent device for being deployed in cloud storage service end, including:Cloud storage transport module, SSL unloadings service module, analysis module;Wherein, the cloud storage transmission that the cloud storage transport module is used to realize between cloud storage client, cloud storage service end;The SSL unloadings service module is used to become HTTPS ciphertexts transmission data the HTTP data of plaintext;The analysis module by the HTTP cloud storage plaintext transmission data after SSL unloading services to being analyzed.The TSM Security Agent device for being deployed in cloud storage service side of the invention effectively separates the computation burden of cloud storage data encrypting and deciphering from cloud storage service end, for cloud storage data provide transmission safety with storage safety guarantee.

Description

A kind of TSM Security Agent device for being deployed in cloud storage service end and TSM Security Agent method
Technical field
The present invention relates to network safety filed, more particularly to a kind of TSM Security Agent device for being deployed in cloud storage service end With TSM Security Agent method.
Background technology
With the arrival of information age, information data increases in geometry rank ground, and Bian is locally stored own warp with traditional Gradually be difficult to meet storage needs of the people to information, and as cloud computing this newborn concept extension, cloud storage Appearance solve the problem that mass data storage faces.
The cloud service provider memory space portable for people provide, user does not need any medium can just to have Data storage in the case of network.The data of Large Copacity or data processing are gradually given " cloud " by many enterprises Solve, can so reduce its operating cost and operating cost.The thing followed is user for cloud storage security Demand more and more higher, including transmission safety with storage safety.
In order to solve the problems, such as cloud storage security, those skilled in the art are proposed in user and cloud service provider Between TSM Security Agent is set, by TSM Security Agent come user-isolated and cloud service provider, it is to avoid bad user is to cloud The network attack of service provider or other unsafe network behaviors.In the prior art, in the safe aspect of cloud storage, Cloud storage client is broadly divided into be responsible for being responsible for cloud storage data cloud storage data encrypting and deciphering, cloud storage service end Two kinds of main flow security mechanisms of encryption and decryption.
The content of the invention
Lack lacking for third party's TSM Security Agent at cloud storage service end it is an object of the invention to overcome in prior art Fall into, so as to provide a kind of TSM Security Agent device that can be managed collectively to cloud storage service end.
To achieve these goals, the invention provides a kind of TSM Security Agent device for being deployed in cloud storage service end, Including:Cloud storage transport module, SSL unloadings service module, analysis module;Wherein,
The cloud storage transmission that the cloud storage transport module is used to realize between cloud storage client, cloud storage service end; The SSL unloadings service module is used to become HTTPS ciphertexts transmission data the HTTP data of plaintext;Described point Analysis module by the HTTP cloud storage plaintext transmission data after SSL unloading services to being analyzed.
In above-mentioned technical proposal, the cloud storage transmission that the cloud storage transport module is realized is specifically included:Safe generation Realize that cloud storage is transmitted using HTTPS cipher modes between reason device and cloud storage client;TSM Security Agent device with Realize that cloud storage is transmitted using HTTP clear-text ways between cloud storage service end.
In above-mentioned technical proposal, the analysis module is to bright by the HTTP cloud storages after SSL unloading services Text transmission data are analyzed and specifically include:Analyze the control letter between cloud storage client and cloud storage service end Breath or data message;Judge the initial position of encryption and decryption and carry out corresponding encryption and decryption treatment;With cloud storage service end Http communication is set up, cloud storage transmission is carried out with using HTTP clear-text ways.
Realized based on the described TSM Security Agent device for being deployed in cloud storage service end present invention also offers a kind of TSM Security Agent method, including:
Step 1), receive cloud storage client transmitted by ciphertext HTTPS request;
Step 2), realize SSL unloading services, terminate the cloud storage between cloud storage client and cloud storage service end Ciphertext is transmitted, and obtains plaintext HTTP request;
Step 3), plaintext HTTP request is further analyzed, if analyzing cloud storage client and cloud storage The data of interaction are control information between service end, then perform step 7), if analyze cloud storage client being deposited with cloud The data of interaction are data messages between storage service end, then perform next step;
Step 4), judge the initial position of encryption and decryption;
Step 5), carry out encryption and decryption treatment;
Step 6) and cloud storage service end set up http communication, cloud storage biography is carried out using HTTP clear-text ways It is defeated;
Step 7), be forwarded to cloud storage service end.
In above-mentioned technical proposal, in step 3) in, the control information includes:With the login authentication of cloud storage client, Certification reply, data upload requests, data download request and cloud storage client are logged off relevant information.
In above-mentioned technical proposal, in step 3) in, the data message includes:The data of cloud storage client upload, From the data that cloud storage service end is downloaded.
The advantage of the invention is that:
The TSM Security Agent device for being deployed in cloud storage service side of the invention is effectively by cloud storage data encrypting and deciphering Computation burden is separated from cloud storage service end, for cloud storage data provide transmission safety with storage safety guarantee.
Brief description of the drawings
Fig. 1 is the deployment schematic diagram of TSM Security Agent device of the invention;
Fig. 2 is the flow chart of TSM Security Agent method of the invention.
Specific embodiment
In conjunction with accompanying drawing, the invention will be further described.
In cloud storage service, need to carry out a certain amount of communication between cloud storage client and cloud storage service end. In order to ensure data transmission security and data storage security, the present invention is between cloud storage client and cloud storage service end There is provided TSM Security Agent device.
With reference to Fig. 1, when TSM Security Agent device of the invention is deployed in cloud storage service end side, the TSM Security Agent device Using as the HTTP reverse proxys of cloud storage client, including:Cloud storage transport module, SSL unloading service moulds Block, analysis module;Wherein,
The cloud storage transmission that the cloud storage transport module is used to realize between cloud storage client, cloud storage service end. Including:Realize that cloud storage is transmitted using HTTPS cipher modes between TSM Security Agent device and cloud storage client;Peace Realize that cloud storage is transmitted using HTTP clear-text ways between Full Proxy device and cloud storage service end.
The SSL unloadings service module is used to become HTTPS ciphertexts transmission data the HTTP data of plaintext.
The analysis module by the HTTP cloud storage plaintext transmission data after SSL unloading services to doing into one Step analysis, including:Analyze the control information or data information between cloud storage client and cloud storage service end; Judge the initial position of encryption and decryption and carry out corresponding encryption and decryption treatment;Http communication is set up with cloud storage service end, Cloud storage transmission is carried out with using HTTP clear-text ways.
The TSM Security Agent method that Fig. 2 is realized by TSM Security Agent device of the invention, including:
Step 201), receive cloud storage client transmitted by ciphertext HTTPS request;
Step 202), realize SSL unloading services, the cloud terminated between cloud storage client and cloud storage service end is deposited Storage ciphertext transmission, obtains plaintext HTTP request;
Step 203), plaintext HTTP request is further analyzed, if analyze cloud storage client being deposited with cloud The data of interaction are that control information (is such as replied with the login authentication of cloud storage client, certification, counted between storage service end The relevant information such as logged off according to upload request, data download request and cloud storage client), then perform step 207), if it is that data message (such as deposit by cloud to analyze the data interacted between cloud storage client and cloud storage service end The data for storing up client upload, the data downloaded from cloud storage service end), then perform next step;
Step 204), judge the initial position of encryption and decryption;
Step 205), carry out encryption and decryption treatment;
Step 206) and cloud storage service end set up http communication, cloud storage is carried out using HTTP clear-text ways Transmission;
Step 207), be forwarded to cloud storage service end.
It should be noted last that, the above embodiments are merely illustrative of the technical solutions of the present invention and it is unrestricted.Although The present invention has been described in detail with reference to embodiment, it will be understood by those within the art that, to the present invention Technical scheme modify or equivalent, without departure from the spirit and scope of technical solution of the present invention, its is equal Should cover in the middle of scope of the presently claimed invention.

Claims (6)

1. a kind of TSM Security Agent device for being deployed in cloud storage service end, it is characterised in that including:Cloud storage is transmitted Module, SSL unloadings service module, analysis module;Wherein,
The cloud storage transmission that the cloud storage transport module is used to realize between cloud storage client, cloud storage service end; The SSL unloadings service module is used to become HTTPS ciphertexts transmission data the HTTP data of plaintext;Described point Analysis module by the HTTP cloud storage plaintext transmission data after SSL unloading services to being analyzed.
2. the TSM Security Agent device for being deployed in cloud storage service end according to claim 1, it is characterised in that The cloud storage transmission that the cloud storage transport module is realized is specifically included:TSM Security Agent device and cloud storage client Between using HTTPS cipher modes realize cloud storage transmit;Used between TSM Security Agent device and cloud storage service end HTTP clear-text ways realize that cloud storage is transmitted.
3. the TSM Security Agent device for being deployed in cloud storage service end according to claim 1, it is characterised in that The analysis module by the HTTP cloud storage plaintext transmission data after SSL unloading services to being analyzed tool Body includes:Analyze the control information or data information between cloud storage client and cloud storage service end;Judge to add The initial position of decryption simultaneously carries out corresponding encryption and decryption treatment;Http communication is set up with cloud storage service end, to adopt Cloud storage transmission is carried out with HTTP clear-text ways.
4. realized based on one of the claim 1-3 described TSM Security Agent device for being deployed in cloud storage service end TSM Security Agent method, including:
Step 1), receive cloud storage client transmitted by ciphertext HTTPS request;
Step 2), realize SSL unloading services, terminate the cloud storage between cloud storage client and cloud storage service end Ciphertext is transmitted, and obtains plaintext HTTP request;
Step 3), plaintext HTTP request is further analyzed, if analyzing cloud storage client and cloud storage The data of interaction are control information between service end, then perform step 7), if analyze cloud storage client being deposited with cloud The data of interaction are data messages between storage service end, then perform next step;
Step 4), judge the initial position of encryption and decryption;
Step 5), carry out encryption and decryption treatment;
Step 6) and cloud storage service end set up http communication, cloud storage biography is carried out using HTTP clear-text ways It is defeated;
Step 7), be forwarded to cloud storage service end.
5. TSM Security Agent method according to claim 4, it is characterised in that in step 3) in, the control Information processed includes:With the login authentication of cloud storage client, certification reply, data upload requests, data download request Logged off relevant information with cloud storage client.
6. TSM Security Agent method according to claim 4, it is characterised in that in step 3) in, the number It is believed that breath includes:The data of cloud storage client upload, the data downloaded from cloud storage service end.
CN201510898258.2A 2015-12-08 2015-12-08 A kind of TSM Security Agent device for being deployed in cloud storage service end and TSM Security Agent method Pending CN106856468A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510898258.2A CN106856468A (en) 2015-12-08 2015-12-08 A kind of TSM Security Agent device for being deployed in cloud storage service end and TSM Security Agent method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510898258.2A CN106856468A (en) 2015-12-08 2015-12-08 A kind of TSM Security Agent device for being deployed in cloud storage service end and TSM Security Agent method

Publications (1)

Publication Number Publication Date
CN106856468A true CN106856468A (en) 2017-06-16

Family

ID=59131929

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510898258.2A Pending CN106856468A (en) 2015-12-08 2015-12-08 A kind of TSM Security Agent device for being deployed in cloud storage service end and TSM Security Agent method

Country Status (1)

Country Link
CN (1) CN106856468A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108170753A (en) * 2017-12-22 2018-06-15 北京工业大学 A kind of method of Key-Value data base encryptions and Safety query in shared cloud
CN110971622A (en) * 2020-03-04 2020-04-07 信联科技(南京)有限公司 Bidirectional access method and system between public network application system and intranet application system
CN111404772A (en) * 2020-03-09 2020-07-10 杭州迪普科技股份有限公司 Testing system and method of SS L proxy gateway
CN113992448A (en) * 2021-12-28 2022-01-28 北京瑞莱智慧科技有限公司 Data transparent transmission method, system, medium and computing device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102055730A (en) * 2009-11-02 2011-05-11 华为终端有限公司 Cloud processing system, cloud processing method and cloud computing agent device
CN102811225A (en) * 2012-08-22 2012-12-05 神州数码网络(北京)有限公司 Method and switch for security socket layer (SSL) intermediate agent to access web resource
CN103944890A (en) * 2014-04-08 2014-07-23 山东乾云启创信息科技有限公司 Virtual interaction system and method based on client/server mode
CN104580086A (en) * 2013-10-17 2015-04-29 腾讯科技(深圳)有限公司 Information transmission method, client side, server and system
CN104954380A (en) * 2015-06-23 2015-09-30 福建天晴数码有限公司 Android based monitoring preventing method and system under the condition of public WIFI (wireless fidelity)

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102055730A (en) * 2009-11-02 2011-05-11 华为终端有限公司 Cloud processing system, cloud processing method and cloud computing agent device
CN102811225A (en) * 2012-08-22 2012-12-05 神州数码网络(北京)有限公司 Method and switch for security socket layer (SSL) intermediate agent to access web resource
CN104580086A (en) * 2013-10-17 2015-04-29 腾讯科技(深圳)有限公司 Information transmission method, client side, server and system
CN103944890A (en) * 2014-04-08 2014-07-23 山东乾云启创信息科技有限公司 Virtual interaction system and method based on client/server mode
CN104954380A (en) * 2015-06-23 2015-09-30 福建天晴数码有限公司 Android based monitoring preventing method and system under the condition of public WIFI (wireless fidelity)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108170753A (en) * 2017-12-22 2018-06-15 北京工业大学 A kind of method of Key-Value data base encryptions and Safety query in shared cloud
CN108170753B (en) * 2017-12-22 2021-08-17 北京工业大学 Key-Value database encryption and security query method in common cloud
CN110971622A (en) * 2020-03-04 2020-04-07 信联科技(南京)有限公司 Bidirectional access method and system between public network application system and intranet application system
CN111404772A (en) * 2020-03-09 2020-07-10 杭州迪普科技股份有限公司 Testing system and method of SS L proxy gateway
CN113992448A (en) * 2021-12-28 2022-01-28 北京瑞莱智慧科技有限公司 Data transparent transmission method, system, medium and computing device
CN113992448B (en) * 2021-12-28 2022-04-12 北京瑞莱智慧科技有限公司 Data transparent transmission method, system, medium and computing device

Similar Documents

Publication Publication Date Title
GB2560434B (en) Securely transferring user information between applications
CN104184740B (en) Trusted transmission method, trusted third party and credible delivery system
CN108476133A (en) The key carried out by the believable third party in part exchanges
CN109151053A (en) Anti- quantum calculation cloud storage method and system based on public asymmetric key pond
CN109379380A (en) Data transmission method, data receiver method and remote printing system, mobile terminal
CN106856467A (en) A kind of TSM Security Agent device for being deployed in cloud storage client and TSM Security Agent method
CN103428221A (en) Safety logging method, system and device of mobile application
CN108401011A (en) The accelerated method of handshake request, equipment and fringe node in content distributing network
CN110753321A (en) Safe communication method for vehicle-mounted TBOX and cloud server
CN106856468A (en) A kind of TSM Security Agent device for being deployed in cloud storage service end and TSM Security Agent method
SE539602C2 (en) Generating a symmetric encryption key
CN107181770A (en) Method of data synchronization and system
CN105007254A (en) Data transmission method and system, and terminal
CN103327034A (en) Safe login method, system and device
SE1451213A1 (en) Improved system for establishing a secure communication channel
SE1451211A1 (en) Mutual authentication
SE1451212A1 (en) Improved security through authenticaton tokens
US11190345B2 (en) Email verification
CN104243146A (en) Encryption communication method and device and terminal
CN105556890A (en) Cryptographic processing method, cryptographic system, and server
CN102045343B (en) DC (Digital Certificate) based communication encrypting safety method, server and system
CN111181920A (en) Encryption and decryption method and device
CN103716280A (en) Data transmission method, server and system
CN107579964A (en) Data transmission method and device
CN103595619A (en) Method, device and system for adding friend

Legal Events

Date Code Title Description
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170616

RJ01 Rejection of invention patent application after publication