[go: up one dir, main page]

CN104320389A - Fusion identify protection system and fusion identify protection method based on cloud computing - Google Patents

Fusion identify protection system and fusion identify protection method based on cloud computing Download PDF

Info

Publication number
CN104320389A
CN104320389A CN201410536876.8A CN201410536876A CN104320389A CN 104320389 A CN104320389 A CN 104320389A CN 201410536876 A CN201410536876 A CN 201410536876A CN 104320389 A CN104320389 A CN 104320389A
Authority
CN
China
Prior art keywords
identity authentication
authentication
identity
cloud
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410536876.8A
Other languages
Chinese (zh)
Other versions
CN104320389B (en
Inventor
何利文
李�杰
陈向东
鲁蔚锋
孔令军
沙乐天
黄�俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Post and Telecommunication University
Original Assignee
Nanjing Post and Telecommunication University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Post and Telecommunication University filed Critical Nanjing Post and Telecommunication University
Priority to CN201410536876.8A priority Critical patent/CN104320389B/en
Publication of CN104320389A publication Critical patent/CN104320389A/en
Application granted granted Critical
Publication of CN104320389B publication Critical patent/CN104320389B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明公开了一种基于云计算的融合身份保护系统及方法,以实现云计算环境下贯通公有云以及私有云架构的网络身份安全的有效保护。本发明采用云计算特有的分布式集群管理,将无限多的现有以及未知的强身份认证手段通过统一的标准接口融合在一起,向用户提供单一入口的认证界面,并由用户根据其即时需求自主选择不同的安全层级的认证手段。此外,本发明还将生物识别技术以及数字认证技术内置于安全云终端,保护云计算平台以及用户客户端桌面免受非法控制机入侵。

The invention discloses a fusion identity protection system and method based on cloud computing, so as to realize the effective protection of network identity security through public cloud and private cloud architecture under the cloud computing environment. The present invention adopts the unique distributed cluster management of cloud computing, integrates an infinite number of existing and unknown strong identity authentication means through a unified standard interface, and provides users with a single-entry authentication interface, and allows users to Independently choose authentication means of different security levels. In addition, the present invention also builds biometric identification technology and digital authentication technology into the security cloud terminal to protect the cloud computing platform and user client desktop from illegal control machine intrusion.

Description

一种基于云计算的融合身份保护系统及方法A cloud computing-based integrated identity protection system and method

技术领域technical field

本发明涉及一种基于云技术的身份认证系统及方法,属于云安全操作系统领域。The invention relates to a cloud technology-based identity authentication system and method, belonging to the field of cloud security operating systems.

背景技术Background technique

随着云计算技术的逐渐完善和产业链的逐步形成,云安全操作系统在国民经济社会各行业的需求将快速增长。云安全操作系统本身是一个虚拟化的云平台,所有的数据及应用都存储在云端,云端与用户之间通过加密通道建立通信连接,从而实现数据的访问和控制,通过这种隔离体制,保证了数据存储的安全性,不会因为用户终端的故障而导致数据的丢失。然而,同时由于云具有离散、无序的特点,因此存在极高的安全隐患风险,用户的身份信息容易被泄露,解决这一问题的基本方式便是通过身份认证技术来对用户身份信息进行保护。With the gradual improvement of cloud computing technology and the gradual formation of the industrial chain, the demand for cloud security operating systems in various industries in the national economy and society will grow rapidly. The cloud security operating system itself is a virtualized cloud platform. All data and applications are stored in the cloud. Communication connections between the cloud and users are established through encrypted channels to achieve data access and control. Through this isolation system, ensure The security of data storage is ensured, and data loss will not be caused by the failure of the user terminal. However, at the same time, due to the discrete and disordered nature of the cloud, there are extremely high security risks, and user identity information is easily leaked. The basic way to solve this problem is to protect user identity information through identity authentication technology. .

身份认证分为用户与主机之间的认证和主机与主机之间的认证两个基本类。现有的身份认证系统中,在进行用户身份认证时,主要通过基于生理学或者行为特征、基于知识、基于令牌的三种基本方法来确定身份;其中,基于生理学或者行为特征的方法主要通过人生来具有的生物特征或者行为特征来进行身份认证,即生物认证;基于知识的方法主要通过口令或者PIN码来进行身份认证,包括静态和动态两种方式;基于令牌的方法主要是通过用户所拥有的身份证件来进行身份认证。目前常用的身份认证机制主要为基于静态口令的方法,身份认证系统为每个用户维护一个二元组信息,用户在登陆系统时通过输入其ID和口令,系统将输入的信息和自己维护的信息进行匹配,从而判别用户的合法性。Identity authentication is divided into two basic categories: authentication between users and hosts and authentication between hosts. In the existing identity authentication system, when performing user identity authentication, the identity is determined mainly through three basic methods based on physiological or behavioral characteristics, knowledge-based, and token-based; among them, the method based on physiological or behavioral characteristics is mainly through life. The biometric or behavioral characteristics that come with the identity authentication, that is, biometric authentication; the knowledge-based method mainly uses passwords or PIN codes for identity authentication, including static and dynamic methods; the token-based method mainly uses the user's Possessed identity document for identity verification. At present, the commonly used identity authentication mechanism is mainly based on the static password method. The identity authentication system maintains a two-tuple information for each user. When the user logs in to the system, he enters his ID and password, and the system combines the entered information and the information maintained by himself. Matching is performed to determine the legitimacy of the user.

现有的身份认证系统操作方便简单,但现有的身份认证系统主要为单因素认证方式,安全性主要依赖于数字证书、密码或者令牌的复杂度,容易受到丢失、遗忘、误置、冒名等不利因素的制约,存在极高的安全隐患风险。The existing identity authentication system is convenient and simple to operate, but the existing identity authentication system is mainly a single-factor authentication method. Restricted by unfavorable factors such as , there is a very high risk of potential safety hazards.

发明内容Contents of the invention

为了解决上述问题,本发明提供了一种基于云计算的融合身份保护系统及方法,具体技术方案如下:In order to solve the above problems, the present invention provides a cloud computing-based integrated identity protection system and method, and the specific technical solutions are as follows:

一种基于云计算的融合身份保护系统,包括安全云终端、身份认证服务器、云虚拟机服务器集群,其中,A converged identity protection system based on cloud computing, including a secure cloud terminal, an identity authentication server, and a cloud virtual machine server cluster, wherein,

安全云终端接口主板上集成包括UPEK指纹识别系统在内的生物鉴别设备,还集成有数字证书IC模块,支持PKI认证、数字签名、数据加密等安全应用;主板硬件层面具备可控WiFi、USB接口、光纤光电转换器“启动/停用”状态的可控制信号输入输出接口,支持光纤到安全云终端的直接接入,杜绝普通以太网及无线网络隐含的数据信息泄露威胁。Security cloud terminal interface The motherboard integrates biometric authentication equipment including UPEK fingerprint identification system, and also integrates a digital certificate IC module, which supports PKI authentication, digital signature, data encryption and other security applications; the motherboard hardware level has controllable WiFi and USB interfaces , The controllable signal input and output interface of the "activation/deactivation" state of the optical fiber photoelectric converter supports the direct access of optical fiber to the security cloud terminal, and eliminates the threat of data information leakage hidden in ordinary Ethernet and wireless networks.

身份认证服务器负责实现对用户身份的认证;The identity authentication server is responsible for realizing the authentication of the user's identity;

云虚拟机服务器集群负责实现身份认证操作的鉴权、身份认证结果的核定、身份认证方式更新的监控和管理。The cloud virtual machine server cluster is responsible for the authentication of identity authentication operations, the verification of identity authentication results, and the monitoring and management of identity authentication mode updates.

进一步,本发明的安全云终端部署与身份认证服务器以及云虚拟机管理服务器对接的接口软件;安全云终端自动支持公有云以及私有云的不同网络架构;云终端内置有硬件真随机数发生器;Further, the security cloud terminal of the present invention deploys interface software for docking with the identity authentication server and the cloud virtual machine management server; the security cloud terminal automatically supports different network architectures of public cloud and private cloud; the cloud terminal has a built-in hardware true random number generator;

进一步,安全云终端与身份认证服务器以及云虚拟机服务器之间部署支持RSA、ECC公钥算法引擎,支持RSA、ECC等算法等标准商密,并且支持DES、3DES、AES算法数据加解密等普密加密算法模块对传输数据进行隔离保护,有效阻止恶意攻击,并防止用户敏感信息泄露。Furthermore, the security cloud terminal is deployed between the identity authentication server and the cloud virtual machine server to support RSA, ECC public key algorithm engines, support standard commercial secrets such as RSA, ECC and other algorithms, and support DES, 3DES, AES algorithm data encryption and decryption, etc. The encrypted encryption algorithm module isolates and protects the transmitted data, effectively prevents malicious attacks, and prevents the leakage of sensitive user information.

进一步,信息的传输采用HTTPS/SSL安全传输通道,保证信息在传输中的安全,同时,对通信内容进行加密和散列,保证信息内容的安全。Furthermore, the transmission of information adopts HTTPS/SSL secure transmission channel to ensure the security of information during transmission, and at the same time, encrypt and hash the communication content to ensure the security of information content.

进一步,身份认证标识以列表的形式存储在安全云终端、身份认证服务器和云虚拟机服务器集群中。Further, the identity authentication mark is stored in the secure cloud terminal, the identity authentication server and the cloud virtual machine server cluster in the form of a list.

本发明中,云虚拟机服务器集群端可自动返回执行结果给身份认证服务器,增强事后审计能力。云虚拟机服务器集群可提供完善的日志记录功能,记录内容包括登陆时间、登陆用户身份、登陆的虚拟机系统、登陆时使用的终端IP地址。In the present invention, the cluster end of the cloud virtual machine server can automatically return the execution result to the identity authentication server, thereby enhancing the post-event audit capability. The cloud virtual machine server cluster can provide a complete log recording function, and the recorded content includes the login time, login user identity, login virtual machine system, and terminal IP address used for login.

一种基于云计算的融合身份保护方法,包括如下步骤:A fusion identity protection method based on cloud computing, comprising the following steps:

用户请求身份认证:用户通过安全云终端输入用户身份信息,选择具体的身份认证方式,安全云终端将用户的即时身份认证请求信息自动加密,并通过安全传输通道将身份认证方式标识和用户身份信息数据传递至云虚拟机服务器集群端。User requests identity authentication: The user enters user identity information through the security cloud terminal, selects a specific identity authentication method, and the security cloud terminal automatically encrypts the user's instant identity authentication request information, and passes the identity authentication method identification and user identity information through a secure transmission channel The data is transmitted to the cloud virtual machine server cluster.

云虚拟机服务器集群对身份认证的鉴权:云虚拟机服务器集群接收到用户身份认证请求后,通过鉴权服务器对用户身份认证操作涉及的安全云终端和身份认证服务器进行鉴权,具体包括:获取用户身份认证操作涉及的安全云终端和身份认证服务器信息,核对安全云终端是否有权发起身份认证操作,核对所请求的认证服务器的合法性和适配性;鉴权通过后,云虚拟机服务器集群把用户身份认证请求消息写入服务器集群中的消息管理服务器,并向相应的安全云终端和身份认证服务器发送身份认证确认消息,把鉴权结果送至安全云终端和身份认证服务器。如果有安全云终端未通过合法性验证,则云虚拟机服务器集群中的数据存储服务器记录未通过鉴权的安全云终端号码和错误原因,并直接向该安全云终端发送鉴权失败消息。Authentication of identity authentication by the cloud virtual machine server cluster: After receiving the user identity authentication request, the cloud virtual machine server cluster authenticates the security cloud terminal and the identity authentication server involved in the user identity authentication operation through the authentication server, specifically including: Obtain the security cloud terminal and identity authentication server information involved in user identity authentication operations, check whether the security cloud terminal has the right to initiate identity authentication operations, and check the legitimacy and adaptability of the requested authentication server; after the authentication is passed, the cloud virtual machine The server cluster writes the user identity authentication request message into the message management server in the server cluster, and sends the identity authentication confirmation message to the corresponding security cloud terminal and the identity authentication server, and sends the authentication result to the security cloud terminal and the identity authentication server. If a secure cloud terminal fails the legality verification, the data storage server in the cloud virtual machine server cluster records the number of the secure cloud terminal that failed the authentication and the cause of the error, and directly sends an authentication failure message to the secure cloud terminal.

认证服务器侧的用户身份认证:身份认证服务器根据接收到的用户身份认证请求消息,依据安全云终端侧用户选择的认证方式标识适配相应的认证机制进行身份认证操作,并将身份认证结果传送到云虚拟机。User identity authentication on the authentication server side: the identity authentication server adapts the corresponding authentication mechanism according to the received user identity authentication request message and the authentication mode identifier selected by the user on the security cloud terminal side, and transmits the identity authentication result to the Cloud virtual machine.

云虚拟机服务器集群侧对用户身份认证的核定:云虚拟机在接收到身份认证服务器对用户身份的认证结果后,将其与服务器集群中的数据存储服务器中备份的用户身份信息标识进行匹配,对已认证的用户身份进行二次核定。如果身份核定成功,则将身份认证结果发送到安全云终端,如果核定不成功,则将核定错误的原因返回到身份认证服务器,对用户身份进行重新认证,直到确定用户的身份信息为止。Verification of user identity authentication on the server cluster side of the cloud virtual machine: After receiving the authentication result of the user identity from the identity authentication server, the cloud virtual machine matches it with the user identity information backed up in the data storage server in the server cluster, Perform secondary verification on authenticated user identities. If the identity verification is successful, the identity verification result is sent to the security cloud terminal, and if the verification is unsuccessful, the reason for the verification error is returned to the identity verification server, and the user identity is re-authenticated until the user's identity information is determined.

云虚拟机服务器集群中数据存储服务器中备份的用户身份信息标识是由身份认证服务器的ID和用户身份信息的镜像组成的,即云虚拟机服务器集群数据库中备份了用户的多维身份数据信息以及与不同认证请求方式相匹配的身份认证服务器的ID号。The user identity information backed up in the data storage server in the cloud virtual machine server cluster is composed of the ID of the identity authentication server and the mirror image of the user identity information, that is, the cloud virtual machine server cluster database backs up the user's multi-dimensional identity data information and The ID number of the identity authentication server matching different authentication request methods.

进一步,合法性鉴权包括:核对用户身份认证操作涉及的安全云终端是否有权发起身份认证操作;核对用户身份认证操作涉及的身份认证服务器是否可以进行身份认证操作。适配性鉴权包括:核对要认证的用户身份是否属于该认证服务器的认证服务范畴;核对安全云终端发起的用户身份认证方式是否属于该服务器的认证服务范畴。如果有身份认证服务器未通过合法性验证,则云虚拟机服务器发起警报,告知该身份服务器可能为恶意服务器。Further, the legality authentication includes: checking whether the security cloud terminal involved in the user identity authentication operation has the right to initiate the identity authentication operation; checking whether the identity authentication server involved in the user identity authentication operation can perform the identity authentication operation. Adaptive authentication includes: checking whether the user identity to be authenticated belongs to the authentication service category of the authentication server; checking whether the user identity authentication method initiated by the security cloud terminal belongs to the authentication service category of the server. If an identity authentication server fails the legality verification, the cloud virtual machine server sends an alarm to inform that the identity server may be a malicious server.

进一步,本发明还包括用户身份认证方式更新升级的步骤,具体包括:Further, the present invention also includes the step of updating and upgrading the user identity authentication method, specifically including:

安全云终端侧身份认证方式更新:包括现有用户认证方式的升级和添加新的用户认证方式。现有认证方式的升级可通过USB进行本地升级和云平台向安全云终端发送升级指令和升级数据包进行远程升级;添加新的用户认证方式包括添加新的生物认证传感器设备和添加新的数字证书IC模块。安全云终端侧身份认证方式更新完成后,将新的用户认证方式信息发送到云虚拟机。Update of identity authentication methods on the security cloud terminal side: including the upgrade of existing user authentication methods and the addition of new user authentication methods. The upgrade of existing authentication methods can be upgraded locally through USB and the cloud platform sends upgrade instructions and upgrade data packets to the security cloud terminal for remote upgrade; adding new user authentication methods includes adding new biometric authentication sensor devices and adding new digital certificates IC modules. After the update of the identity authentication method on the terminal side of the security cloud is completed, the new user authentication method information is sent to the cloud virtual machine.

云虚拟机服务器集群侧更新升级:云虚拟机接收到安全云终端发送的更新身份认证方式操作后,将其与服务器集群中的数据存储服务器的认证方式进行匹配,如果数据存储服务器中存在该种形式的认证方式,则不更新身份认证标识;如果不存在该种形式的认证方式,则赋予一个新的身份认证标识,并将新的身份认证标识发送到安全云终端,更新安全云终端中的身份认证标识。同时,云虚拟机服务器集群中的消息管理服务器将该种身份认证方式的更新请求发送至云平台,经云平台管理员返回确认消息后再进行更新操作。Update and upgrade on the server cluster side of the cloud virtual machine: After the cloud virtual machine receives the operation of updating the identity authentication method sent by the security cloud terminal, it matches it with the authentication method of the data storage server in the server cluster. If there is no form of authentication, the identity authentication logo will not be updated; if there is no such form of authentication, a new identity authentication logo will be given, and the new identity authentication logo will be sent to the security cloud terminal to update the security cloud terminal. Authentication ID. At the same time, the message management server in the cloud virtual machine server cluster sends the update request of this identity authentication method to the cloud platform, and the update operation is performed after the cloud platform administrator returns a confirmation message.

云虚拟机服务器集群在完成更新升级操作以后,会将新更新升级的用户身份认证方式与其数据存储服务器中存储的身份认证服务器的ID进行比对,如果存在该种身份认证的服务器,则将更新升级请求和新的身份认证标识发送到相应ID的身份认证服务器,如果不存在该种身份认证的服务器,则将更新升级请求发送到云平台管理员,发送部署新身份认证服务器请求。After the cloud virtual machine server cluster completes the update and upgrade operation, it will compare the newly updated user identity authentication method with the ID of the identity authentication server stored in the data storage server. If there is such an identity authentication server, it will update The upgrade request and the new identity authentication identifier are sent to the identity authentication server of the corresponding ID. If there is no such identity authentication server, the update and upgrade request is sent to the cloud platform administrator, and a request for deploying a new identity authentication server is sent.

身份认证服务器更新升级:依据云虚拟机服务器集群侧更新升级步骤中云虚拟机服务器集群中的比对结果,当不存在与新更新升级的身份认证方式相匹配的身份认证服务器时,部署新的身份认证服务器,并将新的身份认证服务器的ID号发送到云虚拟机;当存在与新更新升级的身份认证方式相匹配的身份认证服务器时,云虚拟机将需更新升级请求发送到相应ID号的身份认证服务器,身份认证服务器接收到更新升级请求信息后向云虚拟机服务器集群发送确认消息,云虚拟机服务器集群再向身份认证服务器发送新的身份认证标识和更新数据包,身份认证服务器进行更新升级操作。Identity authentication server update and upgrade: According to the comparison results in the cloud virtual machine server cluster in the update and upgrade steps of the cloud virtual machine server cluster side, if there is no identity authentication server that matches the newly updated and upgraded identity authentication method, deploy a new one Identity authentication server, and send the ID number of the new identity authentication server to the cloud virtual machine; when there is an identity authentication server that matches the newly updated and upgraded identity authentication method, the cloud virtual machine will send an update request to the corresponding ID After receiving the update and upgrade request information, the identity authentication server sends a confirmation message to the cloud virtual machine server cluster, and the cloud virtual machine server cluster then sends a new identity authentication identifier and update data packet to the identity authentication server, and the identity authentication server Perform update and upgrade operations.

新升级身份认证方式的测试:身份认证服务器在完成更新升级操作后,向云虚拟机服务器集群发送更新完毕确认信息,云虚拟机服务器集群向云平台管理员发送测试请求。云平台管理员依据前述的用户请求身份认证、云虚拟机服务器集群对身份认证的鉴权、认证服务器侧的用户身份认证、云虚拟机服务器集群侧对用户身份认证的核定步骤对新更新升级的身份认证方式进行测试操作。如果测试不通过,则重复上述用户身份认证方式更新升级的步骤,直到测试通过,如果测试通过,更新升级操作完成。Test of the newly upgraded identity authentication method: After the identity authentication server completes the update and upgrade operation, it sends an update confirmation message to the cloud virtual machine server cluster, and the cloud virtual machine server cluster sends a test request to the cloud platform administrator. The administrator of the cloud platform updates and upgrades based on the aforementioned user request identity authentication, cloud virtual machine server cluster authentication for identity authentication, user identity authentication on the authentication server side, and cloud virtual machine server cluster side user identity authentication verification steps. The identity authentication method is used for test operation. If the test fails, repeat the above steps of updating and upgrading the user identity authentication mode until the test passes, and if the test passes, the update and upgrade operation is completed.

进一步,云虚拟机服务器集群在对自身的认证方式进行更新之前,会对将更新的身份认证方式进行安全评估,判断新的身份认证方式的安全级别,然后再根据其安全级别进行相应的升级操作。Furthermore, before the cloud virtual machine server cluster updates its own authentication method, it will conduct a security assessment of the identity authentication method to be updated, determine the security level of the new identity authentication method, and then perform corresponding upgrade operations according to its security level .

本发明采用云计算特有的分布式集群管理,将无限多的现有以及未知的强身份认证手段通过统一的标准接口融合在一起,向用户提供单一入口的认证界面,并由用户根据其即时需求自主选择不同的安全层级的认证手段,实现云计算环境下贯通公有云以及私有云架构的网络身份安全的有效保护。此外,本发明还将生物识别技术以及数字认证技术内置于安全云终端,提供包括用户登录名称、登录ID号码、生物信息、数字密钥在内的多因子高强度的身份虚拟化认证、结合角色的基于类型的访问控制、细粒度的安全审计等多项安全功能,保护云计算平台以及用户客户端桌面免受非法控制机入侵。本发明中,用户身份认证系统采用多种安全认证与防护设施通过统一的策略集合在低功耗、微体积的安全云终端上,使得安全云终端的数据以及用户信息得到有效的保护。The present invention adopts the unique distributed cluster management of cloud computing, integrates an infinite number of existing and unknown strong identity authentication methods through a unified standard interface, and provides users with a single-entry authentication interface, and users can use it according to their immediate needs. Independently select authentication methods of different security levels to realize effective protection of network identity security through public cloud and private cloud architecture in cloud computing environment. In addition, the present invention also builds biometric identification technology and digital authentication technology into the secure cloud terminal, providing multi-factor high-strength identity virtualization authentication including user login name, login ID number, biometric information, and digital key, combining role Multiple security functions such as type-based access control and fine-grained security audit protect the cloud computing platform and user client desktops from illegal control machine intrusion. In the present invention, the user identity authentication system adopts a variety of security authentication and protection facilities and integrates them on the low-power, micro-volume security cloud terminal through a unified strategy, so that the data and user information of the security cloud terminal are effectively protected.

附图说明Description of drawings

图1是基于云计算的融合身份保护系统的架构图。Figure 1 is an architecture diagram of a converged identity protection system based on cloud computing.

图2是用户身份认证操作的基本流程图。Fig. 2 is a basic flowchart of user identity authentication operation.

图3是用户身份认证方式更新升级的基本流程图。Fig. 3 is a basic flow chart of updating and upgrading the user identity authentication mode.

具体实施方式Detailed ways

下面结合附图和实施例对本发明作进一步详细说明。The present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments.

基于云计算的融合身份保护系统的架构如图1所示,系统包括安全云终端、身份认证服务器、云虚拟机服务器集群。内置指纹仪和内置数字证书可实现用户身份认证的输入请求;可控WiFi、可控光纤模块可实现用户身份认证请求信息和身份认证方式更新信息的加密传输;可控USB接口可实现安全云终端存储数据的下载和身份认证方式的本地升级服务;身份认证服务器可实现对用户身份的认证;云虚拟机服务器集群可实现身份认证操作的鉴权、身份认证结果的核定、身份认证方式更新的监控和管理。The architecture of the integrated identity protection system based on cloud computing is shown in Figure 1. The system includes secure cloud terminals, identity authentication servers, and cloud virtual machine server clusters. The built-in fingerprint sensor and built-in digital certificate can realize the input request of user identity authentication; the controllable WiFi and controllable optical fiber module can realize the encrypted transmission of user identity authentication request information and identity authentication mode update information; the controllable USB interface can realize secure cloud terminal The download of stored data and the local upgrade service of identity authentication methods; the identity authentication server can realize the authentication of user identities; the cloud virtual machine server cluster can realize the authentication of identity authentication operations, the verification of identity authentication results, and the monitoring of identity authentication method updates and management.

本发明中,身份认证支持现有以及未知的各种强身份认证手段的集成,身份认证方式可根据实际情况进行选择和更新升级。每种身份认证方式采用独特的用户身份认证方式标识做区分,身份认证方式在消息中用8个比特位进行标识,并且身份认证标识以列表的形式存储在安全云终端、身份认证服务器和云虚拟机服务器集群中,以保证用户身份认证的可操作性和扩展性。具体的标识示例如下表所示。In the present invention, the identity authentication supports the integration of various existing and unknown strong identity authentication methods, and the identity authentication methods can be selected and updated according to actual conditions. Each identity authentication method is distinguished by a unique user identity authentication method identifier. The identity authentication method is identified by 8 bits in the message, and the identity authentication identifier is stored in the secure cloud terminal, the identity authentication server and the cloud virtual server in the form of a list. Machine server clusters to ensure the operability and scalability of user identity authentication. Specific identification examples are shown in the table below.

表1.身份认证方式标识示例Table 1. Examples of ID authentication methods

表1中,保留位用于未知用途;前4个比特位标识同一类型的身份认证方式,后4个比特位标识具体的身份认证方式,例如,00010001标识指纹认证,00010010标识虹膜认证。In Table 1, reserved bits are used for unknown purposes; the first 4 bits identify the same type of identity authentication method, and the last 4 bits identify the specific identity authentication method, for example, 00010001 identifies fingerprint authentication, and 00010010 identifies iris authentication.

用户身份认证操作的基本流程如图2所示:The basic process of user identity authentication operation is shown in Figure 2:

步骤101:用户请求身份认证Step 101: User requests identity authentication

用户在安全云终端通过统一的人机界面以及软件接口自主选择认证方式,包括生物指纹认证,数字证书认证等。安全云终端将用户的及时认证请求信息自动加密,并通过安全传输通道将身份认证方式标识和用户身份信息数据传递至云虚拟机端。Users can independently choose authentication methods through the unified man-machine interface and software interface on the security cloud terminal, including biometric fingerprint authentication, digital certificate authentication, etc. The secure cloud terminal automatically encrypts the user's timely authentication request information, and transmits the identity authentication method identification and user identity information data to the cloud virtual machine through a secure transmission channel.

步骤102:云虚拟机服务器集群对身份认证鉴权Step 102: The cloud virtual machine server cluster authenticates the identity

云虚拟机接收到用户身份请求认证后,首先通过其服务器集群中的鉴权服务器对用户身份认证操作涉及的安全云终端和认证服务器进行鉴权,具体包括:获取用户身份认证操作涉及的安全云终端和认证服务器信息,核对安全云终端是否有权发起身份认证操作,核对所请求的认证服务器的合法性和适配性。鉴权通过后,云虚拟机把用户身份认证请求消息写入服务器集群中的消息管理服务器,并向相应的安全云终端和身份认证服务器发送身份认证确认消息,把鉴权结果送至安全云终端和身份认证服务器。After the cloud virtual machine receives the user identity authentication request, it first authenticates the security cloud terminal and authentication server involved in the user identity authentication operation through the authentication server in its server cluster, specifically including: obtaining the security cloud terminal and authentication server involved in the user identity authentication operation. Terminal and authentication server information, check whether the security cloud terminal has the right to initiate identity authentication operations, and check the legitimacy and adaptability of the requested authentication server. After the authentication is passed, the cloud virtual machine writes the user identity authentication request message to the message management server in the server cluster, and sends an identity authentication confirmation message to the corresponding security cloud terminal and identity authentication server, and sends the authentication result to the security cloud terminal and authentication server.

其中,合法性鉴权包括:核对用户身份认证操作涉及的安全云终端是否有权发起身份认证操作;核对用户身份认证操作涉及的身份认证服务器是否可以进行身份认证操作。适配性鉴权包括:核对要认证的用户身份是否属于该认证服务器的认证服务范畴;核对安全云终端发起的用户身份认证方式是否属于该服务器的认证服务范畴。Wherein, the legality authentication includes: checking whether the security cloud terminal involved in the user identity authentication operation has the right to initiate the identity authentication operation; checking whether the identity authentication server involved in the user identity authentication operation can perform the identity authentication operation. Adaptive authentication includes: checking whether the user identity to be authenticated belongs to the authentication service category of the authentication server; checking whether the user identity authentication method initiated by the security cloud terminal belongs to the authentication service category of the server.

如果有安全云终端未通过合法性验证,则云虚拟机服务器集群中的数据存储服务器记录未通过鉴权的安全云终端号码和错误原因,并直接向该安全云终端发送鉴权失败消息。If a secure cloud terminal fails the legality verification, the data storage server in the cloud virtual machine server cluster records the number of the secure cloud terminal that failed the authentication and the cause of the error, and directly sends an authentication failure message to the secure cloud terminal.

如果有身份认证服务器未通过合法性验证,则云虚拟机服务器发起警报,告知该身份服务器可能为恶意服务器。If an identity authentication server fails the legality verification, the cloud virtual machine server sends an alarm to inform that the identity server may be a malicious server.

步骤103:认证服务器侧的用户身份认证Step 103: User identity authentication on the authentication server side

认证服务器根据接收到的用户身份认证请求消息,依据安全云终端侧用户选择的认证方式标识适配相应的认证机制进行身份认证操作,并将身份认证结果传送到云虚拟机。According to the received user identity authentication request message, the authentication server adapts the corresponding authentication mechanism according to the authentication mode identifier selected by the user on the security cloud terminal side to perform identity authentication operations, and transmits the identity authentication result to the cloud virtual machine.

步骤104:云虚拟机服务器集群侧对用户身份认证的核定Step 104: Verifying user identity authentication on the cloud virtual machine server cluster side

云虚拟机在接收到身份认证服务器对用户身份的认证结果后,将其与服务器集群中的数据存储服务器中备份的用户身份信息标识进行匹配,对已认证的用户身份进行二次核定。如果身份核定成功,则将身份认证结果发送到安全云终端,如果核定不成功,则将核定错误的原因返回到身份认证服务器,对用户身份进行重新认证,直到确定用户的身份信息为止。After the cloud virtual machine receives the authentication result of the user identity from the identity authentication server, it matches it with the user identity information ID backed up in the data storage server in the server cluster, and performs a second check on the authenticated user identity. If the identity verification is successful, the identity verification result is sent to the security cloud terminal, and if the verification is unsuccessful, the reason for the verification error is returned to the identity verification server, and the user identity is re-authenticated until the user's identity information is determined.

云虚拟机服务器集群中数据存储服务器中备份的用户身份信息标识是由身份认证服务器的ID和用户身份信息的镜像组成的,即云虚拟机服务器集群数据库中备份了用户的多维身份数据信息以及与不同认证请求方式相匹配的身份认证服务器的ID号。The user identity information backed up in the data storage server in the cloud virtual machine server cluster is composed of the ID of the identity authentication server and the mirror image of the user identity information, that is, the cloud virtual machine server cluster database backs up the user's multi-dimensional identity data information and The ID number of the identity authentication server matching different authentication request methods.

用户身份认证方式更新升级的基本流程如图3所示:The basic process of updating and upgrading the user identity authentication method is shown in Figure 3:

步骤201:安全云终端侧身份认证方式更新Step 201: Update the identity authentication method on the security cloud terminal side

安全云终端侧的身份认证方式的更新包括现有用户认证方式的升级和添加新的用户认证方式。现有认证方式的升级可通过USB进行本地升级和云平台向安全云终端发送升级指令和升级数据包进行远程升级;添加新的用户认证方式包括添加新的生物认证传感器设备和添加新的数字证书IC模块。The update of the identity authentication method on the security cloud terminal side includes the upgrade of the existing user authentication method and the addition of a new user authentication method. The upgrade of existing authentication methods can be upgraded locally through USB and the cloud platform sends upgrade instructions and upgrade data packets to the security cloud terminal for remote upgrade; adding new user authentication methods includes adding new biometric authentication sensor devices and adding new digital certificates IC module.

安全云终端侧身份认证方式更新完成后,将新的用户认证方式信息发送到云虚拟机。After the update of the identity authentication method on the terminal side of the security cloud is completed, the new user authentication method information is sent to the cloud virtual machine.

步骤202:云虚拟机服务器集群侧更新升级Step 202: Update and upgrade the cloud virtual machine server cluster side

云虚拟机接收到安全云终端发送的更新身份认证方式操作后,将其与服务器集群中的数据存储服务器的认证方式进行匹配,如果数据存储服务器中存在该种形式的认证方式,则不更新身份认证标识,如果不存在该种形式的认证方式,则赋予一个新的身份认证标识,并将新的身份认证标识发送到安全云终端,更新安全云终端中的身份认证标识。同时,云虚拟机服务器集群中的消息管理服务器将该种身份认证方式的更新请求发送至云平台,经云平台管理员返回确认消息后再进行更新操作。After the cloud virtual machine receives the operation of updating the identity authentication method sent by the security cloud terminal, it matches it with the authentication method of the data storage server in the server cluster. If there is such an authentication method in the data storage server, the identity will not be updated. Authentication mark, if there is no such form of authentication, a new identity verification mark is given, and the new identity verification mark is sent to the security cloud terminal to update the identity verification mark in the security cloud terminal. At the same time, the message management server in the cloud virtual machine server cluster sends the update request of this identity authentication method to the cloud platform, and the update operation is performed after the cloud platform administrator returns a confirmation message.

需要注意的是,云虚拟机服务器集群在对自身的认证方式进行更新之前,会对将更新的身份认证方式进行安全评估,判断新的身份认证方式的安全级别,然后再根据其安全级别进行相应的升级操作。It should be noted that before the cloud virtual machine server cluster updates its own authentication method, it will conduct a security assessment on the identity authentication method to be updated, judge the security level of the new identity authentication method, and then perform corresponding authentication according to its security level. upgrade operation.

云虚拟机服务器集群在完成更新升级操作以后,会将新更新升级的用户身份认证方式与其数据存储服务器中存储的身份认证服务器的ID进行比对,如果存在该种身份认证的服务器,则将更新升级请求和新的身份认证标识发送到相应ID的身份认证服务器,如果不存在该种身份认证的服务器,则将更新升级请求发送到云平台管理员,发送部署新身份认证服务器请求。After the cloud virtual machine server cluster completes the update and upgrade operation, it will compare the newly updated user identity authentication method with the ID of the identity authentication server stored in the data storage server. If there is such an identity authentication server, it will update The upgrade request and the new identity authentication identifier are sent to the identity authentication server of the corresponding ID. If there is no such identity authentication server, the update and upgrade request is sent to the cloud platform administrator, and a request for deploying a new identity authentication server is sent.

步骤203:身份认证服务器更新升级Step 203: Updating the identity authentication server

依据步骤202中运虚拟机服务器集群中的比对结果,当不存在与新更新升级的身份认证方式相匹配的身份认证服务器时,部署新的身份认证服务器,并将新的身份认证服务器的ID号发送到云虚拟机;当存在与新更新升级的身份认证方式相匹配的身份认证服务器时,云虚拟机将需更新升级请求发送到相应ID号的身份认证服务器,身份认证服务器接收到更新升级请求信息后向云虚拟机服务器集群发送确认消息,云虚拟机服务器集群再向身份认证服务器发送新的身份认证标识和更新数据包,身份认证服务器进行更新升级操作。According to the comparison result in the virtual machine server cluster in step 202, when there is no identity authentication server that matches the newly updated identity authentication mode, a new identity authentication server is deployed, and the ID of the new identity authentication server is ID is sent to the cloud virtual machine; when there is an identity authentication server that matches the newly updated and upgraded identity authentication method, the cloud virtual machine will send an update request to the identity authentication server with the corresponding ID number, and the identity authentication server receives the update and upgrade After requesting information, send a confirmation message to the cloud virtual machine server cluster, and then the cloud virtual machine server cluster sends a new identity authentication logo and update data package to the identity authentication server, and the identity authentication server performs an update and upgrade operation.

步骤204:新升级身份认证方式的测试Step 204: Test the newly upgraded identity authentication method

身份认证服务器在完成更新升级操作后,向云虚拟机服务器集群发送更新完毕确认信息,云虚拟机服务器集群向云平台管理员发送测试请求。云平台管理员依据步骤101-104对新更新升级的身份认证方式进行测试操作。如果测试不通过,则重复步骤201-204,直到测试通过,如果测试通过,更新升级操作完成。After the identity authentication server completes the update and upgrade operation, it sends an update confirmation message to the cloud virtual machine server cluster, and the cloud virtual machine server cluster sends a test request to the cloud platform administrator. The cloud platform administrator performs a test operation on the newly updated identity authentication method according to steps 101-104. If the test fails, repeat steps 201-204 until the test passes, and if the test passes, the updating and upgrading operation is completed.

上述实施方式中所涉及到的技术特征,只要彼此间未构成冲突就可以相互组合。本发明不限于上述实施例,一切采用等同替换或等效替换形成的技术方案均属于本发明要求保护的范围。The technical features involved in the above embodiments may be combined with each other as long as they do not conflict with each other. The present invention is not limited to the above-mentioned embodiments, and all equivalent replacements or technical solutions formed by equivalent replacements fall within the protection scope of the present invention.

Claims (10)

1.一种基于云计算的融合身份保护系统,其特征在于,包括安全云终端、身份认证服务器、云虚拟机服务器集群,其中:1. A fusion identity protection system based on cloud computing, characterized in that it includes a secure cloud terminal, an identity authentication server, and a cloud virtual machine server cluster, wherein: 所述安全云终端接口主板上集成生物鉴别设备、数字证书IC模块,主板硬件层面具备可控WiFi、USB接口、可控制信号输入输出接口,支持光纤到安全云终端的直接接入;Biometric authentication equipment and digital certificate IC modules are integrated on the main board of the secure cloud terminal interface, and the hardware level of the main board is provided with controllable WiFi, USB interface, and controllable signal input and output interfaces, and supports direct access of optical fiber to the safe cloud terminal; 身份认证服务器负责实现对用户身份的认证;The identity authentication server is responsible for realizing the authentication of the user's identity; 云虚拟机服务器集群负责实现身份认证操作的鉴权、身份认证结果的核定、身份认证方式更新的监控和管理。The cloud virtual machine server cluster is responsible for the authentication of identity authentication operations, the verification of identity authentication results, and the monitoring and management of identity authentication mode updates. 2.根据权利要求1所述的系统,其特征是所述安全云终端部署与身份认证服务器以及云虚拟机服务器对接的接口软件;云终端内置有硬件真随机数发生器。2. The system according to claim 1, characterized in that the secure cloud terminal deploys interface software for docking with the identity authentication server and the cloud virtual machine server; the cloud terminal has a built-in hardware true random number generator. 3.根据权利要求1或2所述的系统,其特征是,所述安全云终端与身份认证服务器以及云虚拟机服务器之间部署支持RSA、ECC公钥算法引擎。3. The system according to claim 1 or 2, wherein an engine supporting RSA and ECC public key algorithms is deployed between the secure cloud terminal, the identity authentication server and the cloud virtual machine server. 4.根据权利要求1所述的系统,其特征是,信息的传输采用HTTPS/SSL安全传输通道,并对通信内容进行加密和散列。4. The system according to claim 1, wherein the transmission of information adopts HTTPS/SSL secure transmission channel, and the communication content is encrypted and hashed. 5.根据权利要求1或2或4所述的系统,其特征是,身份认证标识以列表的形式存储在安全云终端、身份认证服务器和云虚拟机服务器集群中。5. The system according to claim 1, 2 or 4, wherein the identity authentication mark is stored in the secure cloud terminal, the identity authentication server and the cloud virtual machine server cluster in the form of a list. 6.一种基于云计算的融合身份保护方法,其特征是,包括如下步骤:6. A fusion identity protection method based on cloud computing, characterized in that it comprises the following steps: 用户请求身份认证:用户通过安全云终端输入用户身份信息,选择身份认证方式;User requests identity authentication: the user enters user identity information through the secure cloud terminal and selects an identity authentication method; 云虚拟机服务器集群对身份认证的鉴权:云虚拟机服务器集群通过鉴权服务器对用户身份认证操作涉及的安全云终端和身份认证服务器进行鉴权;云虚拟机服务器集群根据身份认证方式标识选择相应的身份认证服务器,并向其发起身份认证请求消息;Authentication of identity authentication by the cloud virtual machine server cluster: the cloud virtual machine server cluster authenticates the secure cloud terminal and the identity authentication server involved in the user identity authentication operation through the authentication server; the cloud virtual machine server cluster selects according to the identity authentication mode identification The corresponding identity authentication server, and initiates an identity authentication request message to it; 认证服务器侧的用户身份认证:身份认证服务器根据云虚拟机服务器集群发送的用户身份信息数据包对用户的身份信息进行认证,并将身份认证结果返回到云虚拟机服务器集群进行身份核定操作;User identity authentication on the authentication server side: the identity authentication server authenticates the user's identity information according to the user identity information packet sent by the cloud virtual machine server cluster, and returns the identity authentication result to the cloud virtual machine server cluster for identity verification operation; 云虚拟机服务器集群侧对用户身份认证的核定:调用身份核定服务器对已认证的用户身份进行二次核定,将核定结果发送至安全云终端。Verification of user identity authentication on the cloud virtual machine server cluster side: call the identity verification server to perform a second verification of the authenticated user identity, and send the verification result to the security cloud terminal. 7.根据权利要求6所述的方法,其特征是,所述鉴权具体包括:获取用户身份认证操作涉及的安全云终端和身份认证服务器信息,核对安全云终端是否有权发起身份认证操作,核对所请求的认证服务器的合法性和适配性;7. The method according to claim 6, wherein the authentication specifically comprises: acquiring information about the security cloud terminal and the identity authentication server involved in the user identity authentication operation, checking whether the security cloud terminal has the right to initiate the identity authentication operation, Check the legitimacy and suitability of the requested authentication server; 如果有安全云终端未通过合法性验证,则云虚拟机服务器集群中的数据存储服务器记录未通过鉴权的安全云终端号码和错误原因,并直接向该安全云终端发送鉴权失败消息。If a secure cloud terminal fails the legality verification, the data storage server in the cloud virtual machine server cluster records the number of the secure cloud terminal that failed the authentication and the cause of the error, and directly sends an authentication failure message to the secure cloud terminal. 8.根据权利要求7所述的方法,其特征是,所述合法性鉴权包括:核对用户身份认证操作涉及的安全云终端是否有权发起身份认证操作,核对用户身份认证操作涉及的身份认证服务器是否可以进行身份认证操作;所述适配性鉴权包括:核对要认证的用户身份是否属于该认证服务器的认证服务范畴,核对安全云终端发起的用户身份认证方式是否属于该认证服务器的认证服务范畴。8. The method according to claim 7, wherein the legality authentication includes: checking whether the security cloud terminal involved in the user identity authentication operation has the right to initiate the identity authentication operation, and checking the identity authentication information involved in the user identity authentication operation. Whether the server can carry out the identity authentication operation; the adaptive authentication includes: checking whether the user identity to be authenticated belongs to the authentication service category of the authentication server, and checking whether the user identity authentication method initiated by the security cloud terminal belongs to the authentication of the authentication server service category. 9.根据权利要求6到8中任意一项所述的方法,其特征是,还包括用户身份认证方式更新升级的步骤,具体包括:9. The method according to any one of claims 6 to 8, further comprising the step of updating and upgrading the user identity authentication method, specifically comprising: 安全云终端侧身份认证方式更新:包括现有用户认证方式的升级和添加新的用户认证方式,安全云终端侧身份认证方式更新完成后,将新的用户认证方式信息发送到云虚拟机;Update the identity authentication method on the security cloud terminal side: including upgrading the existing user authentication method and adding a new user authentication method. After the update of the identity authentication method on the security cloud terminal side is completed, the new user authentication method information will be sent to the cloud virtual machine; 云虚拟机服务器集群侧更新升级:云虚拟机将更新身份认证方式的操作与已有的认证方式进行匹配,将新形式的认证方式赋予一个新的身份认证标识,同时更新安全云终端中的身份认证标识;Cloud virtual machine server cluster side update: the cloud virtual machine matches the operation of updating the identity authentication method with the existing authentication method, assigns the new form of authentication method to a new identity authentication mark, and updates the identity in the secure cloud terminal at the same time certification mark; 身份认证服务器更新升级:依据云虚拟机服务器集群侧更新升级步骤,决定是否部署新的身份认证服务器,并将新的身份认证服务器的ID号发送到云虚拟机;Identity authentication server update and upgrade: According to the update and upgrade steps of the cloud virtual machine server cluster side, decide whether to deploy a new identity authentication server, and send the ID number of the new identity authentication server to the cloud virtual machine; 新升级身份认证方式的测试:身份认证服务器在完成更新升级操作后,云平台管理员依据前述的用户请求身份认证、云虚拟机服务器集群对身份认证的鉴权、认证服务器侧的用户身份认证、云虚拟机服务器集群侧对用户身份认证的核定步骤对新更新升级的身份认证方式进行测试操作。Test of the newly upgraded identity authentication method: After the identity authentication server completes the update and upgrade operation, the administrator of the cloud platform bases on the aforementioned user request identity authentication, authentication of identity authentication by the cloud virtual machine server cluster, user identity authentication on the authentication server side, The verification steps of user identity authentication on the cloud virtual machine server cluster side test the newly updated and upgraded identity authentication methods. 10.根据权利要求9所述的方法,其特征是,所述云虚拟机服务器集群在对自身的认证方式进行更新之前,对将要进行更新的身份认证方式进行安全评估,判断新的身份认证方式的安全级别,然后再根据其安全级别进行相应的升级操作。10. The method according to claim 9, wherein, before the cloud virtual machine server cluster updates its own authentication method, it performs a security assessment on the identity authentication method to be updated, and determines the new identity authentication method security level, and then perform corresponding upgrade operations according to its security level.
CN201410536876.8A 2014-10-11 2014-10-11 A kind of fusion identity protection system and method based on cloud computing Expired - Fee Related CN104320389B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410536876.8A CN104320389B (en) 2014-10-11 2014-10-11 A kind of fusion identity protection system and method based on cloud computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410536876.8A CN104320389B (en) 2014-10-11 2014-10-11 A kind of fusion identity protection system and method based on cloud computing

Publications (2)

Publication Number Publication Date
CN104320389A true CN104320389A (en) 2015-01-28
CN104320389B CN104320389B (en) 2018-04-27

Family

ID=52375560

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410536876.8A Expired - Fee Related CN104320389B (en) 2014-10-11 2014-10-11 A kind of fusion identity protection system and method based on cloud computing

Country Status (1)

Country Link
CN (1) CN104320389B (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320391A (en) * 2014-10-22 2015-01-28 南京绿云信息技术有限公司 Cloud authentication method and system
CN105208012A (en) * 2015-08-31 2015-12-30 武汉云通英飞科技有限公司 Cloud computing-based cloud authentication method and system
CN105338002A (en) * 2015-12-04 2016-02-17 上海斐讯数据通信技术有限公司 Security management system for third-party server
CN106453278A (en) * 2016-09-23 2017-02-22 财付通支付科技有限公司 Information verification method and verification platform
CN106656926A (en) * 2015-10-30 2017-05-10 西门子公司 Method, device and system for remotely authenticating application in cloud environment
CN107026826A (en) * 2016-02-02 2017-08-08 阿里巴巴集团控股有限公司 Data processing method, device, server and high in the clouds management system
CN107341046A (en) * 2017-07-17 2017-11-10 郑州云海信息技术有限公司 A kind of information security management method and device
CN107533790A (en) * 2015-03-19 2018-01-02 夫斯特21有限公司 System and method for managing the identity information being stored in Cloud Server
CN109154955A (en) * 2016-07-15 2019-01-04 株式会社东芝 IC module, IC card and comparison device
CN109450867A (en) * 2018-10-22 2019-03-08 腾讯科技(深圳)有限公司 A kind of identity identifying method, device and storage medium
CN110750803A (en) * 2019-10-18 2020-02-04 支付宝(杭州)信息技术有限公司 Method and device for providing and fusing data
CN110838953A (en) * 2019-11-01 2020-02-25 北京字节跳动网络技术有限公司 Test method, test system, electronic equipment and storage medium
CN111695098A (en) * 2020-06-04 2020-09-22 中国工商银行股份有限公司 Multi-distributed cluster access method and device

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025498A (en) * 2009-09-19 2011-04-20 华为技术有限公司 Method, device and system for protecting user privacy
CN102098317A (en) * 2011-03-22 2011-06-15 浙江中控技术股份有限公司 Data transmitting method and system applied to cloud system
CN102255870A (en) * 2010-05-19 2011-11-23 上海可鲁系统软件有限公司 Security authentication method and system for distributed network
CN102316452A (en) * 2011-07-18 2012-01-11 辽宁国兴科技有限公司 Cloud based duplex authorization login system utilizing near field communication (NFC) technology
US20120030475A1 (en) * 2010-08-02 2012-02-02 Ma Felix Kuo-We Machine-machine authentication method and human-machine authentication method for cloud computing
CN102378170A (en) * 2010-08-27 2012-03-14 中国移动通信有限公司 Method, device and system of authentication and service calling
CN102571948A (en) * 2011-12-29 2012-07-11 国云科技股份有限公司 PaaS platform system and its implementation method based on cloud computing
CN102577315A (en) * 2011-12-21 2012-07-11 华为技术有限公司 Method, device and system for setting user access to virtual machine
CN102664903A (en) * 2012-05-16 2012-09-12 李明 Network user identifying method and system
CN103259663A (en) * 2013-05-07 2013-08-21 南京邮电大学 User unified authentication method in cloud computing environment
CN103780583A (en) * 2012-10-22 2014-05-07 上海俊悦智能科技有限公司 Protection method for secure cloud computing terminal
CN103873568A (en) * 2014-03-04 2014-06-18 赛特斯信息科技股份有限公司 System and method for realizing remote virtual desktop display based on cloud computing
CN103997482A (en) * 2013-02-19 2014-08-20 华为技术有限公司 Method of user registration in desktop cloud service, and system

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025498A (en) * 2009-09-19 2011-04-20 华为技术有限公司 Method, device and system for protecting user privacy
CN102255870A (en) * 2010-05-19 2011-11-23 上海可鲁系统软件有限公司 Security authentication method and system for distributed network
US20120030475A1 (en) * 2010-08-02 2012-02-02 Ma Felix Kuo-We Machine-machine authentication method and human-machine authentication method for cloud computing
CN102378170A (en) * 2010-08-27 2012-03-14 中国移动通信有限公司 Method, device and system of authentication and service calling
CN102098317A (en) * 2011-03-22 2011-06-15 浙江中控技术股份有限公司 Data transmitting method and system applied to cloud system
CN102316452A (en) * 2011-07-18 2012-01-11 辽宁国兴科技有限公司 Cloud based duplex authorization login system utilizing near field communication (NFC) technology
CN102577315A (en) * 2011-12-21 2012-07-11 华为技术有限公司 Method, device and system for setting user access to virtual machine
CN102571948A (en) * 2011-12-29 2012-07-11 国云科技股份有限公司 PaaS platform system and its implementation method based on cloud computing
CN102664903A (en) * 2012-05-16 2012-09-12 李明 Network user identifying method and system
CN103780583A (en) * 2012-10-22 2014-05-07 上海俊悦智能科技有限公司 Protection method for secure cloud computing terminal
CN103997482A (en) * 2013-02-19 2014-08-20 华为技术有限公司 Method of user registration in desktop cloud service, and system
CN103259663A (en) * 2013-05-07 2013-08-21 南京邮电大学 User unified authentication method in cloud computing environment
CN103873568A (en) * 2014-03-04 2014-06-18 赛特斯信息科技股份有限公司 System and method for realizing remote virtual desktop display based on cloud computing

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320391A (en) * 2014-10-22 2015-01-28 南京绿云信息技术有限公司 Cloud authentication method and system
CN107533790A (en) * 2015-03-19 2018-01-02 夫斯特21有限公司 System and method for managing the identity information being stored in Cloud Server
CN105208012A (en) * 2015-08-31 2015-12-30 武汉云通英飞科技有限公司 Cloud computing-based cloud authentication method and system
CN106656926A (en) * 2015-10-30 2017-05-10 西门子公司 Method, device and system for remotely authenticating application in cloud environment
CN105338002B (en) * 2015-12-04 2018-05-01 上海斐讯数据通信技术有限公司 Third-party server safety management system
CN105338002A (en) * 2015-12-04 2016-02-17 上海斐讯数据通信技术有限公司 Security management system for third-party server
CN107026826A (en) * 2016-02-02 2017-08-08 阿里巴巴集团控股有限公司 Data processing method, device, server and high in the clouds management system
CN109154955A (en) * 2016-07-15 2019-01-04 株式会社东芝 IC module, IC card and comparison device
CN109154955B (en) * 2016-07-15 2022-04-26 株式会社东芝 IC module, IC card and comparison device
CN106453278B (en) * 2016-09-23 2019-04-30 财付通支付科技有限公司 Information Authentication method and verification platform
CN106453278A (en) * 2016-09-23 2017-02-22 财付通支付科技有限公司 Information verification method and verification platform
CN107341046A (en) * 2017-07-17 2017-11-10 郑州云海信息技术有限公司 A kind of information security management method and device
CN109450867A (en) * 2018-10-22 2019-03-08 腾讯科技(深圳)有限公司 A kind of identity identifying method, device and storage medium
CN109450867B (en) * 2018-10-22 2019-11-15 腾讯科技(深圳)有限公司 A kind of identity identifying method, device and storage medium
CN110750803A (en) * 2019-10-18 2020-02-04 支付宝(杭州)信息技术有限公司 Method and device for providing and fusing data
CN110838953A (en) * 2019-11-01 2020-02-25 北京字节跳动网络技术有限公司 Test method, test system, electronic equipment and storage medium
CN110838953B (en) * 2019-11-01 2021-08-17 北京字节跳动网络技术有限公司 Test method, test system, electronic equipment and storage medium
CN111695098A (en) * 2020-06-04 2020-09-22 中国工商银行股份有限公司 Multi-distributed cluster access method and device
CN111695098B (en) * 2020-06-04 2023-08-11 中国工商银行股份有限公司 Multi-distributed cluster access method and device

Also Published As

Publication number Publication date
CN104320389B (en) 2018-04-27

Similar Documents

Publication Publication Date Title
CN104320389B (en) A kind of fusion identity protection system and method based on cloud computing
US12192380B2 (en) Systems and methods for enabling trusted communications between controllers
CN112422532B (en) Service communication method, system and device and electronic equipment
US10985925B1 (en) Systems and methods for providing authentication to a plurality of devices
US8843739B2 (en) Anti-tamper device, system, method, and computer-readable medium
US10153906B2 (en) Systems and methods for implementing computer security
US10404472B2 (en) Systems and methods for enabling trusted communications between entities
CN104573516B (en) A kind of industrial control system trusted context management-control method and platform based on safety chip
US12126617B2 (en) Method and system for granting remote access to an electronic device
US8909930B2 (en) External reference monitor
US9124640B2 (en) Systems and methods for implementing computer security
JP2019526993A (en) Network function virtualization system and verification method
CN110795126A (en) A firmware security upgrade system
CN116781359B (en) Portal security design method using network isolation and cryptograph
CN113039542A (en) Secure counting in cloud computing networks
JP2017152880A (en) Authentication system, key processing coordination method, and key processing coordination program
US20240430090A1 (en) Model invoking method and apparatus, and storage medium
KR20220162609A (en) Module and method for authenticating data transfer between a storage device and a host device
CN112733129A (en) Trusted access method for out-of-band management of server
WO2020177116A1 (en) Counterfeit app identification method and apparatus
US20230007491A1 (en) Managing a subscription identifier associated with a device
CN118432826B (en) Group device registration and identity authentication method, system, device and storage medium
KR20210028637A (en) Extensible Certificate Management System Construction
CN113872986A (en) Power distribution terminal authentication method, system, device, computer equipment and storage medium
CN115623013B (en) A strategy information synchronization method, system and related products

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180427