CN109067712A - A kind of user cloud data guard method and proxy server - Google Patents
A kind of user cloud data guard method and proxy server Download PDFInfo
- Publication number
- CN109067712A CN109067712A CN201810779455.6A CN201810779455A CN109067712A CN 109067712 A CN109067712 A CN 109067712A CN 201810779455 A CN201810779455 A CN 201810779455A CN 109067712 A CN109067712 A CN 109067712A
- Authority
- CN
- China
- Prior art keywords
- cloud application
- data
- sent
- proxy server
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Multimedia (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the present invention discloses a kind of user cloud data guard method and proxy server; it is related to technical field of network security; while by way of using automatic encryption and decryption to data, capable of guaranteeing the safety of data of deposit cloud application server, the convenience of data access process is improved.This method comprises: proxy server receives the first data that cloud application client is sent;The identification information of cloud application client is carried in first data;When the identification information stored in proxy server confirmation identification information and memory list is consistent, according to public key to the first data encryption, and it is sent to corresponding cloud application server-side;Wherein the identification information of cloud application client and cloud application server-side correspond.The embodiment of the present invention is applied to network system.
Description
Technical field
The embodiment of the present invention be related to technical field of network security more particularly to a kind of user cloud data guard method and
Proxy server.
Background technique
With the fast development of information technology and intelligent terminal, cloud application is widely present in every field.Use cloud application
User can all generate mass data file daily, be much directed to personal secret or privacy with enterprise, therefore data are pacified
Full problem is the key that cloud disk.Although cloud application is real currently, most cloud application provides some security solutions for user
Be on border it is incredible, for initiative not in user hand, some professionals or administrator can obtain data file easily, use
Family is in passive state, is easy to cause the generation of a large number of users leakage of data event.Also user encrypts in advance to data manually,
Cloud application server-side is uploaded to again, although user is possessed of control power in this way, since encrypted data file still has by violence
The possibility cracked, and frequent access process makes the process of manual encrypting and decrypting complex, makes troubles.
Summary of the invention
The embodiment of the present invention provides a kind of user cloud data guard method and proxy server, can be by data
By the way of automatic encryption and decryption, while guaranteeing the safety of the data of deposit cloud application server, data access mistake is improved
The convenience of journey.
In a first aspect, a kind of user cloud data guard method is provided, this method comprises: proxy server receives cloud application
The first data that client is sent;The identification information of cloud application client is carried in first data;Proxy server confirmation cloud is answered
When consistent with the identification information stored in the identification information of client and memory list, according to public key to the first data encryption, and
It is sent to corresponding cloud application server-side;Wherein the identification information of cloud application client and cloud application server-side correspond.
In the above-mentioned methods, proxy server receives the first data that cloud application client is sent, and confirms in the first data
When the identification information stored in the identification information of carrying cloud application client and memory list is consistent, using public key to the first data
It is encrypted, and the first data is sent to cloud application server corresponding with cloud application client.The application passes through to data
By the way of encrypting automatically, guarantees the safety of the data of deposit cloud application server, improve the convenient of data storage procedure
Property.
Optionally, before the first data that proxy server reception cloud application client is sent, comprising: proxy server connects
The logging request that user management portal is sent is received, logging request includes user information, and user information includes account and password;Agency
After server confirmation account logs in successfully, public key acquisition request is sent to key server according to user information, and receive key
The public key that server returns.
Optionally, before the logging request that proxy server reception user management portal is sent, comprising: proxy server connects
The registration request that user management portal is sent is received, registration request includes the user information of the received user's input of user management portal
Or the user information obtained by third-party platform;After proxy server confirmation account succeeds in registration, public key is generated, and will be public
Key preservation is sent to key server preservation.
Optionally, before the first data that proxy server reception cloud application client is sent, further includes: proxy server
The identification information at least one cloud application client that user management portal is sent is received, and by identification information storage in rank
In table.
Second aspect provides a kind of user cloud data guard method, this method comprises: proxy server receives cloud application
The second data acquisition request that client is sent;The identification information of cloud application client is carried in second data acquisition request;Its
The identification information and cloud application server-side of medium cloud applications client correspond;Proxy server is by the second data acquisition request root
Corresponding cloud application server-side is sent to according to the identification information of cloud application client;Proxy server receives cloud application server-side hair
The second data sent;Second data use public key encryption;The identification information of cloud application client is wherein carried in the second data;Generation
When the identification information of reason server confirmation cloud application client is consistent with the identification information that memory module stores in memory list,
According to private key to the second data deciphering, and cloud application client is sent to according to the identification information of cloud application client.
In the above-mentioned methods, after proxy server receives the second data acquisition request that cloud application client is sent, according to
The identification information that cloud application client is carried in second data acquisition request, the second data acquisition request is sent to and cloud application
The corresponding cloud application server-side of client;Then the second data using public key encryption that cloud application server-side returns are received;Generation
When the identification information of reason server confirmation cloud application server-side is consistent with the identification information that memory module stores in memory list,
According to private key to the second data deciphering, and the second data after decryption are sent to cloud according to the identification information of cloud application server-side
Applications client.The application guarantees to obtain data from cloud application server by way of decrypting data automatically using private key
Safety, improve the convenience of data acquisition.
Optionally, before the second data acquisition request that proxy server reception cloud application client is sent, comprising: agency
Server receives the logging request that user management portal is sent;Logging request includes user information, user information include account and
Password.After proxy server confirmation account logs in successfully, encryption key acquisition is sent to key server according to user information and is asked
It asks;Proxy server receives the encryption key that key server returns, and generation private is decrypted according to password to encryption key
Key.
Optionally, proxy server receives the logging request that user management portal is sent, and before includes: that proxy server connects
Receive the registration request that user management portal is sent;Registration request, which includes administrator, directly inputs user's letter by user management portal
Breath register or registered by the user information of third-party platform.After proxy server confirmation account succeeds in registration,
Generate private key;Proxy server carries out encryption to private key according to password and generates encryption key, and encryption key is sent to key
It is saved in server.
Optionally, proxy server receives the second data acquisition request that cloud application client is sent, before further include: generation
It manages server and receives the identification information at least one cloud application client that user management portal is sent, and at least one cloud is answered
With the identification information storage of client in memory.
The third aspect provides a kind of proxy server, which includes:
Receiving module, for receiving the first data of cloud application client transmission;Cloud application client is carried in first data
The identification information at end.
Processing module, the identification information and memory module for confirming the received cloud application client of receiving module are in memory
When the identification information stored in list is consistent, according to the received public key of receiving module to the first data encryption.
Sending module, the first data for encrypting processing module are sent to corresponding cloud application server-side;Its medium cloud
The identification information and cloud application server-side of applications client correspond.
Optionally, receiving module, for receiving the logging request of user management portal transmission, logging request includes user's letter
Breath, user information includes account and password.
Sending module after logging in successfully for processing module confirmation account, is sent according to user information to key server
Public key acquisition request.
Receiving module is also used to receive the public key of key server return.
Optionally, receiving module, for receiving the registration request of user management portal transmission, registration request includes user's pipe
The user information managing the user information of the received user's input of portal or being obtained by third-party platform.
Processing module generates public key after confirming that account succeeds in registration.
Sending module, the public key for generating processing module are sent to key server preservation.
Optionally, receiving module, the mark of at least one cloud application client for receiving the transmission of user management portal
Information.
Memory module is used for the received identification information storage of receiving module in memory list.
It is to be appreciated that a kind of proxy server of above-mentioned offer is corresponding for executing first aspect presented above
Method, therefore, attainable beneficial effect can refer in method and the following detailed description of first aspect above
The beneficial effect of corresponding scheme, details are not described herein again.
Fourth aspect provides a kind of proxy server, which includes:
Receiving module, for receiving the second data acquisition request of cloud application client transmission;Second data acquisition request
The middle identification information for carrying cloud application client;Wherein the identification information of cloud application client and cloud application server-side one are a pair of
It answers.
Sending module, for believing received second data acquisition request of receiving module according to the mark of cloud application client
Breath is sent to corresponding cloud application server-side.
Receiving module is also used to receive the second data of cloud application server-side transmission;Second data use public key encryption;Its
In the identification information of cloud application client is carried in the second data.
Processing module, the identification information and memory module for confirming the received cloud application client of receiving module are in memory
When the identification information stored in list is consistent, according to the received private key of receiving module to the second data deciphering.
Sending module, the second data for being decrypted processing module according to the received identification information of receiving module are sent to
Cloud application client.
Optionally, receiving module, for receiving the logging request of user management portal transmission;Logging request includes user's letter
Breath, user information includes account and password.
Sending module sends encryption key to key server according to user information after confirming that account logs in successfully
Acquisition request.
Receiving module, for receiving the encryption key of key server return.
Processing module, for generation private key to be decrypted according to password to the received encryption key of receiving module.
Optionally, receiving module, for receiving the registration request of user management portal transmission;Registration request includes administrator
User information is directly inputted by user management portal to carry out registration or registered by the user information of third-party platform.
Processing module generates private key after confirming that account succeeds in registration.
Processing module is also used to carry out encryption to private key according to password to generate encryption key.
Sending module, the encryption key for generating processing module, which is sent in key server, to be saved.
Optionally, receiving module, the mark of at least one cloud application client for receiving the transmission of user management portal
Information.
Memory module, for by the identification information storage of at least one received cloud application client of receiving module in memory
In.
It is to be appreciated that a kind of proxy server of above-mentioned offer is corresponding for executing second aspect presented above
Method, therefore, attainable beneficial effect can refer in method and the following detailed description of second aspect above
The beneficial effect of corresponding scheme, details are not described herein again.
Detailed description of the invention
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Fig. 1 is a kind of structural schematic diagram for user cloud data protection system that the embodiment of the present invention provides;
Fig. 2 is a kind of flow diagram for user cloud data guard method that the embodiment of the present invention provides;
Fig. 3 is a kind of flow diagram for registration log-on proxy server that the embodiment of the present invention provides;
Fig. 4 is the flow diagram for another user cloud data guard method that the embodiment of the present invention provides;
Fig. 5 is a kind of structural schematic diagram for proxy server that the embodiment of the present invention provides;
Fig. 6 is the structural schematic diagram for another proxy server that the embodiment of the present invention provides.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Cloud application provides a user the data management functions such as online file storage, access, backup, shared, and no matter is user
Anywhere, as long as can connect to internet, so that it may carry out the access of data, but user data by cloud application client
Leakage is always a focus of nowadays internet world, and keeps off grave danger on cloud application Commercial road.Existing skill
There is no strong guarantees for user data for the cloud application of art, therefore user data still has the risk of leakage.Referring to Fig.1,
A kind of user cloud data protection system 10 of the embodiment of the present invention, including cloud application server-side 101, cloud application client 102, generation
Manage server 103 and user management device 104.Wherein user management device 104 includes user management portal 104-1, key
Server 104-2 and third-party platform 104-3.Illustratively, cloud application client can be clear in various terminal equipment
Look at device plug-in unit, locally applied or application APP (Application) etc..
Referring to Fig. 2, the embodiment of the present invention provides a kind of user cloud data guard method, this method comprises:
201, proxy server receives the first data that cloud application client is sent;Cloud application client is carried in first data
The identification information at end.
In addition, before the first data that proxy server reception cloud application client is sent, comprising: proxy server receives
The logging request that user management portal is sent, logging request includes user information, and user information includes account and password;Agency's clothes
After business device confirmation account logs in successfully, public key acquisition request is sent to key server according to user information, and receive key clothes
The public key that business device returns.
In addition, before the logging request that proxy server reception user management portal is sent, comprising: proxy server receives
The registration request that user management portal is sent, registration request include the received user input of user management portal user information or
The user information that person is obtained by third-party platform;After proxy server confirmation account succeeds in registration, public key is generated, and by public key
Preservation is sent to key server preservation.
Detailed, public key only generates after proxy server confirmation account succeeds in registration primary.
In order to better understand, referring to Fig. 3, exemplary theory is carried out to using user information to register log-on proxy server
It is bright, the specific steps are as follows:
301, the user information that user management portal is sent is received.
302, whether confirmation user information is third-party platform user information.If going to step 309, otherwise jump to
Step 303.
303, judge whether user information is registered.If going to step 304,306 are otherwise gone to step.
304, it is logged in using user information.Go to step 305.
305, judge whether to login successfully.If terminating, 304 are otherwise gone to step.
306, user information registration is carried out.Go to step 307.
307, judge whether to succeed in registration.If going to step 308,306 are otherwise gone to step.
308, user identity is proved that UID and register account number are bound.Go to step 304.
309, third-party platform certification is carried out.Go to step 310.
310, judge whether to authenticate successfully.If going to step 308,309 are otherwise gone to step.
Illustratively, when enterprise there are more proxy servers, more agency's clothes can be logged in using unified account number registration
Business device can be encrypted when guaranteeing to upload data using unified public key.
In addition, before the first data that proxy server reception cloud application client is sent, further includes: proxy server connects
The identification information at least one cloud application client that user management portal is sent is received, and by identification information storage in memory list
In.
202, the identification information one that stores in the identification information of proxy server confirmation cloud application client and memory list
When cause, according to public key to the first data encryption, and it is sent to corresponding cloud application server-side;The wherein mark of cloud application client
Information and cloud application server-side correspond.
Detailed, cloud application client is uploaded to the first data of cloud application server-side by agency via proxy server
After server is encrypted using public key, retransmit to cloud application server-side;Received first number of cloud application server institute in this way
According to the first data for being forever encryption.
Illustratively, when proxy server needs replacing, agency of the original user information after replacement need to only be used
It carries out logging in the public key before can giving for change again by user management portal on server, guarantees that cloud application client passes through generation
The data that reason server is stored in corresponding cloud application server-side are encrypted using identical public key.
Illustratively, for the Intranet user of proxy server service, the mistake of the first data is stored by proxy server
Journey can be shared, and for external network user, then need to be arranged generation of the outer net address of proxy server as access proxies
Address is managed, so that Intranet user can whenever and wherever possible be encrypted the first data using public key using proxy server.
In the above-mentioned methods, proxy server receives the first data that cloud application client is sent, and confirms in the first data
When the identification information stored in the identification information of carrying cloud application client and memory list is consistent, using public key to the first data
It is encrypted, and the first data is sent to cloud application server corresponding with cloud application client.The application passes through to data
By the way of encrypting automatically, guarantees the safety of the data of deposit cloud application server, improve the convenient of data storage procedure
Property.
Referring to Fig. 4, the embodiment of the present invention provides a kind of user cloud data guard method, this method comprises:
401, proxy server receives the second data acquisition request that cloud application client is sent;Second data acquisition request
The middle identification information for carrying cloud application client;Wherein the identification information of cloud application client and cloud application server-side one are a pair of
It answers.
In addition, before the second data acquisition request that proxy server reception cloud application client is sent, comprising: the generation
It manages server and receives the logging request that user management portal is sent;The logging request includes user information, the user information
Including account and password;After proxy server confirmation account logs in successfully, according to the user information to key server
Send encryption key acquisition request;The proxy server receives the encryption key that the key server returns, and right
The encryption key is decrypted according to the password and generates the private key.
In addition, proxy server receives the logging request that user management portal is sent, it before include: the proxy server
Receive the registration request that user management portal is sent;The registration request includes that administrator is direct by the user management portal
Input user information register or registered by the user information of third-party platform;The proxy server confirms account
After number succeeding in registration, the private key is generated;The proxy server carries out encryption generation to the private key according to the password and adds
Close private key, and the encryption key is sent in key server and is saved.
Detailed, private key only generates after proxy server confirmation account succeeds in registration primary.
It should be noted that using user information registration log-on proxy server detailed step referring to Fig. 2, it is no longer superfluous here
It states.
Illustratively, when enterprise there are more proxy servers, more agency's clothes can be logged in using unified account number registration
Business device can be decrypted when guaranteeing to obtain the second data using unified private key.
In addition, proxy server receives the second data acquisition request that cloud application client is sent, before further include: agency
Server receives the identification information at least one cloud application client that user management portal is sent, and by least one cloud application
The identification information storage of client is in memory.
402, the second data acquisition request is sent to correspondence according to the identification information of cloud application client by proxy server
Cloud application server-side;
403, proxy server receives the second data that cloud application server-side is sent;Second data use public key encryption;Its
In the identification information of cloud application client is carried in the second data.
404, the identification information of proxy server confirmation cloud application client and memory module store in memory list
When identification information is consistent, according to private key to the second data deciphering, and cloud application client is sent to according to identification information.
Detailed, cloud application client is equal via the second data of the encryption that proxy server is obtained from cloud application server-side
After being decrypted by proxy server using private key, retransmit to cloud application client.
Illustratively, when proxy server needs replacing, agency of the original user information after replacement need to only be used
It carries out logging in the private key before can giving for change again by user management portal on server, guarantees that proxy server obtains cloud and answers
It is decrypted with the second data of server-side using identical private key.
Illustratively, for the Intranet user of proxy server service, the mistake of the second data is obtained by proxy server
Journey can be shared, and for external network user, then need to be arranged generation of the outer net address of proxy server as access proxies
Address is managed, so that the second data can be decrypted using private key using proxy server whenever and wherever possible for Intranet user.
In the above-mentioned methods, after proxy server receives the second data acquisition request that cloud application client is sent, according to
The identification information that cloud application client is carried in second data acquisition request, the second data acquisition request is sent to and cloud application
The corresponding cloud application server-side of client;Then the second data using public key encryption that cloud application server-side returns are received;Generation
When the identification information of reason server confirmation cloud application server-side is consistent with the identification information that memory module stores in memory list,
According to private key to the second data deciphering, and the second data after decryption are sent to cloud according to the identification information of cloud application server-side
Applications client.The application guarantees to obtain data from cloud application server by way of decrypting data automatically using private key
Safety, improve the convenience of data acquisition.
Referring to Fig. 5, the embodiment of the present invention provides a kind of proxy server 103, which includes:
Receiving module 501, for receiving the first data of cloud application client transmission;Cloud application visitor is carried in first data
The identification information at family end.
Processing module 503, for confirming the identification information and memory module of the received cloud application client of receiving module 501
When 504 identification informations that store in memory list are consistent, according to the received public key of receiving module 501 to the first data encryption.
Sending module 502, the first data for encrypting processing module 503 are sent to corresponding cloud application server-side;
Wherein the identification information of cloud application client and cloud application server-side correspond.
In a kind of illustrative scheme, receiving module 501, for receiving the logging request of user management portal transmission,
Logging request includes user information, and user information includes account and password.
Sending module 502, after confirming that account logs in successfully for processing module 503, according to user information to cipher key service
Device sends public key acquisition request.
Receiving module 501 is also used to receive the public key of key server return.
In a kind of illustrative scheme, receiving module 501, for receiving the registration request of user management portal transmission,
Registration request includes the user information of the received user's input of user management portal or the user by third-party platform acquisition
Information.
Processing module 503 generates public key after confirming that account succeeds in registration.
Sending module 502, the public key for generating processing module 503 are sent to key server preservation.
In a kind of illustrative scheme, receiving module 501, for receiving at least one cloud of user management portal transmission
The identification information of applications client.
Memory module 504 is used for the received identification information storage of receiving module 501 in memory list.
Wherein, the technical effect of embodiment of the method described in above-mentioned Fig. 2 is related to content and realization can be helped directly
Draw the description in proxy server embodiment described in Fig. 5 in corresponding functional module, specifically repeats no more.
Referring to Fig. 6, the embodiment of the present invention provides a kind of proxy server 103, which includes:
Receiving module 601, for receiving the second data acquisition request of cloud application client transmission;Second data acquisition is asked
Seek the middle identification information for carrying cloud application client;Wherein the identification information of cloud application client and cloud application server-side one are a pair of
It answers.
Sending module 602, for by received second data acquisition request of receiving module 601 according to cloud application client
Identification information is sent to corresponding cloud application server-side.
Receiving module 601 is also used to receive the second data of cloud application server-side transmission;Second data are added using public key
It is close;The identification information of cloud application client is wherein carried in the second data.
Processing module 603, for confirming the identification information and memory module of the received cloud application client of receiving module 601
When 604 identification informations that store in memory list are consistent, according to the received private key of receiving module 601 to the second data deciphering.
Sending module 602, second for being decrypted processing module 603 according to the received identification information of receiving module 601
Data are sent to cloud application client.
In a kind of illustrative scheme, receiving module 601, for receiving the logging request of user management portal transmission;
Logging request includes user information, and user information includes account and password.
Sending module 602, after confirming that account logs in successfully for processing module 603, according to user information to cipher key service
Device sends encryption key acquisition request.
Receiving module 601, for receiving the encryption key of key server return.
Processing module 603, for generation private key to be decrypted according to password to the received encryption key of receiving module 601.
In a kind of illustrative scheme, receiving module 601, for receiving the registration request of user management portal transmission;
Registration request includes that administrator directly inputs user information by user management portal and registers or pass through third-party platform
User information registered.
Processing module 603 generates private key after confirming that account succeeds in registration.
Processing module 603 is also used to carry out encryption to private key according to password to generate encryption key.
Sending module 602, the encryption key for generating processing module 603, which is sent in key server, to be saved.
In a kind of illustrative scheme, receiving module 601, for receiving at least one cloud of user management portal transmission
The identification information of applications client.
Memory module 604, for by the identification information storage of at least one the received cloud application client of receiving module 601
In memory.
Wherein, the technical effect of embodiment of the method described in above-mentioned Fig. 4 is related to content and realization can be helped directly
Draw the description in proxy server embodiment described in Fig. 6 in corresponding functional module, specifically repeats no more.
The step of method in conjunction with described in the disclosure of invention or algorithm can realize in a manner of hardware, can also
It is realized in a manner of being to execute software instruction by processor.Such as: above-mentioned receiving module, processing module, memory module with
And sending module can be realized or be concentrated in same processor by individual processor and realized.The embodiment of the present invention also mentions
For a kind of storage medium, which may include memory, for being stored as computer software used in proxy server
Instruction, it includes execute program code designed by the data guard method of user cloud.Specifically, software instruction can be by corresponding
Software module composition, software module can be stored on random access memory (Random Access Memory, RAM),
Flash memory, read-only memory (Read Only Memory, ROM), Erasable Programmable Read Only Memory EPROM (Erasable
Programmable ROM, EPROM), Electrically Erasable Programmable Read-Only Memory (Electrically EPROM, EEPROM), post
Storage, hard disk, mobile hard disk, CD-ROM (CD-ROM) or any other form well known in the art storage medium in.
A kind of illustrative storage medium is coupled to processor, to enable a processor to from the read information, and can be to
Information is written in the storage medium.Certainly, storage medium is also possible to the component part of processor.
The embodiment of the present invention also provides a kind of computer program, which can be loaded directly into memory, and
Containing software code, which is loaded into via computer and can be realized above-mentioned user cloud data protection after executing
Method.
Those skilled in the art are it will be appreciated that in said one or multiple examples, function described in the invention
It can be realized with hardware, software, firmware or their any combination.It when implemented in software, can be by these functions
Storage in computer-readable medium or as on computer-readable medium one or more instructions or code transmitted.
Computer-readable medium includes computer storage media and communication media, and wherein communication media includes convenient for from a place to another
Any medium of one place transmission computer program.Storage medium can be general or specialized computer can access it is any
Usable medium.
More than, only a specific embodiment of the invention, but scope of protection of the present invention is not limited thereto, and it is any to be familiar with
In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by those skilled in the art, should all cover
Within protection scope of the present invention.Therefore, protection scope of the present invention should be subject to the protection scope in claims.
Claims (16)
1. a kind of user cloud data guard method characterized by comprising
Proxy server receives the first data that cloud application client is sent;The cloud application client is carried in first data
The identification information at end;
The proxy server confirms that the mark that stores is believed in the identification information and memory list of the cloud application client
When ceasing consistent, according to public key to first data encryption, and it is sent to corresponding cloud application server-side;The wherein cloud application
The identification information of client and the cloud application server-side correspond.
2. the guard method of user cloud according to claim 1 data, which is characterized in that the proxy server receives
Before the first data that cloud application client is sent, comprising:
The proxy server receives the logging request that the user management portal is sent, and the logging request includes user's letter
Breath, the user information includes account and password;
After the proxy server confirms that the account logs in successfully, public key is sent to key server according to the user information
Acquisition request, and receive the public key that the key server returns.
3. the guard method of user cloud according to claim 2 data, which is characterized in that the proxy server receives
Before the logging request that the user management portal is sent, comprising:
The proxy server receives the registration request that the user management portal is sent, and the registration request includes the user
The user information for managing the user information of the received user's input of portal or being obtained by third-party platform;
After the proxy server confirms that the account succeeds in registration, the public key is generated, and public key preservation is sent to
Key server saves.
4. the guard method of user cloud according to claim 1 data, which is characterized in that the proxy server receives
Before the first data that cloud application client is sent, further includes:
The proxy server receives the identification information at least one cloud application client that the user management portal is sent, and
By the identification information storage in memory list.
5. a kind of user cloud data guard method characterized by comprising
Proxy server receives the second data acquisition request that cloud application client is sent;It is taken in second data acquisition request
Identification information with the cloud application client;The wherein identification information of the cloud application client and the cloud application server-side
It corresponds;
Second data acquisition request is sent to by the proxy server according to the identification information of the cloud application client
Corresponding cloud application server-side;
The proxy server receives the second data that the cloud application server-side is sent;Second data are added using public key
It is close;The identification information of the cloud application client is wherein carried in second data;
The proxy server confirms what the identification information of the cloud application client and memory module stored in memory list
When identification information is consistent, according to private key to second data deciphering, and sent out according to the identification information of the cloud application client
It send to cloud application client.
6. the guard method of user cloud according to claim 5 data, which is characterized in that the proxy server receives
Before the second data acquisition request that cloud application client is sent, comprising:
The proxy server receives the logging request that user management portal is sent;The logging request includes user information, institute
Stating user information includes account and password;
After the proxy server confirmation account logs in successfully, encryption key is sent to key server according to the user information
Acquisition request;
The proxy server receives the encryption key that the key server returns, and to the encryption key according to institute
It states password and the generation private key is decrypted.
7. the guard method of user cloud according to claim 6 data, which is characterized in that the proxy server receives
User management portal send logging request, include: before
The proxy server receives the registration request that user management portal is sent;The registration request includes that administrator passes through institute
State user management portal directly input user information carry out register or registered by the user information of third-party platform;
After the proxy server confirmation account succeeds in registration, the private key is generated;
The proxy server carries out encryption to the private key according to the password and generates encryption key, and by the encryption key
It is sent in key server and saves.
8. the guard method of user cloud according to claim 5 data, which is characterized in that the proxy server receives
The second data acquisition request that cloud application client is sent, before further include:
The proxy server receives the identification information at least one cloud application client that the user management portal is sent, and
By the identification information storage of at least one cloud application client in memory.
9. a kind of proxy server characterized by comprising
Receiving module, for receiving the first data of cloud application client transmission;The cloud application is carried in first data
The identification information of client;
Processing module, identification information and memory module for confirming the received cloud application client of the receiving module exist
When the identification information stored in memory list is consistent, first data are added according to the received public key of the receiving module
It is close;
Sending module, the first data for encrypting the processing module are sent to corresponding cloud application server-side;Wherein institute
The identification information and the cloud application server-side for stating cloud application client correspond.
10. proxy server according to claim 9 characterized by comprising
The receiving module, the logging request sent for receiving the user management portal, the logging request includes user
Information, the user information include account and password;
The sending module, after confirming that the account logs in successfully for the processing module, according to the user information to close
Key server sends public key acquisition request;
The receiving module is also used to receive the public key that the key server returns.
11. proxy server according to claim 10 characterized by comprising
The receiving module, the registration request sent for receiving the user management portal, the registration request include described
The user information of the received user's input of user management portal or the user information obtained by third-party platform;
The processing module generates the public key after confirming that the account succeeds in registration;
The sending module, the public key for generating the processing module are sent to the key server and save.
12. proxy server according to claim 9 characterized by comprising
The receiving module, for receiving the mark letter at least one cloud application client that the user management portal is sent
Breath;
The memory module is used for the received identification information storage of the receiving module in memory list.
13. a kind of proxy server characterized by comprising
Receiving module, for receiving the second data acquisition request of cloud application client transmission;Second data acquisition request
The middle identification information for carrying the cloud application client;Wherein the identification information of the cloud application client and the cloud application take
Business end corresponds;
Sending module is used for received second data acquisition request of the receiving module according to the cloud application client
Identification information be sent to corresponding cloud application server-side;
The receiving module is also used to receive the second data that the cloud application server-side is sent;Second data are using public
Key encryption;The identification information of the cloud application client is wherein carried in second data;
Processing module, identification information and memory module for confirming the received cloud application client of the receiving module exist
When the identification information stored in memory list is consistent, according to the received private key of the receiving module to the second data solution
It is close;
The sending module, for according to the identification information of the received cloud application client of the receiving module by the place
Second data of reason module decryption are sent to cloud application client.
14. proxy server according to claim 13 characterized by comprising
The receiving module, for receiving the logging request of user management portal transmission;The logging request includes user information,
The user information includes account and password;
The sending module after logging in successfully for processing module confirmation account, takes according to the user information to key
Business device sends encryption key acquisition request;
The receiving module, the encryption key returned for receiving the key server;
The processing module, for generation to be decrypted according to the password to the received encryption key of the receiving module
The private key.
15. proxy server according to claim 14 characterized by comprising
The receiving module, for receiving the registration request of user management portal transmission;The registration request includes that administrator is logical
Cross the user management portal directly input user information carry out register or infused by the user information of third-party platform
Volume;
The processing module generates the private key after confirming that account succeeds in registration;
The processing module is also used to carry out encryption to the private key according to the password to generate encryption key;
The sending module, the encryption key for generating the processing module, which is sent in key server, to be saved.
16. proxy server according to claim 13 characterized by comprising
The receiving module, for receiving the mark letter at least one cloud application client that the user management portal is sent
Breath;
The memory module, for depositing the identification information of received at least one the cloud application client of the receiving module
It is stored in memory.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810779455.6A CN109067712A (en) | 2018-07-16 | 2018-07-16 | A kind of user cloud data guard method and proxy server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810779455.6A CN109067712A (en) | 2018-07-16 | 2018-07-16 | A kind of user cloud data guard method and proxy server |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109067712A true CN109067712A (en) | 2018-12-21 |
Family
ID=64816824
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810779455.6A Pending CN109067712A (en) | 2018-07-16 | 2018-07-16 | A kind of user cloud data guard method and proxy server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109067712A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109918884A (en) * | 2019-03-08 | 2019-06-21 | 杨飞洋 | Cipher management method based on cloud and cell phone application |
CN110338040A (en) * | 2019-08-19 | 2019-10-18 | 冠生园(集团)有限公司 | Automatic irrigation system based on Internet of Things safety |
CN110753091A (en) * | 2019-09-23 | 2020-02-04 | 北京云和时空科技有限公司 | Cloud platform management method and device |
CN112104623A (en) * | 2020-08-31 | 2020-12-18 | 北京爱奇艺科技有限公司 | Cloud application login method and device, cloud equipment, client and system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102655508A (en) * | 2012-04-19 | 2012-09-05 | 华中科技大学 | Method for protecting privacy data of users in cloud environment |
CN105610845A (en) * | 2016-01-05 | 2016-05-25 | 深圳云安宝科技有限公司 | Data routing method and device based on cloud service and system |
WO2016144694A1 (en) * | 2015-03-12 | 2016-09-15 | Vormetric, Inc. | Secure and control data migrating between enterprise and cloud services |
CN107070931A (en) * | 2017-04-21 | 2017-08-18 | 北京奇安信科技有限公司 | Cloud application data upload/access method, system and cloud proxy server |
CN107370725A (en) * | 2017-06-21 | 2017-11-21 | 西安电子科技大学 | The access method and system of general encrypting database under a kind of cloud environment |
US20180060435A1 (en) * | 2015-09-11 | 2018-03-01 | Skyhigh Networks, Inc. | Wildcard search in encrypted text using order preserving encryption |
-
2018
- 2018-07-16 CN CN201810779455.6A patent/CN109067712A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102655508A (en) * | 2012-04-19 | 2012-09-05 | 华中科技大学 | Method for protecting privacy data of users in cloud environment |
WO2016144694A1 (en) * | 2015-03-12 | 2016-09-15 | Vormetric, Inc. | Secure and control data migrating between enterprise and cloud services |
US20180060435A1 (en) * | 2015-09-11 | 2018-03-01 | Skyhigh Networks, Inc. | Wildcard search in encrypted text using order preserving encryption |
CN105610845A (en) * | 2016-01-05 | 2016-05-25 | 深圳云安宝科技有限公司 | Data routing method and device based on cloud service and system |
CN107070931A (en) * | 2017-04-21 | 2017-08-18 | 北京奇安信科技有限公司 | Cloud application data upload/access method, system and cloud proxy server |
CN107370725A (en) * | 2017-06-21 | 2017-11-21 | 西安电子科技大学 | The access method and system of general encrypting database under a kind of cloud environment |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109918884A (en) * | 2019-03-08 | 2019-06-21 | 杨飞洋 | Cipher management method based on cloud and cell phone application |
CN110338040A (en) * | 2019-08-19 | 2019-10-18 | 冠生园(集团)有限公司 | Automatic irrigation system based on Internet of Things safety |
CN110338040B (en) * | 2019-08-19 | 2021-09-07 | 冠生园(集团)有限公司 | Automatic irrigation system based on safety of Internet of things |
CN110753091A (en) * | 2019-09-23 | 2020-02-04 | 北京云和时空科技有限公司 | Cloud platform management method and device |
CN112104623A (en) * | 2020-08-31 | 2020-12-18 | 北京爱奇艺科技有限公司 | Cloud application login method and device, cloud equipment, client and system |
CN112104623B (en) * | 2020-08-31 | 2023-01-10 | 北京爱奇艺科技有限公司 | Cloud application login method and device, cloud equipment, client and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107251035B (en) | Account recovery protocol | |
US9767299B2 (en) | Secure cloud data sharing | |
CN102457507B (en) | Cloud computing resources secure sharing method, Apparatus and system | |
CN104969201B (en) | For calling the safe interface of privileged operation | |
JP4991035B2 (en) | Secure message system with remote decryption service | |
CN103763319B (en) | Method for safely sharing mobile cloud storage light-level data | |
US8281136B2 (en) | Techniques for key distribution for use in encrypted communications | |
US20070240226A1 (en) | Method and apparatus for user centric private data management | |
CN109067712A (en) | A kind of user cloud data guard method and proxy server | |
CN101212291B (en) | Digit certificate distribution method and server | |
CN104662870A (en) | Data security management system | |
CN108880822A (en) | A kind of identity identifying method, device, system and a kind of intelligent wireless device | |
CN103248479A (en) | Cloud storage safety system, data protection method and data sharing method | |
US20170279807A1 (en) | Safe method to share data and control the access to these in the cloud | |
CN111770088A (en) | Data authentication method, device, electronic equipment and computer readable storage medium | |
CN101919202A (en) | Information distribution system and program for the same | |
CN104704511A (en) | Qr code utilization in self-registration in a network | |
US20090249447A1 (en) | Information processing system and computer-readable recording medium | |
CN104992100B (en) | Iris dynamic encryption decryption system and method for electronic document circulation | |
CN102404337A (en) | Data encryption method and device | |
CN109740319A (en) | Digital identity verification method and server | |
CN111786795B (en) | Domain name registration method, domain name supervision method, client and domain name supervision terminal | |
KR101241864B1 (en) | System for User-Centric Identity management and method thereof | |
JP5485452B1 (en) | Key management system, key management method, user terminal, key generation management device, and program | |
CN113886793A (en) | Device login method, device, electronic device, system and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181221 |