CN106856468A - A kind of TSM Security Agent device for being deployed in cloud storage service end and TSM Security Agent method - Google Patents
A kind of TSM Security Agent device for being deployed in cloud storage service end and TSM Security Agent method Download PDFInfo
- Publication number
- CN106856468A CN106856468A CN201510898258.2A CN201510898258A CN106856468A CN 106856468 A CN106856468 A CN 106856468A CN 201510898258 A CN201510898258 A CN 201510898258A CN 106856468 A CN106856468 A CN 106856468A
- Authority
- CN
- China
- Prior art keywords
- cloud storage
- service end
- data
- security agent
- tsm security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of TSM Security Agent device for being deployed in cloud storage service end, including:Cloud storage transport module, SSL unloadings service module, analysis module;Wherein, the cloud storage transmission that the cloud storage transport module is used to realize between cloud storage client, cloud storage service end;The SSL unloadings service module is used to become HTTPS ciphertexts transmission data the HTTP data of plaintext;The analysis module by the HTTP cloud storage plaintext transmission data after SSL unloading services to being analyzed.The TSM Security Agent device for being deployed in cloud storage service side of the invention effectively separates the computation burden of cloud storage data encrypting and deciphering from cloud storage service end, for cloud storage data provide transmission safety with storage safety guarantee.
Description
Technical field
The present invention relates to network safety filed, more particularly to a kind of TSM Security Agent device for being deployed in cloud storage service end
With TSM Security Agent method.
Background technology
With the arrival of information age, information data increases in geometry rank ground, and Bian is locally stored own warp with traditional
Gradually be difficult to meet storage needs of the people to information, and as cloud computing this newborn concept extension, cloud storage
Appearance solve the problem that mass data storage faces.
The cloud service provider memory space portable for people provide, user does not need any medium can just to have
Data storage in the case of network.The data of Large Copacity or data processing are gradually given " cloud " by many enterprises
Solve, can so reduce its operating cost and operating cost.The thing followed is user for cloud storage security
Demand more and more higher, including transmission safety with storage safety.
In order to solve the problems, such as cloud storage security, those skilled in the art are proposed in user and cloud service provider
Between TSM Security Agent is set, by TSM Security Agent come user-isolated and cloud service provider, it is to avoid bad user is to cloud
The network attack of service provider or other unsafe network behaviors.In the prior art, in the safe aspect of cloud storage,
Cloud storage client is broadly divided into be responsible for being responsible for cloud storage data cloud storage data encrypting and deciphering, cloud storage service end
Two kinds of main flow security mechanisms of encryption and decryption.
The content of the invention
Lack lacking for third party's TSM Security Agent at cloud storage service end it is an object of the invention to overcome in prior art
Fall into, so as to provide a kind of TSM Security Agent device that can be managed collectively to cloud storage service end.
To achieve these goals, the invention provides a kind of TSM Security Agent device for being deployed in cloud storage service end,
Including:Cloud storage transport module, SSL unloadings service module, analysis module;Wherein,
The cloud storage transmission that the cloud storage transport module is used to realize between cloud storage client, cloud storage service end;
The SSL unloadings service module is used to become HTTPS ciphertexts transmission data the HTTP data of plaintext;Described point
Analysis module by the HTTP cloud storage plaintext transmission data after SSL unloading services to being analyzed.
In above-mentioned technical proposal, the cloud storage transmission that the cloud storage transport module is realized is specifically included:Safe generation
Realize that cloud storage is transmitted using HTTPS cipher modes between reason device and cloud storage client;TSM Security Agent device with
Realize that cloud storage is transmitted using HTTP clear-text ways between cloud storage service end.
In above-mentioned technical proposal, the analysis module is to bright by the HTTP cloud storages after SSL unloading services
Text transmission data are analyzed and specifically include:Analyze the control letter between cloud storage client and cloud storage service end
Breath or data message;Judge the initial position of encryption and decryption and carry out corresponding encryption and decryption treatment;With cloud storage service end
Http communication is set up, cloud storage transmission is carried out with using HTTP clear-text ways.
Realized based on the described TSM Security Agent device for being deployed in cloud storage service end present invention also offers a kind of
TSM Security Agent method, including:
Step 1), receive cloud storage client transmitted by ciphertext HTTPS request;
Step 2), realize SSL unloading services, terminate the cloud storage between cloud storage client and cloud storage service end
Ciphertext is transmitted, and obtains plaintext HTTP request;
Step 3), plaintext HTTP request is further analyzed, if analyzing cloud storage client and cloud storage
The data of interaction are control information between service end, then perform step 7), if analyze cloud storage client being deposited with cloud
The data of interaction are data messages between storage service end, then perform next step;
Step 4), judge the initial position of encryption and decryption;
Step 5), carry out encryption and decryption treatment;
Step 6) and cloud storage service end set up http communication, cloud storage biography is carried out using HTTP clear-text ways
It is defeated;
Step 7), be forwarded to cloud storage service end.
In above-mentioned technical proposal, in step 3) in, the control information includes:With the login authentication of cloud storage client,
Certification reply, data upload requests, data download request and cloud storage client are logged off relevant information.
In above-mentioned technical proposal, in step 3) in, the data message includes:The data of cloud storage client upload,
From the data that cloud storage service end is downloaded.
The advantage of the invention is that:
The TSM Security Agent device for being deployed in cloud storage service side of the invention is effectively by cloud storage data encrypting and deciphering
Computation burden is separated from cloud storage service end, for cloud storage data provide transmission safety with storage safety guarantee.
Brief description of the drawings
Fig. 1 is the deployment schematic diagram of TSM Security Agent device of the invention;
Fig. 2 is the flow chart of TSM Security Agent method of the invention.
Specific embodiment
In conjunction with accompanying drawing, the invention will be further described.
In cloud storage service, need to carry out a certain amount of communication between cloud storage client and cloud storage service end.
In order to ensure data transmission security and data storage security, the present invention is between cloud storage client and cloud storage service end
There is provided TSM Security Agent device.
With reference to Fig. 1, when TSM Security Agent device of the invention is deployed in cloud storage service end side, the TSM Security Agent device
Using as the HTTP reverse proxys of cloud storage client, including:Cloud storage transport module, SSL unloading service moulds
Block, analysis module;Wherein,
The cloud storage transmission that the cloud storage transport module is used to realize between cloud storage client, cloud storage service end.
Including:Realize that cloud storage is transmitted using HTTPS cipher modes between TSM Security Agent device and cloud storage client;Peace
Realize that cloud storage is transmitted using HTTP clear-text ways between Full Proxy device and cloud storage service end.
The SSL unloadings service module is used to become HTTPS ciphertexts transmission data the HTTP data of plaintext.
The analysis module by the HTTP cloud storage plaintext transmission data after SSL unloading services to doing into one
Step analysis, including:Analyze the control information or data information between cloud storage client and cloud storage service end;
Judge the initial position of encryption and decryption and carry out corresponding encryption and decryption treatment;Http communication is set up with cloud storage service end,
Cloud storage transmission is carried out with using HTTP clear-text ways.
The TSM Security Agent method that Fig. 2 is realized by TSM Security Agent device of the invention, including:
Step 201), receive cloud storage client transmitted by ciphertext HTTPS request;
Step 202), realize SSL unloading services, the cloud terminated between cloud storage client and cloud storage service end is deposited
Storage ciphertext transmission, obtains plaintext HTTP request;
Step 203), plaintext HTTP request is further analyzed, if analyze cloud storage client being deposited with cloud
The data of interaction are that control information (is such as replied with the login authentication of cloud storage client, certification, counted between storage service end
The relevant information such as logged off according to upload request, data download request and cloud storage client), then perform step
207), if it is that data message (such as deposit by cloud to analyze the data interacted between cloud storage client and cloud storage service end
The data for storing up client upload, the data downloaded from cloud storage service end), then perform next step;
Step 204), judge the initial position of encryption and decryption;
Step 205), carry out encryption and decryption treatment;
Step 206) and cloud storage service end set up http communication, cloud storage is carried out using HTTP clear-text ways
Transmission;
Step 207), be forwarded to cloud storage service end.
It should be noted last that, the above embodiments are merely illustrative of the technical solutions of the present invention and it is unrestricted.Although
The present invention has been described in detail with reference to embodiment, it will be understood by those within the art that, to the present invention
Technical scheme modify or equivalent, without departure from the spirit and scope of technical solution of the present invention, its is equal
Should cover in the middle of scope of the presently claimed invention.
Claims (6)
1. a kind of TSM Security Agent device for being deployed in cloud storage service end, it is characterised in that including:Cloud storage is transmitted
Module, SSL unloadings service module, analysis module;Wherein,
The cloud storage transmission that the cloud storage transport module is used to realize between cloud storage client, cloud storage service end;
The SSL unloadings service module is used to become HTTPS ciphertexts transmission data the HTTP data of plaintext;Described point
Analysis module by the HTTP cloud storage plaintext transmission data after SSL unloading services to being analyzed.
2. the TSM Security Agent device for being deployed in cloud storage service end according to claim 1, it is characterised in that
The cloud storage transmission that the cloud storage transport module is realized is specifically included:TSM Security Agent device and cloud storage client
Between using HTTPS cipher modes realize cloud storage transmit;Used between TSM Security Agent device and cloud storage service end
HTTP clear-text ways realize that cloud storage is transmitted.
3. the TSM Security Agent device for being deployed in cloud storage service end according to claim 1, it is characterised in that
The analysis module by the HTTP cloud storage plaintext transmission data after SSL unloading services to being analyzed tool
Body includes:Analyze the control information or data information between cloud storage client and cloud storage service end;Judge to add
The initial position of decryption simultaneously carries out corresponding encryption and decryption treatment;Http communication is set up with cloud storage service end, to adopt
Cloud storage transmission is carried out with HTTP clear-text ways.
4. realized based on one of the claim 1-3 described TSM Security Agent device for being deployed in cloud storage service end
TSM Security Agent method, including:
Step 1), receive cloud storage client transmitted by ciphertext HTTPS request;
Step 2), realize SSL unloading services, terminate the cloud storage between cloud storage client and cloud storage service end
Ciphertext is transmitted, and obtains plaintext HTTP request;
Step 3), plaintext HTTP request is further analyzed, if analyzing cloud storage client and cloud storage
The data of interaction are control information between service end, then perform step 7), if analyze cloud storage client being deposited with cloud
The data of interaction are data messages between storage service end, then perform next step;
Step 4), judge the initial position of encryption and decryption;
Step 5), carry out encryption and decryption treatment;
Step 6) and cloud storage service end set up http communication, cloud storage biography is carried out using HTTP clear-text ways
It is defeated;
Step 7), be forwarded to cloud storage service end.
5. TSM Security Agent method according to claim 4, it is characterised in that in step 3) in, the control
Information processed includes:With the login authentication of cloud storage client, certification reply, data upload requests, data download request
Logged off relevant information with cloud storage client.
6. TSM Security Agent method according to claim 4, it is characterised in that in step 3) in, the number
It is believed that breath includes:The data of cloud storage client upload, the data downloaded from cloud storage service end.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510898258.2A CN106856468A (en) | 2015-12-08 | 2015-12-08 | A kind of TSM Security Agent device for being deployed in cloud storage service end and TSM Security Agent method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510898258.2A CN106856468A (en) | 2015-12-08 | 2015-12-08 | A kind of TSM Security Agent device for being deployed in cloud storage service end and TSM Security Agent method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106856468A true CN106856468A (en) | 2017-06-16 |
Family
ID=59131929
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510898258.2A Pending CN106856468A (en) | 2015-12-08 | 2015-12-08 | A kind of TSM Security Agent device for being deployed in cloud storage service end and TSM Security Agent method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106856468A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108170753A (en) * | 2017-12-22 | 2018-06-15 | 北京工业大学 | A kind of method of Key-Value data base encryptions and Safety query in shared cloud |
CN110971622A (en) * | 2020-03-04 | 2020-04-07 | 信联科技(南京)有限公司 | Bidirectional access method and system between public network application system and intranet application system |
CN111404772A (en) * | 2020-03-09 | 2020-07-10 | 杭州迪普科技股份有限公司 | Testing system and method of SS L proxy gateway |
CN113992448A (en) * | 2021-12-28 | 2022-01-28 | 北京瑞莱智慧科技有限公司 | Data transparent transmission method, system, medium and computing device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102055730A (en) * | 2009-11-02 | 2011-05-11 | 华为终端有限公司 | Cloud processing system, cloud processing method and cloud computing agent device |
CN102811225A (en) * | 2012-08-22 | 2012-12-05 | 神州数码网络(北京)有限公司 | Method and switch for security socket layer (SSL) intermediate agent to access web resource |
CN103944890A (en) * | 2014-04-08 | 2014-07-23 | 山东乾云启创信息科技有限公司 | Virtual interaction system and method based on client/server mode |
CN104580086A (en) * | 2013-10-17 | 2015-04-29 | 腾讯科技(深圳)有限公司 | Information transmission method, client side, server and system |
CN104954380A (en) * | 2015-06-23 | 2015-09-30 | 福建天晴数码有限公司 | Android based monitoring preventing method and system under the condition of public WIFI (wireless fidelity) |
-
2015
- 2015-12-08 CN CN201510898258.2A patent/CN106856468A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102055730A (en) * | 2009-11-02 | 2011-05-11 | 华为终端有限公司 | Cloud processing system, cloud processing method and cloud computing agent device |
CN102811225A (en) * | 2012-08-22 | 2012-12-05 | 神州数码网络(北京)有限公司 | Method and switch for security socket layer (SSL) intermediate agent to access web resource |
CN104580086A (en) * | 2013-10-17 | 2015-04-29 | 腾讯科技(深圳)有限公司 | Information transmission method, client side, server and system |
CN103944890A (en) * | 2014-04-08 | 2014-07-23 | 山东乾云启创信息科技有限公司 | Virtual interaction system and method based on client/server mode |
CN104954380A (en) * | 2015-06-23 | 2015-09-30 | 福建天晴数码有限公司 | Android based monitoring preventing method and system under the condition of public WIFI (wireless fidelity) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108170753A (en) * | 2017-12-22 | 2018-06-15 | 北京工业大学 | A kind of method of Key-Value data base encryptions and Safety query in shared cloud |
CN108170753B (en) * | 2017-12-22 | 2021-08-17 | 北京工业大学 | Key-Value database encryption and security query method in common cloud |
CN110971622A (en) * | 2020-03-04 | 2020-04-07 | 信联科技(南京)有限公司 | Bidirectional access method and system between public network application system and intranet application system |
CN111404772A (en) * | 2020-03-09 | 2020-07-10 | 杭州迪普科技股份有限公司 | Testing system and method of SS L proxy gateway |
CN113992448A (en) * | 2021-12-28 | 2022-01-28 | 北京瑞莱智慧科技有限公司 | Data transparent transmission method, system, medium and computing device |
CN113992448B (en) * | 2021-12-28 | 2022-04-12 | 北京瑞莱智慧科技有限公司 | Data transparent transmission method, system, medium and computing device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
GB2560434B (en) | Securely transferring user information between applications | |
CN104184740B (en) | Trusted transmission method, trusted third party and credible delivery system | |
CN108476133A (en) | The key carried out by the believable third party in part exchanges | |
CN109151053A (en) | Anti- quantum calculation cloud storage method and system based on public asymmetric key pond | |
CN109379380A (en) | Data transmission method, data receiver method and remote printing system, mobile terminal | |
CN106856467A (en) | A kind of TSM Security Agent device for being deployed in cloud storage client and TSM Security Agent method | |
CN103428221A (en) | Safety logging method, system and device of mobile application | |
CN108401011A (en) | The accelerated method of handshake request, equipment and fringe node in content distributing network | |
CN110753321A (en) | Safe communication method for vehicle-mounted TBOX and cloud server | |
CN106856468A (en) | A kind of TSM Security Agent device for being deployed in cloud storage service end and TSM Security Agent method | |
SE539602C2 (en) | Generating a symmetric encryption key | |
CN107181770A (en) | Method of data synchronization and system | |
CN105007254A (en) | Data transmission method and system, and terminal | |
CN103327034A (en) | Safe login method, system and device | |
SE1451213A1 (en) | Improved system for establishing a secure communication channel | |
SE1451211A1 (en) | Mutual authentication | |
SE1451212A1 (en) | Improved security through authenticaton tokens | |
US11190345B2 (en) | Email verification | |
CN104243146A (en) | Encryption communication method and device and terminal | |
CN105556890A (en) | Cryptographic processing method, cryptographic system, and server | |
CN102045343B (en) | DC (Digital Certificate) based communication encrypting safety method, server and system | |
CN111181920A (en) | Encryption and decryption method and device | |
CN103716280A (en) | Data transmission method, server and system | |
CN107579964A (en) | Data transmission method and device | |
CN103595619A (en) | Method, device and system for adding friend |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170616 |
|
RJ01 | Rejection of invention patent application after publication |