CN102098295A - Method for improving data security under SaaS application - Google Patents
Method for improving data security under SaaS application Download PDFInfo
- Publication number
- CN102098295A CN102098295A CN2010106100861A CN201010610086A CN102098295A CN 102098295 A CN102098295 A CN 102098295A CN 2010106100861 A CN2010106100861 A CN 2010106100861A CN 201010610086 A CN201010610086 A CN 201010610086A CN 102098295 A CN102098295 A CN 102098295A
- Authority
- CN
- China
- Prior art keywords
- user
- data
- key
- server
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method for improving data security under software-as-a-service (SaaS) application, which comprises the following steps of: allocating a data encryption key for a user during user registration; encrypting the data encryption key by using a public key of a server through a public key algorithm, and keeping the encrypted key by a user; when the user uses the SaaS service, communicating by adopting an encryption communication protocol; and encrypting and decrypting the user data by adopting a symmetrical encryption algorithm, wherein the data encryption key is only transiently saved in a memory of an application program server. In the method for improving the data security under the SaaS application, the encryption key is kept by the user, and due to the adoption of encryption communication, a server manager is prevented from illegally obtaining the key. The encryption and decryption processes are finished in the server, the client load cannot be increased, and any extra software is not needed to be installed. The document data of the user is in a cleartext form in the process of using the service, so operating habits of the user are not influenced.
Description
Technical field
The invention belongs to the data security technical field, relate to a kind of method that improves Information Security, relate in particular to a kind of SaaS and use the method that improves Information Security down.
Background technology
The meaning of SaaS (Software-as-a-service) is that software is promptly served, and the Chinese of SaaS is soft battalion or software operation.SaaS is based on the software application pattern that the Internet provides software service.As a kind of software application pattern of the innovation that begins to rise in 21 century, SaaS is the recent tendency of software development in science and technology.The basic structure of SaaS as shown in Figure 1.
Along with the fast development of cloud computing, the SaaS application demand also can increase fast, however the safety problem of user data in server, the service that causes many people dare not use SaaS service provider to provide, therefore the SaaS application and development is obstructed.
Because for the third-party SaaS of user service provider is fly-by-night, particularly the user worries that the confidential information of oneself can serviced management person checks illegally or leak that effectively solution to this problem is with ciphering user data.
Up-to-date data ciphering method is to adopt at server to preserve the user's data key, brings in encryption and decryption by the client.Because key is kept in the server, the keeper that key is easy to serviced device obtains.The computer of user side will certainly increase burden because will carry out frequent encrypting and decrypting, influences the speed of service.Moreover client also need be installed encryption and decryption software piece, and the i.e. service of this and software itself is contradictory.
Summary of the invention
Technical problem to be solved by this invention is: provide a kind of SaaS to use the method that improves Information Security down, neither influence user's normal use habit, can guarantee the safety of user data in server again.
For solving the problems of the technologies described above, the present invention adopts following technical scheme:
A kind of SaaS uses the method that improves Information Security down, and described method comprises the steps:
When the user registers, for the user distributes a data encryption key; PKI with server is encrypted this data encryption key with public key algorithm, and the key after will encrypting is transferred to user's keeping;
The user adopts the coded communication protocol communication when using the SaaS service;
Adopt symmetric encipherment algorithm that user's data is carried out encrypting and decrypting, only of short duration preservation in the internal memory in application program clothes device of data encryption key.
As a preferred embodiment of the present invention, described symmetric encipherment algorithm is DES or AES, and its asymmetric arithmetic is RSA or ECC algorithm.
As a preferred embodiment of the present invention, to ciphering user data the time, select the document data of the application program generation of appointment to carry out encryption and decryption.
As a preferred embodiment of the present invention, the user is when opening or preserve data, the data encrypted encryption key of the apps server of service to certificate server application user keeping is provided for the user, and certificate server is again to user applies ciphered data encryption key.
As a preferred embodiment of the present invention, certificate server obtains data encryption key with the private key deciphering of oneself, uses the public key encryption data encryption key of apps server again, hands to apps server again.
As a preferred embodiment of the present invention, apps server obtains data encryption key with own private key deciphering, is used for the encryption and decryption user data.
As a preferred embodiment of the present invention, use coded communication, data can not intercepted and not captured in communication process, data are expressly to show at user side, validated user can normally use the data of oneself, the disabled user promptly enables to obtain the user and has data in the server, and these data also are through what encrypt, can not divulge a secret.
A kind of SaaS uses the method that improves Information Security down, and described method comprises the steps:
Transparent encryption and decryption program is installed in apps server; Adopt symmetric encipherment algorithm,,, read the protecting data encryption of internal memory its data process deciphering of reading in internal memory at program process;
Adopt coded communication between user and the server, when the user registers, give the user, and certificate server is transferred to user oneself keeping again with the public key encryption key of oneself by key of certificate server Random assignment;
After the user logins the web server, open or decipher and enciphered data by the apps server application at the application program place of calling and the encryption key that obtains the user when preserving document; Only of short duration preservation in internal memory of key.
As a preferred embodiment of the present invention, only allow the process operation of safety, the clear data of protection in internal memory can illegally do not read.
Beneficial effect of the present invention is: the SaaS that the present invention proposes uses the method that improves Information Security down, and the data that the user needs protection exist in the data server with the form of encrypting all the time.Encryption key comes keeping by the user, adopts coded communication, avoids server administrators illegally to obtain key.The encryption and decryption process is all finished in server, can not increase the burden of client, need not additionally to install any software.The document data that the user beats when using service is the plaintext form, does not therefore influence user's operating habit.This method is particularly suitable for the not strong portable terminal of operational capability.
Description of drawings
Fig. 1 is the basic structure schematic diagram of SaaS.
Fig. 2 is the user registration course schematic diagram.
Fig. 3 is the process of user login schematic diagram.
Fig. 4 is a transparent encryption and decryption process request for data key flow chart in the apps server.
Fig. 5 is the transparent encryption and decryption flow chart of document.
Fig. 6 is transparent encryption and decryption principle schematic.
Embodiment
Describe the preferred embodiments of the present invention in detail below in conjunction with accompanying drawing.
Embodiment one
The present invention has disclosed a kind of SaaS and has used the method that improves Information Security down, and described method comprises the steps:
When the user registers, for the user distributes a data encryption key; PKI with server is encrypted this data encryption key with public key algorithm, and the key after will encrypting is transferred to user's keeping;
The user adopts the coded communication protocol communication when using the SaaS service;
Adopt symmetric encipherment algorithm that user's data is carried out encrypting and decrypting, only of short duration preservation in the internal memory in application program clothes device of data encryption key.Described symmetric encipherment algorithm is DES or AES, and its asymmetric arithmetic is RSA or ECC algorithm.
Preferably, to ciphering user data the time, select the document data of the application program generation of appointment to carry out encryption and decryption.The user provides the data encrypted encryption key of the apps server of service to certificate server application user keeping for the user when opening or preserve data, certificate server is again to user applies ciphered data encryption key.
Certificate server obtains data encryption key with the private key deciphering of oneself, uses the public key encryption data encryption key of apps server again, hands to apps server again.Perhaps, apps server obtains data encryption key with own private key deciphering, is used for the encryption and decryption user data.
Because use coded communication, data can not intercepted and not captured in communication process, data are expressly to show at user side, so validated user can normally use the data of oneself, the disabled user promptly enables to obtain the user and has data in the server, and these data also are through what encrypt, can not divulge a secret.
Embodiment two
By in data server, adopting transparent encryption and decryption technology, the user's data document is carried out dynamic encryption and decryption, make data in data server, be in encrypted state all the time, then be in expressly state at user side, adopt simultaneously and encrypt communication, and come the keeping data key, do not preserve data key in the application server by user oneself, thereby guarantee neither to influence user's normal use habit, can guarantee the safety of user data in server again.Make the user not worry using the SaaS service can leak the confidential information of oneself, promote the SaaS application and development.
The specific implementation step is as follows:
Transparent encryption and decryption program is installed in apps server.Adopt symmetric encipherment algorithm,,, read the protecting data encryption of internal memory its data process deciphering of reading in internal memory at program process.Transparent encryption is separated principle shown in figure six.
Adopt coded communication between user and the server, when the user registers, give the user, and certificate server is transferred to user oneself keeping again with the public key encryption key of oneself by key of certificate server Random assignment.
After the user logins the web server, open or decipher and enciphered data by the apps server application at the application program place of calling and the encryption key that obtains the user when preserving document.Only of short duration preservation in internal memory of key.
Further, only allow the process operation of safety, the clear data of protection in internal memory can illegally do not read.
Embodiment three
At the apps server end encryption system is installed, system adopts the transparent encryption technology.The user is connected the coded communication of employing HTTPS agreement with server.Transparent encryption adopts symmetry algorithm, can be 3DES or AES etc.Adopt asymmetric arithmetic encrypt user data key, the extended field of available X509 certificate is preserved this key of encrypting, and leaves in user's the certificate.Application program is to certificate server application key, in order to the encryption and decryption user data.The user normally uses service, is not affected.
User's registration step is as follows:
1, as shown in Figure 2, the user is at the web page, the new user that applies for the registration of, and certificate server judges whether to allow registration, if can register then in database, add record, and the response that returns success;
2, meanwhile give data key of user's Random assignment, be used for transparent encryption and decryption, this key is left in the extended field of X509 certificate after with its public key encryption by certificate server, and user's download is also preserved this certificate.
The logging in system by user step is as follows:
Use browser in web page login system, as shown in Figure 3.
The user uses the application program service step as follows:
(1) user is by authentication back login system
(2) user uses application program service, as shown in Figure 5, document opened, preserve, imported, during operation such as derivation, transparent encryption and decryption process can be carried out corresponding encryption and decryption operation;
(3) when carrying out the encryption and decryption operation, need obtain user data key earlier, obtain the user data key process as shown in Figure 4.
In sum, the SaaS that the present invention proposes uses the method that improves Information Security down, and the data that the user needs protection exist in the data server with the form of encrypting all the time.Encryption key comes keeping by the user, adopts coded communication, avoids server administrators illegally to obtain key.The encryption and decryption process is all finished in server, can not increase the burden of client, need not additionally to install any software.The document data that the user beats when using service is the plaintext form, does not therefore influence user's operating habit.This method is particularly suitable for the not strong portable terminal of operational capability.
Here description of the invention and application is illustrative, is not to want with scope restriction of the present invention in the above-described embodiments.Here the distortion of disclosed embodiment and change are possible, and the various parts of the replacement of embodiment and equivalence are known for those those of ordinary skill in the art.Those skilled in the art are noted that under the situation that does not break away from spirit of the present invention or substantive characteristics, and the present invention can be with other form, structure, layout, ratio, and realize with other assembly, material and parts.Under the situation that does not break away from the scope of the invention and spirit, can carry out other distortion and change here to disclosed embodiment.
Claims (9)
1. a SaaS uses the method that improves Information Security down, it is characterized in that described method comprises the steps:
When the user registers, for the user distributes a data encryption key; PKI with server is encrypted this data encryption key with public key algorithm, and the key after will encrypting is transferred to user's keeping;
The user adopts the coded communication protocol communication when using the SaaS service;
Adopt symmetric encipherment algorithm that user's data is carried out encrypting and decrypting, only of short duration preservation in the internal memory in application program clothes device of data encryption key.
2. SaaS according to claim 1 uses the method that improves Information Security down, it is characterized in that:
Described symmetric encipherment algorithm is DES or AES, and its asymmetric arithmetic is RSA or ECC algorithm.
3. SaaS according to claim 1 uses the method that improves Information Security down, it is characterized in that:
To ciphering user data the time, select the document data of the application program generation of appointment to carry out encryption and decryption.
4. use the method that improves Information Security down according to the described SaaS of one of claim 1 to 3, it is characterized in that:
The user provides the data encrypted encryption key of the apps server of service to certificate server application user keeping for the user when opening or preserve data, certificate server is again to user applies ciphered data encryption key.
5. SaaS according to claim 4 uses the method that improves Information Security down, it is characterized in that:
Certificate server obtains data encryption key with the private key deciphering of oneself, uses the public key encryption data encryption key of apps server again, hands to apps server again.
6. SaaS according to claim 5 uses the method that improves Information Security down, it is characterized in that:
Apps server obtains data encryption key with own private key deciphering, is used for the encryption and decryption user data.
7. SaaS according to claim 6 uses the method that improves Information Security down, it is characterized in that:
Use coded communication, data can not intercepted and not captured in communication process, and data are expressly to show at user side, validated user can normally use the data of oneself, the disabled user promptly enables to obtain the user and has data in the server, and these data also are through what encrypt, can not divulge a secret.
8. a SaaS uses the method that improves Information Security down, it is characterized in that described method comprises the steps:
Transparent encryption and decryption program is installed in apps server; Adopt symmetric encipherment algorithm,,, read the protecting data encryption of internal memory its data process deciphering of reading in internal memory at program process;
Adopt coded communication between user and the server, when the user registers, give the user, and certificate server is transferred to user oneself keeping again with the public key encryption key of oneself by key of certificate server Random assignment;
After the user logins the web server, open or decipher and enciphered data by the apps server application at the application program place of calling and the encryption key that obtains the user when preserving document; Only of short duration preservation in internal memory of key.
9. SaaS according to claim 8 uses the method that improves Information Security down, it is characterized in that: only allow the process operation of safety, the clear data of protection in internal memory can illegally do not read.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010106100861A CN102098295A (en) | 2010-12-28 | 2010-12-28 | Method for improving data security under SaaS application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010106100861A CN102098295A (en) | 2010-12-28 | 2010-12-28 | Method for improving data security under SaaS application |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102098295A true CN102098295A (en) | 2011-06-15 |
Family
ID=44131159
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010106100861A Pending CN102098295A (en) | 2010-12-28 | 2010-12-28 | Method for improving data security under SaaS application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102098295A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103036853A (en) * | 2011-09-30 | 2013-04-10 | 中国移动通信集团公司 | Business data transmission method and device and business processing method and device |
| CN103152346A (en) * | 2013-03-12 | 2013-06-12 | 中国联合网络通信集团有限公司 | Privacy protection method, server and system of massive users |
| CN103516516A (en) * | 2012-06-28 | 2014-01-15 | 中国电信股份有限公司 | File safe sharing method, system and terminal |
| CN103685239A (en) * | 2013-11-25 | 2014-03-26 | 上海斐讯数据通信技术有限公司 | Real-time encryption and decryption system and real-time encryption and decryption method for mobile products |
| CN103746993A (en) * | 2014-01-07 | 2014-04-23 | 南京大学 | Cloud storage data encryption method with client-controlled decryption private key and server-performed encryption and decryption |
| CN105791954A (en) * | 2014-12-23 | 2016-07-20 | 深圳Tcl新技术有限公司 | Digital television terminal conditional access method and system and terminal |
| CN105915547A (en) * | 2016-06-15 | 2016-08-31 | 迅鳐成都科技有限公司 | Method for realizing control and leakage prevention of data out of service system |
| CN107220883A (en) * | 2017-06-01 | 2017-09-29 | 智象互联(厦门)科技有限公司 | A kind of SAAS motion of defect modes electric business cloud platform system, method of commerce and device |
| CN108092957A (en) * | 2017-12-01 | 2018-05-29 | 天脉聚源(北京)科技有限公司 | The method and device that message is encrypted |
| CN108683671A (en) * | 2018-05-21 | 2018-10-19 | 浙江长投云联信息科技有限公司 | A kind of SaaS management system |
| CN109558743A (en) * | 2018-11-27 | 2019-04-02 | 广州供电局有限公司 | Data guard method, device, computer equipment and the storage medium of mobile terminal |
| CN110826077A (en) * | 2018-08-10 | 2020-02-21 | 姚庆梅 | Technical architecture scheme for protecting SaaS (software as a service) user data security |
| CN114338173A (en) * | 2021-12-29 | 2022-04-12 | 渔翁信息技术股份有限公司 | Account registration method, system, equipment and computer readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101510888A (en) * | 2009-03-19 | 2009-08-19 | 阿里巴巴集团控股有限公司 | Method, device and system for improving data security for SaaS application |
| CN101771699A (en) * | 2010-01-06 | 2010-07-07 | 华南理工大学 | Method and system for improving SaaS application security |
| CN101808089A (en) * | 2010-03-05 | 2010-08-18 | 中国人民解放军国防科学技术大学 | Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm |
| CN101924739A (en) * | 2009-06-10 | 2010-12-22 | 北京环球聚浪网络科技有限公司 | Method for encrypting, storing and retrieving software certificate and private key |
-
2010
- 2010-12-28 CN CN2010106100861A patent/CN102098295A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101510888A (en) * | 2009-03-19 | 2009-08-19 | 阿里巴巴集团控股有限公司 | Method, device and system for improving data security for SaaS application |
| CN101924739A (en) * | 2009-06-10 | 2010-12-22 | 北京环球聚浪网络科技有限公司 | Method for encrypting, storing and retrieving software certificate and private key |
| CN101771699A (en) * | 2010-01-06 | 2010-07-07 | 华南理工大学 | Method and system for improving SaaS application security |
| CN101808089A (en) * | 2010-03-05 | 2010-08-18 | 中国人民解放军国防科学技术大学 | Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103036853A (en) * | 2011-09-30 | 2013-04-10 | 中国移动通信集团公司 | Business data transmission method and device and business processing method and device |
| CN103516516B (en) * | 2012-06-28 | 2017-06-16 | 中国电信股份有限公司 | file security sharing method, system |
| CN103516516A (en) * | 2012-06-28 | 2014-01-15 | 中国电信股份有限公司 | File safe sharing method, system and terminal |
| CN103152346A (en) * | 2013-03-12 | 2013-06-12 | 中国联合网络通信集团有限公司 | Privacy protection method, server and system of massive users |
| CN103152346B (en) * | 2013-03-12 | 2016-01-06 | 中国联合网络通信集团有限公司 | The method for secret protection of mass users, server and system |
| CN103685239A (en) * | 2013-11-25 | 2014-03-26 | 上海斐讯数据通信技术有限公司 | Real-time encryption and decryption system and real-time encryption and decryption method for mobile products |
| CN103746993A (en) * | 2014-01-07 | 2014-04-23 | 南京大学 | Cloud storage data encryption method with client-controlled decryption private key and server-performed encryption and decryption |
| CN105791954A (en) * | 2014-12-23 | 2016-07-20 | 深圳Tcl新技术有限公司 | Digital television terminal conditional access method and system and terminal |
| CN105791954B (en) * | 2014-12-23 | 2019-02-01 | 深圳Tcl新技术有限公司 | Digital TV terminal condition receiving method, terminal and system |
| CN105915547A (en) * | 2016-06-15 | 2016-08-31 | 迅鳐成都科技有限公司 | Method for realizing control and leakage prevention of data out of service system |
| CN107220883A (en) * | 2017-06-01 | 2017-09-29 | 智象互联(厦门)科技有限公司 | A kind of SAAS motion of defect modes electric business cloud platform system, method of commerce and device |
| CN108092957A (en) * | 2017-12-01 | 2018-05-29 | 天脉聚源(北京)科技有限公司 | The method and device that message is encrypted |
| CN108683671A (en) * | 2018-05-21 | 2018-10-19 | 浙江长投云联信息科技有限公司 | A kind of SaaS management system |
| CN110826077A (en) * | 2018-08-10 | 2020-02-21 | 姚庆梅 | Technical architecture scheme for protecting SaaS (software as a service) user data security |
| CN109558743A (en) * | 2018-11-27 | 2019-04-02 | 广州供电局有限公司 | Data guard method, device, computer equipment and the storage medium of mobile terminal |
| CN114338173A (en) * | 2021-12-29 | 2022-04-12 | 渔翁信息技术股份有限公司 | Account registration method, system, equipment and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102098295A (en) | Method for improving data security under SaaS application | |
| Jiang et al. | A privacy enhanced authentication scheme for telecare medical information systems | |
| CN102655508B (en) | Method for protecting privacy data of users in cloud environment | |
| EP2830282B1 (en) | Storage method, system and apparatus | |
| WO2017097041A1 (en) | Data transmission method and device | |
| CN102571329B (en) | Password key management | |
| RU2016104765A (en) | PROCESSING PROTECTED REMOTE PAYMENT TRANSACTIONS | |
| CN104270242B (en) | A kind of ciphering and deciphering device for network data encryption transmission | |
| CN104253694A (en) | Encrypting method for network data transmission | |
| CN108494811A (en) | data transmission security authentication method and device | |
| CN110889696A (en) | Storage method, device, equipment and medium for alliance block chain secret key based on SGX technology | |
| TW201926943A (en) | Data transmission method and system | |
| TW202141309A (en) | Blockchain data authorization access method and device | |
| CN107908574A (en) | The method for security protection of solid-state disk data storage | |
| CN103559453A (en) | Hardware encryption protection method and system for cellphone data | |
| CN204180095U (en) | A kind of ciphering and deciphering device for network data encryption transmission | |
| US20240232441A1 (en) | Executing entity-Specific Cryptographic Code in a Cryptographic | |
| CN108900301A (en) | The certification of restful interface security and message mixed encryption method based on .NET MVC | |
| CN108040048A (en) | A kind of mobile client end subscriber dynamic secret key encryption communication method based on http protocol | |
| JP2016019233A (en) | Communication system, communication device, key managing device and communication method | |
| CN116346318A (en) | Data sharing method, sharing device, processor and system thereof | |
| CN107911221A (en) | The key management method of solid-state disk data safety storage | |
| CN202495964U (en) | Identity authentication system based on mobile terminal | |
| CN106790100B (en) | Data storage and access control method based on asymmetric cryptographic algorithm | |
| KR20090024482A (en) | Key management system for using content and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110615 |