TWI512488B - Private cloud creation system and method thereof - Google Patents

Private cloud creation system and method thereof Download PDF

Info

Publication number
TWI512488B
TWI512488B TW102139668A TW102139668A TWI512488B TW I512488 B TWI512488 B TW I512488B TW 102139668 A TW102139668 A TW 102139668A TW 102139668 A TW102139668 A TW 102139668A TW I512488 B TWI512488 B TW I512488B
Authority
TW
Taiwan
Prior art keywords
host
channel
cloud server
reading device
cloud
Prior art date
Application number
TW102139668A
Other languages
Chinese (zh)
Other versions
TW201516700A (en
Inventor
Yung Feng Lu
Chin Fu Kuo
Original Assignee
Nat Taichung University Science & Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nat Taichung University Science & Technology filed Critical Nat Taichung University Science & Technology
Priority to TW102139668A priority Critical patent/TWI512488B/en
Publication of TW201516700A publication Critical patent/TW201516700A/en
Application granted granted Critical
Publication of TWI512488B publication Critical patent/TWI512488B/en

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Description

私有雲建立系統及其方法Private cloud establishment system and method thereof

下列敘述是有關於一種雲端建立系統其及方法,特別是,有關於一種具安全機制之個人化私有雲建立系統及其方法。
The following description relates to a cloud establishing system and method thereof, and in particular, to a personalized private cloud establishing system with security mechanism and a method thereof.

近年來由於免費雲端空間的盛行,公司及個人幾乎都免除不了與雲端產生連繫,因雲端可減少成本的增加以及帶來使用者的便利性,如使用Gmail、利用雲端空間儲存檔案或是利用雲端以分享資訊,使用者不需要再帶著笨重的硬碟以儲存檔案,只要申請雲端空間以儲存檔案並確定電腦或個人行動裝置能連上網路,即可利用雲端伺服器所提供的功能以進行檔案存取。In recent years, due to the prevalence of free cloud space, companies and individuals are almost inextricably linked to the cloud, because the cloud can reduce the cost increase and bring user convenience, such as using Gmail, using cloud space to store files or use To share information in the cloud, users don't need to carry a heavy hard drive to store files. Just apply for cloud space to save files and make sure that the computer or personal mobile device can connect to the network, you can use the functions provided by the cloud server. File access.

然而雲端所提供之便利性卻隱藏資料外洩的可能性,如果使用者在一電腦上使用雲端服務後卻忘了登出,或是使用者辦公室的電腦被有心人士所使用,一但被有心人士連上雲端後,使用者之個人檔案即馬上會遭到竊取,然而以目前雲端伺服器的功能尚無法提供如何辨別使用者之身份,故如何能同時兼顧使用者在使用雲端服務時的操作便利性及資料安全性,便成為一個重要的問題。However, the convenience provided by the cloud hides the possibility of data leakage. If the user forgets to log out after using the cloud service on a computer, or the computer in the user's office is used by people with a heart, once they are cared for. After the cloud is connected to the cloud, the user's personal profile will be stolen immediately. However, the current function of the cloud server does not provide information on how to identify the user. Therefore, how to simultaneously consider the user's operation when using the cloud service. Convenience and data security have become an important issue.

有鑒於止,本發明之發明人思索並設計一種新穎的私有雲建立系統及其方法,針對現有技術之缺失加以改進。
In view of the above, the inventors of the present invention contemplate and design a novel private cloud building system and method thereof, which are improved in view of the deficiencies of the prior art.

本發明實施例之態樣係針對一種私有雲建立系統及其方法,能夠同時兼顧使用者之操作便利性及資料安全性。The embodiment of the present invention is directed to a private cloud establishing system and method thereof, which can simultaneously consider user's operation convenience and data security.

基於上述目的,本發明揭露一種私有雲建立方法,其包含:a. 利用含有NFC晶片之一行動裝置感應一第一讀取裝置,使第一讀取裝置傳送對應行動裝置之一認證資訊至一第一主機;b. 自第一主機下載一通道建立參數至行動裝置;c. 利用行動裝置感應一第二讀取裝置,使第二讀取裝置根據通道建立參數產生一通道建立模組,並傳送通道建立模組至第一主機;d. 若第一主機確認通道建立模組為合法,傳送通道建立模組至雲端伺服器;e. 利用通道建立模組產生雲端伺服器與一第二主機之一安全通道;以及f. 利用安全通道進行第二主機與雲端伺服器之間的資料同步。Based on the above object, the present invention discloses a private cloud establishing method, which comprises: a. sensing a first reading device by using a mobile device containing one of the NFC chips, and causing the first reading device to transmit one of the corresponding mobile device authentication information to the first a first host; b. downloading a channel establishment parameter from the first host to the mobile device; c. sensing a second reading device by using the mobile device, causing the second reading device to generate a channel establishing module according to the channel establishment parameter, and The transmission channel establishes a module to the first host; d. if the first host confirms that the channel establishment module is legal, the transmission channel establishes a module to the cloud server; e. uses the channel establishment module to generate the cloud server and a second host One of the secure channels; and f. utilizes a secure channel for data synchronization between the second host and the cloud server.

更加地,認證資訊包含一金鑰、一密碼、一可執行時間、一IRQ、一或一環境參數,且金鑰、可執行時間及環境參數係經由密碼進行加密。More specifically, the authentication information includes a key, a password, an executable time, an IRQ, an one or an environmental parameter, and the key, the executable time, and the environmental parameter are encrypted by the password.

更佳地,其中第一讀取裝置及第二讀取裝置包含一NFC標籤、一手機、一NFC支付裝置或一免接觸式射頻識別讀卡機。More preferably, the first reading device and the second reading device comprise an NFC tag, a mobile phone, an NFC payment device or a contactless RFID card reader.

更佳地,資料同步包含自雲端伺服器下載並架設第二主機之工作環境,或自雲端伺服器同步更新第二主機之檔案。More preferably, the data synchronization includes downloading and setting up the working environment of the second host from the cloud server, or synchronously updating the file of the second host from the cloud server.

更佳地,通道建立模組包含雲端伺服器之安全識別碼、第二主機之安全識別碼、雲端伺服器之網路位址、第二主機之網路位址或一雜湊函數值。More preferably, the channel establishment module includes a security identifier of the cloud server, a security identifier of the second host, a network address of the cloud server, a network address of the second host, or a hash function value.

基於上述目的,本發明更揭露一種私有雲建立系統,其包含:一行動裝置,包含一NFC晶片;一第一讀取裝置,係提供行動裝置感應以傳送對應行動裝置之一認證資訊,並傳送通道建立參數至行動裝置;一第二讀取裝置,係提供行動裝置感應,並傳送根據通道建立參數以建立之一通道建立模組;一第一主機,係接收認證資訊以產生通道建立參數,並傳送通道建立參數至第一讀取裝置,或自第二讀取裝置接收通道建立模組,並傳送通過驗證之通道建立模組;以及一雲端伺服器單元,係從第一主機接收通道建立模組以產生連接一第二主機與雲端伺服器單元之一安全通道,其中安全通道係用以進行第二主機與雲端伺服器之間的資料同步。Based on the above object, the present invention further discloses a private cloud establishing system, comprising: a mobile device, comprising an NFC chip; and a first reading device, configured to provide a mobile device sensing to transmit one of the corresponding mobile device authentication information, and transmit The channel establishes parameters to the mobile device; a second reading device provides the mobile device sensing, and transmits a parameter establishing module according to the channel to establish a channel establishing module; and a first host receives the authentication information to generate a channel establishing parameter, And transmitting a channel establishment parameter to the first reading device, or receiving a channel establishing module from the second reading device, and transmitting a channel establishing module through the verification; and a cloud server unit, receiving channel establishment from the first host The module is configured to generate a secure channel for connecting a second host to the cloud server unit, wherein the secure channel is used for data synchronization between the second host and the cloud server.

更佳地,認證資訊包含一金鑰、一密碼、一可執行時間、一IRQ、或一環境參數,且金鑰、可執行時間及環境參數係經由密碼進行加密。More preferably, the authentication information includes a key, a password, an executable time, an IRQ, or an environmental parameter, and the key, the executable time, and the environmental parameter are encrypted by the password.

更佳地,第一讀取裝置及第二讀取裝置包含一NFC標籤、一手機、一NFC支付裝置或一免接觸式射頻識別讀卡機。More preferably, the first reading device and the second reading device comprise an NFC tag, a mobile phone, an NFC payment device or a contactless RFID card reader.

更佳地,資料同步包含自雲端伺服器下載並架設第二主機之工作環境,或自雲端伺服器同步更新第二主機之檔案。More preferably, the data synchronization includes downloading and setting up the working environment of the second host from the cloud server, or synchronously updating the file of the second host from the cloud server.

更佳地,通道建立模組包含雲端伺服器之安全識別碼、第二主機之安全識別碼、雲端伺服器之網路位址、第二主機之網路位址或一雜湊函數值。
More preferably, the channel establishment module includes a security identifier of the cloud server, a security identifier of the second host, a network address of the cloud server, a network address of the second host, or a hash function value.

1‧‧‧私有雲建立系統
2‧‧‧行動裝置
22‧‧‧智慧型手機
21‧‧‧NFC晶片
3‧‧‧第一主機
31‧‧‧通道建立參數
33‧‧‧認證主機
4‧‧‧第二主機
44‧‧‧辦公室主機
5‧‧‧第一讀取裝置
51‧‧‧認證資訊
55‧‧‧第一NFC支付裝置
6‧‧‧第二讀取裝置
66‧‧‧第二NFC支付裝置
61‧‧‧通道建立模組
7‧‧‧雲端伺服器
8‧‧‧安全通道
S1~S6‧‧‧步驟流程1‧‧‧Private Cloud Establishment System
2‧‧‧Mobile devices
22‧‧‧Smart mobile phones
21‧‧‧NFC chip
3‧‧‧First host
31‧‧‧Channel establishment parameters
33‧‧‧Authorized host
4‧‧‧Second host
44‧‧‧Office host
5‧‧‧First reading device
51‧‧‧Certification Information
55‧‧‧First NFC payment device
6‧‧‧Second reading device
66‧‧‧Second NFC payment device
61‧‧‧Channel building module
7‧‧‧Cloud Server
8‧‧‧Safe passage
S1~S6‧‧‧Step process

本發明之上述及其他特徵及優勢將藉由參照附圖詳細說明其例示性實施例而變得更顯而易知,其中:
第1圖係為根據本發明實施例之私有雲建立系統之方塊圖;
第2圖係為根據本發明之另一實施例之私有雲建立系統之示意圖;以及
第3圖係為根據本發明之第二實施例之私有雲建立方法之步驟流程圖。

The above and other features and advantages of the present invention will become more apparent from the detailed description of the exemplary embodiments thereof
1 is a block diagram of a private cloud creation system in accordance with an embodiment of the present invention;
2 is a schematic diagram of a private cloud establishment system according to another embodiment of the present invention; and FIG. 3 is a flow chart showing the steps of a private cloud establishment method according to a second embodiment of the present invention.

於此使用,詞彙“與/或”包含一或多個相關條列項目之任何或所有組合。當“至少其一”之敘述前綴於一元件清單前時,係修飾整個清單元件而非修飾清單中之個別元件。As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items. When the phrase "at least one of" is preceded by a list of elements, the entire list of elements is modified instead of the individual elements in the list.

請參閱第1圖,係為根據本發明實施例之私有雲建立系統之方塊圖。如第1圖所示,此私有雲建立系統1包含一具NFC(Near Field Communication)的晶片21行動裝置2,一第一主機3,一第二主機4,一第一讀取裝置5,一第二讀取裝置6,以及一雲端伺服器7,行動裝置2係包含一平板電腦、一智慧型手機、一智慧型手表或一智慧型眼鏡,第一讀取裝置5及第二讀取裝置6可包含一NFC標籤、一手機、一NFC支付裝置或一免接觸式射頻識別讀卡機,第一主機3及第二主機4可包含一電腦主機、一筆記型電腦、一工作站或一伺服器,雲端伺服器7可包含一工作站、一伺服器或一電腦主機。Please refer to FIG. 1 , which is a block diagram of a private cloud creation system according to an embodiment of the present invention. As shown in FIG. 1 , the private cloud establishment system 1 includes a NFC (Near Field Communication) chip 21 mobile device 2, a first host 3, a second host 4, and a first reading device 5, a second reading device 6, and a cloud server 7, the mobile device 2 comprising a tablet computer, a smart phone, a smart watch or a smart eyeglass, a first reading device 5 and a second reading device 6 may include an NFC tag, a mobile phone, an NFC payment device or a contactless RFID card reader. The first host 3 and the second host 4 may include a computer host, a notebook computer, a workstation or a servo. The cloud server 7 can include a workstation, a server or a computer host.

第一讀取裝置5係提供此行動裝置2進行感應,而進行感應後即產生對應此行動裝置2之一認證資訊51,並透過網路以傳送到第一主機3,第一主機3根據收到之認證資訊51產生一通道建立參數31,並將此通道建立參數31利用第一讀取裝置5傳送到行動裝置2上。The first reading device 5 provides the mobile device 2 for sensing, and after sensing, generates authentication information 51 corresponding to the mobile device 2, and transmits the information to the first host 3 through the network, and the first host 3 receives the data. The authentication information 51 is generated to generate a channel establishment parameter 31, and the channel establishment parameter 31 is transmitted to the mobile device 2 by the first reading device 5.

當使用者前往具有一第二讀取裝置6之位置時,此時使用者可利用第二讀取裝置6和行動裝置2進行感應,在進行感應的同時,第二讀取裝置6根據行動裝置2上的通道建立參數31產生一通道建立模組61,並將此通道建立模組61傳送到第一主機3上,此時第一主機3會先確認此通道建立模組61中之相關參數,若通過確認則會傳送此通道建立模組61至雲端伺服器7,雲端伺服器7根據通道建立模組61中所含有的第二主機4之網路位置資訊,建立一安全通道以連接雲端伺服器7及第二主機4,並透過此安全通道以進行雲端伺服器7和第二主機4間之檔案同步或是自雲端伺服器7下載第二主機4所需之工作環境設定。When the user goes to the position with a second reading device 6, the user can use the second reading device 6 and the mobile device 2 to sense the second reading device 6 according to the mobile device while performing the sensing. The channel establishment parameter 31 on the 2 generates a channel establishment module 61, and transmits the channel establishment module 61 to the first host 3. At this time, the first host 3 first confirms the relevant parameters in the channel establishment module 61. If the channel establishment module 61 is sent to the cloud server 7, the cloud server 7 establishes a secure channel to connect to the cloud according to the network location information of the second host 4 included in the channel establishment module 61. The server 7 and the second host 4 use the secure channel to perform file synchronization between the cloud server 7 and the second host 4 or to download the working environment settings required by the second host 4 from the cloud server 7.

值得一提的是,在此發明中,行動裝置2之NFC晶片21可讓人們經由『嗶!』感應一下NFC貼紙或NFC支付裝置的動作以完成感應。採用此NFC解決方案,人們僅須用最簡單的操作行為將裝置靠近NFC貼紙,便可以獲得相對資訊,資訊內容可透過網路上各種不同應用服務整合,例如資料的傳遞、記錄與回饋等,服務整合面向越廣泛,使用者被包覆程度越高,相對日後對服務依賴性也會逐漸變重。再加上國外目前針對NFC則已經設計相關支付服務,其加密、安全控管技術上算是相當成熟,手持裝置解決生活所有大大小小事將是一可預見、期待之未來。It is worth mentioning that in this invention, the NFC chip 21 of the mobile device 2 allows people to pass the "哔! 』 Sensing the action of the NFC sticker or NFC payment device to complete the induction. With this NFC solution, people can obtain relative information by simply bringing the device closer to the NFC sticker with the simplest operation behavior. The information content can be integrated through various application services on the network, such as data transmission, recording and feedback, etc. The more comprehensive the integration, the higher the user's coverage, and the relative dependence on services will gradually become heavier. In addition, foreign countries have already designed related payment services for NFC. The encryption and security control technologies are quite mature. It is a foreseeable and anticipating future for handheld devices to solve all the big and small things in life.

請參閱第2圖,係為根據本發明之另一實施例之私有雲建立系統之示意圖。如第2圖所示,當使用者想要離開家中前往辦公室上班時,此時可將含有NFC晶片21之智慧型手機22對第一NFC支付裝置55進行感應,感應後由第一NFC支付裝置傳送相對應此NFC晶片21之一認證資訊51至一認證主機33,並由此認證主33根據此認證資訊51產生一通道建立參數31,並回傳此通道建立參數31至智慧型手機22上,其中此認證資訊51可包含一金鑰、一密碼、一可執行時間、一IRQ建立名稱、或一環境建立參數g,且此密碼可用來對金鑰、可達行時間、IRQ建立名稱及環境建立參數g進行加密,而道道建立參數31可包含雲端伺服器7之IP、智慧型手機之IP、使用者名稱、IRQ建立名稱、環境建立參數之名稱或一暫時環境建立參數gNCPlease refer to FIG. 2, which is a schematic diagram of a private cloud establishment system according to another embodiment of the present invention. As shown in FIG. 2, when the user wants to leave the home and go to work in the office, the smart phone 22 containing the NFC chip 21 can be sensed to the first NFC payment device 55, and the first NFC payment device is sensed. The authentication information 51 corresponding to the NFC chip 21 is transmitted to an authentication host 33, and the authentication master 33 generates a channel establishment parameter 31 based on the authentication information 51, and returns the channel establishment parameter 31 to the smart phone 22. The authentication information 51 may include a key, a password, an executable time, an IRQ establishment name, or an environment establishment parameter g, and the password may be used to establish a name for the key, the reachable time, and the IRQ. The environment establishment parameter g is encrypted, and the channel establishment parameter 31 may include the IP of the cloud server 7, the IP of the smart phone, the user name, the IRQ establishment name, the name of the environment establishment parameter, or a temporary environment establishment parameter gNC .

而當使用者到達辦公室後,此時則須再把智慧型手機22對辦公室中的第二NFC支付裝置66進行感應,此時第二NFC支付裝置66會根據智慧型手機22中之通道建立參數31而產生一通道建立模組61,並透過網路傳送此通道建立模組61至認證主機33上,此通道建立模組61可包含雲端伺服器7之一安全識別碼、辦公室電腦44之一安全識別碼、雲端伺服器7之一網路位址,辦公室電腦44之一網路位址或一雜湊函數值,此時認證主機33會確認此通道建立模組61是否為合法,若是,則透過網路傳送此通道建立模組61至雲端伺服器7,雲端伺服器7則根據此通道建立模組61上之辦公室電腦44之網路位址建立一安全通道8,使用者的辦公室電腦44便可以利用此安全通道8從雲端伺服器7下載所需要的工作環境參數或是進行最新的檔案同步。When the user arrives at the office, the smart phone 22 is required to sense the second NFC payment device 66 in the office, and the second NFC payment device 66 establishes parameters according to the channel in the smart phone 22. A channel creation module 61 is generated and transmitted through the network to the authentication host 33. The channel establishment module 61 can include one of the cloud server 7 security identification codes and one of the office computers 44. The security identifier, a network address of the cloud server 7, a network address of the office computer 44, or a hash function value, at this time, the authentication host 33 confirms whether the channel establishment module 61 is legal, and if so, The channel establishing module 61 is sent to the cloud server 7 through the network, and the cloud server 7 establishes a secure channel 8 according to the network address of the office computer 44 on the channel establishing module 61, and the user's office computer 44 The secure channel 8 can be used to download the required working environment parameters from the cloud server 7 or to perform the latest file synchronization.

此種方式極適合在一需進行保密的辦公室或研究室中,在研究人員離開研究室後,則電腦中的工作環境則可依據認證資訊中所包含的可執行時間以進行消除,即使是駭客入侵到此研究室的電腦中,一但沒有執行的工作環境,此駭客也無法進行不法之行為,再者此認證資訊是依據第一讀取裝置之位置所產生,通常此位置可位於使用者之家中,換句話說,旁人無法進到此使用者之家中,故此認證資訊亦具備有一位置導向之認證,能夠產生攜帶此認證資訊之使用者,則必須是從第一讀取裝置取得該認證資訊,而能從置放此第一讀取裝置的地方來去自如者,基本上只有使用者本人,故可以更進一步地加強對使用者身份之確認。This method is very suitable for use in an office or research room where confidentiality is required. After the researcher leaves the research room, the working environment in the computer can be eliminated according to the executable time included in the certification information, even if it is The guest invades the computer in the laboratory. Once the working environment is not executed, the hacker cannot perform illegal activities. The authentication information is generated according to the location of the first reading device. Usually, the location can be located. In the user's home, in other words, the other person cannot enter the user's home. Therefore, the authentication information also has a location-oriented authentication. The user who can carry the authentication information must obtain the first reading device. The authentication information can be freely located from the place where the first reading device is placed, and basically only the user himself, so that the confirmation of the user identity can be further enhanced.

請參閱第3圖,係為根據本發明之第二實施例之私有雲建立方法之步驟流程圖。如第3圖所示,步驟S1利用含有NFC晶片之一行動裝置感應一第一讀取裝置,使第一讀取裝置傳送對應此行動裝置之一認證資訊至一第一主機,如第2圖中利用智慧型手機22對第一NFC支付裝置55進行感應以傳送認識資訊51,步驟S2自第一主機下載一通道建立參數至行動裝置,如第2圖中下載通道建立參數31至智慧型手機22上,步驟S3利用行動裝置感應一第二讀取裝置,使第二讀取裝置根據通道建立參數產生一通道建立模組,並傳送通道建立模組至第一主機,如第2圖中之智慧型手機2感應第二NFC支付裝置66以傳送通道建立模組61,步驟S4由第一主機確認此通道建立模組是否為合法,若是則傳送此通道建立模組至雲端伺服器上,如第2圖中通道建立模組61之傳送,步驟S5 利用通道建立模組產生一連接雲端伺服器與一第二主機之一安全通道,最後,步驟S6 利用此安全通道進行第二主機與雲端伺服器之一資料同步,如第2圖中安全通道8之建立。Please refer to FIG. 3, which is a flow chart of the steps of the private cloud establishing method according to the second embodiment of the present invention. As shown in FIG. 3, step S1 uses a mobile device including one of the NFC chips to sense a first reading device, so that the first reading device transmits one of the authentication devices corresponding to the mobile device to a first host, as shown in FIG. The first NFC payment device 55 is sensed by the smart phone 22 to transmit the recognition information 51, and the step S2 downloads a channel establishment parameter from the first host to the mobile device, such as download channel establishment parameter 31 to the smart phone in FIG. 22, step S3 uses a mobile device to sense a second reading device, so that the second reading device generates a channel establishing module according to the channel establishment parameter, and transmits the channel establishing module to the first host, as shown in FIG. The smart phone 2 senses the second NFC payment device 66 to transmit the channel establishment module 61. In step S4, the first host confirms whether the channel establishment module is legal, and if so, transmits the channel establishment module to the cloud server, such as In FIG. 2, the channel establishment module 61 transmits, and the step S5 uses the channel establishment module to generate a secure channel connecting the cloud server and a second host. Finally, the secure channel is used in step S6. One row is synchronized with the second host server data cloud, as in the second figure of 8 to establish a secure channel.

由以上可知,透過此發明所揭露之私有雲建立系統及其方法,使用者在辦公室中的電腦即變成只有使用者能夠進行和使用者所申請的雲端空間進行同步,由於認證資訊必須由第一讀取裝置產生(而假設此第一讀取裝置是位在使用者家中),利用位置資訊(使用者之家中)來產生此認證資訊可有效地辨識出使用者之身分,旁人若想要憑空彷照此認證資訊亦不得其門而入,因為可以增加使用者在使用此雲端服務時之一安全性,且透過行動裝置上之NFC晶片感應更可增加使用者之一操作便利性。It can be seen from the above that through the private cloud establishing system and the method disclosed by the invention, the user's computer in the office becomes only the user can synchronize with the cloud space applied by the user, since the authentication information must be first The reading device is generated (provided that the first reading device is located in the user's home), and the location information (in the user's home) is used to generate the authentication information, which can effectively identify the user's identity, and others want to go out of thin air. Modeling this certification information is also inaccessible because it can increase the security of the user when using the cloud service, and the NFC chip sensing on the mobile device can increase the convenience of the user.

雖然本發明已參照其例示性實施例而特別地顯示及描述,將為所屬技術領域具通常知識者所理解的是,於不脫離以下申請專利範圍及其等效物所定義之本發明之精神與範疇下可對其進行形式與細節上之各種變更。

The present invention has been particularly shown and described with reference to the exemplary embodiments thereof, and it is understood by those of ordinary skill in the art Various changes in form and detail can be made in the context of the category.

 

1‧‧‧私有雲建立系統1‧‧‧Private Cloud Establishment System

2‧‧‧行動裝置2‧‧‧Mobile devices

21‧‧‧NFC晶片21‧‧‧NFC chip

3‧‧‧第一主機3‧‧‧First host

31‧‧‧通道建立參數31‧‧‧Channel establishment parameters

4‧‧‧第二主機4‧‧‧Second host

5‧‧‧第一讀取裝置5‧‧‧First reading device

51‧‧‧認證資訊51‧‧‧Certification Information

6‧‧‧第二讀取裝置6‧‧‧Second reading device

61‧‧‧通道建立模組61‧‧‧Channel building module

7‧‧‧雲端伺服器7‧‧‧Cloud Server

Claims (10)

一種私有雲建立方法,其包含:a. 利用含有NFC晶片之一行動裝置感應一第一讀取裝置,使該第一讀取裝置傳送對應該行動裝置之一認證資訊至一第一主機;b. 自該第一主機下載一通道建立參數至該行動裝置;c. 利用該行動裝置感應一第二讀取裝置,使該第二讀取裝置根據該通道建立參數產生一通道建立模組,並傳送該通道建立模組至該第一主機;d. 若該第一主機確認該通道建立模組為合法,傳送該通道建立模組至該雲端伺服器;e. 利用該通道建立模組產生該雲端伺服器與一第二主機之一安全通道;以及f. 利用該安全通道進行該第二主機與該雲端伺服器之間的資料同步。A private cloud establishing method, comprising: a. sensing a first reading device by using a mobile device including an NFC chip, causing the first reading device to transmit authentication information corresponding to one of the mobile devices to a first host; b Downloading a channel establishment parameter from the first host to the mobile device; c. using the mobile device to sense a second reading device, and causing the second reading device to generate a channel establishing module according to the channel establishment parameter, and Transmitting the channel establishment module to the first host; d. if the first host confirms that the channel establishment module is legal, transmitting the channel establishment module to the cloud server; e. using the channel establishment module to generate the a secure channel between the cloud server and a second host; and f. using the secure channel to synchronize data between the second host and the cloud server. 如申請專利範圍第1項所述之私有雲建立方法,其中該認證資訊包含一金鑰、一密碼、一可執行時間、一IRQ、或環境參數,且該金鑰、該可執行時間及該環境參數係經由該密碼進行加密。The private cloud establishing method according to claim 1, wherein the authentication information includes a key, a password, an executable time, an IRQ, or an environmental parameter, and the key, the executable time, and the The environmental parameters are encrypted via the password. 如申請專利範圍第1項所述之私有雲建立方法,其中該第一讀取裝置及該第二讀取裝置包含一NFC標籤、一手機、一NFC支付裝置或一免接觸式射頻識別讀卡機。The private cloud establishing method according to claim 1, wherein the first reading device and the second reading device comprise an NFC tag, a mobile phone, an NFC payment device or a contactless RFID card. machine. 如申請專利範圍第1項所述之私有雲建立方法,其中該資料同步包含自該雲端伺服器下載並架設該第二主機之工作環境,或自該雲端伺服器同步更新該第二主機之檔案。The private cloud establishment method of claim 1, wherein the data synchronization comprises downloading and setting up a working environment of the second host from the cloud server, or synchronously updating the file of the second host from the cloud server. . 如申請專利範圍第1項所述之私有雲建立方法,其中該通道建立模組包含該雲端伺服器之安全識別碼、該第二主機之安全識別碼、該雲端伺服器之網路位址、該第二主機之網路位址或一雜湊函數值。The private cloud establishment method of claim 1, wherein the channel establishment module includes a security identifier of the cloud server, a security identifier of the second host, a network address of the cloud server, The network address or a hash function value of the second host. 一種私有雲建立系統,其包含:一行動裝置,包含一NFC晶片;一第一讀取裝置,係提供該行動裝置感應以傳送對應該行動裝置之一認證資訊,並傳送一通道建立參數至該行動裝置;一第二讀取裝置,係提供該行動裝置感應,並傳送根據該通道建立參數以建立之一通道建立模組;一第一主機,係接收該認證資訊以產生該通道建立參數,並傳送該通道建立參數至該第一讀取裝置,或自該第二讀取裝置接收該通道建立模組,並傳送通過驗證之該通道建立模組;以及一雲端伺服器單元,係從該第一主機接收該通道建立模組以產生連接一第二主機與該雲端伺服器單元之一安全通道,其中該安全通道係用以進行該第二主機與該雲端伺服器之間的資料同步。A private cloud establishing system, comprising: a mobile device comprising an NFC chip; a first reading device providing the mobile device sensing to transmit authentication information corresponding to one of the mobile devices, and transmitting a channel establishing parameter to the a second reading device that provides sensing of the mobile device and transmits a parameter based on the channel to establish a channel establishing module; a first host receives the authentication information to generate the channel establishing parameter, And transmitting the channel establishment parameter to the first reading device, or receiving the channel establishing module from the second reading device, and transmitting the channel establishing module by verifying; and a cloud server unit, The first host receives the channel establishment module to generate a secure channel connecting a second host and the cloud server unit, wherein the secure channel is used for data synchronization between the second host and the cloud server. 如申請專利範圍第6項所述之私有雲建立系統,其中該認證資訊包含一金鑰、一密碼、一可執行時間、一IRQ、或一環境參數,且該金鑰、該可執行時間及該環境參數係經由該密碼進行加密。The private cloud establishment system of claim 6, wherein the authentication information includes a key, a password, an executable time, an IRQ, or an environmental parameter, and the key, the executable time, and The environmental parameter is encrypted via the password. 如申請專利範圍第6項所述之私有雲建立系統,其中該第一讀取裝置及該第二讀取裝置包含一NFC標籤、一手機、一NFC支付裝置或一免接觸式射頻識別讀卡機。The private cloud establishing system of claim 6, wherein the first reading device and the second reading device comprise an NFC tag, a mobile phone, an NFC payment device or a contactless RFID card. machine. 如申請專利範圍第6項所述之私有雲建立系統,其中該資料同步包含自該雲端伺服器下載並架設該第二主機之工作環境,或自該雲端伺服器同步更新該第二主機之檔案。The private cloud establishing system of claim 6, wherein the data synchronization comprises downloading and setting up a working environment of the second host from the cloud server, or synchronously updating the file of the second host from the cloud server. . 如申請專利範圍第6項所述之私有雲建立系統,其中該通道建立模組包含該雲端伺服器之安全識別碼、該第二主機之安全識別碼、該雲端伺服器之網路位址、該第二主機之網路位址或一雜湊函數值。
The private cloud establishment system of claim 6, wherein the channel establishment module includes a security identifier of the cloud server, a security identifier of the second host, a network address of the cloud server, The network address or a hash function value of the second host.
TW102139668A 2013-10-31 2013-10-31 Private cloud creation system and method thereof TWI512488B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW102139668A TWI512488B (en) 2013-10-31 2013-10-31 Private cloud creation system and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW102139668A TWI512488B (en) 2013-10-31 2013-10-31 Private cloud creation system and method thereof

Publications (2)

Publication Number Publication Date
TW201516700A TW201516700A (en) 2015-05-01
TWI512488B true TWI512488B (en) 2015-12-11

Family

ID=53720342

Family Applications (1)

Application Number Title Priority Date Filing Date
TW102139668A TWI512488B (en) 2013-10-31 2013-10-31 Private cloud creation system and method thereof

Country Status (1)

Country Link
TW (1) TWI512488B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100043056A1 (en) * 2008-08-14 2010-02-18 Microsoft Corporation Portable device association
TW201215180A (en) * 2010-08-16 2012-04-01 Research In Motion Ltd Communication system providing wireless authentication for private data access and related methods
TW201334444A (en) * 2012-02-02 2013-08-16 Univ Nat Taiwan Science Tech System and method for providing secure connection to near field communication devices

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100043056A1 (en) * 2008-08-14 2010-02-18 Microsoft Corporation Portable device association
TW201215180A (en) * 2010-08-16 2012-04-01 Research In Motion Ltd Communication system providing wireless authentication for private data access and related methods
TW201334444A (en) * 2012-02-02 2013-08-16 Univ Nat Taiwan Science Tech System and method for providing secure connection to near field communication devices

Also Published As

Publication number Publication date
TW201516700A (en) 2015-05-01

Similar Documents

Publication Publication Date Title
US9741033B2 (en) System and method for point of sale payment data credentials management using out-of-band authentication
Nieto et al. Digital witness: Safeguarding digital evidence by using secure architectures in personal devices
CN204948095U (en) Authenticate device and the mutual system guaranteeing between application program and user
US11284260B1 (en) Augmented reality security access
US8880027B1 (en) Authenticating to a computing device with a near-field communications card
EP2893736B1 (en) Method, apparatus, and system for providing and using a trusted tag
US20150281227A1 (en) System and method for two factor user authentication using a smartphone and nfc token and for the automatic generation as well as storing and inputting of logins for websites and web applications
US9256723B2 (en) Security key using multi-OTP, security service apparatus, security system
CN108293045A (en) Single-sign-on Identity Management between local and remote system
KR101575687B1 (en) Biometrics user authentication method
CN106157025A (en) The mobile terminal safety method of payment of identity-based card and system
JP2014527374A (en) Identification device and method
JP2016536889A (en) Authentication system, transmitting terminal, receiving terminal, and authority authentication method
MY166564A (en) A system and method for privacy management for internet of things services
EP3937040B1 (en) Systems and methods for securing login access
CN108616652A (en) Data guard method and device, terminal, computer readable storage medium
US20130315392A1 (en) Method for displaying readable contents on a mobile reading device in a location-restricted manner
EP3122017A1 (en) Systems and methods of authenticating and controlling access over customer data
US11252145B2 (en) Cross-device access to one-time passwords
TWI512488B (en) Private cloud creation system and method thereof
CN107070663B (en) Mobile terminal-based field authentication method and field authentication system
KR20120043320A (en) Web-site login method using a storage device for fingerprint recognizing
KR101603988B1 (en) System for context-aware service
Xue et al. A biometric-based IoT device identity authentication scheme
US20150319180A1 (en) Method, device and system for accessing a server

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees