CN109067712A - A kind of user cloud data guard method and proxy server - Google Patents

A kind of user cloud data guard method and proxy server Download PDF

Info

Publication number
CN109067712A
CN109067712A CN201810779455.6A CN201810779455A CN109067712A CN 109067712 A CN109067712 A CN 109067712A CN 201810779455 A CN201810779455 A CN 201810779455A CN 109067712 A CN109067712 A CN 109067712A
Authority
CN
China
Prior art keywords
cloud application
data
sent
proxy server
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810779455.6A
Other languages
Chinese (zh)
Inventor
熊志晖
陈昊闻
徐业礼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Yaxin Network Security Industry Technology Research Institute Co Ltd
Original Assignee
Chengdu Yaxin Network Security Industry Technology Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Yaxin Network Security Industry Technology Research Institute Co Ltd filed Critical Chengdu Yaxin Network Security Industry Technology Research Institute Co Ltd
Priority to CN201810779455.6A priority Critical patent/CN109067712A/en
Publication of CN109067712A publication Critical patent/CN109067712A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1073Registration or de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Multimedia (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the present invention discloses a kind of user cloud data guard method and proxy server; it is related to technical field of network security; while by way of using automatic encryption and decryption to data, capable of guaranteeing the safety of data of deposit cloud application server, the convenience of data access process is improved.This method comprises: proxy server receives the first data that cloud application client is sent;The identification information of cloud application client is carried in first data;When the identification information stored in proxy server confirmation identification information and memory list is consistent, according to public key to the first data encryption, and it is sent to corresponding cloud application server-side;Wherein the identification information of cloud application client and cloud application server-side correspond.The embodiment of the present invention is applied to network system.

Description

A kind of user cloud data guard method and proxy server
Technical field
The embodiment of the present invention be related to technical field of network security more particularly to a kind of user cloud data guard method and Proxy server.
Background technique
With the fast development of information technology and intelligent terminal, cloud application is widely present in every field.Use cloud application User can all generate mass data file daily, be much directed to personal secret or privacy with enterprise, therefore data are pacified Full problem is the key that cloud disk.Although cloud application is real currently, most cloud application provides some security solutions for user Be on border it is incredible, for initiative not in user hand, some professionals or administrator can obtain data file easily, use Family is in passive state, is easy to cause the generation of a large number of users leakage of data event.Also user encrypts in advance to data manually, Cloud application server-side is uploaded to again, although user is possessed of control power in this way, since encrypted data file still has by violence The possibility cracked, and frequent access process makes the process of manual encrypting and decrypting complex, makes troubles.
Summary of the invention
The embodiment of the present invention provides a kind of user cloud data guard method and proxy server, can be by data By the way of automatic encryption and decryption, while guaranteeing the safety of the data of deposit cloud application server, data access mistake is improved The convenience of journey.
In a first aspect, a kind of user cloud data guard method is provided, this method comprises: proxy server receives cloud application The first data that client is sent;The identification information of cloud application client is carried in first data;Proxy server confirmation cloud is answered When consistent with the identification information stored in the identification information of client and memory list, according to public key to the first data encryption, and It is sent to corresponding cloud application server-side;Wherein the identification information of cloud application client and cloud application server-side correspond.
In the above-mentioned methods, proxy server receives the first data that cloud application client is sent, and confirms in the first data When the identification information stored in the identification information of carrying cloud application client and memory list is consistent, using public key to the first data It is encrypted, and the first data is sent to cloud application server corresponding with cloud application client.The application passes through to data By the way of encrypting automatically, guarantees the safety of the data of deposit cloud application server, improve the convenient of data storage procedure Property.
Optionally, before the first data that proxy server reception cloud application client is sent, comprising: proxy server connects The logging request that user management portal is sent is received, logging request includes user information, and user information includes account and password;Agency After server confirmation account logs in successfully, public key acquisition request is sent to key server according to user information, and receive key The public key that server returns.
Optionally, before the logging request that proxy server reception user management portal is sent, comprising: proxy server connects The registration request that user management portal is sent is received, registration request includes the user information of the received user's input of user management portal Or the user information obtained by third-party platform;After proxy server confirmation account succeeds in registration, public key is generated, and will be public Key preservation is sent to key server preservation.
Optionally, before the first data that proxy server reception cloud application client is sent, further includes: proxy server The identification information at least one cloud application client that user management portal is sent is received, and by identification information storage in rank In table.
Second aspect provides a kind of user cloud data guard method, this method comprises: proxy server receives cloud application The second data acquisition request that client is sent;The identification information of cloud application client is carried in second data acquisition request;Its The identification information and cloud application server-side of medium cloud applications client correspond;Proxy server is by the second data acquisition request root Corresponding cloud application server-side is sent to according to the identification information of cloud application client;Proxy server receives cloud application server-side hair The second data sent;Second data use public key encryption;The identification information of cloud application client is wherein carried in the second data;Generation When the identification information of reason server confirmation cloud application client is consistent with the identification information that memory module stores in memory list, According to private key to the second data deciphering, and cloud application client is sent to according to the identification information of cloud application client.
In the above-mentioned methods, after proxy server receives the second data acquisition request that cloud application client is sent, according to The identification information that cloud application client is carried in second data acquisition request, the second data acquisition request is sent to and cloud application The corresponding cloud application server-side of client;Then the second data using public key encryption that cloud application server-side returns are received;Generation When the identification information of reason server confirmation cloud application server-side is consistent with the identification information that memory module stores in memory list, According to private key to the second data deciphering, and the second data after decryption are sent to cloud according to the identification information of cloud application server-side Applications client.The application guarantees to obtain data from cloud application server by way of decrypting data automatically using private key Safety, improve the convenience of data acquisition.
Optionally, before the second data acquisition request that proxy server reception cloud application client is sent, comprising: agency Server receives the logging request that user management portal is sent;Logging request includes user information, user information include account and Password.After proxy server confirmation account logs in successfully, encryption key acquisition is sent to key server according to user information and is asked It asks;Proxy server receives the encryption key that key server returns, and generation private is decrypted according to password to encryption key Key.
Optionally, proxy server receives the logging request that user management portal is sent, and before includes: that proxy server connects Receive the registration request that user management portal is sent;Registration request, which includes administrator, directly inputs user's letter by user management portal Breath register or registered by the user information of third-party platform.After proxy server confirmation account succeeds in registration, Generate private key;Proxy server carries out encryption to private key according to password and generates encryption key, and encryption key is sent to key It is saved in server.
Optionally, proxy server receives the second data acquisition request that cloud application client is sent, before further include: generation It manages server and receives the identification information at least one cloud application client that user management portal is sent, and at least one cloud is answered With the identification information storage of client in memory.
The third aspect provides a kind of proxy server, which includes:
Receiving module, for receiving the first data of cloud application client transmission;Cloud application client is carried in first data The identification information at end.
Processing module, the identification information and memory module for confirming the received cloud application client of receiving module are in memory When the identification information stored in list is consistent, according to the received public key of receiving module to the first data encryption.
Sending module, the first data for encrypting processing module are sent to corresponding cloud application server-side;Its medium cloud The identification information and cloud application server-side of applications client correspond.
Optionally, receiving module, for receiving the logging request of user management portal transmission, logging request includes user's letter Breath, user information includes account and password.
Sending module after logging in successfully for processing module confirmation account, is sent according to user information to key server Public key acquisition request.
Receiving module is also used to receive the public key of key server return.
Optionally, receiving module, for receiving the registration request of user management portal transmission, registration request includes user's pipe The user information managing the user information of the received user's input of portal or being obtained by third-party platform.
Processing module generates public key after confirming that account succeeds in registration.
Sending module, the public key for generating processing module are sent to key server preservation.
Optionally, receiving module, the mark of at least one cloud application client for receiving the transmission of user management portal Information.
Memory module is used for the received identification information storage of receiving module in memory list.
It is to be appreciated that a kind of proxy server of above-mentioned offer is corresponding for executing first aspect presented above Method, therefore, attainable beneficial effect can refer in method and the following detailed description of first aspect above The beneficial effect of corresponding scheme, details are not described herein again.
Fourth aspect provides a kind of proxy server, which includes:
Receiving module, for receiving the second data acquisition request of cloud application client transmission;Second data acquisition request The middle identification information for carrying cloud application client;Wherein the identification information of cloud application client and cloud application server-side one are a pair of It answers.
Sending module, for believing received second data acquisition request of receiving module according to the mark of cloud application client Breath is sent to corresponding cloud application server-side.
Receiving module is also used to receive the second data of cloud application server-side transmission;Second data use public key encryption;Its In the identification information of cloud application client is carried in the second data.
Processing module, the identification information and memory module for confirming the received cloud application client of receiving module are in memory When the identification information stored in list is consistent, according to the received private key of receiving module to the second data deciphering.
Sending module, the second data for being decrypted processing module according to the received identification information of receiving module are sent to Cloud application client.
Optionally, receiving module, for receiving the logging request of user management portal transmission;Logging request includes user's letter Breath, user information includes account and password.
Sending module sends encryption key to key server according to user information after confirming that account logs in successfully Acquisition request.
Receiving module, for receiving the encryption key of key server return.
Processing module, for generation private key to be decrypted according to password to the received encryption key of receiving module.
Optionally, receiving module, for receiving the registration request of user management portal transmission;Registration request includes administrator User information is directly inputted by user management portal to carry out registration or registered by the user information of third-party platform.
Processing module generates private key after confirming that account succeeds in registration.
Processing module is also used to carry out encryption to private key according to password to generate encryption key.
Sending module, the encryption key for generating processing module, which is sent in key server, to be saved.
Optionally, receiving module, the mark of at least one cloud application client for receiving the transmission of user management portal Information.
Memory module, for by the identification information storage of at least one received cloud application client of receiving module in memory In.
It is to be appreciated that a kind of proxy server of above-mentioned offer is corresponding for executing second aspect presented above Method, therefore, attainable beneficial effect can refer in method and the following detailed description of second aspect above The beneficial effect of corresponding scheme, details are not described herein again.
Detailed description of the invention
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
Fig. 1 is a kind of structural schematic diagram for user cloud data protection system that the embodiment of the present invention provides;
Fig. 2 is a kind of flow diagram for user cloud data guard method that the embodiment of the present invention provides;
Fig. 3 is a kind of flow diagram for registration log-on proxy server that the embodiment of the present invention provides;
Fig. 4 is the flow diagram for another user cloud data guard method that the embodiment of the present invention provides;
Fig. 5 is a kind of structural schematic diagram for proxy server that the embodiment of the present invention provides;
Fig. 6 is the structural schematic diagram for another proxy server that the embodiment of the present invention provides.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
Cloud application provides a user the data management functions such as online file storage, access, backup, shared, and no matter is user Anywhere, as long as can connect to internet, so that it may carry out the access of data, but user data by cloud application client Leakage is always a focus of nowadays internet world, and keeps off grave danger on cloud application Commercial road.Existing skill There is no strong guarantees for user data for the cloud application of art, therefore user data still has the risk of leakage.Referring to Fig.1, A kind of user cloud data protection system 10 of the embodiment of the present invention, including cloud application server-side 101, cloud application client 102, generation Manage server 103 and user management device 104.Wherein user management device 104 includes user management portal 104-1, key Server 104-2 and third-party platform 104-3.Illustratively, cloud application client can be clear in various terminal equipment Look at device plug-in unit, locally applied or application APP (Application) etc..
Referring to Fig. 2, the embodiment of the present invention provides a kind of user cloud data guard method, this method comprises:
201, proxy server receives the first data that cloud application client is sent;Cloud application client is carried in first data The identification information at end.
In addition, before the first data that proxy server reception cloud application client is sent, comprising: proxy server receives The logging request that user management portal is sent, logging request includes user information, and user information includes account and password;Agency's clothes After business device confirmation account logs in successfully, public key acquisition request is sent to key server according to user information, and receive key clothes The public key that business device returns.
In addition, before the logging request that proxy server reception user management portal is sent, comprising: proxy server receives The registration request that user management portal is sent, registration request include the received user input of user management portal user information or The user information that person is obtained by third-party platform;After proxy server confirmation account succeeds in registration, public key is generated, and by public key Preservation is sent to key server preservation.
Detailed, public key only generates after proxy server confirmation account succeeds in registration primary.
In order to better understand, referring to Fig. 3, exemplary theory is carried out to using user information to register log-on proxy server It is bright, the specific steps are as follows:
301, the user information that user management portal is sent is received.
302, whether confirmation user information is third-party platform user information.If going to step 309, otherwise jump to Step 303.
303, judge whether user information is registered.If going to step 304,306 are otherwise gone to step.
304, it is logged in using user information.Go to step 305.
305, judge whether to login successfully.If terminating, 304 are otherwise gone to step.
306, user information registration is carried out.Go to step 307.
307, judge whether to succeed in registration.If going to step 308,306 are otherwise gone to step.
308, user identity is proved that UID and register account number are bound.Go to step 304.
309, third-party platform certification is carried out.Go to step 310.
310, judge whether to authenticate successfully.If going to step 308,309 are otherwise gone to step.
Illustratively, when enterprise there are more proxy servers, more agency's clothes can be logged in using unified account number registration Business device can be encrypted when guaranteeing to upload data using unified public key.
In addition, before the first data that proxy server reception cloud application client is sent, further includes: proxy server connects The identification information at least one cloud application client that user management portal is sent is received, and by identification information storage in memory list In.
202, the identification information one that stores in the identification information of proxy server confirmation cloud application client and memory list When cause, according to public key to the first data encryption, and it is sent to corresponding cloud application server-side;The wherein mark of cloud application client Information and cloud application server-side correspond.
Detailed, cloud application client is uploaded to the first data of cloud application server-side by agency via proxy server After server is encrypted using public key, retransmit to cloud application server-side;Received first number of cloud application server institute in this way According to the first data for being forever encryption.
Illustratively, when proxy server needs replacing, agency of the original user information after replacement need to only be used It carries out logging in the public key before can giving for change again by user management portal on server, guarantees that cloud application client passes through generation The data that reason server is stored in corresponding cloud application server-side are encrypted using identical public key.
Illustratively, for the Intranet user of proxy server service, the mistake of the first data is stored by proxy server Journey can be shared, and for external network user, then need to be arranged generation of the outer net address of proxy server as access proxies Address is managed, so that Intranet user can whenever and wherever possible be encrypted the first data using public key using proxy server.
In the above-mentioned methods, proxy server receives the first data that cloud application client is sent, and confirms in the first data When the identification information stored in the identification information of carrying cloud application client and memory list is consistent, using public key to the first data It is encrypted, and the first data is sent to cloud application server corresponding with cloud application client.The application passes through to data By the way of encrypting automatically, guarantees the safety of the data of deposit cloud application server, improve the convenient of data storage procedure Property.
Referring to Fig. 4, the embodiment of the present invention provides a kind of user cloud data guard method, this method comprises:
401, proxy server receives the second data acquisition request that cloud application client is sent;Second data acquisition request The middle identification information for carrying cloud application client;Wherein the identification information of cloud application client and cloud application server-side one are a pair of It answers.
In addition, before the second data acquisition request that proxy server reception cloud application client is sent, comprising: the generation It manages server and receives the logging request that user management portal is sent;The logging request includes user information, the user information Including account and password;After proxy server confirmation account logs in successfully, according to the user information to key server Send encryption key acquisition request;The proxy server receives the encryption key that the key server returns, and right The encryption key is decrypted according to the password and generates the private key.
In addition, proxy server receives the logging request that user management portal is sent, it before include: the proxy server Receive the registration request that user management portal is sent;The registration request includes that administrator is direct by the user management portal Input user information register or registered by the user information of third-party platform;The proxy server confirms account After number succeeding in registration, the private key is generated;The proxy server carries out encryption generation to the private key according to the password and adds Close private key, and the encryption key is sent in key server and is saved.
Detailed, private key only generates after proxy server confirmation account succeeds in registration primary.
It should be noted that using user information registration log-on proxy server detailed step referring to Fig. 2, it is no longer superfluous here It states.
Illustratively, when enterprise there are more proxy servers, more agency's clothes can be logged in using unified account number registration Business device can be decrypted when guaranteeing to obtain the second data using unified private key.
In addition, proxy server receives the second data acquisition request that cloud application client is sent, before further include: agency Server receives the identification information at least one cloud application client that user management portal is sent, and by least one cloud application The identification information storage of client is in memory.
402, the second data acquisition request is sent to correspondence according to the identification information of cloud application client by proxy server Cloud application server-side;
403, proxy server receives the second data that cloud application server-side is sent;Second data use public key encryption;Its In the identification information of cloud application client is carried in the second data.
404, the identification information of proxy server confirmation cloud application client and memory module store in memory list When identification information is consistent, according to private key to the second data deciphering, and cloud application client is sent to according to identification information.
Detailed, cloud application client is equal via the second data of the encryption that proxy server is obtained from cloud application server-side After being decrypted by proxy server using private key, retransmit to cloud application client.
Illustratively, when proxy server needs replacing, agency of the original user information after replacement need to only be used It carries out logging in the private key before can giving for change again by user management portal on server, guarantees that proxy server obtains cloud and answers It is decrypted with the second data of server-side using identical private key.
Illustratively, for the Intranet user of proxy server service, the mistake of the second data is obtained by proxy server Journey can be shared, and for external network user, then need to be arranged generation of the outer net address of proxy server as access proxies Address is managed, so that the second data can be decrypted using private key using proxy server whenever and wherever possible for Intranet user.
In the above-mentioned methods, after proxy server receives the second data acquisition request that cloud application client is sent, according to The identification information that cloud application client is carried in second data acquisition request, the second data acquisition request is sent to and cloud application The corresponding cloud application server-side of client;Then the second data using public key encryption that cloud application server-side returns are received;Generation When the identification information of reason server confirmation cloud application server-side is consistent with the identification information that memory module stores in memory list, According to private key to the second data deciphering, and the second data after decryption are sent to cloud according to the identification information of cloud application server-side Applications client.The application guarantees to obtain data from cloud application server by way of decrypting data automatically using private key Safety, improve the convenience of data acquisition.
Referring to Fig. 5, the embodiment of the present invention provides a kind of proxy server 103, which includes:
Receiving module 501, for receiving the first data of cloud application client transmission;Cloud application visitor is carried in first data The identification information at family end.
Processing module 503, for confirming the identification information and memory module of the received cloud application client of receiving module 501 When 504 identification informations that store in memory list are consistent, according to the received public key of receiving module 501 to the first data encryption.
Sending module 502, the first data for encrypting processing module 503 are sent to corresponding cloud application server-side; Wherein the identification information of cloud application client and cloud application server-side correspond.
In a kind of illustrative scheme, receiving module 501, for receiving the logging request of user management portal transmission, Logging request includes user information, and user information includes account and password.
Sending module 502, after confirming that account logs in successfully for processing module 503, according to user information to cipher key service Device sends public key acquisition request.
Receiving module 501 is also used to receive the public key of key server return.
In a kind of illustrative scheme, receiving module 501, for receiving the registration request of user management portal transmission, Registration request includes the user information of the received user's input of user management portal or the user by third-party platform acquisition Information.
Processing module 503 generates public key after confirming that account succeeds in registration.
Sending module 502, the public key for generating processing module 503 are sent to key server preservation.
In a kind of illustrative scheme, receiving module 501, for receiving at least one cloud of user management portal transmission The identification information of applications client.
Memory module 504 is used for the received identification information storage of receiving module 501 in memory list.
Wherein, the technical effect of embodiment of the method described in above-mentioned Fig. 2 is related to content and realization can be helped directly Draw the description in proxy server embodiment described in Fig. 5 in corresponding functional module, specifically repeats no more.
Referring to Fig. 6, the embodiment of the present invention provides a kind of proxy server 103, which includes:
Receiving module 601, for receiving the second data acquisition request of cloud application client transmission;Second data acquisition is asked Seek the middle identification information for carrying cloud application client;Wherein the identification information of cloud application client and cloud application server-side one are a pair of It answers.
Sending module 602, for by received second data acquisition request of receiving module 601 according to cloud application client Identification information is sent to corresponding cloud application server-side.
Receiving module 601 is also used to receive the second data of cloud application server-side transmission;Second data are added using public key It is close;The identification information of cloud application client is wherein carried in the second data.
Processing module 603, for confirming the identification information and memory module of the received cloud application client of receiving module 601 When 604 identification informations that store in memory list are consistent, according to the received private key of receiving module 601 to the second data deciphering.
Sending module 602, second for being decrypted processing module 603 according to the received identification information of receiving module 601 Data are sent to cloud application client.
In a kind of illustrative scheme, receiving module 601, for receiving the logging request of user management portal transmission; Logging request includes user information, and user information includes account and password.
Sending module 602, after confirming that account logs in successfully for processing module 603, according to user information to cipher key service Device sends encryption key acquisition request.
Receiving module 601, for receiving the encryption key of key server return.
Processing module 603, for generation private key to be decrypted according to password to the received encryption key of receiving module 601.
In a kind of illustrative scheme, receiving module 601, for receiving the registration request of user management portal transmission; Registration request includes that administrator directly inputs user information by user management portal and registers or pass through third-party platform User information registered.
Processing module 603 generates private key after confirming that account succeeds in registration.
Processing module 603 is also used to carry out encryption to private key according to password to generate encryption key.
Sending module 602, the encryption key for generating processing module 603, which is sent in key server, to be saved.
In a kind of illustrative scheme, receiving module 601, for receiving at least one cloud of user management portal transmission The identification information of applications client.
Memory module 604, for by the identification information storage of at least one the received cloud application client of receiving module 601 In memory.
Wherein, the technical effect of embodiment of the method described in above-mentioned Fig. 4 is related to content and realization can be helped directly Draw the description in proxy server embodiment described in Fig. 6 in corresponding functional module, specifically repeats no more.
The step of method in conjunction with described in the disclosure of invention or algorithm can realize in a manner of hardware, can also It is realized in a manner of being to execute software instruction by processor.Such as: above-mentioned receiving module, processing module, memory module with And sending module can be realized or be concentrated in same processor by individual processor and realized.The embodiment of the present invention also mentions For a kind of storage medium, which may include memory, for being stored as computer software used in proxy server Instruction, it includes execute program code designed by the data guard method of user cloud.Specifically, software instruction can be by corresponding Software module composition, software module can be stored on random access memory (Random Access Memory, RAM), Flash memory, read-only memory (Read Only Memory, ROM), Erasable Programmable Read Only Memory EPROM (Erasable Programmable ROM, EPROM), Electrically Erasable Programmable Read-Only Memory (Electrically EPROM, EEPROM), post Storage, hard disk, mobile hard disk, CD-ROM (CD-ROM) or any other form well known in the art storage medium in. A kind of illustrative storage medium is coupled to processor, to enable a processor to from the read information, and can be to Information is written in the storage medium.Certainly, storage medium is also possible to the component part of processor.
The embodiment of the present invention also provides a kind of computer program, which can be loaded directly into memory, and Containing software code, which is loaded into via computer and can be realized above-mentioned user cloud data protection after executing Method.
Those skilled in the art are it will be appreciated that in said one or multiple examples, function described in the invention It can be realized with hardware, software, firmware or their any combination.It when implemented in software, can be by these functions Storage in computer-readable medium or as on computer-readable medium one or more instructions or code transmitted. Computer-readable medium includes computer storage media and communication media, and wherein communication media includes convenient for from a place to another Any medium of one place transmission computer program.Storage medium can be general or specialized computer can access it is any Usable medium.
More than, only a specific embodiment of the invention, but scope of protection of the present invention is not limited thereto, and it is any to be familiar with In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by those skilled in the art, should all cover Within protection scope of the present invention.Therefore, protection scope of the present invention should be subject to the protection scope in claims.

Claims (16)

1. a kind of user cloud data guard method characterized by comprising
Proxy server receives the first data that cloud application client is sent;The cloud application client is carried in first data The identification information at end;
The proxy server confirms that the mark that stores is believed in the identification information and memory list of the cloud application client When ceasing consistent, according to public key to first data encryption, and it is sent to corresponding cloud application server-side;The wherein cloud application The identification information of client and the cloud application server-side correspond.
2. the guard method of user cloud according to claim 1 data, which is characterized in that the proxy server receives Before the first data that cloud application client is sent, comprising:
The proxy server receives the logging request that the user management portal is sent, and the logging request includes user's letter Breath, the user information includes account and password;
After the proxy server confirms that the account logs in successfully, public key is sent to key server according to the user information Acquisition request, and receive the public key that the key server returns.
3. the guard method of user cloud according to claim 2 data, which is characterized in that the proxy server receives Before the logging request that the user management portal is sent, comprising:
The proxy server receives the registration request that the user management portal is sent, and the registration request includes the user The user information for managing the user information of the received user's input of portal or being obtained by third-party platform;
After the proxy server confirms that the account succeeds in registration, the public key is generated, and public key preservation is sent to Key server saves.
4. the guard method of user cloud according to claim 1 data, which is characterized in that the proxy server receives Before the first data that cloud application client is sent, further includes:
The proxy server receives the identification information at least one cloud application client that the user management portal is sent, and By the identification information storage in memory list.
5. a kind of user cloud data guard method characterized by comprising
Proxy server receives the second data acquisition request that cloud application client is sent;It is taken in second data acquisition request Identification information with the cloud application client;The wherein identification information of the cloud application client and the cloud application server-side It corresponds;
Second data acquisition request is sent to by the proxy server according to the identification information of the cloud application client Corresponding cloud application server-side;
The proxy server receives the second data that the cloud application server-side is sent;Second data are added using public key It is close;The identification information of the cloud application client is wherein carried in second data;
The proxy server confirms what the identification information of the cloud application client and memory module stored in memory list When identification information is consistent, according to private key to second data deciphering, and sent out according to the identification information of the cloud application client It send to cloud application client.
6. the guard method of user cloud according to claim 5 data, which is characterized in that the proxy server receives Before the second data acquisition request that cloud application client is sent, comprising:
The proxy server receives the logging request that user management portal is sent;The logging request includes user information, institute Stating user information includes account and password;
After the proxy server confirmation account logs in successfully, encryption key is sent to key server according to the user information Acquisition request;
The proxy server receives the encryption key that the key server returns, and to the encryption key according to institute It states password and the generation private key is decrypted.
7. the guard method of user cloud according to claim 6 data, which is characterized in that the proxy server receives User management portal send logging request, include: before
The proxy server receives the registration request that user management portal is sent;The registration request includes that administrator passes through institute State user management portal directly input user information carry out register or registered by the user information of third-party platform;
After the proxy server confirmation account succeeds in registration, the private key is generated;
The proxy server carries out encryption to the private key according to the password and generates encryption key, and by the encryption key It is sent in key server and saves.
8. the guard method of user cloud according to claim 5 data, which is characterized in that the proxy server receives The second data acquisition request that cloud application client is sent, before further include:
The proxy server receives the identification information at least one cloud application client that the user management portal is sent, and By the identification information storage of at least one cloud application client in memory.
9. a kind of proxy server characterized by comprising
Receiving module, for receiving the first data of cloud application client transmission;The cloud application is carried in first data The identification information of client;
Processing module, identification information and memory module for confirming the received cloud application client of the receiving module exist When the identification information stored in memory list is consistent, first data are added according to the received public key of the receiving module It is close;
Sending module, the first data for encrypting the processing module are sent to corresponding cloud application server-side;Wherein institute The identification information and the cloud application server-side for stating cloud application client correspond.
10. proxy server according to claim 9 characterized by comprising
The receiving module, the logging request sent for receiving the user management portal, the logging request includes user Information, the user information include account and password;
The sending module, after confirming that the account logs in successfully for the processing module, according to the user information to close Key server sends public key acquisition request;
The receiving module is also used to receive the public key that the key server returns.
11. proxy server according to claim 10 characterized by comprising
The receiving module, the registration request sent for receiving the user management portal, the registration request include described The user information of the received user's input of user management portal or the user information obtained by third-party platform;
The processing module generates the public key after confirming that the account succeeds in registration;
The sending module, the public key for generating the processing module are sent to the key server and save.
12. proxy server according to claim 9 characterized by comprising
The receiving module, for receiving the mark letter at least one cloud application client that the user management portal is sent Breath;
The memory module is used for the received identification information storage of the receiving module in memory list.
13. a kind of proxy server characterized by comprising
Receiving module, for receiving the second data acquisition request of cloud application client transmission;Second data acquisition request The middle identification information for carrying the cloud application client;Wherein the identification information of the cloud application client and the cloud application take Business end corresponds;
Sending module is used for received second data acquisition request of the receiving module according to the cloud application client Identification information be sent to corresponding cloud application server-side;
The receiving module is also used to receive the second data that the cloud application server-side is sent;Second data are using public Key encryption;The identification information of the cloud application client is wherein carried in second data;
Processing module, identification information and memory module for confirming the received cloud application client of the receiving module exist When the identification information stored in memory list is consistent, according to the received private key of the receiving module to the second data solution It is close;
The sending module, for according to the identification information of the received cloud application client of the receiving module by the place Second data of reason module decryption are sent to cloud application client.
14. proxy server according to claim 13 characterized by comprising
The receiving module, for receiving the logging request of user management portal transmission;The logging request includes user information, The user information includes account and password;
The sending module after logging in successfully for processing module confirmation account, takes according to the user information to key Business device sends encryption key acquisition request;
The receiving module, the encryption key returned for receiving the key server;
The processing module, for generation to be decrypted according to the password to the received encryption key of the receiving module The private key.
15. proxy server according to claim 14 characterized by comprising
The receiving module, for receiving the registration request of user management portal transmission;The registration request includes that administrator is logical Cross the user management portal directly input user information carry out register or infused by the user information of third-party platform Volume;
The processing module generates the private key after confirming that account succeeds in registration;
The processing module is also used to carry out encryption to the private key according to the password to generate encryption key;
The sending module, the encryption key for generating the processing module, which is sent in key server, to be saved.
16. proxy server according to claim 13 characterized by comprising
The receiving module, for receiving the mark letter at least one cloud application client that the user management portal is sent Breath;
The memory module, for depositing the identification information of received at least one the cloud application client of the receiving module It is stored in memory.
CN201810779455.6A 2018-07-16 2018-07-16 A kind of user cloud data guard method and proxy server Pending CN109067712A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810779455.6A CN109067712A (en) 2018-07-16 2018-07-16 A kind of user cloud data guard method and proxy server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810779455.6A CN109067712A (en) 2018-07-16 2018-07-16 A kind of user cloud data guard method and proxy server

Publications (1)

Publication Number Publication Date
CN109067712A true CN109067712A (en) 2018-12-21

Family

ID=64816824

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810779455.6A Pending CN109067712A (en) 2018-07-16 2018-07-16 A kind of user cloud data guard method and proxy server

Country Status (1)

Country Link
CN (1) CN109067712A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109918884A (en) * 2019-03-08 2019-06-21 杨飞洋 Cipher management method based on cloud and cell phone application
CN110338040A (en) * 2019-08-19 2019-10-18 冠生园(集团)有限公司 Automatic irrigation system based on Internet of Things safety
CN110753091A (en) * 2019-09-23 2020-02-04 北京云和时空科技有限公司 Cloud platform management method and device
CN112104623A (en) * 2020-08-31 2020-12-18 北京爱奇艺科技有限公司 Cloud application login method and device, cloud equipment, client and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102655508A (en) * 2012-04-19 2012-09-05 华中科技大学 Method for protecting privacy data of users in cloud environment
CN105610845A (en) * 2016-01-05 2016-05-25 深圳云安宝科技有限公司 Data routing method and device based on cloud service and system
WO2016144694A1 (en) * 2015-03-12 2016-09-15 Vormetric, Inc. Secure and control data migrating between enterprise and cloud services
CN107070931A (en) * 2017-04-21 2017-08-18 北京奇安信科技有限公司 Cloud application data upload/access method, system and cloud proxy server
CN107370725A (en) * 2017-06-21 2017-11-21 西安电子科技大学 The access method and system of general encrypting database under a kind of cloud environment
US20180060435A1 (en) * 2015-09-11 2018-03-01 Skyhigh Networks, Inc. Wildcard search in encrypted text using order preserving encryption

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102655508A (en) * 2012-04-19 2012-09-05 华中科技大学 Method for protecting privacy data of users in cloud environment
WO2016144694A1 (en) * 2015-03-12 2016-09-15 Vormetric, Inc. Secure and control data migrating between enterprise and cloud services
US20180060435A1 (en) * 2015-09-11 2018-03-01 Skyhigh Networks, Inc. Wildcard search in encrypted text using order preserving encryption
CN105610845A (en) * 2016-01-05 2016-05-25 深圳云安宝科技有限公司 Data routing method and device based on cloud service and system
CN107070931A (en) * 2017-04-21 2017-08-18 北京奇安信科技有限公司 Cloud application data upload/access method, system and cloud proxy server
CN107370725A (en) * 2017-06-21 2017-11-21 西安电子科技大学 The access method and system of general encrypting database under a kind of cloud environment

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109918884A (en) * 2019-03-08 2019-06-21 杨飞洋 Cipher management method based on cloud and cell phone application
CN110338040A (en) * 2019-08-19 2019-10-18 冠生园(集团)有限公司 Automatic irrigation system based on Internet of Things safety
CN110338040B (en) * 2019-08-19 2021-09-07 冠生园(集团)有限公司 Automatic irrigation system based on safety of Internet of things
CN110753091A (en) * 2019-09-23 2020-02-04 北京云和时空科技有限公司 Cloud platform management method and device
CN112104623A (en) * 2020-08-31 2020-12-18 北京爱奇艺科技有限公司 Cloud application login method and device, cloud equipment, client and system
CN112104623B (en) * 2020-08-31 2023-01-10 北京爱奇艺科技有限公司 Cloud application login method and device, cloud equipment, client and system

Similar Documents

Publication Publication Date Title
CN107251035B (en) Account recovery protocol
US9767299B2 (en) Secure cloud data sharing
CN102457507B (en) Cloud computing resources secure sharing method, Apparatus and system
CN104969201B (en) For calling the safe interface of privileged operation
JP4991035B2 (en) Secure message system with remote decryption service
CN103763319B (en) Method for safely sharing mobile cloud storage light-level data
US8281136B2 (en) Techniques for key distribution for use in encrypted communications
US20070240226A1 (en) Method and apparatus for user centric private data management
CN109067712A (en) A kind of user cloud data guard method and proxy server
CN101212291B (en) Digit certificate distribution method and server
CN104662870A (en) Data security management system
CN108880822A (en) A kind of identity identifying method, device, system and a kind of intelligent wireless device
CN103248479A (en) Cloud storage safety system, data protection method and data sharing method
US20170279807A1 (en) Safe method to share data and control the access to these in the cloud
CN111770088A (en) Data authentication method, device, electronic equipment and computer readable storage medium
CN101919202A (en) Information distribution system and program for the same
CN104704511A (en) Qr code utilization in self-registration in a network
US20090249447A1 (en) Information processing system and computer-readable recording medium
CN104992100B (en) Iris dynamic encryption decryption system and method for electronic document circulation
CN102404337A (en) Data encryption method and device
CN109740319A (en) Digital identity verification method and server
CN111786795B (en) Domain name registration method, domain name supervision method, client and domain name supervision terminal
KR101241864B1 (en) System for User-Centric Identity management and method thereof
JP5485452B1 (en) Key management system, key management method, user terminal, key generation management device, and program
CN113886793A (en) Device login method, device, electronic device, system and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181221