145 results about "Cloud computing security" patented technology

The present invention discloses methods, devices, and media for securely utilizing a non-secured, distributed, virtualized network resource with applications to cloud-computing security and management. Methods including the steps of: receiving, by a deployed security mechanism, a user request over a network; parsing the user request by the deployed security mechanism; preparing, including applying security measures, the user request to transmit to a computing-service resource; and submitting, by the deployed security mechanism, the user request to the computing-service resource. Methods further including the steps of: dividing an original data stream into a set of split data streams; applying a first invertible transformation function to the split data streams, which produces an intermediate set of data streams; and extracting a final set of data streams from the intermediate set by applying a selection rule which produces the final set, thereby transforming the original data stream into individually-unintelligible parts.

The present invention discloses methods, devices, and media for secure key management in a non-secured, distributed, virtualized environment with applications to cloud-computing security and management. Methods include the steps of: receiving an encryption request for protecting an original key at a first encryption location in a network computing-environment; initially encrypting the original key with a first location-specific secure-key, located at a second encryption location, to create a location-specific initially-encrypted key; and finally encrypting the location-specific initially-encrypted key with a second location-specific secure-key, located at a third encryption location, to create a finally-encrypted key which may then be used in any way in a cipher-location; wherein the locations are regions of memory located in computing devices operationally connected to the network computing-environment; and wherein each of the location-specific secure-keys is protected from compromise by any owner of other location-specific secure keys using an appropriate technique in the respective locations.

The invention discloses a virtualized infrastructure platform for cloud data centers, which comprises a cloud management server, a cloud resource control server and a cloud security server, the whole life cycles of various computational resources of a cloud platform are monitored and managed by the cloud management server, the various resources of the physical layer of the cloud platform are scheduled, controlled and managed by the cloud resource control server, and the cloud security server is used for establishing a cloud computation security control system in a private cloud and a secure interaction system for the private cloud and a public cloud; the cloud management server is integrated with the cloud resource control server through REST interfaces, and the cloud security server is respectively connected with the cloud management server and the cloud resource control server. The virtualized infrastructure platform for cloud data centers can realize security gateway-based unified remote virtual machine control and management, providing administrators with a unified access entrance for the management of virtual resources, and moreover, by means of directory service, the virtualized infrastructure platform for cloud data centers checks the validity of user identities; and a user can use the Python language to extend the resource scheduling control function.

The invention discloses a cloud computing safety protection system based on an SDN. The system is composed of a controller cluster control module, an environment monitoring module and a cluster basic function guarantee module. The controller cluster control module is the core of the whole system and acquires the change situations such as addition and deletion of switches, and addition and deletion of terminals of a current network and the change situations such as addition, deletion and migration of virtual machines in a cloud computing environment according to information fed back by the environment monitoring module, virtual switches supporting the SDN and virtual platform management interfaces supporting the SDN are adopted in the environment monitoring module, and changes, caused by migration, addition and deletion of the virtual machines and other service flow changes, of safety requirements are automatically recognized under the condition that normal service operation is not affected. The cluster basic function guarantee module conducts coordinated management on multiple controllers in the cloud environment. The invention further discloses a cloud computing safety protection method based on the SDN. According to the system and the method, customizable safety protection services can be flexibly and quickly provided according to requirements in the cloud environment.

The invention relates to a method for certificateless cross-domain authentication in a credible cloud computing environment and belongs to the technical field of cloud computing safety. According to the method for certificateless cross-domain authentication in the credible cloud computing environment, the certificateless public key cryptography technology is introduced into cross-domain authentication, credible cross-domain authentication is achieved in the process of credible cloud computing, a certificateless public key cryptosystem is applied, the problem of the certificate maintenance expense of a traditional digital certificate authentication system and the problem of private key trusteeship of a public key cryptography system based on the identity are solved. According to the method for certificateless cross-domain authentication in the credible cloud computing environment, a user public key is generated based on the identity, a part of a private key of a user is generated by the user, and the other part of the private key of the user is generated by a center authentication server. According to the method for certificateless cross-domain authentication in the credible cloud computing environment, a certificate system is abandoned, the expense of the authentication system is reduced, the private key of the user is protected at the same time, bilinear pairing computation is applied to the certificateless public key cryptosystem, it is proved that a safety hypothesis based on bilinear pairing computation is high in safety, the certificateless public key cryptosystem is used for identity authentication and session key negotiation, and therefore it is ensured that the system is high in safety.

A system, method, and server improving the security of accessing Internetworked computer resources, especially over public access connections, without requiring additional servers from either the resource provider or the authenticating user. User authentications are transmitted over data access connections over which users do not have administrative rights and/or physical security control. A resource request which includes user authentications can be encrypted on a user computer and transmitted over the internet or other data network over which the user has no administrative access or physical control. A security server receives the encrypted resource request, decrypts it, and forwards the resource request to a cloud computing resource.

The invention discloses an automatic standardization method and system for medical data dictionaries. The method comprises steps as follows: S1: a local client side uploads a data dictionary with unknown standard conformance to a cloud computing side; S2: the cloud computing side matches the uploaded data dictionary with unknown standard conformance with a center standard dictionary, and the corresponding relation between the two dictionaries is automatically established; S3: a standardized corresponding relation file is formed on the cloud computing side; S4: the cloud computing side sends the standardized corresponding relation file to the local client side, and the local client side standardizes local data according to the standardized corresponding relation file. Based on cloud service, non-standard data dictionaries of manufacturers or hospitals are standardized, local client sides of the manufacturers or the hospitals upload the non-standard data dictionaries to the cloud computing side, the cloud computing side performs automatic matching, the standardized corresponding relation files are sent to the local client sides, the local client sides can standardize the non-standard data dictionaries locally, and the method and system are convenient and quick.

The invention discloses a cloud computing safety control platform based on safety classification. The cloud computing safety control platform comprises a cloud computing system, at least one domain included in the cloud computing system and at least one virtual platform included in the domain, wherein at least one cloud controller is arranged in the cloud computing system; at least one domain controller is arranged in the domain; at least one security manager is arranged in the virtual platform; the overall cloud is monitored and all domains are controlled by the cloud controller; an instruction from the cloud controller is received and all virtual platforms in the domain are controlled by the domain controller; and the instruction of the domain controller is received by the security manager in the virtual platform and corresponding safety level of VM (virtual memory) is operated. According to the cloud computing safety control platform based on safety classification, a cloud environment is divided into different safety level domains, so that the cloud computing system has the characteristics of simplicity, isolation, flexibility and expandability.

The invention discloses a virtualization technology-based cloud computing security terminal, which comprises a virtualization technology-based cloud computing terminal key, which is characterized in that the hardware part of the cloud computing terminal key comprises a cloud computing security terminal; and a software part is also included and comprises an operation system arranged on a virtualization operation platform. A clean, sealed, comprehensive and dedicated operation system which can realize two-way data backup is provided for the cloud computing terminal. Virtualization is carried out on all tools and applications of the cloud computing operation on the dedicated human-computer interface provided by the dedicated operation system. Self explosion and self destruction are carried out on the cloud computing terminal in the cases of illegal access, reading, copying and interception of data and the system. the invention provides a cloud computing security terminal which is high in strength and applicable to the government, the financial department, the military department and the political science and law department. The terminal can serve as an intelligent Key to be connected onto other intelligent online electronic device for use, can also be equipped with a display device, an input device and an internet device to serve as a special cloud computer and has wide market application prospects.

The invention discloses an efficient cloud storage data possession verification method. The method comprises the following steps of: step 1, file partitioning {F->(f1, f2...fl)}; step 2: label computation {(sk, F) ->Ti}; step 3: cloud storage of data {(F, Ti->S}; step 4: initiating challenge by a user (chal); step 5: making a response by a server; step 6: verification {(R, sk) ->('success', 'failure')}; and step 7: reporting {Report}: if verification output is 'failure', sending a warning notice to the server by the user. According to the method, a double-line pair technology is used for realizing the possession verification for the cloud data, in the challenge-response interactive process, data blocks are sampled randomly, the communication traffic is low and fixed, and is independent from the size of the file, and moreover, the verification times is not limited. The method has better practical value and wide application foreground in the technical field of cloud computing security.

The invention discloses a data processing delay optimization method and system based on edge computing. The method comprises the following steps: building a network architecture model; determining thecomputation delay of an edge computing layer by using a Lagrangian multiplier method; determining the communication delay of the edge computing layer by adopting a Kruskal method; determining the computation delay of a cloud computing layer; determining the communication delay of the cloud computing layer by adopting a balanced transmission method; determining a data processing delay optimizationmodel according to the computation delay and the communication delay of the edge computing layer, and the computation delay and the communication delay of the cloud computing layer; and determining an optimal data processing delay value according to the data processing delay optimization model. The data processing delay optimization method based on the edge computing provided by the invention firstly determines the data processing delay of the edge computing layer, then determines the data processing delay of the cloud computing layer, and finally, determines the optimal data processing delayvalue according to the data processing delay of the edge computing layer and the data processing delay of the cloud computing layer, therefore the system data processing delay is reduced, and the data processing efficiency is improved.

The invention discloses a method for multi-tenant application isolation in a cloud computing platform. The method comprises the steps that before deploying a user application, a cloud computing security management center and a user sign a security contract, and after signing, the cloud computing security management center builds an authority record for the user application; after the cloud computing security management center receives the environment deployment information of the user application sent by a cloud computing management platform, if the authority record of the user application is inquired, a security policy of the user application is generated according to the authority record and the environment deployment information, and is sent to the cloud computing management platform; after the cloud computing management platform receives the security policy, the cloud computing operating environment of the user application is deployed according to the security policy. According to the method, the safe operation of applications of different tenants under a multi-tenant framework in the isolated cloud platform environment is realized. The invention also discloses a system for multi-tenant application isolation in the cloud computing platform.

The invention discloses an SDN-based SDP security group implementation method and a security system, and the method achieves SPA single-packet authorization service logic through adoption of a flow table method of an SDN network, and carries out the planning and identity authentication of access authorities of different users through combining with the IAM user management of a cloud platform. According to the invention, the security of the cloud platform security group function is enhanced; accurate control of the security group on external authorization is realized; in combination with the identity authentication technology of the cloud platform and the SDN cloud network, the additional cost of the SDP gateway and the SDP controller is reduced, the SDP technology and the cloud computing security technology are fused, meanwhile, attacks from an internal network can be effectively defended, and comprehensive defense of flow in all directions of the cloud platform can be achieved.

The invention discloses a scheduling method, management nodes and a cloud computing cluster. The scheduling method comprises the steps of collecting the load resource occupation rate of every computing node in the cluster; performing calculation according to the load resource occupation rate of every computing node to obtain the load balancing rate of resources in the cluster; if the load balancing rate is larger than or equal to a first threshold, starting a scheduling module so as to dispatch the load to the computing nodes light in load from the computing nodes heavy in load; if the load balancing rate is smaller than or equal to a second threshold, shutting down the scheduling module so as to forbid scheduling; and if the load balancing rate is smaller than the first threshold and larger than the second threshold, keeping an original state of the scheduling module unchanged. By arranging the two thresholds, an area between the two thresholds is a buffer area, the state of the scheduling module is kept as the original state when in the buffer area, the problem that the shock effect is caused due to the fact that the scheduling module is frequently in an open and closed state can be solved, and accordingly plenty of resources of the management nodes are released.

The invention discloses a credible execution method for a privacy policy in a cloud environment, and particularly relates to credible access control for cloud data privacy protection in the cloud environment, which aims to solve the problems of implementation and implementation guarantee of the privacy policy in the cloud environment in the technical field of cloud computing security. The method adopts a policy-driven concept; according to various privacy protection requirements of multi-tenant, flexible privacy protection is realized through distributed execution of the privacy policy in the cloud environment; furthermore, through combination of credible computing technology, the cloud privacy policy is protected from malicious modification by attackers, credibility of execution of the privacy policy is guaranteed, and finally, privacy security of cloud data storage of the user is guaranteed.

The invention relates to a mobile Internet data transmission and storage method. A client transmits data which needs to be uploaded to a storage cloud system. The storage cloud system carries out identification and encryption to each information. When needing the information, the other client sends a request to the storage cloud system and sends a verification code. After receiving the relevant information and performing the verification, the storage cloud system sends the relevant information to a user. The cloud computing safety architecture has the following advantages: for a video file, a recipient can perform playback without storing the whole file; the storage cloud system is used to receive the file, receive a demand of the playback and then receive the file; many times, the recipient does not play the whole video; for an image and a photo, if the recipient does not have an enough space, other parts of the file can be eliminated; after the file is stored in cloud, if the same file is sent to other friends, uploading bandwidth is not consumed any more; a file name needs to be transmit so that a server can push the file to the recipient.

The invention provides a cloud computing system security assessment method and device. According to the method, cloud computing system security assessment indicators are established, and corresponding weights are allocated to the security assessment indicators of an assessed target cloud computing system; a security score of the assessed target cloud computing system is calculated; and a security assessment conclusion of the assessed target cloud computing system is obtained through comparison of the security score of the assessed target cloud computing system and a preset security assessment standard. Through the cloud computing system security assessment method and device, the complete and scientific cloud computing security assessment indicators are established, and the demands of different service providers, developers and users in different cloud computing platforms are met. A clear and feasible cloud computing platform system-level security assessment technical implementation scheme is proposed, and the construction progress of a high-security cloud computing platform is powerfully promoted.

The invention discloses a cloud data privacy protection public auditing method based on symmetric keys and belongs to the technical field of cloud computing safety. The method comprises the steps of (1) key generation, (2) signature computing and (3) proving. In the key generation step, a data owner generates four private keys randomly, two private key pairs are formed, one private key pair is shared by the data owner and a cloud server, and the other private key pair is shared by the data owner and a third-party auditor; in the signature computing step, the data owner inputs the private keys and data blocks, signature computing is conducted on each data block and indexes of the data block, and signatures are sent to the cloud server; in the proving step, after the cloud server receives the indexes of the data blocks and challenges generated by the third-party auditor randomly from the third-party auditor, data integrity evidence is obtained through computing and sent to the third-party auditor, and the third-party auditor conducts verification. By means of the cloud data privacy protection public auditing method based on the symmetric keys, computing and storing expenses are reduced, and public auditing and privacy protection can be provided.

The invention discloses cloud computing equipment. The equipment comprises a plurality of computer modules, a resource management module, a virtual machine module and a resource allocation module, wherein the resource management module is used for managing resources provided by the plurality of computer modules in a virtualization way, and the virtual machine module is used for loading an application required to operate into a moldboard according to requests of a user and allocating and operating the loaded application; and the resource allocation module is used for allocating hardware resources of the computer modules, corresponding to virtual resources, to an application which is in operating according to the requests. The cloud computing equipment disclosed by the invention has the advantages of realizing uniformization hardware and software management, improving compatibility of the equipment, reducing complexity of hardware and software allocation, being beneficial to improving operational performance, being capable of being convenient for subsequent management and maintenance, and reducing cost brought by development, and management and maintenance through uniform resource management, application management (comprises allocation and operation) and resource allocation.

The invention provides a cloud computing security system, comprising a plurality of user terminals, a cloud data security system and a cloud server side, wherein each user terminal comprises a business system, a user terminal network interface and a software development kit, wherein the business system is connected with a login system of the cloud server side through an internet and/or mobile internet, a heartbeat packet is transmitted to the login system by the business system, the user terminal network interface is in communication connection with the internet and/or mobile internet, and used for realizing data interaction between the user terminal and the cloud server side, and the software development kit is arranged inside a memory of the user terminal, and used for being implanted into developed application software by a developer. The cloud data security system comprises a monitoring system for monitoring reading and writing-in operations of a user, a filtering system for filtering file data which does not need to be encrypted, and an encryption and decryption system for data encryption and data decryption.