CN116192481A - Analysis method for secure communication mechanism between cloud computing server models - Google Patents

Analysis method for secure communication mechanism between cloud computing server models Download PDF

Info

Publication number
CN116192481A
CN116192481A CN202310083807.5A CN202310083807A CN116192481A CN 116192481 A CN116192481 A CN 116192481A CN 202310083807 A CN202310083807 A CN 202310083807A CN 116192481 A CN116192481 A CN 116192481A
Authority
CN
China
Prior art keywords
cloud computing
user
computing server
network
professional
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310083807.5A
Other languages
Chinese (zh)
Inventor
李后京
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinyongyuan Technology Shenzhen Co ltd
Original Assignee
Jinyongyuan Technology Shenzhen Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinyongyuan Technology Shenzhen Co ltd filed Critical Jinyongyuan Technology Shenzhen Co ltd
Priority to CN202310083807.5A priority Critical patent/CN116192481A/en
Publication of CN116192481A publication Critical patent/CN116192481A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to the technical field of secure communication among cloud computing server models, in particular to a method for analyzing a secure communication mechanism among cloud computing server models, which aims at the problems that the prior secure communication technology among cloud computing server models still has a simple user access authentication process, the cloud computing server models are connected by adopting a unified network mostly, the reliability of a network environment is low, and the data leakage rate in the communication process is high, and the method comprises the following steps: s1: establishing a network, S2: and (3) connecting, wherein S3: authentication and access control, S4: the invention aims to improve the credibility of a network environment and reduce the safety communication risk by classifying the network and connecting the cloud computing server model in a classified way, and simultaneously improves the communication safety and strictly controls the access authority and reduces the data leakage rate in the communication process by setting various user authentication, authority and encryption steps.

Description

Analysis method for secure communication mechanism between cloud computing server models
Technical Field
The invention relates to the technical field of secure communication among cloud computing server models, in particular to a method for analyzing a secure communication mechanism among cloud computing server models.
Background
With the development of new generation information technology, the network is deeper into thousands of households, and is integrated into various aspects of social life and economic development. In the future, network security is an indispensable important component in the emerging fields of the Internet of things, artificial intelligence and the like or in the traditional computer science and technology fields, and plays a significant role in the whole network security industry.
However, the existing secure communication technology between cloud computing server models still has the problems that the user access authentication process is simple, unified network connection is adopted among the cloud computing server models, the reliability of the network environment is low, and the data leakage rate in the communication process is high, so that the analysis method of the secure communication mechanism between the cloud computing server models is provided for solving the problems.
Disclosure of Invention
The invention aims to solve the problems that the prior secure communication technology among cloud computing server models still has a simple user access authentication process, the cloud computing server models are mostly connected by adopting a unified network, the reliability of a network environment is low, the data leakage rate in the communication process is high, and the like.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
the method for analyzing the secure communication mechanism between cloud computing server models comprises the following steps:
s1: establishing a network: establishing a connection network by professionals;
s2: and (3) connecting: connecting the cloud computing server model by professionals through public networks and private networks;
s3: authentication and access control: authenticating and controlling access to a cloud computing server model connected through a private network by a professional;
s4: network security operation: carrying out network security operation on a cloud computing server model connected through a private network by professionals;
s5: data encryption: encrypting data by professionals on a cloud computing server model connected through a private network;
s6: and (5) re-encrypting: encrypting the cloud computing server model connected through the private network by a professional;
s7: and (3) establishing a model: establishing a safety communication mechanism analysis model among cloud computing server models by professionals, and training the established model;
preferably, in the step S1, a professional establishes a connection network, wherein the connection network is pre-divided into a public network and a private network, the public network provides services through the public Internet and is purchased and used by users, cloud resources in the public network are all of third party cloud service providers and operated by the third party cloud service providers, cloud resources are provided through the Internet, computing resources of the private network are dedicated for users of a certain enterprise and organization, the private network is located in site data centers of the enterprise and organization in use, and meanwhile, the private network is hosted by the third party service provider;
Preferably, in the step S2, a professional connects the cloud computing server model through a public network and a private network, wherein when the connection is performed, the professional checks the internal service content of the cloud computing server model, determines through checking results, and processes through determining results, wherein when the checking is performed, if user privacy and other private content exist in the internal service content of the cloud computing server model, the cloud computing server model is determined to be an unsafe cloud computing server model, when the checking is performed, if the user privacy and other private content do not exist in the internal service content of the cloud computing server model, the cloud computing server model is determined to be a safe cloud computing server model, and when the determination results are unsafe cloud computing server model, the private network is used for connection, and when the determination results are safe cloud computing server model is connected through the public network;
preferably, in the step S3, the professional performs authentication and access control on the cloud computing server model connected through the private network, where authentication and user access control are required for performing secure communication, the user authentication includes password authentication, kerberos authentication protocol, public key architecture PKI, and identity authentication based on biological characteristics, the user access control includes autonomous access control, mandatory access control, and role-based access control, the password authentication performs authentication through password content comparison result, where the password content comparison result shows that the comparison is successful and the password content comparison result shows that the comparison is failed, the Kerberos authentication protocol is based on authentication protocol based on a trusted third party, the public key architecture PKI is used for binding the public key of the user and other identification information of the user through adopting a certificate to manage the public key and through a trusted authority CA of a third party, wherein the other identification information of the user comprises a user name, a user e-mail and a user identification card number, the identity of the user is verified through the Internet, the identity authentication based on biological characteristics comprises fingerprint identification, iris identification and voice identification, the autonomous access control is realized through executing access authorization based on the identity of a system entity and the identity of the system resource, including setting permissions in files, folders and shared resources, the user has the right to access files, data tables and other access objects created by the user, and the access right is granted and retracted by the user, the mandatory access control is that a system connected with a cloud computing server model controls the access of user permission and operation objects to objects created by a user according to a specified rule;
Preferably, in the step S4, a professional performs network security operation on a cloud computing server model connected through a private network, where the professional performs security domain division by using a Hypervisor in advance, performs VLAN division by deploying and executing a VLAN division policy on a specific virtual machine of the Hypervisor layer or a host server, and divides each security domain into a module synthesis form by a VM, hosts a module with a logical shutdown on a physical host, performs monitoring security by a virtual switching control module, performs virtual security domain division by means of a physical switch, and performs VLAN division by introducing network traffic of the virtual machine to a conventional network device including a firewall, a switch, and other conventional network devices by the physical switch;
preferably, in the step S5, a professional encrypts data of a cloud computing server model connected through a private network, where the data encryption includes attribute-based encryption, a KP-ABE algorithm and a CP-ABE algorithm, the attribute-based encryption is extended based on identity encryption, the identity is represented by adopting a series of descriptive attributes, an authorized user in the KP-ABE algorithm recovers a key according to its own attribute, the recovered key is used for accessing encrypted data of the authorized user having access rights, the CP-ABE algorithm embeds an access control structure in ciphertext, and an encryptor controls initiative, when accessing the data, a visitor satisfying a ciphertext policy obtains rights of the decryption key, and other visitors cannot obtain rights of the decryption key;
Preferably, in the step S6, the professional performs re-encryption on the cloud computing server model connected through the private network, where the re-encryption is based on proxy re-encryption, the re-encryption is that a semi-trusted agent converts a ciphertext encrypted by a public key Pa of the authorizer into a ciphertext encrypted by a public key Pb of the authorizer through a conversion key Rk generated by the proxy authorizer, and in the process, the semi-trusted agent performs ciphertext conversion according to a scheme, when performing re-encryption, a user performing cloud computing needs to obtain a public key of the other user during authorization, and each user generates a corresponding conversion key, and transmits the corresponding conversion key to a cloud through a secure channel, the cloud generates a re-encrypted ciphertext for each authorized user, and for an unauthorized user, at the same time, the cloud judges whether the user has authority to read the data file by comparing the identity and authority authentication results of the user, wherein the judgment result is that the user has read the plaintext file, and the authority data file is obtained by comparing the authority of the user with the corresponding user, and the authority data file is not requested to be read by the user, and the cloud end has no authority data file is obtained by decrypting the corresponding to the user;
Preferably, in the step S7, a professional establishes a model for analyzing a secure communication mechanism between cloud computing server models, and trains the established model, wherein a training period is 10h, and the professional simulates a network environment and communicates the cloud computing server model in the network environment while training, and simultaneously monitors in real time, and judges through a real-time monitoring result, and calculates through a judging result, wherein the real-time monitoring result shows that communication abnormality does not occur, and the judging result is not processed, the judging result shows that communication is unsafe, the professional performs communication behavior analysis, and performs professional processing through the analysis result, and after one training is completed, the professional obtains a communication unsafe occurrence rate through calculation, and performs model definition through the calculation result, wherein the communication unsafe occurrence rate data obtained when the model definition is less than 7% is defined as the model maturation, the communication unsafe occurrence rate data obtained when the model definition is not less than 7% is defined as the model maturation, and stops being defined as the model maturation is stopped, the training model definition is continued after the model definition is completed, and the training period is continued after the model definition is completed.
Compared with the prior art, the invention has the beneficial effects that:
1. by classifying the network and classifying and connecting the cloud computing server model, the reliability of the network environment is improved, and the safety communication risk is reduced.
2. By setting various user authentication, authority and encryption steps, the communication safety is improved, the access authority is strictly controlled, and the data leakage rate in the communication process is reduced.
The invention aims to improve the credibility of the network environment and reduce the safety communication risk by classifying the network and classifying and connecting the cloud computing server model, and simultaneously improves the communication safety, strictly controls the access right and reduces the data leakage rate in the communication process by setting various user authentication, rights and encryption steps.
Drawings
Fig. 1 is a flowchart of a method for analyzing a secure communication mechanism between cloud computing server models according to the present invention.
Detailed Description
The following description of the technical solutions in the embodiments of the present invention will be clear and complete, and it is obvious that the described embodiments are only some embodiments of the present invention, but not all embodiments.
Example 1
Referring to fig. 1, the method for analyzing a secure communication mechanism between cloud computing server models includes the following steps:
S1: establishing a network: establishing a connection network by professionals, wherein the connection network is pre-divided into a public network and a private network when being established, the public network provides service through public Internet and is used for users to purchase and use, cloud resources in the public network are all of third-party cloud service providers and are operated by the third-party cloud service providers and are provided through Internet, computing resources of the private network are specially used for users of certain enterprises and organizations, the private network is located in site data centers of the enterprises and the organizations to be used, and meanwhile, the private network is hosted by the third-party service providers;
s2: and (3) connecting: the method comprises the steps that a professional checks internal service content of a cloud computing server model through a public network and a private network, the professional checks the internal service content of the cloud computing server model, judges through checking results, and processes through judging results, wherein when checking, the internal service content of the cloud computing server model has user privacy and other private content, the cloud computing server model is judged to be unsafe, when checking, the internal service content of the cloud computing server model does not have user privacy and other private content, the cloud computing server model is judged to be safe, the judging results are that the unsafe cloud computing server model is connected through the private network, and the judging results are that the safe cloud computing server model is connected through the public network;
S3: authentication and access control: authenticating and controlling access to a cloud computing server model connected through a private network by a professional, wherein authentication and user access control are required to be performed on users during secure communication, the user authentication comprises password authentication, kerberos authentication protocol, public key architecture PKI and authentication based on biological characteristics, the user access control comprises autonomous access control, forced access control and role-based access control, the password authentication is performed through password content comparison results, authentication success is judged as successful in comparison results, authentication failure is judged as failed in comparison results in the password content comparison results, the Kerberos authentication protocol is an authentication protocol based on a trusted third party, the protocol is required to perform centralized identity authentication and key distribution, the public key architecture PKI is used for binding the public key of the users and other identification information of the users through a trusted authority CA of the third party, the other identification information of the users comprises user names, user e-l and user identity numbers, the identity cards are verified through Internet, the identity authentication results show success in comparison results show authentication failure, the authentication failure is judged as authentication failure in the voice file system is established based on the identity identification data of the user, the shared access resource is shared by a user, the user access resource is shared by a shared access resource, and the user access permission is established by a file system and the user access is authorized by the user access system, the mandatory access control is that a system connected with a cloud computing server model controls the access of user permission and operation objects to objects created by a user according to a specified rule;
S4: network security operation: performing network security operation on a cloud computing server model connected through a private network by a professional, wherein the professional performs security domain division by utilizing a Hypervisor in advance when performing the network security operation, performing VLAN division by deploying and executing a VLAN division strategy on a specific virtual machine of a Hypervisor layer or a host server, dividing each security domain into a module synthesis form by a VM, hosting a module with logic shutdown on a physical host, performing monitoring security by a virtual switching control module, performing virtual security domain division by means of a physical switch, and performing VLAN division by a physical switch by leading network traffic of the virtual machine to traditional network equipment, wherein the traditional network equipment comprises a firewall, a switch and other traditional network equipment;
s5: data encryption: carrying out data encryption on a cloud computing server model connected through a private network by a professional, wherein the data encryption comprises attribute-based encryption, a KP-ABE algorithm and a CP-ABE algorithm, the attribute-based encryption is carried out by extending based on identity encryption, the identity is represented by adopting a series of descriptive attributes, the KP-ABE algorithm is used for authorizing a user to recover a secret key according to the attribute of the user, the recovered secret key is used for accessing encrypted data which is authorized to have access authority by the user, the CP-ABE algorithm is used for controlling initiative by an encryptor by embedding an access control structure, the right of the decrypting secret key is obtained by a visitor meeting ciphertext strategies when the data access is carried out, and the rights of the decrypting secret key cannot be obtained by other visitors;
S6: and (5) re-encrypting: the cloud computing server model connected through a private network is re-encrypted by a professional, wherein the re-encryption is based on proxy re-encryption, the re-encryption is that a semi-trusted agent converts a ciphertext encrypted by a public key Pa of an authorized person into a ciphertext encrypted by a public key Pb of the authorized person through a conversion key Rk generated by the proxy authorized person, in the process, the semi-trusted agent has no plaintext information of data, the semi-trusted agent is used for carrying out ciphertext conversion according to a scheme, when the re-encryption is carried out, a cloud computing user needs to obtain a public key of the other user when authorizing the user, each user generates a corresponding conversion key and transmits the corresponding conversion key to a cloud end through a secure channel, the cloud end generates a re-encryption ciphertext for each authorized user, and does not have a corresponding re-encryption ciphertext for the unauthorized user, and simultaneously the cloud end judges whether the user has permission to read the data file through ciphertext of the user and a permission authentication result when the user requests to access the data file, wherein the judgment result is that the user has read data and the ciphertext of the corresponding user is that the user public key of the user has read permission, when the cloud computing result is that the user has read the data, the user has no permission to read the data file;
S7: and (3) establishing a model: the method comprises the steps that a professional establishes a safety communication mechanism analysis model among cloud computing server models, and trains the established models, wherein a training period is 10h, the professional carries out communication in the network environment through simulating the network environment, and carries out real-time monitoring and judging through real-time monitoring results, and carries out calculation through judging results, wherein the real-time monitoring results show that communication safety is judged when communication abnormality does not occur, the real-time monitoring results show that communication safety is judged when communication abnormality occurs, the judging results are not processed when communication safety is judged, the judging results are communication safety, communication behavior analysis is carried out by the professional, professional carries out professional processing through analysis results, the professional carries out model definition through calculation after the one-time training is completed, the communication unsafe occurrence rate is defined by the professional, the model definition is carried out through calculation results, the communication unsafe occurrence rate data obtained when the model definition is carried out is less than 7%, the model is defined as model maturation when the model definition is carried out, the communication unsafe occurrence rate data obtained is not less than 7% is defined as the model maturation, the model is stopped when the model definition is stopped, the model is continuously trained until the model is not mature after the professional training results are continuously defined by the professional training results are completed.
Example two
Referring to fig. 1, the method for analyzing a secure communication mechanism between cloud computing server models includes the following steps:
s1: establishing a network: establishing a connection network by a professional, wherein the connection network is previously divided into a public network and a private network when the connection network is established;
s2: and (3) connecting: the method comprises the steps that a professional checks internal service content of a cloud computing server model through a public network and a private network, the professional checks the internal service content of the cloud computing server model, judges through checking results, and processes through judging results, wherein when checking, the internal service content of the cloud computing server model has user privacy and other private content, the cloud computing server model is judged to be unsafe, when checking, the internal service content of the cloud computing server model does not have user privacy and other private content, the cloud computing server model is judged to be safe, the judging results are that the unsafe cloud computing server model is connected through the private network, and the judging results are that the safe cloud computing server model is connected through the public network;
s3: authentication and access control: authenticating and controlling access to a cloud computing server model connected through a private network by a professional, wherein authentication and user access control are required to be performed on users during secure communication, the user authentication comprises password authentication, kerberos authentication protocol, public key architecture PKI and authentication based on biological characteristics, the user access control comprises autonomous access control, forced access control and role-based access control, the password authentication is performed through password content comparison results, authentication success is judged as successful in comparison results, authentication failure is judged as failed in comparison results in the password content comparison results, the Kerberos authentication protocol is an authentication protocol based on a trusted third party, the protocol is required to perform centralized identity authentication and key distribution, the public key architecture PKI is used for binding the public key of the users and other identification information of the users through a trusted authority CA of the third party, the other identification information of the users comprises user names, user e-l and user identity numbers, the identity cards are verified through Internet, the identity authentication results show success in comparison results show authentication failure, the authentication failure is judged as authentication failure in the voice file system is established based on the identity identification data of the user, the shared access resource is shared by a user, the user access resource is shared by a shared access resource, and the user access permission is established by a file system and the user access is authorized by the user access system, the mandatory access control is that a system connected with a cloud computing server model controls the access of user permission and operation objects to objects created by a user according to a specified rule;
S4: network security operation: performing network security operation on a cloud computing server model connected through a private network by a professional, wherein the professional performs security domain division by utilizing a Hypervisor in advance when performing the network security operation, performing VLAN division by deploying and executing a VLAN division strategy on a specific virtual machine of a Hypervisor layer or a host server, dividing each security domain into a module synthesis form by a VM, hosting a module with logic shutdown on a physical host, performing monitoring security by a virtual switching control module, performing virtual security domain division by means of a physical switch, and performing VLAN division by a physical switch by leading network traffic of the virtual machine to traditional network equipment, wherein the traditional network equipment comprises a firewall, a switch and other traditional network equipment;
s5: data encryption: carrying out data encryption on a cloud computing server model connected through a private network by a professional, wherein the data encryption comprises attribute-based encryption, a KP-ABE algorithm and a CP-ABE algorithm, the attribute-based encryption is carried out by extending based on identity encryption, the identity is represented by adopting a series of descriptive attributes, the KP-ABE algorithm is used for authorizing a user to recover a secret key according to the attribute of the user, the recovered secret key is used for accessing encrypted data which is authorized to have access authority by the user, the CP-ABE algorithm is used for controlling initiative by an encryptor by embedding an access control structure, the right of the decrypting secret key is obtained by a visitor meeting ciphertext strategies when the data access is carried out, and the rights of the decrypting secret key cannot be obtained by other visitors;
S6: and (5) re-encrypting: the cloud computing server model connected through a private network is re-encrypted by a professional, wherein the re-encryption is based on proxy re-encryption, the re-encryption is that a semi-trusted agent converts a ciphertext encrypted by a public key Pa of an authorized person into a ciphertext encrypted by a public key Pb of the authorized person through a conversion key Rk generated by the proxy authorized person, in the process, the semi-trusted agent has no plaintext information of data, the semi-trusted agent is used for carrying out ciphertext conversion according to a scheme, when the re-encryption is carried out, a cloud computing user needs to obtain a public key of the other user when authorizing the user, each user generates a corresponding conversion key and transmits the corresponding conversion key to a cloud end through a secure channel, the cloud end generates a re-encryption ciphertext for each authorized user, and does not have a corresponding re-encryption ciphertext for the unauthorized user, and simultaneously the cloud end judges whether the user has permission to read the data file through ciphertext of the user and a permission authentication result when the user requests to access the data file, wherein the judgment result is that the user has read data and the ciphertext of the corresponding user is that the user public key of the user has read permission, when the cloud computing result is that the user has read the data, the user has no permission to read the data file;
S7: and (3) establishing a model: the method comprises the steps that a professional establishes a safety communication mechanism analysis model among cloud computing server models, and trains the established models, wherein a training period is 10h, the professional carries out communication in the network environment through simulating the network environment, and carries out real-time monitoring and judging through real-time monitoring results, and carries out calculation through judging results, wherein the real-time monitoring results show that communication safety is judged when communication abnormality does not occur, the real-time monitoring results show that communication safety is judged when communication abnormality occurs, the judging results are not processed when communication safety is judged, the judging results are communication safety, communication behavior analysis is carried out by the professional, professional carries out professional processing through analysis results, the professional carries out model definition through calculation after the one-time training is completed, the communication unsafe occurrence rate is defined by the professional, the model definition is carried out through calculation results, the communication unsafe occurrence rate data obtained when the model definition is carried out is less than 7%, the model is defined as model maturation when the model definition is carried out, the communication unsafe occurrence rate data obtained is not less than 7% is defined as the model maturation, the model is stopped when the model definition is stopped, the model is continuously trained until the model is not mature after the professional training results are continuously defined by the professional training results are completed.
Example III
Referring to fig. 1, the method for analyzing a secure communication mechanism between cloud computing server models includes the following steps:
s1: establishing a network: establishing a connection network by professionals, wherein the connection network is pre-divided into a public network and a private network when being established, the public network provides service through public Internet and is used for users to purchase and use, cloud resources in the public network are all of third-party cloud service providers and are operated by the third-party cloud service providers and are provided through Internet, computing resources of the private network are specially used for users of certain enterprises and organizations, the private network is located in site data centers of the enterprises and the organizations to be used, and meanwhile, the private network is hosted by the third-party service providers;
s2: and (3) connecting: the method comprises the steps that a professional checks internal service content of a cloud computing server model through a public network and a private network, the professional checks the internal service content of the cloud computing server model, judges through checking results, and processes through judging results, wherein when checking, the internal service content of the cloud computing server model has user privacy and other private content, the cloud computing server model is judged to be unsafe, when checking, the internal service content of the cloud computing server model does not have user privacy and other private content, the cloud computing server model is judged to be safe, the judging results are that the unsafe cloud computing server model is connected through the private network, and the judging results are that the safe cloud computing server model is connected through the public network;
S3: authentication and access control: authenticating and controlling access to a cloud computing server model connected through a private network by a professional, wherein authentication and user access control are required to be performed on a user during secure communication, the user authentication comprises password authentication, kerberos authentication protocol, public key architecture PKI and identity authentication based on biological characteristics, the user has the right to access files, data tables and other access objects created by the user, the right to access is granted and retracted by the user, and the forced access control is that a system connected with the cloud computing server model controls the access of the user right and an operation object to the object created by the user according to a specified rule;
s4: data encryption: carrying out data encryption on a cloud computing server model connected through a private network by a professional, wherein the data encryption comprises attribute-based encryption, a KP-ABE algorithm and a CP-ABE algorithm, the attribute-based encryption is carried out by extending based on identity encryption, the identity is represented by adopting a series of descriptive attributes, the KP-ABE algorithm is used for authorizing a user to recover a secret key according to the attribute of the user, the recovered secret key is used for accessing encrypted data which is authorized to have access authority by the user, the CP-ABE algorithm is used for controlling initiative by an encryptor by embedding an access control structure, the right of the decrypting secret key is obtained by a visitor meeting ciphertext strategies when the data access is carried out, and the rights of the decrypting secret key cannot be obtained by other visitors;
S5: and (5) re-encrypting: the cloud computing server model connected through a private network is re-encrypted by a professional, wherein the re-encryption is based on proxy re-encryption, the re-encryption is that a semi-trusted agent converts a ciphertext encrypted by a public key Pa of an authorized person into a ciphertext encrypted by a public key Pb of the authorized person through a conversion key Rk generated by the proxy authorized person, in the process, the semi-trusted agent has no plaintext information of data, the semi-trusted agent is used for carrying out ciphertext conversion according to a scheme, when the re-encryption is carried out, a cloud computing user needs to obtain a public key of the other user when authorizing the user, each user generates a corresponding conversion key and transmits the corresponding conversion key to a cloud end through a secure channel, the cloud end generates a re-encryption ciphertext for each authorized user, and does not have a corresponding re-encryption ciphertext for the unauthorized user, and simultaneously the cloud end judges whether the user has permission to read the data file through ciphertext of the user and a permission authentication result when the user requests to access the data file, wherein the judgment result is that the user has read data and the ciphertext of the corresponding user is that the user public key of the user has read permission, when the cloud computing result is that the user has read the data, the user has no permission to read the data file;
S6: and (3) establishing a model: the method comprises the steps that a professional establishes a safety communication mechanism analysis model among cloud computing server models, and trains the established models, wherein a training period is 10h, the professional carries out communication in the network environment through simulating the network environment, and carries out real-time monitoring and judging through real-time monitoring results, and carries out calculation through judging results, wherein the real-time monitoring results show that communication safety is judged when communication abnormality does not occur, the real-time monitoring results show that communication safety is judged when communication abnormality occurs, the judging results are not processed when communication safety is judged, the judging results are communication safety, communication behavior analysis is carried out by the professional, professional carries out professional processing through analysis results, the professional carries out model definition through calculation after the one-time training is completed, the communication unsafe occurrence rate is defined by the professional, the model definition is carried out through calculation results, the communication unsafe occurrence rate data obtained when the model definition is carried out is less than 7%, the model is defined as model maturation when the model definition is carried out, the communication unsafe occurrence rate data obtained is not less than 7% is defined as the model maturation, the model is stopped when the model definition is stopped, the model is continuously trained until the model is not mature after the professional training results are continuously defined by the professional training results are completed.
Example IV
Referring to fig. 1, the method for analyzing a secure communication mechanism between cloud computing server models includes the following steps:
s1: establishing a network: establishing a connection network by professionals, wherein the connection network is pre-divided into a public network and a private network when being established, the public network provides service through public Internet and is used for users to purchase and use, cloud resources in the public network are all of third-party cloud service providers and are operated by the third-party cloud service providers and are provided through Internet, computing resources of the private network are specially used for users of certain enterprises and organizations, the private network is located in site data centers of the enterprises and the organizations to be used, and meanwhile, the private network is hosted by the third-party service providers;
s2: and (3) connecting: the method comprises the steps that a professional checks internal service content of a cloud computing server model through a public network and a private network, the professional checks the internal service content of the cloud computing server model, judges through checking results, and processes through judging results, wherein when checking, the internal service content of the cloud computing server model has user privacy and other private content, the cloud computing server model is judged to be unsafe, when checking, the internal service content of the cloud computing server model does not have user privacy and other private content, the cloud computing server model is judged to be safe, the judging results are that the unsafe cloud computing server model is connected through the private network, and the judging results are that the safe cloud computing server model is connected through the public network;
S3: authentication and access control: authenticating and controlling access to a cloud computing server model connected through a private network by a professional, wherein authentication and user access control are required to be performed on users during secure communication, the user authentication comprises password authentication, kerberos authentication protocol, public key architecture PKI and authentication based on biological characteristics, the user access control comprises autonomous access control, forced access control and role-based access control, the password authentication is performed through password content comparison results, authentication success is judged as successful in comparison results, authentication failure is judged as failed in comparison results in the password content comparison results, the Kerberos authentication protocol is an authentication protocol based on a trusted third party, the protocol is required to perform centralized identity authentication and key distribution, the public key architecture PKI is used for binding the public key of the users and other identification information of the users through a trusted authority CA of the third party, the other identification information of the users comprises user names, user e-l and user identity numbers, the identity cards are verified through Internet, the identity authentication results show success in comparison results show authentication failure, the authentication failure is judged as authentication failure in the voice file system is established based on the identity identification data of the user, the shared access resource is shared by a user, the user access resource is shared by a shared access resource, and the user access permission is established by a file system and the user access is authorized by the user access system, the mandatory access control is that a system connected with a cloud computing server model controls the access of user permission and operation objects to objects created by a user according to a specified rule;
S4: network security operation: performing network security operation on a cloud computing server model connected through a private network by a professional, wherein the professional performs security domain division by utilizing a Hypervisor in advance when performing the network security operation, performing VLAN division by deploying and executing a VLAN division strategy on a specific virtual machine of a Hypervisor layer or a host server, dividing each security domain into a module synthesis form by a VM, hosting a module with logic shutdown on a physical host, performing monitoring security by a virtual switching control module, performing virtual security domain division by means of a physical switch, and performing VLAN division by a physical switch by leading network traffic of the virtual machine to traditional network equipment, wherein the traditional network equipment comprises a firewall, a switch and other traditional network equipment;
s5: and (5) re-encrypting: the cloud computing server model connected through a private network is re-encrypted by a professional, wherein the re-encryption is based on proxy re-encryption, the re-encryption is that a semi-trusted agent converts a ciphertext encrypted by a public key Pa of an authorized person into a ciphertext encrypted by a public key Pb of the authorized person through a conversion key Rk generated by the proxy authorized person, in the process, the semi-trusted agent has no plaintext information of data, the semi-trusted agent is used for carrying out ciphertext conversion according to a scheme, when the re-encryption is carried out, a cloud computing user needs to obtain a public key of the other user when authorizing the user, each user generates a corresponding conversion key and transmits the corresponding conversion key to a cloud end through a secure channel, the cloud end generates a re-encryption ciphertext for each authorized user, and does not have a corresponding re-encryption ciphertext for the unauthorized user, and simultaneously the cloud end judges whether the user has permission to read the data file through ciphertext of the user and a permission authentication result when the user requests to access the data file, wherein the judgment result is that the user has read data and the ciphertext of the corresponding user is that the user public key of the user has read permission, when the cloud computing result is that the user has read the data, the user has no permission to read the data file;
S6: and (3) establishing a model: the method comprises the steps that a professional establishes a safety communication mechanism analysis model among cloud computing server models, and trains the established models, wherein a training period is 10h, the professional carries out communication in the network environment through simulating the network environment, and carries out real-time monitoring and judging through real-time monitoring results, and carries out calculation through judging results, wherein the real-time monitoring results show that communication safety is judged when communication abnormality does not occur, the real-time monitoring results show that communication safety is judged when communication abnormality occurs, the judging results are not processed when communication safety is judged, the judging results are communication safety, communication behavior analysis is carried out by the professional, professional carries out professional processing through analysis results, the professional carries out model definition through calculation after the one-time training is completed, the communication unsafe occurrence rate is defined by the professional, the model definition is carried out through calculation results, the communication unsafe occurrence rate data obtained when the model definition is carried out is less than 7%, the model is defined as model maturation when the model definition is carried out, the communication unsafe occurrence rate data obtained is not less than 7% is defined as the model maturation, the model is stopped when the model definition is stopped, the model is continuously trained until the model is not mature after the professional training results are continuously defined by the professional training results are completed.
Example five
Referring to fig. 1, the method for analyzing a secure communication mechanism between cloud computing server models includes the following steps:
s1: establishing a network: establishing a connection network by professionals, wherein the connection network is pre-divided into a public network and a private network when being established, the public network provides service through public Internet and is used for users to purchase and use, cloud resources in the public network are all of third-party cloud service providers and are operated by the third-party cloud service providers and are provided through Internet, computing resources of the private network are specially used for users of certain enterprises and organizations, the private network is located in site data centers of the enterprises and the organizations to be used, and meanwhile, the private network is hosted by the third-party service providers;
s2: and (3) connecting: the method comprises the steps that a professional checks internal service content of a cloud computing server model through a public network and a private network, the professional checks the internal service content of the cloud computing server model, judges through checking results, and processes through judging results, wherein when checking, the internal service content of the cloud computing server model has user privacy and other private content, the cloud computing server model is judged to be unsafe, when checking, the internal service content of the cloud computing server model does not have user privacy and other private content, the cloud computing server model is judged to be safe, the judging results are that the unsafe cloud computing server model is connected through the private network, and the judging results are that the safe cloud computing server model is connected through the public network;
S3: authentication and access control: authenticating and controlling access to a cloud computing server model connected through a private network by a professional, wherein authentication and user access control are required to be performed on users during secure communication, the user authentication comprises password authentication, kerberos authentication protocol, public key architecture PKI and authentication based on biological characteristics, the user access control comprises autonomous access control, forced access control and role-based access control, the password authentication is performed through password content comparison results, authentication success is judged as successful in comparison results, authentication failure is judged as failed in comparison results in the password content comparison results, the Kerberos authentication protocol is an authentication protocol based on a trusted third party, the protocol is required to perform centralized identity authentication and key distribution, the public key architecture PKI is used for binding the public key of the users and other identification information of the users through a trusted authority CA of the third party, the other identification information of the users comprises user names, user e-l and user identity numbers, the identity cards are verified through Internet, the identity authentication results show success in comparison results show authentication failure, the authentication failure is judged as authentication failure in the voice file system is established based on the identity identification data of the user, the shared access resource is shared by a user, the user access resource is shared by a shared access resource, and the user access permission is established by a file system and the user access is authorized by the user access system, the mandatory access control is that a system connected with a cloud computing server model controls the access of user permission and operation objects to objects created by a user according to a specified rule;
S4: network security operation: performing network security operation on a cloud computing server model connected through a private network by a professional, wherein the professional performs security domain division by utilizing a Hypervisor in advance when performing the network security operation, performing VLAN division by deploying and executing a VLAN division strategy on a specific virtual machine of a Hypervisor layer or a host server, dividing each security domain into a module synthesis form by a VM, hosting a module with logic shutdown on a physical host, performing monitoring security by a virtual switching control module, performing virtual security domain division by means of a physical switch, and performing VLAN division by a physical switch by leading network traffic of the virtual machine to traditional network equipment, wherein the traditional network equipment comprises a firewall, a switch and other traditional network equipment;
s5: data encryption: carrying out data encryption on a cloud computing server model connected through a private network by a professional, wherein the data encryption comprises attribute-based encryption, a KP-ABE algorithm and a CP-ABE algorithm, the attribute-based encryption is carried out by extending based on identity encryption, the identity is represented by adopting a series of descriptive attributes, the KP-ABE algorithm is used for authorizing a user to recover a secret key according to the attribute of the user, the recovered secret key is used for accessing encrypted data which is authorized to have access authority by the user, the CP-ABE algorithm is used for controlling initiative by an encryptor by embedding an access control structure, the right of the decrypting secret key is obtained by a visitor meeting ciphertext strategies when the data access is carried out, and the rights of the decrypting secret key cannot be obtained by other visitors;
S6: and (5) re-encrypting: the cloud computing server model connected through a private network is re-encrypted by a professional, wherein the re-encryption is based on proxy re-encryption, the re-encryption is that a semi-trusted agent converts ciphertext encrypted by a public key Pa of an authorized person into ciphertext encrypted by a public key Pb of the authorized person through a conversion key Rk generated by the proxy authorized person, in the process, the semi-trusted agent has no data plaintext information, the semi-trusted agent is used for carrying out ciphertext conversion according to a scheme, when the re-encryption is carried out, a cloud computing user needs to obtain a public key of the other user during authorization, each user generates a corresponding conversion key and transmits the corresponding conversion key to a cloud end through a secure channel, the cloud end generates a re-encrypted ciphertext for each authorized user, and does not have a corresponding re-encrypted ciphertext for an unauthorized user, and simultaneously the cloud end judges whether the user has authority to read the data file through ciphertext of the user and an authority authentication result when the user requests to access the data file, the cloud end returns data through the user public key and the corresponding ciphertext of the user, and the cloud end obtains all authority data file of the unauthorized user through the decryption key when the judgment result is that the user has read data.
Comparative example one
One difference from the implementation is that S2: and (3) connecting: and connecting the cloud computing server models through public networks and private networks by professionals, and judging, wherein the cloud computing server models are judged to be safe cloud computing server models if the internal service content of the cloud computing server models does not have user privacy and other private content, the unsafe cloud computing server models are connected through private networks as judging results, the safe cloud computing server models are connected through public networks as judging results, and the rest of the cloud computing server models are the same as the implementation one.
Comparative example two
One difference from the implementation is that S5: data encryption: data encryption is performed on a cloud computing server model connected through a private network by professionals, wherein the data encryption comprises attribute-based encryption, a KP-ABE algorithm and a CP-ABE algorithm, and the rest is the same as the implementation.
Comparative example three
One difference from the implementation is that S7: and (3) establishing a model: and establishing a safety communication mechanism analysis model among cloud computing server models by a professional, and training the established model, wherein one training period is 10 hours when training is carried out, and the rest is the same as the implementation.
Experimental example
Testing the safety communication mechanism analysis methods among cloud computing server models in the first embodiment, the second embodiment, the third embodiment, the fourth embodiment, the fifth embodiment, the first comparative example, the second comparative example and the third comparative example to obtain the following results:
Figure SMS_1
the analysis method of the safety communication mechanism among the cloud computing server models prepared by the first embodiment, the second embodiment, the third embodiment, the fourth embodiment, the fifth embodiment, the first comparison example, the second comparison example and the third comparison example has obviously reduced data leakage rate compared with the existing method, and the first embodiment is the best embodiment.
Detection report
The invention aims to solve the problems that the existing secure communication technology among cloud computing server models still has a simple user access authentication process, the cloud computing server models are mostly connected by adopting a unified network, the reliability of a network environment is low, the data leakage rate in the communication process is high, and the like.
The foregoing is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art, who is within the scope of the present invention, should make equivalent substitutions or modifications according to the technical scheme of the present invention and the inventive concept thereof, and should be covered by the scope of the present invention.

Claims (10)

1. The method for analyzing the secure communication mechanism between cloud computing server models is characterized by comprising the following steps:
s1: establishing a network: establishing a connection network by professionals;
s2: and (3) connecting: connecting the cloud computing server model by professionals through public networks and private networks;
s3: authentication and access control: authenticating and controlling access to a cloud computing server model connected through a private network by a professional;
s4: network security operation: carrying out network security operation on a cloud computing server model connected through a private network by professionals;
s5: data encryption: encrypting data by professionals on a cloud computing server model connected through a private network;
s6: and (5) re-encrypting: encrypting the cloud computing server model connected through the private network by a professional;
S7: and (3) establishing a model: and establishing a secure communication mechanism analysis model among cloud computing server models by professionals, and training the established model.
2. The method for analyzing a secure communication mechanism between cloud computing server models according to claim 1, wherein in S1, a connection network is established by a professional, wherein the connection network is previously divided into a public network and a private network, wherein the public network provides services through public Internet and is purchased and used by users, cloud resources in the public network are owned by and operated by a third party cloud service provider and are provided through Internet, computing resources of the private network are dedicated for users of a certain enterprise and organization, and the private network is located in a site data center of the enterprise and organization in use, and meanwhile, the private network is hosted by the third party service provider.
3. The method according to claim 1, wherein in S2, a professional connects the cloud computing server models through a public network and a private network, wherein when the connection is made, the professional checks internal service contents of the cloud computing server models, and determines through checking results, and processes through determination results, wherein when checking is made, user privacy and other private contents exist in the internal service contents of the cloud computing server models, the cloud computing server models are determined to be unsafe, when checking is made, the cloud computing server models are determined to be safe cloud computing server models if the user privacy and other private contents do not exist in the internal service contents of the cloud computing server models, and when the determination results are the unsafe cloud computing server models, the private network is used for connection, and when the determination results are the safe cloud computing server models, the public network is used for connection.
4. The method for analyzing the security communication mechanism between cloud computing server models according to claim 1, wherein in S3, authentication and access control are performed on the cloud computing server models connected through the private network by a professional, wherein authentication and user access control are performed on a user during the security communication, wherein the user authentication includes password authentication, kerberos authentication protocol, public key architecture PKI, and identity authentication based on biological characteristics, and the user access control includes autonomous access control, forced access control, and role-based access control.
5. The method according to claim 4, wherein the password authentication is performed by a password content comparison result, wherein the password content comparison result is successfully displayed and is judged as successful, the password content comparison result is failed and is judged as failed, the Kerberos authentication protocol is an authentication protocol based on a trusted third party, and the protocol needs centralized identity authentication and key distribution, the public key architecture PKI is a method of managing public keys by using certificates, binding the public keys of users and other identification information of users by a trusted authority CA of the third party, wherein the other identification information of users comprises user names, user e-mail, user identification numbers, verifying identities of users by Internet, the identity authentication based on biological characteristics comprises fingerprint recognition, iris recognition and voice recognition, the autonomous access control is implemented by executing access authorization based on system entity identities and access authorization to system resources, including setting permissions in files, folders and shared resources, and users have rights to access rights created by themselves, data and access rights of users are granted to the users by a mandatory access control object, and access rights of users are created by a cloud access control object and a cloud access control operation object is created by the users.
6. The method according to claim 1, wherein in S4, the professional performs network security operation on the cloud computing server model connected through the private network, wherein the professional performs security domain division by using the Hypervisor in advance when performing the network security operation, performs VLAN division by deploying and executing VLAN division policies on a specific virtual machine of the Hypervisor layer or the host server, and divides each security domain into a module synthesis form by VM, hosts a module with logical shutdown on a physical host, performs monitoring security by a virtual switching control module, performs virtual security domain division by means of a physical switch, performs VLAN division by leading network traffic of the virtual machine to a conventional network device including a firewall, a switch, and other conventional network devices, and performs VLAN division by the physical switch.
7. The method according to claim 1, wherein in S5, the professional encrypts the cloud computing server model connected through the private network, wherein the data encryption includes an attribute-based encryption, a KP-ABE algorithm and a CP-ABE algorithm, the attribute-based encryption is extended based on identity encryption, the identity is represented by adopting a series of descriptive attributes, the KP-ABE algorithm recovers a key according to the attribute of the authorized user, the recovered key is used for accessing encrypted data of the authorized user having access rights, the CP-ABE algorithm controls the initiative of the encrypter by embedding an access control structure in the ciphertext, the visitor who satisfies the ciphertext policy when accessing the data obtains the decryption key, and the other visitors cannot obtain the decryption key.
8. The method according to claim 1, wherein in S6, the cloud computing server model connected through the private network is re-encrypted by a professional, wherein the re-encryption is based on proxy re-encryption, the re-encryption is that a semi-trusted proxy converts ciphertext encrypted with public key Pa of the authorizer into ciphertext encrypted with public key Pb of the authorizer through conversion key Rk generated by the proxy authorizer, and in the process, the proxy has no plaintext information of data, wherein the semi-trusted proxy is believing that the proxy performs ciphertext conversion according to a scheme.
9. The method for analyzing the security communication mechanism between cloud computing server models according to claim 8, wherein when the user performing the re-encryption is authorized for other users, the cloud computing user needs to obtain the public key of the other party, each user generates a corresponding conversion key and transmits the conversion key to the cloud end through a secure channel, the cloud end generates a re-encryption ciphertext for each authorized user, and does not have a corresponding re-encryption ciphertext for unauthorized users, and at the same time, when the user requests to access the data file, the cloud end judges whether the user has permission to read the data file through the identity and permission authentication result of the user, wherein the cloud end returns the data ciphertext and the corresponding key ciphertext through the public key of the user if the judgment result is that the user has the reading permission, the user obtains the plaintext of the data through decrypting the two ciphertext files, and the user is not granted the permission of accessing the requested data file by the file owner if the judgment result is that the user does not have the reading permission.
10. The method for analyzing the safety communication mechanism between cloud computing server models according to claim 1, wherein in the step S7, a professional establishes a safety communication mechanism analysis model between cloud computing server models, and trains the established model, wherein a training period is 10h, and the professional simulates a network environment during training, and communicates the cloud computing server model in the network environment, and simultaneously, the professional monitors in real time, and judges through a real-time monitoring result, and calculates through a judging result, wherein the real-time monitoring result shows that communication abnormality is judged to be safe, and the judging result is not safe, the professional performs communication behavior analysis when the judging result is unsafe, and performs professional processing when the judging result is unsafe, and after one training is completed, the professional performs model definition through calculation by the analyzing result, wherein the communication unsafe occurrence rate data obtained when the model definition is less than 7% is defined as the model mature, the model is defined as the model is not mature after the model definition is completed, the model definition is stopped when the model definition is not obtained by the professional is not 7%, and the model definition is not mature, and the training is continued until the model definition is completed.
CN202310083807.5A 2023-02-08 2023-02-08 Analysis method for secure communication mechanism between cloud computing server models Pending CN116192481A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310083807.5A CN116192481A (en) 2023-02-08 2023-02-08 Analysis method for secure communication mechanism between cloud computing server models

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310083807.5A CN116192481A (en) 2023-02-08 2023-02-08 Analysis method for secure communication mechanism between cloud computing server models

Publications (1)

Publication Number Publication Date
CN116192481A true CN116192481A (en) 2023-05-30

Family

ID=86450146

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310083807.5A Pending CN116192481A (en) 2023-02-08 2023-02-08 Analysis method for secure communication mechanism between cloud computing server models

Country Status (1)

Country Link
CN (1) CN116192481A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117235761A (en) * 2023-09-22 2023-12-15 北京宝联之星科技股份有限公司 Cloud computing-based data security processing method, system and storage medium
CN118035965A (en) * 2024-04-12 2024-05-14 清华大学 Method and device for computing power by using graphic processor cooperatively by multiple users

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117235761A (en) * 2023-09-22 2023-12-15 北京宝联之星科技股份有限公司 Cloud computing-based data security processing method, system and storage medium
CN117235761B (en) * 2023-09-22 2024-04-19 北京宝联之星科技股份有限公司 Cloud computing-based data security processing method, system and storage medium
CN118035965A (en) * 2024-04-12 2024-05-14 清华大学 Method and device for computing power by using graphic processor cooperatively by multiple users
CN118035965B (en) * 2024-04-12 2024-06-11 清华大学 Method and device for computing power by using graphic processor cooperatively by multiple users

Similar Documents

Publication Publication Date Title
JP6941146B2 (en) Data security service
CN106888084B (en) Quantum fort machine system and authentication method thereof
CN111931144B (en) Unified safe login authentication method and device for operating system and service application
CN108964885B (en) Authentication method, device, system and storage medium
WO2021139338A1 (en) Data access permission verification method and apparatus, computer device, and storage medium
CN116192481A (en) Analysis method for secure communication mechanism between cloud computing server models
CN103152179A (en) Uniform identity authentication method suitable for multiple application systems
CN111954211B (en) Novel authentication key negotiation system of mobile terminal
CN106533693B (en) Access method and device of railway vehicle monitoring and overhauling system
JP2018529299A (en) Biometric protocol standard system and method
CN108632251B (en) Credible authentication method based on cloud computing data service and encryption algorithm thereof
WO2022148182A1 (en) Key management method and related device
CN113515756B (en) High-credibility digital identity management method and system based on block chain
CN114866346B (en) Password service platform based on decentralization
CN114760118B (en) Trust evaluation method with privacy protection in zero-trust architecture
Said et al. A multi-factor authentication-based framework for identity management in cloud applications
CN111538973A (en) Personal authorization access control system based on state cryptographic algorithm
CN115021927B (en) Administrator identity management and control method and system for cryptographic machine cluster
CN116684875A (en) Communication security authentication method for electric power 5G network slice
CN116208401A (en) Cloud master station access control method and device based on zero trust
Huang et al. A method for trusted usage control over digital contents based on cloud computing
CN111651776A (en) Access control record storage method and device
CN114978771B (en) Data security sharing method and system based on blockchain technology
Kaushik et al. Cloud computing security: attacks, threats, risk and solutions
US20240121083A1 (en) Secure restoration of private key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination