[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN113608933B - Distributed backup synchronization system for public cloud tenant service sensitive data - Google Patents

Distributed backup synchronization system for public cloud tenant service sensitive data Download PDF

Info

Publication number
CN113608933B
CN113608933B CN202111178820.6A CN202111178820A CN113608933B CN 113608933 B CN113608933 B CN 113608933B CN 202111178820 A CN202111178820 A CN 202111178820A CN 113608933 B CN113608933 B CN 113608933B
Authority
CN
China
Prior art keywords
tenant
data
backup
module
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111178820.6A
Other languages
Chinese (zh)
Other versions
CN113608933A (en
Inventor
张卫平
丁烨
张浩宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Global Numerical Technology Co ltd
Original Assignee
Global Digital Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Global Digital Group Co Ltd filed Critical Global Digital Group Co Ltd
Priority to CN202111178820.6A priority Critical patent/CN113608933B/en
Publication of CN113608933A publication Critical patent/CN113608933A/en
Application granted granted Critical
Publication of CN113608933B publication Critical patent/CN113608933B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1448Management of the data involved in backup or backup restore
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0645Rental transactions; Leasing transactions

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • General Health & Medical Sciences (AREA)
  • Finance (AREA)
  • Automation & Control Theory (AREA)
  • General Business, Economics & Management (AREA)
  • Quality & Reliability (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a distributed backup synchronization system for public cloud tenant service sensitive data, which comprises an acquisition module, a security module, a backup module, a synchronization module, a verification module and a processor, wherein the processor is respectively in control connection with the acquisition module, the security module, the backup module, the synchronization module and the verification module, and the acquisition module is used for acquiring tenant data so as to acquire tenant services and identity IDs (identities); the verification module is used for verifying the identity of the tenant and the accessed mobile terminal; the safety module is used for protecting data of tenants; the backup module is used for backing up data of each tenant; and the synchronization module triggers the synchronization of the tenant data when receiving the access request which is verified by the verification module. According to the invention, all the operations can be traced by performing backup operation on the data of the tenant and marking the backed-up data, so that the safety of the whole data is ensured.

Description

Distributed backup synchronization system for public cloud tenant service sensitive data
Technical Field
The invention relates to the technical field of leasing, in particular to a distributed backup synchronization system for public cloud tenant service sensitive data.
Background
With the increasing value of personal information and unit information, information security assurance has been paid more and more attention by enterprises. How to avoid a large amount of sensitive information related to daily production operation becomes a primary consideration of information security, and a production database bearing a core service system is more important. In daily informatization construction, a large amount of business test data is inevitably required to be migrated from a production library to a development/test library, and how to protect sensitive information to the maximum extent on the basis of meeting the informatization construction is an important challenge at present.
For example, the CN105740722B prior art discloses a method for disguising sensitive data of a database, which inevitably needs the data to be sourced from a production system, and in order to protect the security of the data and not affect the requirement of development and testing, it is practical to generate a "substitute" for the data to provide some data or databases of the same type but with different values. This substitute data is sometimes false, but more so is a confusing real data. Using data masquerading can help businesses prevent unauthorized, personal sensitive data from being obtained. Meanwhile, data masquerading provides the purpose of replacing real data testing, and developing or changing a database or configuration management.
The invention is made in order to solve the problems of poor data security, incapability of hiding, incapability of backing up, malicious access, lack of protection means and the like which commonly exist in the field.
Disclosure of Invention
The invention aims to provide a distributed backup synchronization system for public cloud tenant service sensitive data, aiming at the defects of the current sensitive data processing.
In order to overcome the defects of the prior art, the invention adopts the following technical scheme:
a distributed backup synchronization system for public cloud tenant service sensitive data comprises an acquisition module, a security module, a backup module, a synchronization module, a verification module and a processor,
the processor is respectively in control connection with the acquisition module, the security module, the backup module, the synchronization module and the verification module, wherein the acquisition module is used for acquiring data of a tenant so as to acquire service and Identity (ID) of the tenant; the verification module is used for verifying the identity of the tenant and the accessed mobile terminal; the safety module is used for protecting the data of the tenant so as to cooperate with the backup module to backup the data of the tenant; the backup module is used for backing up data of each tenant and storing the data in a personal database of the tenant;
the synchronization module triggers the synchronization of the tenant data when receiving the access request which is verified by the verification module;
the acquisition module comprises a networking unit and a database, the networking unit is used for networking with the mobile terminals of the tenants to establish a transmission network, and the transmission network verifies the authorization permission of the mobile terminal corresponding to each tenant through the verification module before connection; the database is used for storing the information of each tenant collected by the networking unit and feeding back a storage serial number;
the acquisition module also comprises a management unit, wherein the management unit generates a corresponding pass code by using the identity information provided by the tenant, checks the access position when using the pass code, and accesses the required service if the pass code meets the pass condition;
the management unit further comprises a passcode generator for automatically generating a passcode and a backup ID, the passcode generator generating a passcode pass through the following formulai
Figure 100002_DEST_PATH_IMAGE001
Wherein u isiTotal number of visits for tenant i; taskiThe number of visits for the day; z is a radical ofiIs the current time; diIs the cut-off time; w is aiIs the latency of the trigger at access; k is a radical ofiIs the pass code of the last access,
Figure 607662DEST_PATH_IMAGE002
wherein series is the identity ID of the tenant; when a new pass code is generated, the pass code is updated;
the passcode generator generates a backup ID by:
Figure 100002_DEST_PATH_IMAGE003
wherein, BackupiIs a backup ID; a and b are coefficients, and the values of the coefficients are related to items or demands issued by tenants; giThe total storage capacity of data uploaded for the tenants; k is a radical ofiThe password is the last access password;
before responding to the access request of the tenant, the management unit needs to utilize the passcode generator to generate a new passcode and a backup ID, and the newly issued passcode and backup ID are valid only if the passcode and the backup ID are inconsistent with the original passcode and the backup ID, so that the record of the access request can be traced.
Optionally, the verification module includes a verification unit and an authorization unit, where the verification unit is configured to verify the identity of the tenant, and if the identity of the tenant is not registered, feed back a result of the verification to the tenant;
the verification unit comprises a registration subunit and an ID creation subunit, the registration subunit acquires identity information of the tenant, establishes an account for the tenant based on an ID registration protocol, and generates an authorization code through the authorization unit, wherein if the equipment adopted during current registration is a mobile terminal, the identification code of the equipment is read and is bound with the authorization code; if the current registration equipment is not the mobile terminal, the authorization code is granted when the next mobile terminal is used for logging in;
the ID creating subunit is used for creating the identity or the ID of the tenant and sending the generated ID to the transmission network;
the registration subunit is further configured to acquire a location of the mobile terminal related to the login account to acquire corresponding tenant information when the tenant registers or requests the list submission.
Optionally, the backup module includes an identification unit and a backup unit, where the identification unit identifies based on the data of the tenant to identify whether the data is private data, and if the data is private data, the backup module performs backup through the backup data; the backup unit is used for backing up the private data and protecting the private data through a safety module;
the identification unit determines whether the data is the private data or not through a privacy policy, wherein the privacy policy comprises that a plurality of storage units are opened up in an inherent storage space, and each storage unit stores at least one piece of personal data related to the tenant; generating a packing instruction after each storage unit is stored and meets a packing threshold, wherein the storage units are packed and backed up through the backup unit; wherein the backup unit performs a backup operation based on the packing instruction;
the backup unit is used for opening a storage area for storing the private data in a storage space of a tenant based on the backup ID and the data of the packaging instruction of the identification unit; and generating a backup instruction after the data is stored, wherein the backup instruction is used for interacting data with other tenants or tenants in the transmission network.
Optionally, the synchronization module includes a synchronization unit and an extraction unit, the synchronization unit synchronizes a requirement list of a tenant based on the extraction unit, and the synchronization unit triggers synchronous display of data in response to a searched tag when executing a synchronization operation;
wherein the synchronization operation comprises:
establishing a search database, wherein the database comprises data of each tenant;
searching the demands of the tenants through a search engine, and generating corresponding retrieval results after data matched with the demands of the tenants exist in the search database;
and displaying corresponding tenant information based on the search result, and sending the tenant information to a mobile terminal or a requirement submitting device of a tenant submitting requirement, wherein the tenant information comprises a tenant leasing address, an estimated distance between the tenant information and the requirement submitting device in real time, and a contact telephone.
Optionally, the security module is configured to protect data of a tenant, and when the tenant uploads data in the transmission network, the security module performs an encryption operation on the data; the security module hides the data which are published unnecessarily for the search result so as to protect the information security of the tenant.
Optionally, the encryption operation includes:
acquiring data capacity of a tenant, and distributing membership degrees to the data capacity, wherein the membership degrees are generated according to identity information of the tenant or the authorization code; obtaining a data sequence U = { C1, C2, C3, …, CmIs epsilon with R; the security module performs encryption according to the following equation:
Figure 164283DEST_PATH_IMAGE004
wherein,
Figure 100002_DEST_PATH_IMAGE005
for encrypting a plaintext sequence, MI is an encrypted key; m is the number of elements of the data sequence; n is the number of elements of the encrypted plaintext sequence; and m = n.
The beneficial effects obtained by the invention are as follows:
1. the management unit is adopted to generate a new pass code and a backup ID by using the pass code generator before responding to the access request of the tenant, and the newly issued pass code and backup ID are valid only if the pass code and the backup ID are inconsistent with the original pass code and the backup ID, so that the record of the access request can be traced, meanwhile, the data of the tenant can be backed up through the backup ID, and the data of the tenant can be effectively protected based on the backup;
2. all the operations can be traced by performing backup operation on the data of the tenant and marking the backed-up data, so that the safety of the whole data is ensured;
3. searching the demands of the tenants through a search engine, and generating corresponding retrieval results after data matched with the demands of the tenants exist in the search database;
4. hiding data which is subjected to unnecessary publication on the search result through the security module so as to prevent the information security of the tenant;
5. through the cooperation among the encrypted plaintext sequence, the determinant of the authorization code and the determinant of the membership degree, the data is encrypted, and the data can be effectively protected;
6. by selecting the optimal matching degree for the satisfied demand list, the tenant can obtain the optimal resource in the process of leasing or releasing, and the protection on the private data is reduced to the maximum extent.
Drawings
The invention will be further understood from the following description in conjunction with the accompanying drawings. The components in the figures are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the embodiments. Like reference numerals designate corresponding parts throughout the different views.
FIG. 1 is a schematic control flow diagram of the present invention.
Fig. 2 is a schematic control flow diagram of the acquisition module according to the present invention.
FIG. 3 is a schematic control flow diagram of the verification module according to the present invention.
Fig. 4 is a schematic control flow diagram of the backup module according to the present invention.
Fig. 5 is a control flow diagram of the synchronization module according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to embodiments thereof; it should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. Other systems, methods, and/or features of the present embodiments will become apparent to those skilled in the art upon review of the following detailed description. It is intended that all such additional systems, methods, features and advantages be included within this description, be within the scope of the invention, and be protected by the accompanying claims. Additional features of the disclosed embodiments are described in, and will be apparent from, the detailed description that follows.
The same or similar reference numerals in the drawings of the embodiments of the present invention correspond to the same or similar components; in the description of the present invention, it should be understood that if there is an orientation or positional relationship indicated by the terms "upper", "lower", "left", "right", etc. based on the orientation or positional relationship shown in the drawings, it is only for convenience of describing the present invention and simplifying the description, but it is not intended to indicate or imply that the device or component referred to must have a specific orientation, be constructed in a specific orientation, and be operated, and therefore, the terms describing the positional relationship in the drawings are only used for illustrative purposes and are not to be construed as limiting the present patent, and the specific meaning of the terms described above will be understood by those of ordinary skill in the art according to the specific circumstances.
The first embodiment is as follows: according to fig. 1 to 5, a distributed backup synchronization system for public cloud tenant service sensitive data is provided, which includes an acquisition module, a security module, a backup module, a synchronization module, a verification module and a processor, wherein the processor is respectively in control connection with the acquisition module, the security module, the backup module, the synchronization module and the verification module, and performs accurate backup or protection on data of each tenant under the centralized control of the processor. In addition, the synchronization system also comprises a server, wherein the server is connected with the processor and is networked with an external system or network through the server so as to realize the data protection of each tenant. The acquisition module is used for acquiring data of a tenant so as to acquire the service and the identity ID of the tenant; the verification module is used for verifying the identity of the tenant and the accessed mobile terminal; the safety module is used for protecting the data of the tenant so as to cooperate with the backup module to backup the data of the tenant; the backup module is used for backing up data of each tenant and storing the data in a personal database of the tenant;
the synchronization module triggers the synchronization of the tenant data when receiving the access request which is verified by the verification module;
the acquisition module comprises a networking unit and a database, wherein the networking unit is used for networking with the mobile terminals of the tenants to establish a transmission network, and the transmission network verifies the authorization permission of the mobile terminal corresponding to each tenant through the verification module before connection; the database is used for storing the information of each tenant collected by the networking unit and feeding back a storage serial number; when the mobile terminal is not authorized, prompting the tenant so that the tenant can obtain the best use experience.
The acquisition module also comprises a management unit, wherein the management unit generates a corresponding pass code by using the identity information provided by the tenant, checks the access position when using the pass code, and accesses the required service if the pass code meets the pass condition;
the identity information includes, but is not limited to, the following listed ones: the identity card (identity ID) is equivalent to the leasing combination of the immovable property right certificate, the immovable property right registration certificate and the notarization, and is used for ensuring that the leasing resources of the tenants are accurate and reliable. In addition, in this embodiment, the networking unit may also be in data connection with the server to obtain data such as a certification material of the real property right, so as to check whether the above information is accurate. Meanwhile, when the provided identity information is a lease contract, necessary check is carried out on the leasers and the lessees so as to ensure the reliability of the identity information provided by the two parties.
The management unit further comprises a passcode generator for automatically generating a passcode and a backup ID, the passcode generator generating a passcode pass through the following formulai
Figure 350545DEST_PATH_IMAGE006
Wherein u isiTotal number of visits for tenant i; taskiThe number of visits for the day; z is a radical ofiIs the current time; diIs the cut-off time; w is aiIs the latency of the trigger at access; k is a radical ofiFor last accessThe code of the pass is a code of the pass,
Figure DEST_PATH_IMAGE007
wherein series is the identity ID of the tenant; when a new pass code is generated, the pass code is updated;
the passcode generator generates a backup ID by:
Figure 683438DEST_PATH_IMAGE008
wherein, BackupiIs a backup ID; a and b are coefficients, and the values of the coefficients are related to items or demands issued by tenants; giThe total storage capacity of data uploaded for the tenants; k is a radical ofiThe password is the last access password; if the tenant has not issued any project or requirement before, then a and b are both 1; if the item released by the tenant or the submitted demand is not 0, a and b satisfy the following relationship: a = G/GiB = f/G, where G is the total number of items of all items or requirements; f is the current backup frequency; in this embodiment, the resending of the passcode is triggered within a set time interval, so as to ensure that personal data of the tenant can be backed up. In other embodiments, the backup module may also be used to automatically perform backup according to a set backup time interval.
If the pass code is applied for the first time, setting zero to the pass code; in addition, in the pair kiIn the verification process, the identity information of the tenant is acquired, and meanwhile, special letters existing in the identity card are acquired, such as: discarding the appeared 'X', and generating the pass code by using data of 0-9.
Before responding to the access request of the tenant, the management unit needs to utilize the pass code generator to generate a new pass code and a backup ID, and the newly issued pass code and the backup ID are valid only if the pass code and the backup ID are inconsistent with the original pass code and the backup ID, so that the record of the access request can be traced. And backing up the data of the tenant through the backup ID, and effectively protecting the data of the tenant based on the backup.
Optionally, the verification module includes a verification unit and an authorization unit, where the verification unit is configured to verify the identity of the tenant, and if the identity of the tenant is not registered, feed back a result of the verification to the tenant; in the process of result feedback of the tenant, the feedback result does not contain any unnecessary information, so that the personal information is protected. Meanwhile, the verification unit and the authorization unit are matched for use, so that both verification and a registration request for a new tenant can be considered. The verification unit comprises a registration subunit and an ID creation subunit, wherein the registration subunit acquires identity information of the tenant, establishes an account for the tenant based on an ID registration protocol, and generates an authorization code through the authorization unit, wherein if the device adopted during current registration is a mobile terminal, an identification code of the device is read and bound with the authorization code, and after binding, the mobile terminal is granted to correspond to the tenant account and can perform access or request submission; if the current registration equipment is not the mobile terminal, the authorization code is granted when the next mobile terminal is used for logging in; the ID creating subunit is used for creating the identity or the ID of the tenant and sending the generated ID to the transmission network;
the registration subunit is further configured to acquire a location of the mobile terminal related to the login account to acquire corresponding tenant information when the tenant registers or requests the list submission. In addition, the login information and the location information can be manually added according to the tenant, so that the rental information near the location can be acquired, and the tenant can be greatly convenient to determine the rental providing place through the acquiring mode.
Optionally, the backup module includes an identification unit and a backup unit, where the identification unit identifies based on the data of the tenant to identify whether the data is private data, and if the data is private data, the backup module performs backup through the backup data; the backup unit is used for backing up the private data and protecting the private data through a safety module;
the identification unit determines whether the data is the private data or not through a privacy policy, wherein the privacy policy comprises that a plurality of storage units are opened up in an inherent storage space, and each storage unit stores at least one piece of personal data related to the tenant; generating a packing instruction after each storage unit is stored and meets a packing threshold, packing data in the storage units, and performing backup operation through the backup unit; wherein the backup unit performs a backup operation based on the packing instruction;
the backup unit is used for opening a storage area for storing the private data in a storage space of a tenant based on the backup ID and the data of the packaging instruction of the identification unit; and generating a backup instruction after the data is stored, wherein the backup instruction is used for interacting data with other tenants or tenants in the transmission network.
The backup command includes the backup ID and the set threshold information, and when both satisfy the above conditions, the backup operation is executed. In addition, the data units after backup are marked, and the marked information includes, but is not limited to, the following listed types: the execution device, the time at which the backup was performed, the identity ID of the operator, etc. All the operations can be traced by performing backup operation on the data of the tenant and marking the backed-up data, so that the safety of the whole data is ensured.
Optionally, the synchronization module includes a synchronization unit and an extraction unit, the synchronization unit synchronizes a requirement list of a tenant based on the extraction unit, and the synchronization unit triggers synchronous display of data in response to a searched tag when executing a synchronization operation; the demand list is submitted by the tenant, and the demand list comprises a lease demand position, a lease type or other demands.
Wherein the synchronization operation comprises: establishing a search database, wherein the database comprises data of each tenant; particularly, the tenant data includes data of renters and renters, and meanwhile, in the process of renting by the renters, required search needs to be performed through a search engine, so that required positions or renting information can be met. In addition, among the searched data, only some non-private data, which refers to data from which rental information of the other party can be known, is displayed. Meanwhile, the established search database is based on the server to which the search database belongs, so that the access of the tenants with large capacity can be met.
Searching the demands of the tenants through a search engine, and generating corresponding retrieval results after data matched with the demands of the tenants exist in the search database; the device which passes the verification of the verification module and is granted with the authorization code can execute the search operation, if the device is not granted with the authorization code, the search operation cannot be executed, and at the moment, the device is fed back to the tenant to perform real-name authentication or perform binding of the device. By recording the access records, the visitor can be recorded, and the data security is effectively improved. In addition, the search range of the search engine is based on a requirement list submitted by the tenant, and the database is also a new sub-database which is generated after the database is subjected to primary screening by the system and meets the requirement of the tenant.
And displaying corresponding tenant information based on the search result, and sending the tenant information to a mobile terminal or a requirement submitting device of a tenant submitting requirement, wherein the tenant information comprises a tenant leasing address, an estimated distance between the tenant information and the requirement submitting device in real time, and a contact telephone. The method can meet the requirements and the requirements of the lease service through displaying part of tenant information, and can also meet the protection of private data to the maximum extent.
Optionally, the security module is configured to protect data of a tenant, and when the tenant uploads data in the transmission network, the security module performs an encryption operation on the data; the security module hides the data which are not necessarily published in the search result so as to protect the information security of the tenant.
Optionally, the encryption operation includes: acquiring data capacity of a tenant, and distributing membership degrees to the data capacity, wherein the membership degrees are generated according to identity information of the tenant or the authorization code, and in addition, the membership degrees distributed aiming at different data capacities are inconsistent, so that when the stored data is changed, the data capacity is changed, and the change of the membership degrees is also brought; and meanwhile, determining the membership degree according to the weight of each datum.
Obtaining a data sequence U = { C1, C2, C3, …, CmIs epsilon with R; the security module performs encryption according to the following equation:
Figure DEST_PATH_IMAGE009
wherein,
Figure 402870DEST_PATH_IMAGE010
for encrypting a plaintext sequence, MI is an encrypted key; m is the number of elements of the data sequence; n is the number of elements of the encrypted plaintext sequence; and m = n; m belongs to the group of R, and n belongs to the group of R. In addition, the encrypted plaintext sequences are both present in the encryption and decryption processes. At the same time, the encrypted plaintext sequence is related to the tenant's information and, according to the tenant's authorization code, specifically,
Figure DEST_PATH_IMAGE011
Figure 428594DEST_PATH_IMAGE012
obtaining a ciphertext according to a plaintext; d is a determinant of an authorization code; h is determinant of degree of membership. Through the cooperation among the encrypted plaintext sequence, the determinant of the authorization code and the determinant of the membership degree, the data is encrypted, and the data can be effectively protected. In addition, the plaintext sequence may be determined according to D and H, and during the decryption process, the plaintext sequence may also be decrypted according to the above formula, which is not described in detail herein.
Example two: this embodiment should be understood to include at least all the features of any of the foregoing embodiments and further improve on the same, and according to fig. 1-5, further lie in determining a real-time estimated distance of a demand submitting device, wherein the providing location of the tenant and the estimated distance of the demand providing location are determined based on the demand provided by the tenant and by a search engine to meet the location in a demand list, and determining a real-time estimated distance of a demand submitting device, the estimated distance being determined according to the following formula:
Figure DEST_PATH_IMAGE013
wherein, in distance (u)i,uj) In uiPosition coordinates representing the mobile terminal or the tenant, the coordinates being expressed by (x)i,yi) Represents; u. ofjPosition coordinates representing a list of satisfied requirements, the coordinates being in (x)j,yj) Represents;
the coordinate position is determined according to the position issued by the renter, and the coordinate position is determined by GPRS;
Figure 836573DEST_PATH_IMAGE014
,i=1,……,k;j=1,……,k
wherein, MATHiMatching degree of the search; u. ofturePosition coordinates of the tenants to be selected;
Figure DEST_PATH_IMAGE015
wherein, MATHmaxIs the best match in the search. By selecting the optimal matching degree for the satisfied demand lists, the tenant can obtain the optimal resources in the process of leasing or releasing, and the protection on the private data is reduced to the maximum extent. In addition, the main points of the invention areThe private data of two parties or multiple parties is protected in a distributed mode, so that the non-private data can be disclosed in the process of searching the data, and other private data can be effectively protected.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Although the invention has been described above with reference to various embodiments, it should be understood that many changes and modifications may be made without departing from the scope of the invention. That is, the methods, systems, and devices discussed above are examples. Various configurations may omit, substitute, or add various procedures or components as appropriate. For example, in alternative configurations, the methods may be performed in an order different than that described, and/or various components may be added, omitted, and/or combined. Moreover, features described with respect to certain configurations may be combined in various other configurations, as different aspects and elements of the configurations may be combined in a similar manner. Further, elements therein may be updated as technology evolves, i.e., many elements are examples and do not limit the scope of the disclosure or claims.
Specific details are given in the description to provide a thorough understanding of the exemplary configurations including implementations. However, configurations may be practiced without these specific details, for example, well-known circuits, processes, algorithms, structures, and techniques have been shown without unnecessary detail in order to avoid obscuring the configurations. This description provides example configurations only, and does not limit the scope, applicability, or configuration of the claims. Rather, the foregoing description of the configurations will provide those skilled in the art with an enabling description for implementing the described techniques. Various changes may be made in the function and arrangement of elements without departing from the spirit or scope of the disclosure.
In conclusion, it is intended that the foregoing detailed description be regarded as illustrative rather than limiting, and that it be understood that these examples are illustrative only and are not intended to limit the scope of the invention. After reading the description of the invention, the skilled person can make various changes or modifications to the invention, and these equivalent changes and modifications also fall into the scope of the invention defined by the claims.

Claims (1)

1. A distributed backup synchronization system for public cloud tenant service sensitive data is characterized by comprising an acquisition module, a security module, a backup module, a synchronization module, a verification module and a processor,
the processor is respectively in control connection with the acquisition module, the security module, the backup module, the synchronization module and the verification module, wherein the acquisition module is used for acquiring data of a tenant so as to acquire service and Identity (ID) of the tenant; the verification module is used for verifying the identity of the tenant and the accessed mobile terminal; the safety module is used for protecting the data of the tenant so as to cooperate with the backup module to backup the data of the tenant; the backup module is used for backing up data of each tenant and storing the data in a personal database of the tenant;
the synchronization module triggers the synchronization of the tenant data when receiving the access request which is verified by the verification module;
the acquisition module comprises a networking unit and a database, the networking unit is used for networking with the mobile terminals of the tenants to establish a transmission network, and the transmission network verifies the authorization permission of the mobile terminal corresponding to each tenant through the verification module before connection; the database is used for storing the information of each tenant collected by the networking unit and feeding back a storage serial number;
the acquisition module also comprises a management unit, wherein the management unit generates a corresponding pass code by using the identity information provided by the tenant, checks the access position when using the pass code, and accesses the required service if the pass code meets the pass condition;
the management unit further comprises a passcode generator,the passcode generator is used for automatically generating a passcode and a backup ID, and generates a passcode pass through the following formulai
Figure DEST_PATH_IMAGE001
Wherein u isiTotal number of visits for tenant i; taskiThe number of times of the current day access is the tenant i; z is a radical ofiIs the current time; diIs the cut-off time; w is aiTriggering waiting time when accessing for the tenant i; k is a radical ofiIs the last access passcode of tenant i,
Figure 804330DEST_PATH_IMAGE002
wherein series is the identity ID of the tenant; when a new pass code is generated, the pass code is updated;
the passcode generator generates a backup ID by:
Figure DEST_PATH_IMAGE003
wherein, BackupiIs a backup ID; a and b are coefficients, and the values of the coefficients are related to items or demands issued by tenants; giThe total storage capacity of data uploaded for the tenants; k is a radical ofiThe password is the last access password;
before responding to the access request of the tenant, the management unit needs to utilize the pass code generator to generate a new pass code and a backup ID, and the newly issued pass code and the backup ID are valid only if the pass code and the backup ID are inconsistent with the original pass code and the backup ID, so that the record of the access request can be traced;
the verification module comprises a verification unit and an authorization unit, wherein the verification unit is used for verifying the identity of the tenant, and if the identity of the tenant is not registered, the result of unregistering is fed back to the tenant;
the verification unit comprises a registration subunit and an ID creation subunit, the registration subunit acquires identity information of the tenant, establishes an account of the tenant based on an ID registration protocol, and generates an authorization code through the authorization unit, wherein if the equipment adopted during current registration is a mobile terminal, the identification code of the equipment is read and is bound with the authorization code; if the current registration equipment is not the mobile terminal, the authorization code is granted when the next mobile terminal is used for logging in;
the ID creating subunit is used for creating the identity or the ID of the tenant and sending the generated ID to the transmission network;
the registration subunit is further configured to acquire a location of the mobile terminal related to the login account to acquire corresponding tenant information when the tenant registers or logs in;
the backup module comprises an identification unit and a backup unit, the identification unit identifies based on the data of the tenant to identify whether the data is private data, and if the data is the private data, the backup unit performs backup; the backup unit is used for backing up the private data and protecting the private data through a safety module;
the identification unit determines whether the data is the private data or not through a privacy policy, wherein the privacy policy comprises that a plurality of storage units are opened up in an inherent storage space, and each storage unit stores at least one piece of personal data related to the tenant; generating a packing instruction after each storage unit is stored and meets a packing threshold, wherein the storage units are packed and backed up through the backup unit; wherein the backup unit performs a backup operation based on the packing instruction;
the backup unit opens a storage area for storing the private data in a storage space of a tenant based on the backup ID and the data of the packaging instruction of the identification unit; the backup instruction is generated after being stored, and the backup instruction is used for data interaction with other tenants in a transmission network;
the synchronization module comprises a synchronization unit and an extraction unit, the synchronization unit synchronizes a requirement list of a tenant based on the extraction unit, and the synchronization unit responds to a searched label to trigger synchronous display of data when executing synchronization operation;
wherein the synchronization operation comprises:
establishing a search database, wherein the search database comprises data of each tenant;
searching the demands of the tenants through a search engine, and generating corresponding search results after data matched with the demands of the tenants exist in the search database;
displaying corresponding tenant information based on the search result, and sending the tenant information to a mobile terminal of a tenant submitting a demand, wherein the tenant information comprises a tenant leasing address, an estimated distance with demand submitting equipment in real time and a contact telephone;
the security module is used for protecting data of a tenant, and when the tenant uploads the data in the transmission network, the security module performs encryption operation on the data; the security module hides the data which are not necessarily published by the search result so as to protect the information security of the tenant;
the encryption operation comprises:
acquiring data capacity of a tenant, and distributing membership degrees to the data capacity, wherein the membership degrees are generated according to identity information of the tenant or the authorization code; obtaining a data sequence U = { C requiring encryption operation1,C2,C3,…,CmIs epsilon with R; the security module performs encryption according to the following equation:
Figure 126726DEST_PATH_IMAGE004
wherein,
Figure DEST_PATH_IMAGE005
for encrypting a plaintext sequence, MI is an encrypted key; m is the number of elements of the data sequenceAn amount; n is the number of elements of the encrypted plaintext sequence; and m = n.
CN202111178820.6A 2021-10-11 2021-10-11 Distributed backup synchronization system for public cloud tenant service sensitive data Active CN113608933B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111178820.6A CN113608933B (en) 2021-10-11 2021-10-11 Distributed backup synchronization system for public cloud tenant service sensitive data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111178820.6A CN113608933B (en) 2021-10-11 2021-10-11 Distributed backup synchronization system for public cloud tenant service sensitive data

Publications (2)

Publication Number Publication Date
CN113608933A CN113608933A (en) 2021-11-05
CN113608933B true CN113608933B (en) 2022-02-08

Family

ID=78343483

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111178820.6A Active CN113608933B (en) 2021-10-11 2021-10-11 Distributed backup synchronization system for public cloud tenant service sensitive data

Country Status (1)

Country Link
CN (1) CN113608933B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833346A (en) * 2012-09-06 2012-12-19 上海海事大学 Storage metadata based security protection system and method for cloud sensitive data
CN104683161A (en) * 2015-03-18 2015-06-03 杭州华三通信技术有限公司 Network management method and device based on SaaS (software as a service)
CN105740717A (en) * 2016-01-29 2016-07-06 四川效率源信息安全技术股份有限公司 Method and apparatus for performing electronic data file protection based on encrypted partition
CN113132362A (en) * 2021-03-31 2021-07-16 青岛中瑞汽车服务有限公司 Trusted authorization method, trusted authorization device, electronic equipment and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105610803A (en) * 2015-12-23 2016-05-25 浙江工业大学 Method for protecting privacy of cloud computed big data
US11811674B2 (en) * 2018-10-20 2023-11-07 Netapp, Inc. Lock reservations for shared storage

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833346A (en) * 2012-09-06 2012-12-19 上海海事大学 Storage metadata based security protection system and method for cloud sensitive data
CN104683161A (en) * 2015-03-18 2015-06-03 杭州华三通信技术有限公司 Network management method and device based on SaaS (software as a service)
CN105740717A (en) * 2016-01-29 2016-07-06 四川效率源信息安全技术股份有限公司 Method and apparatus for performing electronic data file protection based on encrypted partition
CN113132362A (en) * 2021-03-31 2021-07-16 青岛中瑞汽车服务有限公司 Trusted authorization method, trusted authorization device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN113608933A (en) 2021-11-05

Similar Documents

Publication Publication Date Title
US11572713B1 (en) Smart lock box
CN110909073B (en) Method and system for sharing private data based on intelligent contract
US20200119904A1 (en) Tamper-proof privileged user access system logs
US8997198B1 (en) Techniques for securing a centralized metadata distributed filesystem
CA3115928A1 (en) Distributed ledger for encrypted digital identity
CN109241753A (en) A kind of data sharing method and system based on block chain
US20140136840A1 (en) Computer system for storing and retrieval of encrypted data items using a tablet computer and computer-implemented method
US10250613B2 (en) Data access method based on cloud computing platform, and user terminal
CN106790156B (en) Intelligent device binding method and device
CN109768983A (en) Dynamic and Multi dimensional personal identification method, apparatus and system based on block chain
CN112291375B (en) Internet of things equipment security access control method, Internet of things equipment and Internet of things system
US11017110B1 (en) Enhanced securing of data at rest
US20220014509A1 (en) Systems and methods for securing login access
CN114172663B (en) Business right determining method and device based on block chain, storage medium and electronic equipment
CN114254269A (en) System and method for determining rights of biological digital assets based on block chain technology
CN108121904B (en) Unlocking method, device, electronic equipment and server
WO2016013925A1 (en) System and method for secure tracking of internet of things based goods in supply chain system
CN112734248A (en) Real estate intelligent management system
Tiwari et al. India’s “Aadhaar” Biometric ID: Structure, Security, and Vulnerabilities
CN113608933B (en) Distributed backup synchronization system for public cloud tenant service sensitive data
CN110955909A (en) Personal data protection method and block link point
KR101449806B1 (en) Method for Inheriting Digital Information
JP2004140715A (en) System and method for managing electronic document
CN105743883B (en) A kind of the identity attribute acquisition methods and device of network application
CN113961970B (en) Cross-network-segment network disk login identity authentication method and device, network disk and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 518063 No. 01-03, floor 17, block B, building 10, Shenzhen Bay science and technology ecological park, No. 10, Gaoxin South ninth Road, Yuehai street, Nanshan District, Shenzhen, Guangdong

Patentee after: Global Numerical Technology Co.,Ltd.

Country or region after: China

Address before: No. 01-03, 17th Floor, Building B, Shenzhen Bay Science and Technology Ecological Park, No. 10 Gaoxin South 9th Road, Yuehai Street, Nanshan District, Shenzhen City, Guangdong Province

Patentee before: Global Digital Group Co.,Ltd.

Country or region before: China