Cloud computing based password service system

A cryptographic service and cloud computing technology, which is applied in the field of cloud computing, can solve problems such as insecure data transfer, and achieve the effect of fast encryption and decryption, strong practicability, and easy promotion

Inactive Publication Date: 2014-12-10
LANGCHAO ELECTRONIC INFORMATION IND CO LTD
3 Cites 28 Cited by

AI-Extracted Technical Summary

Problems solved by technology

Users have doubts about the security and privacy of cloud computing, resulting in...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Method used

[0059] The data backup module is used to back up important data such as the user's key and personal information to prevent user misoperation and deletion. And can restore data in time.
[0064] The parallel computing service interface simultaneously uses multiple computing resources to solve various cryptographic algorithms. By using multiple processors to jointly solve the sam...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Abstract

The invention discloses a cloud computing based password service system comprising a physical layer, a computing resource layer, a service layer and an application layer. The physical layer is used for describing its hardware architecture and functions of its parts. The computing resource layer is used for describing its modules and functions of the modules. The service layer is used for describing password operation software and a password computing application interface. The application layer is used for describing various password services provided. Compared with the prior art, the system has the advantages that the techniques such as the cryptographic techniques, the Hadoop technology and the parallel computing technology are adopted, password services such as file encryption, data encryption, key management and identity authentication are provided, safeguarding efficiency can be significantly improved, data processing speed, encryption speed and decryption speed are higher, and data security is effectively protected for cloud computing.

Application Domain

Technology Topic

Data processingKey management +11

Image

  • Cloud computing based password service system

Examples

  • Experimental program(1)

Example Embodiment

[0033] The present invention will be further described below in conjunction with the drawings and specific embodiments.
[0034] The invention provides a cryptographic service system based on cloud computing, which implements file encryption, data encryption, key management and identity authentication and other cryptographic services on a cloud computing infrastructure platform, provides efficient data protection measures, and effectively protects cloud computing data Safety. Based on the above ideas, as attached figure 1 As shown, the cloud computing cryptographic service system includes a physical layer, a computing resource layer, a service layer, and an application layer, where:
[0035] Physical layer: describes the hardware architecture of the physical layer and the functions of each part.
[0036] Computing resource layer: describes the various modules and functions that make up the computing resource layer.
[0037] Service layer: describes the cryptographic computing software and cryptographic computing application interface.
[0038] Application layer: describes the various cryptographic services provided.
[0039] Further, the specific structures of the above four structural layers are:
[0040] Physical layer: The physical layer includes multiple servers, and resources such as operating systems, storage modules, cryptographic modules, and network devices are deployed in each server. The server is the infrastructure platform of cloud computing, which provides computing resources such as cryptographic operations and data storage for the upper layer for users to deploy or run their own software, including operating systems or applications.
[0041] Computing resource layer: The computing resource layer uses a multi-tenant model to dynamically allocate different physical and virtual resources to multiple users according to user needs. The computing resource layer includes various cryptographic algorithm modules, key management modules, data backup modules, resource scheduling modules, and monitoring modules. These modules constitute a computing pool.
[0042] Service layer: including cryptographic computing application interface and cryptographic computing software. The cryptographic computing application interface includes a file encryption and decryption interface, a data encryption and decryption interface, a key management interface, an identity authentication interface, and a data backup interface. The cryptographic computing software uses Hadoop distributed computing architecture to process large-scale distributed data sets.
[0043] Application layer: Including various password application software, providing file encryption, data encryption, key management, identity authentication, data backup and other password services. Each software corresponds to the cryptographic computing application interface of the service layer.
[0044] Attached below figure 1 Each layer of the present invention will be described in further detail.
[0045] 1. The physical layer.
[0046] Operating system: including mainstream system platforms such as Windows, Unix, and Linux.
[0047] Cryptographic hardware module: The cryptographic hardware module is a high-speed cryptographic card with PCI-E interface, which is connected to the PCI-E slot of the server through the PCI-E interface, and is used to implement some cryptographic algorithms, such as symmetric algorithm SM1, elliptic curve cryptographic algorithm SM2, Physical true random number generator, etc. In order to improve the performance of cryptographic operations, multi-card parallel work is adopted.
[0048] Storage module: The storage module is a hard disk with SATA interface, used to store important information such as user identity information, keys, passwords, and passwords.
[0049] Network equipment: Network equipment includes routers and switches. The infrastructure components of the physical layer and the overall structure of cloud computing are connected by the network, and at the same time provide services to users through the network. Users can use different terminal devices to access the network through standard applications.
[0050] 2. Computing resource layer:
[0051] Cryptographic algorithm module: Provide the following cryptographic algorithms.
[0052] SM1 symmetric cryptographic algorithm module: provided by the server integrated with SM1 algorithm hardware module (PCI-E cryptographic card);
[0053] SM2 public key cryptographic algorithm module: provided by a server integrated with SM2 algorithm hardware module (PCI-E cryptographic card);
[0054] SM3 cryptographic hash algorithm module: implemented by software programming on the server;
[0055] SM4 symmetric cryptographic algorithm module: It is realized by software programming on the server;
[0056] True random number generator module: provided by a server integrated with a physical noise source module (PCI-E cryptographic card); true random numbers can be used as parameters such as keys and intermediate operation vectors in the process of cryptographic operations.
[0057] For the above-mentioned specific cryptographic algorithm, it can be provided by one or more servers, or can be executed concurrently on one server. The cryptographic computing application interface, parallel computing service interface, distributed computing interface, etc. of the service layer can be parallelized Call various cryptographic algorithms.
[0058] The key management module is used to distribute and manage key information such as the user's key, and back it up. Only users who pass the upper-level identity authentication can call the key management module.
[0059] The data backup module is used to back up important data such as the user's key and personal information to prevent the user from misoperation and deletion. And can restore the data in time.
[0060] The monitoring module is responsible for monitoring that the user's important information is not leaked. Important data such as the key is limited to the server and cannot be exported to the user. If necessary, the key data can be encrypted and used.
[0061] 3. The service layer is aimed at different cryptographic application software at the application layer. The cryptographic computing software uses the Hadoop distributed computing architecture to process large-scale distributed data sets.
[0062] First, build a Hadoop cluster. Hadoop runs on a server cluster interconnected by a physical layer network. Distributed applications are written and run according to the Hadoop framework. Data storage and processing are all executed on this cluster. The user submits computing tasks such as data encryption and decryption from an independent client to the Hadoop cluster.
[0063] Secondly, after the Hadoop cluster is established, the HDFS file system is configured, and the parallel computing interface and distributed computing interface are called under the Hadoop architecture to perform parallel computing and distributed processing of big data. Large data sets are stored as a single file in HDFS (Hadoop Distributed File System), are physically segmented and stored in many data nodes, and can be processed in parallel on these nodes.
[0064] The parallel computing service interface simultaneously uses multiple computing resources to solve various cryptographic algorithms. By using multiple processors to collaboratively solve the same cryptographic algorithm, the cryptographic operation speed and processing capability can be significantly improved. The parallel computing service interface can either call a server containing multiple processors to complete data encryption and decryption, or call several interconnected servers to complete data encryption and decryption through a parallel computing cluster.
[0065] 4. Application layer: At the application layer, users use various client devices to access the password applications of the service layer through customer interfaces, application software, etc. to meet their own needs, including file encryption, data encryption, key management, identity authentication, For data backup, users do not manage or control the cloud infrastructure at the physical layer. A large number of users can perform cryptographic operations concurrently and in parallel. The user inserts the key of the USB interface into the local PC to authenticate the identity. Users can automatically configure computing capabilities when needed, such as server response time, network storage, etc., without interacting with service providers from service providers.
[0066] The above specific implementations are only specific cases of the present invention. The patent protection scope of the present invention includes but is not limited to the above specific implementations, and any technology that complies with the claims of a cloud computing-based cryptographic service system of the present invention. Appropriate changes or substitutions made by those of ordinary skill in the art should fall within the scope of patent protection of the present invention.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Similar technology patents

Classification and recommendation of technical efficacy words

  • Fast encryption and decryption
  • Improve work efficiency

Encryption method based on cycle queue shift rule

InactiveCN101237321AFast encryption and decryptionSimple transformationMultiple keys/algorithms usageTransformation matrixLow speed
Owner:NORTHWEST A & F UNIV

Improved novel energy automobile charging device

Owner:XIAMEN YINLV JIEYUAN ENVIRONMENTAL PROTECTION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products