CN105337965A - Data acquisition method and device - Google Patents
Data acquisition method and device Download PDFInfo
- Publication number
- CN105337965A CN105337965A CN201510651853.6A CN201510651853A CN105337965A CN 105337965 A CN105337965 A CN 105337965A CN 201510651853 A CN201510651853 A CN 201510651853A CN 105337965 A CN105337965 A CN 105337965A
- Authority
- CN
- China
- Prior art keywords
- server module
- symmetric key
- data
- cloud computing
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
Abstract
An embodiment of the invention discloses a data acquisition method and device. The method comprises the following steps: a client sends a cloud service request to a cloud computing resource server module; after receiving the cloud service request, the cloud computing resource server module sends public key data to the client; the client receives the public key data, generates symmetric key data corresponding to the client, encrypts the symmetric key data according to the public key data and sends the encrypted symmetric key data to the cloud computing resource server module; and the cloud computing resource server module receives the encrypted symmetric key data, decrypts the encrypted symmetric key data according to the public key data, and obtains symmetric key data of the client. Since symmetric keys sent by different clients are different, if the symmetric key of any one client is maliciously damaged by others, safety of data transmission of other clients is not influenced, and safety of cloud computing is improved.
Description
Technical field
The present invention relates to cloud computing security fields, more particularly, relate to a kind of data capture method and device.
Background technology
Current, cloud computing is approved by industry gradually, and the Intelligent Service that cloud provides gets more and more, as service platform, data center, the energy etc.Cloud computing is a kind of pattern that can be obtained computational resource (network, server, storage, application and service) by network in mode easily, as required, these resources, and can quick obtaining and release from shared, a configurable resource pool.But when user obtains data, be easy to suffer that other people malice cracks, the transmission data of user security can not be ensured.
Therefore, how to avoid other people malice to crack, ensure that the transmission data of user security are the problems needing to solve.
Summary of the invention
The object of the present invention is to provide a kind of data capture method and device, to avoid others' malice to crack, ensure the transmission data of user security.
For achieving the above object, following technical scheme is embodiments provided:
A kind of data capture method, comprising:
Client sends cloud service request to cloud computing resources server module;
After described cloud computing resources server module receives described cloud service request, send public key data to described client;
Described client receives described public key data, produce the symmetric key data corresponding with described client, according to described public key data, described symmetric key data is encrypted, and the symmetric key data after encryption is sent to described cloud computing resources server module;
Described cloud computing resources server module receives the symmetric key data after described encryption, and is decrypted the symmetric key data after described encryption according to described public key data, obtains the symmetric key data of described client.
Preferably, described client sends cloud service request to cloud computing resources server module, comprising:
Described cloud service request is sent to the described cloud computing resources server module corresponding with described client by described management server module by described client;
Symmetric key data after encryption is sent to described cloud computing resources server module by described client, comprising:
Symmetric key data after encryption is sent to described cloud computing resources server module by described management server module by described client.
Preferably, after described cloud computing resources server module receives described cloud service request, send public key data to described client, comprising:
Described PKI is sent to described client by described management server module by described cloud computing resources server module.
Preferably, described cloud computing resources server module comprises after obtaining the symmetric key data of described client:
Described client sends data by described symmetric key to first and is encrypted; Or described client receives decrypt data process by described symmetric key to first.
Preferably, described cloud computing resources server module comprises after obtaining the symmetric key data of described client:
Described cloud computing resources server module sends data by described symmetric key to second and is encrypted; Or,
Described cloud computing resources server module receives decrypt data process by described symmetric key to second.
A kind of data acquisition facility, comprising:
Client, for sending cloud service request to cloud computing resources server module; Described client is also for receiving public key data, produce the symmetric key data corresponding with described client, according to described public key data, described symmetric key data is encrypted, and the symmetric key data after encryption is sent to described cloud computing resources server module;
Described cloud computing resources server module, for receiving described cloud service request, and sends public key data to described client; Described cloud computing resources server module also for receiving the symmetric key data after described encryption, and is decrypted the symmetric key data after described encryption according to described public key data, obtains the symmetric key data of described client.
Preferably, comprising:
Management server module, for receiving described cloud service request, and described cloud service request sends to the described cloud computing resources server module corresponding with described client.
Preferably, described PKI also for receiving described PKI, and is sent to described client by described management server module.
Preferably, described client comprises:
Client encrypt unit, is encrypted for sending data by described symmetric key to first;
Client decrypts unit, for receiving decrypt data process by described symmetric key to first.
Preferably, described cloud computing resources server comprises:
Cloud computing resources server for encrypting unit, is encrypted for sending data by described symmetric key to second;
Cloud computing resources server decryption unit, for receiving decrypt data process by described symmetric key to second.
Known by above scheme, a kind of data capture method that the embodiment of the present invention provides and device, comprising: client sends cloud service request to cloud computing resources server module; After described cloud computing resources server module receives described cloud service request, send public key data to described client; Described client receives described public key data, produce the symmetric key data corresponding with described client, according to described public key data, described symmetric key data is encrypted, and the symmetric key data after encryption is sent to described cloud computing resources server module; Described cloud computing resources server module receives the symmetric key data after described encryption, and according to described public key data, the symmetric key data after described encryption is decrypted, obtain the symmetric key data of described client, the symmetric key sent due to different clients is different, if the symmetric key of one of them client is by others' malicious sabotage, also can not affect the safety of other client datas transmission, add the fail safe using cloud computing.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of data capture method schematic flow sheet disclosed in the embodiment of the present invention;
Fig. 2 is a kind of data acquisition facility structural representation disclosed in the embodiment of the present invention;
Fig. 3 is another kind of data acquisition facility structural representation disclosed in the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
The embodiment of the invention discloses a kind of data capture method and device, to avoid others' malice to crack, ensure the transmission data of user security.
See Fig. 1, a kind of data capture method that the embodiment of the present invention provides, comprising:
S101, client send cloud service request to cloud computing resources server module;
After S102, described cloud computing resources server module receive described cloud service request, send public key data to described client;
Concrete, the client in the present embodiment is very important module, and one is the application end proposing cloud computing, the cloud service request namely in the present embodiment; Two is that client is also responsible for communicating with cloud computing resources server module.
Preferably, described client sends cloud service request to cloud computing resources server module, comprising:
Described cloud service request is sent to the described cloud computing resources server module corresponding with described client by described management server module by described client;
Symmetric key data after encryption is sent to described cloud computing resources server module by described client, comprising:
Symmetric key data after encryption is sent to described cloud computing resources server module by described management server module by described client.
Preferably, after described cloud computing resources server module receives described cloud service request, send public key data to described client, comprising:
Described PKI is sent to described client by described management server module by described cloud computing resources server module.
Concrete, management server module in the present embodiment is equivalent to a house keeper, its effect different cloud computing resources server modules is distributed to different clients use, so in data transmission procedure, the data that client sends can be sent to corresponding cloud computing resources server module by described management server module, the data that cloud computing resources server module can be sent equally, send in corresponding client.
Concrete, in the present embodiment, it is no matter the transfer of data between client and management server module, or the transfer of data between management server module and cloud computing resources server module, all can't do without data transmission module, the major function of this module carries out data encapsulation, and the data after encapsulation are transmitted, and data transmission module is the function that client-side program and server provide transfer of data.
S103, described client receive described public key data, produce the symmetric key data corresponding with described client, according to described public key data, described symmetric key data is encrypted, and the symmetric key data after encryption is sent to described cloud computing resources server module;
Concrete, described client produces and preserves the symmetric key of this client, and this symmetric key is sent to cloud computing resources server module, like this in the data transmission procedure of client and cloud computing resources server module, this symmetric key just can be used to encrypt and decrypt.Therefore ensure that the fail safe of data.
S104, described cloud computing resources server module receive the symmetric key data after described encryption, and are decrypted the symmetric key data after described encryption according to described public key data, obtain the symmetric key data of described client.
Concrete, cloud computing resources server module can not only produce PKI, and this module also possesses the function reading and writing data to database and encrypt simultaneously.
A kind of data capture method that the embodiment of the present invention provides and device, comprising: client sends cloud service request to cloud computing resources server module; After described cloud computing resources server module receives described cloud service request, send public key data to described client; Described client receives described public key data, produce the symmetric key data corresponding with described client, according to described public key data, described symmetric key data is encrypted, and the symmetric key data after encryption is sent to described cloud computing resources server module; Described cloud computing resources server module receives the symmetric key data after described encryption, and according to described public key data, the symmetric key data after described encryption is decrypted, obtain the symmetric key data of described client, the symmetric key sent due to different clients is different, if the symmetric key of one of them client is by others' malicious sabotage, also can not affect the safety of other client datas transmission, add the fail safe using cloud computing.
Preferably, in another embodiment provided by the invention, described cloud computing resources server module comprises after obtaining the symmetric key data of described client:
Described client sends data by described symmetric key to first and is encrypted; Or described client receives decrypt data process by described symmetric key to first.
Preferably, in another embodiment provided by the invention, described cloud computing resources server module comprises after obtaining the symmetric key data of described client:
Described cloud computing resources server module sends data by described symmetric key to second and is encrypted; Or,
Described cloud computing resources server module receives decrypt data process by described symmetric key to second.
Concrete, because cloud computing resources server module has known the symmetric key of each client, in order to ensure the fail safe of transfer of data between client and cloud computing resources server module, the data therefore transmitted between client and cloud computing resources server module all need to be encrypted by symmetric key.So client needs to be encrypted sending to the data of cloud computing resources server module by symmetric key, cloud computing resources server module passes through symmetric key, to the decrypt data process that the described client received sends; In like manner, cloud computing resources server module sends to the data of client also to need to be encrypted by symmetric key, the decrypt data process that client is sent the cloud computing resources server module received by symmetric key.
Be introduced a kind of data acquisition facility that the embodiment of the present invention provides below, hereafter described a kind of data acquisition facility and above-described a kind of data capture method can be cross-referenced.
See Fig. 2, a kind of data acquisition facility that the embodiment of the present invention provides, comprising:
Client 100, for sending cloud service request to cloud computing resources server module 200; Described client 100 is also for receiving public key data, produce the symmetric key data corresponding with described client 100, according to described public key data, described symmetric key data is encrypted, and the symmetric key data after encryption is sent to described cloud computing resources server module 200;
Described cloud computing resources server module 200, for receiving described cloud service request, and sends public key data to described client 100; Described cloud computing resources server module 200 also for receiving the symmetric key data after described encryption, and is decrypted the symmetric key data after described encryption according to described public key data, obtains the symmetric key data of described client 100.
See Fig. 3, the another kind of data acquisition facility that the embodiment of the present invention provides, comprising:
Client 100, for sending cloud service request to management server module 300; Described client 100 is also for receiving public key data, produce the symmetric key data corresponding with described client 100, according to described public key data, described symmetric key data is encrypted, and the symmetric key data after encryption is sent to described management server module 300;
Described cloud computing resources server module 200, for receiving described cloud service request, and sends public key data to described management server module 300; Described cloud computing resources server module 200 also for receiving the symmetric key data after described encryption, and is decrypted the symmetric key data after described encryption according to described public key data, obtains the symmetric key data of described client 100;
Management server module 300, for receiving described cloud service request, and sends to the described cloud computing resources server module 200 corresponding with described client 100 by described cloud service request; Also for receiving described PKI, and described PKI is sent to described client 100; Also for the symmetric key data after encryption is sent to described cloud computing resources server module 200.
Preferably, in another embodiment provided by the invention, described client 100 comprises:
Client encrypt unit, is encrypted for sending data by described symmetric key to first;
Client decrypts unit, for receiving decrypt data process by described symmetric key to first.
Preferably, in another embodiment provided by the invention, described cloud computing resources server 200 comprises:
Cloud computing resources server for encrypting unit, is encrypted for sending data by described symmetric key to second;
Cloud computing resources server decryption unit, for receiving decrypt data process by described symmetric key to second.
In this specification, each embodiment adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar portion mutually see.
To the above-mentioned explanation of the disclosed embodiments, professional and technical personnel in the field are realized or uses the present invention.To be apparent for those skilled in the art to the multiple amendment of these embodiments, General Principle as defined herein can without departing from the spirit or scope of the present invention, realize in other embodiments.Therefore, the present invention can not be restricted to these embodiments shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.
Claims (10)
1. a data capture method, is characterized in that, comprising:
Client sends cloud service request to cloud computing resources server module;
After described cloud computing resources server module receives described cloud service request, send public key data to described client;
Described client receives described public key data, produce the symmetric key data corresponding with described client, according to described public key data, described symmetric key data is encrypted, and the symmetric key data after encryption is sent to described cloud computing resources server module;
Described cloud computing resources server module receives the symmetric key data after described encryption, and is decrypted the symmetric key data after described encryption according to described public key data, obtains the symmetric key data of described client.
2. data capture method according to claim 1, is characterized in that, described client sends cloud service request to cloud computing resources server module, comprising:
Described cloud service request is sent to the described cloud computing resources server module corresponding with described client by described management server module by described client;
Symmetric key data after encryption is sent to described cloud computing resources server module by described client, comprising:
Symmetric key data after encryption is sent to described cloud computing resources server module by described management server module by described client.
3. data capture method according to claim 2, is characterized in that, after described cloud computing resources server module receives described cloud service request, sends public key data, comprising to described client:
Described PKI is sent to described client by described management server module by described cloud computing resources server module.
4. data capture method according to claim 3, is characterized in that, described cloud computing resources server module comprises after obtaining the symmetric key data of described client:
Described client sends data by described symmetric key to first and is encrypted; Or described client receives decrypt data process by described symmetric key to first.
5. data capture method according to claim 4, is characterized in that, described cloud computing resources server module comprises after obtaining the symmetric key data of described client:
Described cloud computing resources server module sends data by described symmetric key to second and is encrypted; Or,
Described cloud computing resources server module receives decrypt data process by described symmetric key to second.
6. a data acquisition facility, is characterized in that, comprising:
Client, for sending cloud service request to cloud computing resources server module; Described client is also for receiving public key data, produce the symmetric key data corresponding with described client, according to described public key data, described symmetric key data is encrypted, and the symmetric key data after encryption is sent to described cloud computing resources server module;
Described cloud computing resources server module, for receiving described cloud service request, and sends public key data to described client; Described cloud computing resources server module also for receiving the symmetric key data after described encryption, and is decrypted the symmetric key data after described encryption according to described public key data, obtains the symmetric key data of described client.
7. data acquisition facility according to claim 6, is characterized in that, comprising:
Management server module, for receiving described cloud service request, and described cloud service request sends to the described cloud computing resources server module corresponding with described client.
8. data acquisition facility according to claim 7, is characterized in that, described PKI also for receiving described PKI, and is sent to described client by described management server module.
9. data acquisition facility according to claim 8, is characterized in that, described client comprises:
Client encrypt unit, is encrypted for sending data by described symmetric key to first;
Client decrypts unit, for receiving decrypt data process by described symmetric key to first.
10. data acquisition facility according to claim 9, is characterized in that, described cloud computing resources server comprises:
Cloud computing resources server for encrypting unit, is encrypted for sending data by described symmetric key to second;
Cloud computing resources server decryption unit, for receiving decrypt data process by described symmetric key to second.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510651853.6A CN105337965A (en) | 2015-10-10 | 2015-10-10 | Data acquisition method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510651853.6A CN105337965A (en) | 2015-10-10 | 2015-10-10 | Data acquisition method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105337965A true CN105337965A (en) | 2016-02-17 |
Family
ID=55288248
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510651853.6A Pending CN105337965A (en) | 2015-10-10 | 2015-10-10 | Data acquisition method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105337965A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106685994A (en) * | 2017-02-22 | 2017-05-17 | 河海大学 | Cloud GIS (Geographic Information System) resource access control method based on GIS role grade permission |
| CN110784480A (en) * | 2019-11-01 | 2020-02-11 | 华云数据有限公司 | Data transmission method, system, equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102761521A (en) * | 2011-04-26 | 2012-10-31 | 上海格尔软件股份有限公司 | Cloud security storage and sharing service platform |
| CN103475474A (en) * | 2013-08-28 | 2013-12-25 | 华为技术有限公司 | Method for providing and acquiring shared enciphered data and identity authentication equipment |
| CN103516516A (en) * | 2012-06-28 | 2014-01-15 | 中国电信股份有限公司 | File safe sharing method, system and terminal |
| CN103812871A (en) * | 2014-02-24 | 2014-05-21 | 北京明朝万达科技有限公司 | Development method and system based on mobile terminal application program security application |
| US20140143548A1 (en) * | 2012-11-22 | 2014-05-22 | Donglin Wang | Security control method of network storage |
| US20150113279A1 (en) * | 2011-04-19 | 2015-04-23 | Invenia As | Method for secure storing and sharing of a data file via a computer communication network and open cloud services |
| US9118689B1 (en) * | 2012-04-13 | 2015-08-25 | Zscaler, Inc. | Archiving systems and methods for cloud based systems |
-
2015
- 2015-10-10 CN CN201510651853.6A patent/CN105337965A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150113279A1 (en) * | 2011-04-19 | 2015-04-23 | Invenia As | Method for secure storing and sharing of a data file via a computer communication network and open cloud services |
| CN102761521A (en) * | 2011-04-26 | 2012-10-31 | 上海格尔软件股份有限公司 | Cloud security storage and sharing service platform |
| US9118689B1 (en) * | 2012-04-13 | 2015-08-25 | Zscaler, Inc. | Archiving systems and methods for cloud based systems |
| CN103516516A (en) * | 2012-06-28 | 2014-01-15 | 中国电信股份有限公司 | File safe sharing method, system and terminal |
| US20140143548A1 (en) * | 2012-11-22 | 2014-05-22 | Donglin Wang | Security control method of network storage |
| CN103475474A (en) * | 2013-08-28 | 2013-12-25 | 华为技术有限公司 | Method for providing and acquiring shared enciphered data and identity authentication equipment |
| CN103812871A (en) * | 2014-02-24 | 2014-05-21 | 北京明朝万达科技有限公司 | Development method and system based on mobile terminal application program security application |
Non-Patent Citations (2)
| Title |
|---|
| GIUSEPPE ATENIESE: "Improved proxy re-encryption schemes with applications to secure distributed storage", 《ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY(TISSEC)》 * |
| 冯朝胜: "云数据安全存储技术", 《计算机学报》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106685994A (en) * | 2017-02-22 | 2017-05-17 | 河海大学 | Cloud GIS (Geographic Information System) resource access control method based on GIS role grade permission |
| CN110784480A (en) * | 2019-11-01 | 2020-02-11 | 华云数据有限公司 | Data transmission method, system, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6416402B2 (en) | Cloud storage method and system | |
| CN105656624A (en) | Client side, server and data transmission method and system | |
| CN104158827B (en) | Ciphertext data sharing method, device, inquiry server and upload data client | |
| CN103973736A (en) | Data sharing method and device | |
| CN104219228A (en) | User registration and user identification method and user registration and user identification system | |
| GB2560434A8 (en) | Securely transferring user information between applications | |
| WO2018145606A1 (en) | Method, system, device, medium and device for cdn inter-node encryption | |
| WO2008032304A3 (en) | Method and system for secure data collection and distribution | |
| CN104735087A (en) | Public key algorithm and SSL (security socket layer) protocol based method of optimizing security of multi-cluster Hadoop system | |
| CN103427998A (en) | Internet data distribution oriented identity authentication and data encryption method | |
| CN101483525A (en) | Implementing method for authentication center | |
| CN102467634A (en) | Software authorization system and method | |
| WO2016130406A3 (en) | Protecting sensitive data security | |
| TWI553504B (en) | A cloud encryption system and method | |
| CN102025503A (en) | Data security implementation method in cluster environment and high-security cluster | |
| US10063655B2 (en) | Information processing method, trusted server, and cloud server | |
| CN103580868A (en) | Secure transmission method of electronic official document secure transmission system | |
| CN103812651A (en) | Password authentication method, device and system | |
| JP2015533459A5 (en) | ||
| CN104200154A (en) | Identity based installation package signing method and identity based installation package signing device | |
| CN102932345B (en) | A kind of information transferring method, Apparatus and system | |
| CN103475474A (en) | Method for providing and acquiring shared enciphered data and identity authentication equipment | |
| CN103354637B (en) | A kind of internet-of-things terminal M2M communication encrypting method | |
| CN105049448A (en) | Single sign-on device and method | |
| CN107172072A (en) | A kind of IPSec data flow high speeds processing system and method based on FPGA |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160217 |
|
| RJ01 | Rejection of invention patent application after publication |