[go: up one dir, main page]

CN102571703A - Security control system and security control method for cloud data - Google Patents

Security control system and security control method for cloud data Download PDF

Info

Publication number
CN102571703A
CN102571703A CN2010106021910A CN201010602191A CN102571703A CN 102571703 A CN102571703 A CN 102571703A CN 2010106021910 A CN2010106021910 A CN 2010106021910A CN 201010602191 A CN201010602191 A CN 201010602191A CN 102571703 A CN102571703 A CN 102571703A
Authority
CN
China
Prior art keywords
client device
private cloud
cloud data
latitude
longitude coordinate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2010106021910A
Other languages
Chinese (zh)
Inventor
李后贤
李章荣
罗治平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hongfujin Precision Industry Shenzhen Co Ltd
Hon Hai Precision Industry Co Ltd
Original Assignee
Hongfujin Precision Industry Shenzhen Co Ltd
Hon Hai Precision Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hongfujin Precision Industry Shenzhen Co Ltd, Hon Hai Precision Industry Co Ltd filed Critical Hongfujin Precision Industry Shenzhen Co Ltd
Priority to CN2010106021910A priority Critical patent/CN102571703A/en
Publication of CN102571703A publication Critical patent/CN102571703A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Small-Scale Networks (AREA)

Abstract

The invention provides a security control system for cloud data. The security control system is applied to a private cloud server. Enterprise internal customer premises equipment accesses the private cloud server through an internal network; the private cloud server is used for storing private cloud data; and each internal customer premises equipment is provided with a global positioning system. The security control system can be used for carrying out multiple validation on the client by combining with current longitude and latitude attribute coordinate information and other permission control. If anyone validation of the customer premises equipment is failed, the security control system for the cloud data refuses an access request of the client equipment. If the current longitude and latitude attribute coordinate information and the other permission control information of the customer premises equipment respectively pass the validation, the security control system for the cloud data allows the customer premises equipment to access the private cloud data. The invention also provides a security control method for the cloud data.

Description

云数据安全管控系统及方法Cloud data security management and control system and method

技术领域 technical field

本发明涉及一种数据安全管控系统及方法,尤其是关于一种云数据安全管控系统及方法。The present invention relates to a data security management and control system and method, in particular to a cloud data security management and control system and method.

背景技术 Background technique

云计算(cloud computing)是一种基于互联网的运算方式,通过这种方式,软硬件资源和数据可以在网络设备之间共享。所谓云计算环境,其实就是网络环境的一种比喻说法。在云计算环境中,运行商将软硬件资源和数据储存在服务器中,用户可以透过浏览器或其他网络服务获取信息。根据使用权限的设置,云计算环境可以分为公有云及私有云两种。公有云是指通过网络提供企业外部客户可扩充且弹性的服务,此类服务可能为免费或成本低廉。而私有云则以企业内部客户为服务对象,大多应用于企业内部,且一般构建在企业的防火墙后。Cloud computing is an Internet-based computing method in which software and hardware resources and data can be shared between network devices. The so-called cloud computing environment is actually a metaphor for the network environment. In a cloud computing environment, operators store hardware and software resources and data in servers, and users can obtain information through browsers or other network services. According to the setting of usage rights, the cloud computing environment can be divided into public cloud and private cloud. Public cloud refers to the provision of scalable and elastic services to external customers of the enterprise through the network, and such services may be free or low-cost. The private cloud, on the other hand, serves internal customers of the enterprise, and is mostly used within the enterprise, and is generally built behind the firewall of the enterprise.

私有云储存的信息大多涉及企业机密,例如企业内部人事关系、销售数据、财务报表及客户资料等。因此,对私有云的安全管控显得极为重要。目前,构建在企业的防火墙后的私有云一般以用户IP地址或用户帐号及密码对私有云提供的信息进行访问权限管控。其不足之处在于,入侵者可能通过伪装合法用户的IP地址、账户及密码突破防火墙的安全防线。Most of the information stored in the private cloud involves corporate secrets, such as internal personnel relations, sales data, financial statements, and customer information. Therefore, the security management and control of private cloud is extremely important. At present, the private cloud built behind the firewall of the enterprise generally uses the user IP address or user account and password to control the access authority of the information provided by the private cloud. Its disadvantage is that intruders may break through the security line of the firewall by disguising the IP address, account and password of legitimate users.

发明内容 Contents of the invention

鉴于以上内容,有必要提供一种云数据安全管控系统及方法,可以强化私有云的安全管控,更有效地防范入侵者的攻击。In view of the above, it is necessary to provide a cloud data security management and control system and method, which can strengthen the security management and control of the private cloud, and more effectively prevent intruder attacks.

一种云数据安全管控系统,应用于私有云服务器,企业内部用户端设备通过内部网络访问该私有云服务器,该私有云服务器存储有私有云数据,各企业内部用户端设备安装有全球定位系统。该云数据安全管控系统包括:设置模块、存储模块、接收模块及验证模块。设置模块用于设置对私有云数据具有访问权限的内部用户端设备的经纬度坐标范围。存储模块用于将设置的经纬度坐标范围存储至私有云服务器。接收模块用于接收一个用户端设备访问私有云数据的请求。验证模块用于检查该用户端设备访问私有云数据的验证信息是否合法,包括该用户端设备当前的经纬度坐标是否落入设置的经纬度坐标范围内,该用户端设备的IP地址、账号及密码是否为私有云服务器分配给内部用户端设备的IP地址、账号及密码。若有任意一项验证信息不合法,则验证模块拒绝该用户端设备访问私有云数据;若所有验证信息都合法,则验证模块判断该用户端设备为企业内部用户端设备,允许该用户端设备访问私有云数据。A cloud data security management and control system is applied to a private cloud server. Client devices within an enterprise access the private cloud server through an internal network. The private cloud server stores private cloud data, and the client devices within each enterprise are installed with a global positioning system. The cloud data security management and control system includes: a setting module, a storage module, a receiving module and a verification module. The setting module is used to set the latitude and longitude coordinate range of the internal client equipment having access authority to the private cloud data. The storage module is used to store the set latitude and longitude coordinate range to the private cloud server. The receiving module is used for receiving a request from a client device to access private cloud data. The verification module is used to check whether the verification information of the client device to access private cloud data is legal, including whether the current latitude and longitude coordinates of the client device fall within the set latitude and longitude coordinate range, whether the IP address, account number and password of the client device are The IP address, account number and password assigned to the internal client device by the private cloud server. If any of the verification information is illegal, the verification module rejects the client device to access the private cloud data; if all the verification information is legal, the verification module judges that the client device is an internal client device and allows the client device Access private cloud data.

一种云数据安全管控方法,应用于私有云服务器,企业内部用户端通过内部网络访问该私有云服务器,该私有云服务器存储有私有云数据,各企业内部用户端设备安装有全球定位系统。该方法包括:(A)设置对私有云数据具有访问权限的内部用户端设备的经纬度坐标范围;(B)将设置的经纬度坐标范围存储至私有云服务器;(C)接收一个用户端设备访问私有云数据的请求;(D)检查该用户端设备访问私有云数据的验证信息是否合法,包括该用户端设备当前的经纬度坐标是否落入设置的经纬度坐标范围内,该用户端设备的IP地址、账号及密码是否为私有云服务器分配给内部用户端用户端的IP地址、账号及密码;及(E)若有任意一项验证信息不合法,则拒绝该用户端设备访问私有云数据,若所有验证信息都合法,则判断该用户端设备为企业内部用户端设备,允许该用户端设备访问私有云数据。A cloud data security management and control method is applied to a private cloud server. An enterprise internal client accesses the private cloud server through an internal network. The private cloud server stores private cloud data, and each enterprise internal client device is equipped with a global positioning system. The method includes: (A) setting the latitude and longitude coordinate range of the internal client device with access authority to the private cloud data; (B) storing the set latitude and longitude coordinate range to the private cloud server; (C) receiving a client device to access the private request for cloud data; (D) check whether the verification information of the client device to access the private cloud data is legal, including whether the current latitude and longitude coordinates of the client device fall within the set latitude and longitude coordinate range, the IP address of the client device, Whether the account number and password are the IP address, account number and password assigned by the private cloud server to the internal client; and (E) if any of the verification information is illegal, the client device is denied access to the private cloud data. If the information is legal, it is judged that the client device is an internal client device of the enterprise, and the client device is allowed to access the private cloud data.

相较于现有技术,本发明提供的云数据安全管控系统及方法结合请求访问私有云数据的用户端设备当前的经纬度坐标信息及其它权限管控资料对该用户端设备进行多重验证,强化了私有云的安全管控,更有效地防范入侵者的攻击。Compared with the prior art, the cloud data security management and control system and method provided by the present invention combine the current latitude and longitude coordinate information of the client device requesting access to private cloud data and other authority control data to perform multiple verifications on the client device, which strengthens the private cloud data. Cloud security management and control can more effectively prevent intruder attacks.

附图说明 Description of drawings

图1是本发明云数据安全管控系统较佳实施例的应用环境图。Fig. 1 is an application environment diagram of a preferred embodiment of the cloud data security management and control system of the present invention.

图2是本发明云数据安全管控系统较佳实施例的功能模块图。Fig. 2 is a functional block diagram of a preferred embodiment of the cloud data security management and control system of the present invention.

图3是本发明云数据安全管控方法较佳实施例的流程图。Fig. 3 is a flow chart of a preferred embodiment of the cloud data security management and control method of the present invention.

图4是电子地图上显示的私有云合法用户端经纬度坐标的示意图。FIG. 4 is a schematic diagram of the latitude and longitude coordinates of legal client terminals of the private cloud displayed on the electronic map.

主要元件符号说明Description of main component symbols

  私有云服务器 Private cloud server   10 10   内部用户端设备 internal client device   20 20   防火墙 Firewall   30 30   外部网络 External network   40 40   外部用户端设备 external client device   50 50   云数据安全管控系统 Cloud data security management and control system   100 100   设置模块 set module   110 110   存储模块 storage module   120 120   接收模块 Receive module   130 130   验证模块 Validation module   140 140   存储器 memory   150 150   处理器 Processor   160 160   电子地图 digital map   170 170

具体实施方式 Detailed ways

参阅图1所示,是本发明云数据安全管控系统100较佳实施例的应用环境图。该云数据安全管控系统100应用于私有云服务器10。该私有云服务器10用于存储有私有云数据,例如企业内部人事关系、薪资架构、销售数据、财务报表及客户资料等企业内部信息。该私有云服务器10架设在防火墙30之后,企业的内部用户端设备20通过内部网络访问私有云服务器10存储的私有云数据。防火墙30用于抵御外部用户端设备50通过外部网络40对私有云发起的攻击。Referring to FIG. 1 , it is an application environment diagram of a preferred embodiment of the cloud data security management and control system 100 of the present invention. The cloud data security management and control system 100 is applied to a private cloud server 10 . The private cloud server 10 is used to store private cloud data, such as enterprise internal information such as personnel relations, salary structure, sales data, financial statements, and customer information. The private cloud server 10 is installed behind the firewall 30 , and the enterprise's internal client equipment 20 accesses the private cloud data stored in the private cloud server 10 through the internal network. The firewall 30 is used to defend against the attacks launched by the external client equipment 50 to the private cloud through the external network 40 .

私有云服务器10还用于给各内部用户端设备20分配IP地址,访问私有云数据的账号及密码,并根据IP地址或账号及密码设定内部用户端设备20对私有云数据具有不同等级的访问权限。The private cloud server 10 is also used to assign an IP address to each internal client device 20, access the account number and password of the private cloud data, and set the internal client device 20 to have different levels of security for the private cloud data according to the IP address or account number and password. access permission.

其中,每一个企业的内部用户端设备20安装有全球定位系统(global positioning system,GPS),用于定位各内部用户端设备20当前所处位置的经纬度坐标。当私有云服务器10接收到用户端(内部用户端或外部用户端)设备的访问请求时,结合用户端当前的经纬度坐标信息及其它权限管控资料(例如IP地址、用户账号及密码等)对该用户端进行多重验证。若该用户端有任意一项验证失败,则私有云服务器10拒绝该用户端设备的访问请求。若用户端设备当前的经纬度坐标信息及其它权限管控资料均通过验证,则私有云服务器10允许该用户端设备访问私有云数据。Wherein, each enterprise's internal client device 20 is equipped with a global positioning system (global positioning system, GPS), which is used to locate the latitude and longitude coordinates of each internal client device 20's current location. When the private cloud server 10 receives an access request from a client (internal client or external client) device, it combines the current latitude and longitude coordinate information of the client and other authority control data (such as IP address, user account number and password, etc.) The client performs multi-factor authentication. If any verification of the client fails, the private cloud server 10 rejects the access request of the client device. If the current latitude and longitude coordinate information of the client device and other authority control materials pass the verification, the private cloud server 10 allows the client device to access the private cloud data.

参阅图2所示,是本发明云数据安全管控系统100较佳实施例的功能模块图。该云数据安全管控系统100包括设置模块110、存储模块120、接收模块130及验证模块140。模块110至140的程序化代码存储于私有云服务器10的存储器150,私有云服务器10的处理器160执行这些程序化代码,实现云数据安全管控系统100提供的上述功能。私有云服务器10还存储有电子地图170,该电子地图170可以显示地理位置的经纬度坐标信息。Referring to FIG. 2 , it is a functional block diagram of a preferred embodiment of the cloud data security management and control system 100 of the present invention. The cloud data security management and control system 100 includes a setting module 110 , a storage module 120 , a receiving module 130 and a verification module 140 . The programmed codes of the modules 110 to 140 are stored in the memory 150 of the private cloud server 10 , and the processor 160 of the private cloud server 10 executes these programmed codes to realize the above-mentioned functions provided by the cloud data security management and control system 100 . The private cloud server 10 also stores an electronic map 170, which can display the latitude and longitude coordinate information of the geographic location.

设置模块110用于设置对私有云数据具有访问权限的内部用户端设备20的经纬度坐标范围。设置经纬度坐标范围可以参考电子地图170上显示的使用私有云的企业的建筑物(例如厂房、写字楼等)所覆盖范围的经纬度坐标信息。如图4所示,电子地图170上显示的使用私有云的企业“H company”的建筑物所覆盖范围为由“A、B、C、D”四个位置点构成的四边形区域,企业内部用户端设备20的经纬度坐标均落入该四边形区域所覆盖的经纬度坐标范围内。设置模块110还用于设置内部用户端设备20对私有云数据具有不同等级的访问权限。The setting module 110 is used to set the latitude and longitude coordinate range of the internal client device 20 having access authority to the private cloud data. For setting the latitude and longitude coordinate range, reference may be made to the latitude and longitude coordinate information of the covered area of the building (such as factory building, office building, etc.) of the enterprise using the private cloud displayed on the electronic map 170 . As shown in FIG. 4 , the building coverage of the enterprise "H company" using the private cloud displayed on the electronic map 170 is a quadrilateral area composed of four location points "A, B, C, and D". The latitude and longitude coordinates of the end device 20 all fall within the latitude and longitude coordinate range covered by the quadrangular area. The setting module 110 is also used to set the internal client device 20 to have different levels of access rights to the private cloud data.

存储模块120用于将设置的经纬度坐标范围及不同等级的访问权限存储至存储器150。The storage module 120 is used to store the set latitude and longitude coordinate ranges and different levels of access rights in the memory 150 .

接收模块130用于接收用户端设备访问私有云数据的请求。The receiving module 130 is configured to receive a request from a client device to access private cloud data.

验证模块140用于检查该用户端设备访问私有云数据的验证信息是否合法,包括该用户端设备当前的经纬度坐标是否落入设置的经纬度坐标范围内,该用户端设备的IP地址、账号及密码是否为私有云服务器10分配给内部用户端设备20的IP地址、账号及密码。若有任意一项验证信息不合法,则验证模块140拒绝该用户端设备访问私有云数据;若所有验证信息都合法,则验证模块140判断该用户端设备为企业内部用户端设备20,允许该用户端设备访问相应的私有云数据。The verification module 140 is used to check whether the verification information of the client device to access the private cloud data is legal, including whether the current latitude and longitude coordinates of the client device fall within the set latitude and longitude coordinate range, the IP address, account number and password of the client device Whether it is the IP address, account number and password allocated by the private cloud server 10 to the internal client device 20 . If any verification information is illegal, the verification module 140 refuses the client device to access the private cloud data; if all verification information is legal, the verification module 140 judges that the client device is the client device 20 inside the enterprise, and allows the client device The client device accesses the corresponding private cloud data.

验证模块140可以先检查该用户端设备当前的经纬度坐标信息,若当前的经纬度坐标落入设置的经纬度坐标范围内,再检查该用户端设备的IP地址,若IP地址也合法,再进一步要求该客户端用户输入账号及密码进行验证。验证模块140也可以先检查该用户端设备的IP地址是否合法,再检查该用户端设备当前的经纬度坐标信息是否落入设置的经纬度坐标范围内,若当前的经纬度坐标落入设置的经纬度坐标范围内,再进一步要求该用户端设备输入账号及密码进行验证。The verification module 140 can first check the current latitude and longitude coordinate information of the client device, if the current latitude and longitude coordinates fall within the set latitude and longitude coordinate range, then check the IP address of the client device, if the IP address is also legal, further request the The client user enters the account number and password for verification. Verification module 140 can also first check whether the IP address of the client device is legal, and then check whether the current latitude and longitude coordinate information of the client device falls within the set latitude and longitude coordinate range, if the current latitude and longitude coordinate falls within the set latitude and longitude coordinate range , and further require the client device to enter an account number and password for verification.

图3是本发明云数据安全管控方法较佳实施例的流程图。需要说明的是,图3中步骤的执行顺序可以改变,例如验证请求访问私有云数据的用户端设备的当前经纬度坐标、IP地址、账号及密码的顺序可以调整。Fig. 3 is a flow chart of a preferred embodiment of the cloud data security management and control method of the present invention. It should be noted that the execution order of the steps in FIG. 3 can be changed, for example, the order of verifying the current latitude and longitude coordinates, IP address, account number and password of the client device requesting to access the private cloud data can be adjusted.

步骤S301,在对私有云数据具有访问权限的所有内部用户端设备20上安装全球定位系统(global positioning system,GPS)。Step S301, installing a global positioning system (global positioning system, GPS) on all internal client devices 20 having access rights to private cloud data.

步骤S303,设置模块110设置具有访问私有云数据的用户端设备的经纬度坐标范围,存储模块120将设置的经纬度坐标范围存储至存储器150。设置经纬度坐标范围可以参考电子地图170上显示的使用私有云的企业的建筑物(例如厂房、写字楼等)所覆盖范围的经纬度坐标信息。如图4所示,电子地图170上显示的使用私有云的企业“H company”的建筑物所覆盖范围为由“A、B、C、D”四个位置点构成的四边形区域,企业内部用户端设备20的经纬度坐标均落入该四边形区域所覆盖的经纬度坐标范围内。Step S303 , the setting module 110 sets the latitude and longitude coordinate range of the client device with access to the private cloud data, and the storage module 120 stores the set latitude and longitude coordinate range into the memory 150 . For setting the latitude and longitude coordinate range, reference may be made to the latitude and longitude coordinate information of the covered area of the building (such as factory building, office building, etc.) of the enterprise using the private cloud displayed on the electronic map 170 . As shown in FIG. 4 , the building coverage of the enterprise "H company" using the private cloud displayed on the electronic map 170 is a quadrilateral area composed of four location points "A, B, C, and D". The latitude and longitude coordinates of the end device 20 all fall within the latitude and longitude coordinate range covered by the quadrangular area.

步骤S305,接收模块130接收用户端设备访问私有云数据的请求。In step S305, the receiving module 130 receives a request from a client device to access private cloud data.

步骤S307,验证模块140请求该用户端设备发送当前的经纬度坐标信息。In step S307, the verification module 140 requests the client device to send current latitude and longitude coordinate information.

步骤S309,验证模块140检查是否收到该用户端设备发送的当前的经纬度坐标信息。若未收到该用户端设备发送的当前的经纬度坐标信息,则流程进入步骤S311,验证模块140判断该用户端设备不是企业内部用户端设备20,拒绝该用户端设备访问私有云服务器10存储的私有云数据。之后流程结束。若验证模块140收到该用户端设备发送的当前的经纬度坐标信息,则流程进入步骤S313。In step S309, the verification module 140 checks whether the current latitude and longitude coordinate information sent by the client device is received. If the current latitude and longitude coordinate information sent by the client device has not been received, the process enters step S311, and the verification module 140 judges that the client device is not the client device 20 within the enterprise, and refuses the client device to access the private cloud server 10. private cloud data. After that the process ends. If the verification module 140 receives the current latitude and longitude coordinate information sent by the client device, the flow goes to step S313.

步骤S313,验证模块140检查该用户端设备当前的经纬度坐标信息是否落入设置的经纬度坐标范围内。若该用户端设备当前的经纬度坐标信息落入设置的经纬度坐标范围之外,则流程进入步骤S311。若该用户端设备当前的经纬度坐标信息落入设置的经纬度坐标范围内,则流程进入步骤S315。In step S313, the verification module 140 checks whether the current latitude and longitude coordinate information of the client device falls within the set latitude and longitude coordinate range. If the current latitude and longitude coordinate information of the client device falls outside the set latitude and longitude coordinate range, the flow goes to step S311. If the current latitude and longitude coordinate information of the client device falls within the set latitude and longitude coordinate range, the process enters step S315.

步骤S315,验证模块140检查该用户端设备的其它验证信息是否合法,例如该用户端设备的IP地址、账号及密码是否为私有云服务器10分配给内部用户端设备20的IP地址、账号及密码。若任意其它验证信息不合法,例如IP地址不合法,或者账号及密码不合法,则流程进入步骤S311。若所有其它验证信息都合法,则流程进行步骤S317,验证模块140判断该用户端设备为企业内部用户端设备20,根据该内部用户端设备20的访问权限允许该用户端设备访问私有云服务器10存储的相应私有云数据。Step S315, the verification module 140 checks whether other verification information of the client device is legal, such as whether the IP address, account number and password of the client device are the IP address, account number and password assigned to the internal client device 20 by the private cloud server 10 . If any other verification information is invalid, for example, the IP address is invalid, or the account number and password are invalid, the flow goes to step S311. If all other verification information is legal, the process proceeds to step S317, and the verification module 140 judges that the client device is an internal client device 20 of the enterprise, and allows the client device to access the private cloud server 10 according to the access authority of the internal client device 20 The corresponding private cloud data stored.

最后应说明的是,以上实施例仅用以说明本发明的技术方案而非限制,尽管参照较佳实施例对本发明进行了详细说明,本领域的普通技术人员应当理解,可以对本发明的技术方案进行修改或等同替换,而不脱离本发明技术方案的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention without limitation. Although the present invention has been described in detail with reference to the preferred embodiments, those of ordinary skill in the art should understand that the technical solutions of the present invention can be Modifications or equivalent replacements can be made without departing from the spirit and scope of the technical solutions of the present invention.

Claims (10)

1.一种云数据安全管控系统,应用于私有云服务器,企业内部用户端设备通过内部网络访问该私有云服务器,该私有云服务器存储有私有云数据,其特征在于,各企业内部用户端设备安装有全球定位系统,该云数据安全管控系统包括:1. A cloud data security management and control system, which is applied to a private cloud server, and an enterprise internal client device accesses the private cloud server through an internal network, and the private cloud server stores private cloud data, and is characterized in that each enterprise internal client device Installed with a global positioning system, the cloud data security management and control system includes: 设置模块,用于设置对私有云数据具有访问权限的内部用户端设备的经纬度坐标范围;The setting module is used to set the longitude and latitude coordinate range of the internal client device with access authority to the private cloud data; 存储模块,用于将设置的经纬度坐标范围存储至私有云服务器;The storage module is used to store the set latitude and longitude coordinate range to the private cloud server; 接收模块,用于接收一个用户端设备访问私有云数据的请求;A receiving module, configured to receive a request from a client device to access private cloud data; 验证模块,用于检查该用户端设备访问私有云数据的验证信息是否合法,包括该用户端设备当前的经纬度坐标是否落入设置的经纬度坐标范围内,该用户端设备的IP地址、账号及密码是否为私有云服务器分配给内部用户端设备的IP地址、账号及密码,若有任意一项验证信息不合法,则拒绝该用户端设备访问私有云数据,若所有验证信息都合法,则判断该用户端设备为企业内部用户端设备,允许该用户端设备访问私有云数据。The verification module is used to check whether the verification information of the client device to access the private cloud data is legal, including whether the current latitude and longitude coordinates of the client device fall within the set latitude and longitude coordinate range, the IP address, account number and password of the client device Whether it is the IP address, account number and password assigned by the private cloud server to the internal client device. If any of the verification information is invalid, the client device will be denied access to the private cloud data. If all the verification information is legal, the The client device is the client device inside the enterprise, and the client device is allowed to access the private cloud data. 2.如权利要求1所述的云数据安全管控系统,其特征在于,该私有云服务器还存储有电子地图,所述设置模块设置经纬度坐标范围是参考电子地图上显示的使用私有云的企业的建筑物所覆盖范围的经纬度坐标信息。2. The cloud data security management and control system according to claim 1, wherein the private cloud server also stores an electronic map, and the setting module sets the latitude and longitude coordinate range with reference to the enterprise using the private cloud displayed on the electronic map The latitude and longitude coordinate information of the area covered by the building. 3.如权利要求1所述的云数据安全管控系统,其特征在于,所述设置模块还用于设置内部用户端设备对私有云数据具有不同等级的访问权限。3. The cloud data security management and control system according to claim 1, wherein the setting module is also used to set the internal client devices to have different levels of access rights to the private cloud data. 4.如权利要求1所述的云数据安全管控系统,其特征在于,所述验证模块先检查该用户端设备当前的经纬度坐标信息,若当前的经纬度坐标落入设置的经纬度坐标范围内,再检查该用户端设备的IP地址,若IP地址也合法,再进一步要求该用户端设备输入账号及密码进行验证。4. The cloud data security management and control system according to claim 1, wherein the verification module first checks the current latitude and longitude coordinate information of the client device, and if the current latitude and longitude coordinates fall within the set latitude and longitude coordinate range, then Check the IP address of the client device, and if the IP address is legal, then further require the client device to input an account number and password for verification. 5.如权利要求1所述的云数据安全管控系统,其特征在于,所述验证模块先检查该用户端设备的IP地址是否合法,若IP地址合法,再检查该用户端设备当前的经纬度坐标信息是否落入设置的经纬度坐标范围内,若当前的经纬度坐标落入设置的经纬度坐标范围内,再进一步要求该用户端设备输入账号及密码进行验证。5. The cloud data security management and control system as claimed in claim 1, wherein the verification module first checks whether the IP address of the client device is legal, and if the IP address is legal, then checks the current latitude and longitude coordinates of the client device Whether the information falls within the set latitude and longitude coordinate range, if the current latitude and longitude coordinate falls within the set latitude and longitude coordinate range, then further require the client device to enter an account number and password for verification. 6.一种云数据安全管控方法,应用于私有云服务器,企业内部用户端通过内部网络访问该私有云服务器,该私有云服务器存储有私有云数据,其特征在于,各企业内部用户端设备安装有全球定位系统,该方法包括:6. A cloud data security management and control method, applied to a private cloud server, the enterprise internal client accesses the private cloud server through the internal network, the private cloud server stores private cloud data, and is characterized in that each enterprise internal client device is installed With GPS, the method includes: 设置对私有云数据具有访问权限的内部用户端设备的经纬度坐标范围;Set the latitude and longitude coordinate range of internal client devices that have access to private cloud data; 将设置的经纬度坐标范围存储至私有云服务器;Store the set latitude and longitude coordinate range to the private cloud server; 接收一个用户端设备访问私有云数据的请求;Receive a request from a client device to access private cloud data; 检查该用户端设备访问私有云数据的验证信息是否合法,包括该用户端设备当前的经纬度坐标是否落入设置的经纬度坐标范围内,该用户端设备的IP地址、账号及密码是否为私有云服务器分配给内部用户端设备的IP地址、账号及密码;Check whether the verification information of the client device to access private cloud data is legal, including whether the current latitude and longitude coordinates of the client device fall within the set latitude and longitude coordinate range, and whether the IP address, account number and password of the client device are private cloud server The IP address, account number and password assigned to the internal client device; 若有任意一项验证信息不合法,则拒绝该用户端设备访问私有云数据,若所有验证信息都合法,则判断该用户端设备为企业内部用户端设备,允许该用户端设备访问私有云数据。If any of the verification information is invalid, the client device is denied access to the private cloud data. If all the verification information is legal, the client device is judged to be an internal client device of the enterprise, and the client device is allowed to access the private cloud data. . 7.如权利要求6所述的云数据安全管控方法,其特征在于,该私有云服务器还存储有电子地图,设置经纬度坐标范围是参考电子地图上显示的使用私有云的企业的建筑物所覆盖范围的经纬度坐标信息。7. The cloud data security management and control method as claimed in claim 6, wherein the private cloud server also stores an electronic map, and the latitude and longitude coordinate range is set to be covered by the buildings of the enterprise using the private cloud displayed on the reference electronic map The longitude and latitude coordinate information of the range. 8.如权利要求6所述的云数据安全管控方法,其特征在于,该方法还包括步骤设置内部用户端设备对私有云数据具有不同等级的访问权限。8. The cloud data security management and control method according to claim 6, characterized in that the method further comprises the step of setting internal client devices to have different levels of access rights to private cloud data. 9.如权利要求6所述的云数据安全管控方法,其特征在于,该方法先检查该用户端设备当前的经纬度坐标信息,若当前的经纬度坐标落入设置的经纬度坐标范围内,再检查该用户端设备的IP地址,若IP地址也合法,再进一步要求该用户端设备输入账号及密码进行验证。9. The cloud data security control method according to claim 6, wherein the method first checks the current latitude and longitude coordinate information of the client device, and if the current latitude and longitude coordinates fall within the set latitude and longitude coordinate range, then checks the latitude and longitude coordinates. The IP address of the client device, if the IP address is legal, then further request the client device to enter an account number and password for verification. 10.如权利要求6所述的云数据安全管控方法,其特征在于,该方法先检查该用户端设备的IP地址是否合法,若IP地址合法,再检查该用户端设备当前的经纬度坐标信息是否落入设置的经纬度坐标范围内,若当前的经纬度坐标落入设置的经纬度坐标范围内,再进一步要求该用户端设备输入账号及密码进行验证。10. The cloud data security control method according to claim 6, wherein the method first checks whether the IP address of the client device is legal, and if the IP address is legal, then checks whether the current latitude and longitude coordinate information of the client device is falls within the set latitude and longitude coordinate range, if the current latitude and longitude coordinate falls within the set latitude and longitude coordinate range, the client device is further required to enter an account number and password for verification.
CN2010106021910A 2010-12-23 2010-12-23 Security control system and security control method for cloud data Pending CN102571703A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010106021910A CN102571703A (en) 2010-12-23 2010-12-23 Security control system and security control method for cloud data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010106021910A CN102571703A (en) 2010-12-23 2010-12-23 Security control system and security control method for cloud data

Publications (1)

Publication Number Publication Date
CN102571703A true CN102571703A (en) 2012-07-11

Family

ID=46416191

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010106021910A Pending CN102571703A (en) 2010-12-23 2010-12-23 Security control system and security control method for cloud data

Country Status (1)

Country Link
CN (1) CN102571703A (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067406A (en) * 2013-01-14 2013-04-24 暨南大学 Access control system and access control method between public cloud and private cloud
CN103107908A (en) * 2013-01-07 2013-05-15 安大半导体有限公司 Network server and control method thereof
CN103327084A (en) * 2013-06-08 2013-09-25 北京古盘创世科技发展有限公司 Public and private hybrid distributed cloud storage system and cloud storage method
WO2014079266A1 (en) * 2012-11-26 2014-05-30 北京奇虎科技有限公司 Security data processing method and system
CN103945330A (en) * 2014-05-12 2014-07-23 重庆邮电大学 Virtual private cloud platform and virtual private cloud secure access method and system
WO2015018059A1 (en) * 2013-08-09 2015-02-12 Empire Technology Development Llc Data cache on cloud platform
CN105404796A (en) * 2015-10-21 2016-03-16 浪潮电子信息产业股份有限公司 JavaScript source file protection method and apparatus
CN106096436A (en) * 2016-05-30 2016-11-09 深圳市永兴元科技有限公司 Cloud data managing method and device
US20160364576A1 (en) * 2012-03-06 2016-12-15 Microsoft Technology Licensing, Llc Operating large scale systems and cloud services with zero-standing elevated permissions
CN106453390A (en) * 2016-11-11 2017-02-22 北京邮电大学 Cloud storage system
CN106650490A (en) * 2016-10-25 2017-05-10 广东欧珀移动通信有限公司 Cloud account number login method and device
CN106685912A (en) * 2016-08-09 2017-05-17 厦门天锐科技股份有限公司 Secure access method of application system
US9762585B2 (en) 2015-03-19 2017-09-12 Microsoft Technology Licensing, Llc Tenant lockbox
CN109214206A (en) * 2018-08-01 2019-01-15 武汉普利商用机器有限公司 cloud backup storage system and method
CN109922128A (en) * 2019-01-08 2019-06-21 中金数据(武汉)超算技术有限公司 A kind of data safety exchange method suitable for across cloud service deployment environment
CN110826101A (en) * 2019-11-05 2020-02-21 安徽数据堂科技有限公司 Privatization deployment data processing method for enterprise
CN111262865A (en) * 2016-09-23 2020-06-09 华为技术有限公司 Method, device and system for formulating access control policy
US10931682B2 (en) 2015-06-30 2021-02-23 Microsoft Technology Licensing, Llc Privileged identity management
WO2022000156A1 (en) * 2020-06-29 2022-01-06 Microsoft Technology Licensing, Llc Selective security augmentation in source control environments
CN115174128A (en) * 2021-03-19 2022-10-11 北京金山云网络技术有限公司 Login management method and device and private cloud control server

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1673925A (en) * 2004-03-24 2005-09-28 美国博通公司 Global positioning system (gps) based secure access
CN101409620A (en) * 2007-10-12 2009-04-15 美国博通公司 Method and system for processing data in communication system
WO2010132067A1 (en) * 2009-05-12 2010-11-18 Hewlett-Packard Development Company, L.P. Location determined network access

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1673925A (en) * 2004-03-24 2005-09-28 美国博通公司 Global positioning system (gps) based secure access
CN101409620A (en) * 2007-10-12 2009-04-15 美国博通公司 Method and system for processing data in communication system
WO2010132067A1 (en) * 2009-05-12 2010-11-18 Hewlett-Packard Development Company, L.P. Location determined network access

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160364576A1 (en) * 2012-03-06 2016-12-15 Microsoft Technology Licensing, Llc Operating large scale systems and cloud services with zero-standing elevated permissions
WO2014079266A1 (en) * 2012-11-26 2014-05-30 北京奇虎科技有限公司 Security data processing method and system
CN103107908A (en) * 2013-01-07 2013-05-15 安大半导体有限公司 Network server and control method thereof
CN103067406B (en) * 2013-01-14 2015-07-22 暨南大学 Access control system and access control method between public cloud and private cloud
CN103067406A (en) * 2013-01-14 2013-04-24 暨南大学 Access control system and access control method between public cloud and private cloud
CN103327084A (en) * 2013-06-08 2013-09-25 北京古盘创世科技发展有限公司 Public and private hybrid distributed cloud storage system and cloud storage method
WO2015018059A1 (en) * 2013-08-09 2015-02-12 Empire Technology Development Llc Data cache on cloud platform
CN103945330A (en) * 2014-05-12 2014-07-23 重庆邮电大学 Virtual private cloud platform and virtual private cloud secure access method and system
CN103945330B (en) * 2014-05-12 2017-10-27 重庆邮电大学 Virtual private cloud platform, virtual private cloud safety access method and system
US9762585B2 (en) 2015-03-19 2017-09-12 Microsoft Technology Licensing, Llc Tenant lockbox
US11075917B2 (en) 2015-03-19 2021-07-27 Microsoft Technology Licensing, Llc Tenant lockbox
US10931682B2 (en) 2015-06-30 2021-02-23 Microsoft Technology Licensing, Llc Privileged identity management
CN105404796A (en) * 2015-10-21 2016-03-16 浪潮电子信息产业股份有限公司 JavaScript source file protection method and apparatus
CN106096436A (en) * 2016-05-30 2016-11-09 深圳市永兴元科技有限公司 Cloud data managing method and device
CN106685912A (en) * 2016-08-09 2017-05-17 厦门天锐科技股份有限公司 Secure access method of application system
CN106685912B (en) * 2016-08-09 2020-06-12 厦门天锐科技股份有限公司 Safety access method of application system
CN111262865A (en) * 2016-09-23 2020-06-09 华为技术有限公司 Method, device and system for formulating access control policy
CN106650490A (en) * 2016-10-25 2017-05-10 广东欧珀移动通信有限公司 Cloud account number login method and device
CN106650490B (en) * 2016-10-25 2019-07-23 Oppo广东移动通信有限公司 The login method and device of cloud account
CN106453390A (en) * 2016-11-11 2017-02-22 北京邮电大学 Cloud storage system
CN106453390B (en) * 2016-11-11 2019-10-18 北京邮电大学 A cloud storage system
CN109214206A (en) * 2018-08-01 2019-01-15 武汉普利商用机器有限公司 cloud backup storage system and method
CN109922128A (en) * 2019-01-08 2019-06-21 中金数据(武汉)超算技术有限公司 A kind of data safety exchange method suitable for across cloud service deployment environment
CN110826101A (en) * 2019-11-05 2020-02-21 安徽数据堂科技有限公司 Privatization deployment data processing method for enterprise
CN110826101B (en) * 2019-11-05 2021-01-05 安徽数据堂科技有限公司 Privatization deployment data processing method for enterprise
WO2022000156A1 (en) * 2020-06-29 2022-01-06 Microsoft Technology Licensing, Llc Selective security augmentation in source control environments
US12265635B2 (en) 2020-06-29 2025-04-01 Microsoft Technology Licensing, Llc Selective security augmentation in source control environments
CN115174128A (en) * 2021-03-19 2022-10-11 北京金山云网络技术有限公司 Login management method and device and private cloud control server

Similar Documents

Publication Publication Date Title
CN102571703A (en) Security control system and security control method for cloud data
TW201227395A (en) Cloud data security controlling system and method
US11263305B2 (en) Multilayered approach to protecting cloud credentials
CN115378610B (en) Location-based access to controlled access resources
US10055561B2 (en) Identity risk score generation and implementation
US9491183B1 (en) Geographic location-based policy
CN112738100B (en) Authentication method, device, authentication equipment and authentication system for data access
US20160182565A1 (en) Location-based network security
CN110912938A (en) Access verification method and device for network access terminal, storage medium and electronic equipment
US9635017B2 (en) Computer network security management system and method
CA3024158C (en) Method and apparatus for issuing a credential for an incident area network
US11630895B2 (en) System and method of changing the password of an account record under a threat of unlawful access to user data
CN102571859A (en) System and method for controlling robot through cloud computation
US20180176197A1 (en) Dynamic Data Protection System
KR102362320B1 (en) System and method for communicating of network address mutation on dynamic network security
CN110351719A (en) A kind of wireless network management method, system and electronic equipment and storage medium
CN116015695A (en) Resource access method, system, device, terminal and storage medium
US20210014278A1 (en) Multi-tenant authentication framework
CN111193754B (en) Data access method, system and device applied to Internet of Things
CN107196957A (en) A kind of distributed identity authentication method and system
Kumar et al. Real geo‐time‐based secured access computation model for e‐Health systems
US20210099878A1 (en) Method and System for Authorizing the Communication of a Network Node
US10819707B1 (en) Systems and methods for validating a user's physical location
US20220255970A1 (en) Deploying And Maintaining A Trust Store To Dynamically Manage Web Browser Extensions On End User Computing Devices
CN107113074B (en) System, method, and non-transitory computer-usable medium for managing communication endpoints

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20120711