CN112073410A - Cloud data secure transmission control method based on aging - Google Patents
Cloud data secure transmission control method based on aging Download PDFInfo
- Publication number
- CN112073410A CN112073410A CN202010929198.7A CN202010929198A CN112073410A CN 112073410 A CN112073410 A CN 112073410A CN 202010929198 A CN202010929198 A CN 202010929198A CN 112073410 A CN112073410 A CN 112073410A
- Authority
- CN
- China
- Prior art keywords
- cloud
- security
- cloud service
- data
- end user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
一种基于时效的云数据安全传输控制方法,属于网络安全技术领域。本发明包括以下步骤:双向认证;安全算法动态分配;添加云服务安全时间容忍度;云数据安全传输控制;本发明对云服务商和端用户之间进行双向认证,并能够进行算法协商和密钥协商,从而实现云服务的接入安全;提出云服务安全时间容忍度和安全算法池概念,对数据传输双方进行安全算法动态分配,并通过云可疑数据包丢弃机制和云数据安全传输控制机制,实现云服务的数据传输安全。
A time-based cloud data security transmission control method belongs to the technical field of network security. The invention includes the following steps: bidirectional authentication; dynamic allocation of security algorithms; adding cloud service security time tolerance; cloud data security transmission control; the invention performs bidirectional authentication between cloud service providers and end users, and can perform algorithm negotiation and encryption key negotiation to realize the access security of cloud services; put forward the concept of cloud service security time tolerance and security algorithm pool, dynamically allocate security algorithms to both parties of data transmission, and use cloud suspicious data packet discarding mechanism and cloud data security transmission control mechanism , to realize the data transmission security of cloud services.
Description
技术领域technical field
本发明属于网络安全技术领域,具体涉及云数据安全传输控制方法。The invention belongs to the technical field of network security, and in particular relates to a cloud data security transmission control method.
背景技术Background technique
随着云计算的快速发展,云计算服务的安全性已成为制约其广泛应用的关键因素。云数据安全可分为云存储安全、云计算安全和云传输安全。云存储和云计算都是发生在云服务提供商,只要提供足够的安全措施,其安全性完全可做到可管可控;而云传输是发生在云服务提供商和端用户之间,攻击者可以通过有线或空口接入方式,对传输数据进行破坏、篡改和伪造,从而破坏数据的机密性、完整性和可用性。无论云提供何种服务模式,在云服务提供商和端用户间都需要传输数据,但在目前开放的互联网环境下,数据传输安全已成为云计算服务中最薄弱的环节。With the rapid development of cloud computing, the security of cloud computing services has become a key factor restricting its wide application. Cloud data security can be divided into cloud storage security, cloud computing security and cloud transmission security. Both cloud storage and cloud computing occur in cloud service providers. As long as sufficient security measures are provided, their security can be fully manageable and controllable; while cloud transmission occurs between cloud service providers and end users. Attacks The user can destroy, tamper and forge the transmitted data through wired or air interface access, thereby destroying the confidentiality, integrity and availability of the data. No matter what service mode the cloud provides, data needs to be transmitted between cloud service providers and end users, but in the current open Internet environment, data transmission security has become the weakest link in cloud computing services.
国内外学者在保证云数据传输过程中数据的机密性、完整性和可用性方面作了大量的研究工作:为了保护数据的隐私,数据在云端应该以密文形式存放,但是加密的方式又带来了运算上的开销,因此要以尽可能小的计算开销带来可靠的数据机密性;为了保护用户行为信息的隐私,云服务器要保证用户匿名使用云资源和安全记录数据起源;远程数据完整性验证是解决这一问题的好方法,其能够在不下载用户数据的情况下,仅仅根据数据标识和服务器对于挑战码的响应就可以对数据的完整性进行验证;网络访问控制是指云基础设施中主机之间彼此互相访问的控制。Scholars at home and abroad have done a lot of research work on ensuring the confidentiality, integrity and availability of data during cloud data transmission: in order to protect the privacy of data, data should be stored in the form of cipher text in the cloud, but encryption brings In order to protect the privacy of user behavior information, the cloud server must ensure that users use cloud resources anonymously and securely record the origin of data; remote data integrity Authentication is a good way to solve this problem. It can verify the integrity of the data only based on the data identification and the server's response to the challenge code without downloading user data; network access control refers to cloud infrastructure control of mutual access between hosts.
虽然这些研究对于保障云数据传输的安全性起到了一定的有效作用,但对于识别可疑数据包,杜绝暴力破解后的伪造数据包对传输数据安全性的影响还没有很好的解决方案。Although these studies have played a certain effective role in ensuring the security of cloud data transmission, there is no good solution for identifying suspicious data packets and preventing the impact of forged data packets after brute force cracking on the security of transmitted data.
基于此,本专利提出一种时效的云数据安全传输控制方法,提出云服务安全时间容忍度和安全算法池概念,并对数据传输双方进行双向认证,以及安全算法和安全密钥动态分配,拟通过基于认证和密钥协商的双向认证机制、基于安全算法池动态分配的云数据安全传输控制机制和基于云服务安全时间容忍度的可疑数据包丢弃机制等关键技术,以实现云服务数据传输的机密性、完整性和可用性。Based on this, this patent proposes a time-sensitive cloud data security transmission control method, proposes the concept of cloud service security time tolerance and security algorithm pool, performs two-way authentication for both parties of data transmission, and dynamically allocates security algorithms and security keys. Through key technologies such as the two-way authentication mechanism based on authentication and key agreement, the cloud data security transmission control mechanism based on the dynamic allocation of the security algorithm pool, and the suspicious data packet discarding mechanism based on the cloud service security time tolerance, the cloud service data transmission is realized. Confidentiality, Integrity and Availability.
发明内容SUMMARY OF THE INVENTION
本发明提供了一种基于时效的云数据安全传输控制方法,步骤如下:The invention provides a time-based cloud data security transmission control method, the steps are as follows:
步骤1,在云服务商和端用户之间进行双向认证;Step 1: Two-way authentication is performed between the cloud service provider and the end user;
步骤2,通过云管控中心进行安全算法动态分配;Step 2: Dynamic allocation of security algorithms through the cloud management and control center;
步骤3,传输方端用户在源数据上添加云服务安全时间容忍度,所述云服务安全时间容忍度是一个表示在某个时间范围内云数据传输服务是安全的时间量,其与安全算法的强度以及云服务任务的迫切性有关;将数据发送给接收方端用户;Step 3, the transmitting end user adds the cloud service security time tolerance to the source data. The cloud service security time tolerance is a time amount indicating that the cloud data transmission service is safe within a certain time range, which is related to the security algorithm. It is related to the strength of the cloud service and the urgency of the cloud service task; send the data to the recipient end user;
步骤4,接收方端用户比对发送和接收时的时间,两者之差超过所述云服务安全时间容忍度,则认为此数据包为可疑的,将上述可疑的数据包丢弃,并要求重发。Step 4, the user on the receiver side compares the time of sending and receiving, and the difference between the two exceeds the security time tolerance of the cloud service, then the data packet is considered suspicious, the above-mentioned suspicious data packet is discarded, and it is required to be repeated. send.
特别地,其中步骤1具体包括:云服务商提供给端用户安全证书,双方共同保存一个密钥;然后使用这个密钥,云服务商通过网络发送随机数试探端用户,端用户就可以获取认证令牌、加密算法、加密密钥、完整性算法、完整性密钥;端用户接收到一个用于检验云服务商是否是真实云服务商的认证令牌,并计算认证响应发送给云服务商以获得接入;云服务商对认证响应进行认证,从而完成双向认证。In particular, step 1 specifically includes: the cloud service provider provides the end user with a security certificate, and both parties jointly save a key; then using this key, the cloud service provider sends a random number to test the end user through the network, and the end user can obtain the authentication Token, encryption algorithm, encryption key, integrity algorithm, integrity key; the end user receives an authentication token used to verify whether the cloud service provider is a real cloud service provider, and calculates the authentication response and sends it to the cloud service provider In order to obtain access; the cloud service provider authenticates the authentication response to complete the two-way authentication.
特别地,其中步骤2具体包括:在云管控中心设置安全算法资源池,其中包括多个加密算法和完整性算法,当云服务商和端用户间需要进行数据传输时,利用在双向认证期间由云管控中心给双方动态分配的相同的加密算法和完整性算法;并当此次服务的传输数据任务完成后,释放所述加密算法和完整性算法。In particular, step 2 specifically includes: setting up a security algorithm resource pool in the cloud management and control center, which includes multiple encryption algorithms and integrity algorithms. When data transmission is required between the cloud service provider and the end user, use the The cloud management and control center dynamically allocates the same encryption algorithm and integrity algorithm to both parties; and when the data transmission task of this service is completed, the encryption algorithm and integrity algorithm are released.
本发明还提供了一种基于时效的云数据安全传输控制系统,该系统包括云服务商,端用户,云管控中心,其特征在于:云服务商和端用户之间进行双向认证;通过云管控中心进行安全算法动态分配;所述传输方在源数据上添加云服务安全时间容忍度,所述云服务安全时间容忍度是一个表示在某个时间范围内云数据传输服务是安全的时间量,其与安全算法的强度以及云服务任务的迫切性有关;将数据发送给接收方端用户;The invention also provides a time-based cloud data security transmission control system, the system includes a cloud service provider, an end user, and a cloud management and control center, and is characterized in that: two-way authentication is performed between the cloud service provider and the end user; The center performs dynamic allocation of security algorithms; the transmission party adds a cloud service security time tolerance to the source data, and the cloud service security time tolerance is a time amount that indicates that the cloud data transmission service is safe within a certain time range, It is related to the strength of the security algorithm and the urgency of the cloud service task; sending data to the recipient end user;
传输方端用户在源数据上添加云服务安全时间容忍度,所述云服务安全时间容忍度是一个表示在某个时间范围内云数据传输服务是安全的时间量,其与安全算法的强度以及云服务任务的迫切性有关;将数据发送给接收方端用户;接收方端用户比对发送和接收时的时间,两者之差超过所述云服务安全时间容忍度,则认为此数据包为可疑的,将上述可疑的数据包丢弃,并要求重发。The transmitting end user adds the cloud service security time tolerance to the source data, and the cloud service security time tolerance is a time amount indicating that the cloud data transmission service is safe within a certain time range, which is related to the strength of the security algorithm and the It is related to the urgency of the cloud service task; the data is sent to the receiving end user; the receiving end user compares the sending and receiving time, and the difference between the two exceeds the cloud service security time tolerance, then the data packet is considered as If suspicious, the above suspicious data packets are discarded and retransmission is required.
特别地,其中云服务商和端用户之间进行双向认证具体包括:云服务商提供给端用户安全证书,双方共同保存一个密钥;然后使用这个密钥,云服务商通过网络发送随机数试探端用户,端用户就可以获取认证令牌、加密算法、加密密钥、完整性算法、完整性密钥;端用户接收到一个用于检验云服务商是否是真实云服务商的认证令牌,并计算认证响应发送给云服务商以获得接入;云服务商对认证响应进行认证,从而完成双向认证。In particular, the two-way authentication between the cloud service provider and the end user specifically includes: the cloud service provider provides the end user with a security certificate, and both parties jointly save a key; then using this key, the cloud service provider sends a random number through the network to test The end user can obtain the authentication token, encryption algorithm, encryption key, integrity algorithm, and integrity key; the end user receives an authentication token used to verify whether the cloud service provider is a real cloud service provider, And calculate the authentication response and send it to the cloud service provider to obtain access; the cloud service provider authenticates the authentication response to complete the two-way authentication.
特别地,其中通过云管控中心进行安全算法动态分配具体包括:在云管控中心设置安全算法资源池,其中包括多个加密算法和完整性算法,当云服务商和端用户间需要进行数据传输时,利用在双向认证期间由云管控中心给双方动态分配的相同的加密算法和完整性算法;并当此次服务的传输数据任务完成后,释放所述加密算法和完整性算法。In particular, the dynamic allocation of security algorithms through the cloud management and control center specifically includes: setting up a security algorithm resource pool in the cloud management and control center, including multiple encryption algorithms and integrity algorithms, when data transmission between cloud service providers and end users is required. , using the same encryption algorithm and integrity algorithm dynamically allocated by the cloud management and control center to both parties during the two-way authentication; and when the data transmission task of this service is completed, the encryption algorithm and integrity algorithm are released.
附图说明Description of drawings
图1为本发明的实现流程图;Fig. 1 is the realization flow chart of the present invention;
图2为本发明中双向认证的过程;Fig. 2 is the process of two-way authentication in the present invention;
图3为本发明中基于时效的云数据安全传输控制流程;Fig. 3 is the cloud data security transmission control flow based on aging in the present invention;
图4为本发明中云数据安全传输控制验证环境拓扑图。FIG. 4 is a topology diagram of a cloud data security transmission control verification environment in the present invention.
具体实施方式Detailed ways
图1为本发明的实现流程图,各部分的具体实施方式如下:Fig. 1 is the realization flow chart of the present invention, and the specific embodiment of each part is as follows:
步骤1、在云服务商和端用户之间进行双向认证Step 1. Two-way authentication between the cloud service provider and the end user
云服务商提供给用户安全证书,双方共同保存一个密钥K,并且只有云服务商和端用户可得到这个秘密密钥。云服务商收到来自端用户的认证请求后,发送一个包含n个认证向量AV的有序数组给端用户,认证向量基于序列号排序,每个认证向量六元组由下列元素组成:随机数RAND、期望的响应XRES、加密算法号CNUM、加密密钥CK、完整性算法号INUM和认证令牌AUTN;加密算法号通过RAND对加密算法的个数求余获得,并唯一标识一个加密算法,完整性算法号通过RAND对完整性算法的个数求余获得,并唯一标识一个完整性算法。The cloud service provider provides the user with a security certificate, and both parties jointly keep a key K, and only the cloud service provider and the end user can obtain this secret key. After receiving the authentication request from the end user, the cloud service provider sends an ordered array containing n authentication vectors AV to the end user. The authentication vectors are sorted based on the sequence number. Each authentication vector hexagram consists of the following elements: random number RAND, expected response XRES, encryption algorithm number CNUM, encryption key CK, integrity algorithm number INUM and authentication token AUTN; the encryption algorithm number is obtained by taking the remainder of the number of encryption algorithms by RAND, and uniquely identifies an encryption algorithm, The integrity algorithm number is obtained by taking the remainder of the number of integrity algorithms by RAND, and uniquely identifies an integrity algorithm.
当云服务商发起一次认证和密钥协商时,它从有序的数组中选择下一个认证向量,并发送参数RAND和认证令牌AUTN给端用户。端用户认证AUTN,如果成功,则产生相应RES并发回到云服务商。端用户同样计算CNUM、CK、INUM和IK。云服务商将所接收到的RES和XRES进行比较,如果它们匹配,云服务商认为认证和密钥协商成功,双向认证成功。所选择的算法CNUM、INUM和所建立的密钥CK、IK用以进行加密和完整性保护。When the cloud service provider initiates an authentication and key negotiation, it selects the next authentication vector from the ordered array, and sends the parameter RAND and the authentication token AUTN to the end user. The end user authenticates the AUTN. If successful, the corresponding RES is generated and sent back to the cloud service provider. The end user also calculates CNUM, CK, INUM and IK. The cloud service provider compares the received RES and XRES, and if they match, the cloud service provider considers that the authentication and key negotiation are successful, and the two-way authentication is successful. The selected algorithms CNUM, INUM and the established keys CK, IK are used for encryption and integrity protection.
步骤2、安全算法动态分配Step 2. Dynamic allocation of security algorithms
在云管控中心设置安全算法资源池,包括若干个加密算法和完整性算法,当云服务商和端用户间需要进行数据传输时,在双向认证期间,根据所选择的加密算法号和完整性算法号,由云管控中心给双方动态分配相同的加密算法和完整性算法,而当此次服务的传输数据任务完成后,相关算法即被释放。Set up a security algorithm resource pool in the cloud management and control center, including several encryption algorithms and integrity algorithms. When data transmission is required between cloud service providers and end users, during the two-way authentication The cloud management and control center dynamically allocates the same encryption algorithm and integrity algorithm to both parties, and when the data transmission task of this service is completed, the relevant algorithm will be released.
步骤3、添加云服务安全时间容忍度Step 3. Add cloud service security time tolerance
传输方在源数据上添加云服务安全时间容忍度,云服务安全时间容忍度与加密算法的强度、完整性算法的强度以及云服务任务的迫切性有关,是一个表示在某个时间范围内云数据传输服务是安全的时间量。The transmission party adds the cloud service security time tolerance to the source data. The cloud service security time tolerance is related to the strength of the encryption algorithm, the strength of the integrity algorithm, and the urgency of the cloud service task. The data transfer service is a safe amount of time.
步骤4、云数据安全传输控制Step 4. Cloud data security transmission control
接收方比对时间戳和接收时的时间,两者之差超过某个时间阈值如云服务安全时间容忍度表征量,则认为此数据包为可疑的,如解密和解消息摘要后的伪造数据包、回放攻击,应予以丢弃;可疑数据包丢弃后应要求重发,整个流程参见图3。The receiver compares the time stamp with the time of receipt. If the difference between the two exceeds a certain time threshold, such as the cloud service security time tolerance indicator, the data packet is considered suspicious, such as a forged data packet after decrypting and reconciling the message digest. , playback attack, should be discarded; suspicious data packets should be retransmitted after discarding, the whole process is shown in Figure 3.
本发明还提供了一种基于时效的云数据安全传输控制系统,该系统包括云服务商,端用户,云管控中心,具体执行前述的基于时效的云数据安全传输控制方法。The present invention also provides an aging-based cloud data security transmission control system, which includes a cloud service provider, an end user, and a cloud management and control center, and specifically implements the aforementioned aging-based cloud data security transmission control method.
本发明中基于云服务安全时间容忍度的可疑数据包丢弃机制、基于安全算法池动态分配的云数据安全传输控制机制和基于时效的云数据安全传输控制协议研究在理论上是否正确,可以构建云数据安全传输控制技术环境进行验证。Whether the suspicious data packet discarding mechanism based on cloud service security time tolerance, the cloud data security transmission control mechanism based on dynamic allocation of security algorithm pool, and the time-based cloud data security transmission control protocol in the present invention are theoretically correct, it is possible to construct a cloud Data security transmission control technology environment for verification.
因此,通过虚拟化计算平台、互联网安全测试实验平台、网络安全测试工具/数据库、协议分析仪等现有条件,增加云服务管控及配套网络设备,构建一个私有云服务数据传输环境,以验证基于云服务安全时间容忍度和安全算法池动态分配的云数据安全传输控制技术的正确性。Therefore, through the existing conditions such as virtualized computing platform, Internet security testing experimental platform, network security testing tool/database, protocol analyzer, etc., increase cloud service management and control and supporting network equipment, and build a private cloud service data transmission environment to verify based on The correctness of cloud data security transmission control technology based on cloud service security time tolerance and dynamic allocation of security algorithm pool.
图4为云数据安全传输控制验证环境拓扑图。Figure 4 is a topology diagram of the cloud data security transmission control verification environment.
通过本发明的实施可以达到以下技术效果:The following technical effects can be achieved through the implementation of the present invention:
(1)对云服务商和端用户之间进行双向认证,并能够进行算法协商和密钥协商,从而实现云服务的接入安全。(1) Two-way authentication is performed between cloud service providers and end users, and algorithm negotiation and key negotiation can be performed, so as to realize the access security of cloud services.
(2)提出安全算法池概念,建立基于安全算法池动态分配的云数据安全传输控制机制,确保一次云服务随机采用一个加密算法和一个完整性算法,确保消息的保密性和传输数据的完整性,增加了恶意破坏传输过程中云数据保密性、完整性的时间成本和技术成本,使得云服务数据传输更加安全。(2) Propose the concept of security algorithm pool, establish a cloud data security transmission control mechanism based on the dynamic allocation of security algorithm pool, ensure that a cloud service randomly adopts an encryption algorithm and an integrity algorithm, and ensure the confidentiality of messages and the integrity of transmitted data. , which increases the time cost and technical cost of maliciously destroying the confidentiality and integrity of cloud data during transmission, making cloud service data transmission more secure.
(3)提出云服务安全时间容忍度概念,建立基于云服务安全时间容忍度的云传输可疑数据包丢弃机制,为识别、丢弃可疑数据包和真实数据包的重发提供了技术上的支持,增加了云服务数据传输的安全性、及时性和可用性。(3) The concept of cloud service security time tolerance is proposed, and a cloud transmission suspicious data packet discarding mechanism based on cloud service security time tolerance is established, which provides technical support for identifying and discarding suspicious data packets and retransmission of real data packets. Increased security, timeliness and availability of cloud service data transmission.
本领域技术人员可以理解,实现上述实施例的全部或部分流程,可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于计算机可读存储介质中。其中,所述计算机可读存储介质为磁盘、光盘、只读存储记忆体或随机存储记忆体等。Those skilled in the art can understand that all or part of the process of implementing the above embodiments can be completed by instructing relevant hardware through a computer program, and the program can be stored in a computer-readable storage medium. Wherein, the computer-readable storage medium is a magnetic disk, an optical disk, a read-only storage memory, or a random-access storage memory, or the like.
以上所述,仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。The above description is only a preferred embodiment of the present invention, but the protection scope of the present invention is not limited to this. Substitutions should be covered within the protection scope of the present invention.
Claims (6)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010929198.7A CN112073410B (en) | 2020-09-07 | 2020-09-07 | Cloud data secure transmission control method based on aging |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010929198.7A CN112073410B (en) | 2020-09-07 | 2020-09-07 | Cloud data secure transmission control method based on aging |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112073410A true CN112073410A (en) | 2020-12-11 |
| CN112073410B CN112073410B (en) | 2022-08-30 |
Family
ID=73663907
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010929198.7A Active CN112073410B (en) | 2020-09-07 | 2020-09-07 | Cloud data secure transmission control method based on aging |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112073410B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115801373A (en) * | 2022-11-09 | 2023-03-14 | 尤珍 | Data processing method of cloud computing system |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006117806A2 (en) * | 2005-05-04 | 2006-11-09 | Abdul Rahman Syed Ibrahim Abdu | Bilaterally generated encryption key system |
| CN102984252A (en) * | 2012-11-26 | 2013-03-20 | 中国科学院信息工程研究所 | Cloud resource access control method based on dynamic cross-domain security token |
| US20160212116A1 (en) * | 2013-08-19 | 2016-07-21 | Entry Point, Llc | Open Access Network Secure Authentication Systems and Methods |
| CN107612875A (en) * | 2016-08-31 | 2018-01-19 | 中国洛阳电子装备试验中心 | A kind of safe cloud data transfer control method |
| US20180167807A1 (en) * | 2015-08-13 | 2018-06-14 | Huawei Technologies Co., Ltd. | Message protection method, and related device, and system |
| CN108667616A (en) * | 2018-05-03 | 2018-10-16 | 西安电子科技大学 | Across cloud security Verification System based on mark and method |
| CN109687976A (en) * | 2019-01-07 | 2019-04-26 | 西安邮电大学 | Fleet's establishment and management method and system based on block chain and PKI authentication mechanism |
| CN110099043A (en) * | 2019-03-24 | 2019-08-06 | 西安电子科技大学 | The hiding more authorization center access control methods of support policy, cloud storage system |
| CN111327583A (en) * | 2019-08-22 | 2020-06-23 | 刘高峰 | Identity authentication method, intelligent equipment and authentication server |
-
2020
- 2020-09-07 CN CN202010929198.7A patent/CN112073410B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006117806A2 (en) * | 2005-05-04 | 2006-11-09 | Abdul Rahman Syed Ibrahim Abdu | Bilaterally generated encryption key system |
| CN102984252A (en) * | 2012-11-26 | 2013-03-20 | 中国科学院信息工程研究所 | Cloud resource access control method based on dynamic cross-domain security token |
| US20160212116A1 (en) * | 2013-08-19 | 2016-07-21 | Entry Point, Llc | Open Access Network Secure Authentication Systems and Methods |
| US20180167807A1 (en) * | 2015-08-13 | 2018-06-14 | Huawei Technologies Co., Ltd. | Message protection method, and related device, and system |
| CN107612875A (en) * | 2016-08-31 | 2018-01-19 | 中国洛阳电子装备试验中心 | A kind of safe cloud data transfer control method |
| CN108667616A (en) * | 2018-05-03 | 2018-10-16 | 西安电子科技大学 | Across cloud security Verification System based on mark and method |
| CN109687976A (en) * | 2019-01-07 | 2019-04-26 | 西安邮电大学 | Fleet's establishment and management method and system based on block chain and PKI authentication mechanism |
| CN110099043A (en) * | 2019-03-24 | 2019-08-06 | 西安电子科技大学 | The hiding more authorization center access control methods of support policy, cloud storage system |
| CN111327583A (en) * | 2019-08-22 | 2020-06-23 | 刘高峰 | Identity authentication method, intelligent equipment and authentication server |
Non-Patent Citations (2)
| Title |
|---|
| 杨波等: "基于TrustZone的可信移动终端云服务安全接入方案", 《软件学报》 * |
| 肖美华等: "运用SPIN对云环境双向认证协议Nayak的安全性验证", 《计算机应用与软件》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115801373A (en) * | 2022-11-09 | 2023-03-14 | 尤珍 | Data processing method of cloud computing system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112073410B (en) | 2022-08-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11451614B2 (en) | Cloud authenticated offline file sharing | |
| KR100207815B1 (en) | Method and apparatus for authentication of client sever communication | |
| CN111447276B (en) | Encryption continuous transmission method with key agreement function | |
| CN111756529B (en) | Quantum session key distribution method and system | |
| KR101343248B1 (en) | Total exchange session security | |
| CN101741860B (en) | A computer remote security control method | |
| CN106453361B (en) | A kind of security protection method and system of the network information | |
| CN101867473B (en) | Connection establishment method and access authentication system for blocking-attacking resistant shared media terminal | |
| CN105075175A (en) | Method and device for establishing session key | |
| CN116886288A (en) | A quantum session key distribution method and device | |
| WO2025082030A1 (en) | Data transmission method, apparatus, storage medium and device | |
| CN104767766A (en) | Web Service interface verification method, Web Service server and client | |
| CN115473655A (en) | Terminal authentication method, device and storage medium for access network | |
| CN109150906A (en) | A kind of real-time data communication safety method | |
| CN103781026B (en) | The authentication method of common authentication mechanism | |
| US8370630B2 (en) | Client device, mail system, program, and recording medium | |
| CN112073410A (en) | Cloud data secure transmission control method based on aging | |
| CN120017298B (en) | A middleware communication encryption method | |
| US20040049676A1 (en) | Methods and protocols for intrusion-tolerant management of collaborative network groups | |
| CN116471028A (en) | A short message verification method, device and system | |
| CN101267663B (en) | A method, system and device for user identity validation | |
| CN114928503B (en) | Method for realizing secure channel and data transmission method | |
| CN101827079A (en) | Blocking and attacking-resistant terminal connection building method and terminal access authenticating system | |
| CN117375824A (en) | A method for generating and verifying multi-factor authentication credentials | |
| Razzaq | Enhancing IoT-based wireless sensor network security with cryptographic techniques |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20251022 Address after: 471000 Henan Province Luoyang City Luo Long District Yingzhou East Road 801.NO Patentee after: UNIT 63891 OF PLA Country or region after: China Address before: 471003 No.104, Tianjin Road, Jianxi District, Luoyang City, Henan Province Patentee before: 63880 UNIT OF THE PLA Country or region before: China |
|
| TR01 | Transfer of patent right |
