CA3176858A1 - Data processing method and system - Google Patents
Data processing method and systemInfo
- Publication number
- CA3176858A1 CA3176858A1 CA3176858A CA3176858A CA3176858A1 CA 3176858 A1 CA3176858 A1 CA 3176858A1 CA 3176858 A CA3176858 A CA 3176858A CA 3176858 A CA3176858 A CA 3176858A CA 3176858 A1 CA3176858 A1 CA 3176858A1
- Authority
- CA
- Canada
- Prior art keywords
- service
- data
- encryption
- secret key
- service cluster
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 21
- 238000000034 method Methods 0.000 claims abstract description 38
- 238000013507 mapping Methods 0.000 claims description 24
- 238000012545 processing Methods 0.000 claims description 12
- 230000008569 process Effects 0.000 description 13
- 238000012795 verification Methods 0.000 description 6
- 238000003860 storage Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000002950 deficient Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000002513 implantation Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000005304 joining Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Disclosed are a data processing method and system, belonging to the technical field of data security. The method comprises: a service gateway receiving a data encryption request sent by a first user, and routing the data encryption request to a service cluster, wherein the data encryption request carries data to be encrypted and a data access right; the service cluster invoking a corresponding service instance from among a plurality of service instances to encrypt the data to be encrypted so as to generate ciphertext, and generating an encryption event; correspondingly storing, in a database, the data access right, an event number of the encryption event and an encryption algorithm and a key used for encrypting the data to be encrypted; returning, to the service gateway, an encryption result including the ciphertext, an identifier of the service cluster and the event number; and the service gateway returning the encryption result to the first user. The embodiments of the present invention can reduce the risk of a data producer and a data user leaking a key, such that the security of data is higher, and same also ensure the implementation of the principle of data access right minimization.
Description
DATA PROCESSING METHOD AND SYSTEM
BACKGROUND OF THE INVENTION
Technical Field [0001] The present invention relates to the field of data security technology, and more particularly to a data processing method and a corresponding system.
Description of Related Art
BACKGROUND OF THE INVENTION
Technical Field [0001] The present invention relates to the field of data security technology, and more particularly to a data processing method and a corresponding system.
Description of Related Art
[0002] Currently, there are the following several methods for data security management and control in the field of big data:
[0003] Method 1, the same and single secret key is used to encrypt sensitive data in the process of data production or transmission before entry into the database, and the data user uses a corresponding (symmetric or asymmetric) secret key for decryption;
[0004] Method 2, sensitive data is performed with high-level permission management and control, and it is physically and technologically ensured that only the essential personnel can come in contact with the sensitive data;
[0005] Method 3, an encryption/decryption mechanism is implanted to the access engine of the database, and encryption and decryption of sensitive data are transparent to users.
[0006] However, the above methods are all defective as specified below:
[0007] As regards Method 1, the data producer or the data user can come in contact with the encryption/decryption secret key, there is a risk of leakage of the secret key, while the encrypted data is no longer secure once the secret key is leaked;
[0008] As regards Method 2, although there is high-level permission management and control, the data warehouse management personnel can still come in direct contact with sensitive data, and the principle of minimization of permission is not satisfied;
Date Regue/Date Received 2022-09-23
Date Regue/Date Received 2022-09-23
[0009] As regards Method 3, implantation of the encryption/decryption mechanism to the access engine of the database cannot eliminate the possibility of data being leaked in the process of circulating the data before entry into the database.
SUMMARY OF THE INVENTION
SUMMARY OF THE INVENTION
[0010] Aiming to solve one of the technical problems prevailing in the state of the art or existent in the related technologies, the present invention provides a data processing method and a data processing system.
[0011] Specific technical solutions provided by the embodiments of the present invention are as follows.
[0012] According to the first aspect, the present invention provides a data processing method, the method is applied to a data processing system that comprises a service gateway and a service cluster, wherein the service cluster includes a plurality of service instances, and a database is deployed in the service cluster; the method comprises:
[0013] receiving, by the service gateway, a data encryption request sent from a first user, and routing the data encryption request to the service cluster, wherein the data encryption request carries therewith data to be encrypted and a data access permission;
[0014] invoking, by the service cluster, a corresponding service instance from the plural service instances to encrypt the data to be encrypted to generate a cyphertext, and to generate an encrypted event;
[0015] correspondingly storing the data access permission, an event number of the encrypted event, an encryption algorithm and a secret key used to encrypt the data to be encrypted in the database;
[0016] returning to the service gateway an encryption result containing the cyphertext, an identifier of the service cluster, and the event number; and
[0017] returning, by the service gateway, the encryption result to the first user.
Date Regue/Date Received 2022-09-23
Date Regue/Date Received 2022-09-23
[0018] Further, when there are plural service clusters, the step of routing the data encryption request to the service cluster includes:
[0019] determining a service cluster having mapping relation to the first user from the plural service clusters according to a preset mapping relation table; and
[0020] routing the data encryption request to the service cluster having mapping relation to the first user.
[0021] Further, the plural service clusters include at least two selected from a symmetric encryption service cluster, a Hash algorithm service cluster, an asymmetric encryption service cluster, and a business customization encryption service cluster.
[0022] Moreover, the secret key is randomly extracted from a secret key pool, and the method further comprises:
[0023] replacing a secret key in the secret key pool according to a preset secret key replacing condition.
[0024] Further, the secret key replacing condition is one of the following conditions:
[0025] the number of uses of the secret key in the secret key pool reaches a number of uses threshold; or
[0026] a time of existence of the secret key in the secret key pool reaches a time threshold.
[0027] Moreover, the method further comprises:
[0028] receiving, by the service gateway, a data decryption request sent from a second user, wherein the data decryption request carries therewith a cyphertext to be encrypted, a service cluster identifier, and an encrypted event number;
[0029] routing, by the service gateway, the data decryption request to a service cluster to which the service cluster identifier corresponds;
[0030] enquiring in the database, by the service cluster, a data access permission to which the Date Regue/Date Received 2022-09-23 encrypted event number corresponds, and invoking a corresponding service instance from the plural service instances, when the second user possesses the data access permission, to decrypt the cyphertext to be encrypted based on an encryption algorithm and a secret key to which the encrypted event number corresponds and obtain a plaintext;
and
and
[0031] returning, by the service cluster, a decryption result containing the plaintext to the service gateway, so that the service gateway returns the decryption result to the second user.
[0032] Further, the corresponding service instance is selected from the plural service instances according to a load balancing mode or a random mode.
[0033] According to the second aspect, there is provided a data processing system that comprises a service gateway and a service cluster, wherein the service cluster includes a plurality of service instances, and a database is deployed in the service cluster, wherein:
[0034] the service gateway is employed for receiving a data encryption request sent from a first user, and routing the data encryption request to the service cluster, wherein the data encryption request carries therewith data to be encrypted and a data access permission;
[0035] the service cluster is employed for invoking a corresponding service instance from the plural service instances to encrypt the data to be encrypted to generate a cyphertext, and to generate an encrypted event;
[0036] the service cluster is further employed for correspondingly storing the data access permission, an event number of the encrypted event, an encryption algorithm and a secret key used to encrypt the data to be encrypted in the database; and
[0037] returning to the service gateway an encryption result containing the cyphertext, an identifier of the service cluster, and the event number; and
[0038] the service gateway is further employed for returning the encryption result to the first user.
[0039] Further, when there are plural service clusters, the service gateway is specifically employed for:
[0040] determining a service cluster having mapping relation to the first user from the plural Date Regue/Date Received 2022-09-23 service clusters according to a preset mapping relation table; and
[0041] routing the data encryption request to the service cluster having mapping relation to the first user.
[0042] Further, the plural service clusters include at least two selected from a symmetric encryption service cluster, a Hash algorithm service cluster, an asymmetric encryption service cluster, and a business customization encryption service cluster.
[0043] Further, the secret key is randomly extracted from a secret key pool, and the service cluster is specifically employed for:
[0044] replacing a secret key in the secret key pool according to a preset secret key replacing condition.
[0045] Further, the secret key replacing condition is one of the following conditions:
[0046] the number of uses of the secret key in the secret key pool reaches a number of uses threshold; or
[0047] a time of existence of the secret key in the secret key pool reaches a time threshold.
[0048] Further, the service gateway is further employed for receiving a data decryption request sent from a second user, wherein the data decryption request carries therewith a cyphertext to be encrypted, a service cluster identifier, and an encrypted event number;
[0049] the service gateway is further employed for routing the data decryption request to a service cluster to which the service cluster identifier corresponds;
[0050] the service cluster is further employed for enquiring in the database a data access permission to which the encrypted event number corresponds, and invoking a corresponding service instance from the plural service instances, when the second user possesses the data access permission, to decrypt the cyphertext to be encrypted based on an encryption algorithm and a secret key to which the encrypted event number corresponds and obtain a plaintext;
Date Regue/Date Received 2022-09-23
Date Regue/Date Received 2022-09-23
[0051] the service cluster is further employed for returning a decryption result containing the plaintext to the service gateway; and
[0052] the service gateway is further employed for returning the decryption result to the second user.
[0053] Moreover, the service cluster is specifically further employed for:
[0054] selecting the corresponding service instance from the plural service instances according to a load balancing mode or a random mode.
[0055] The technical solutions provided by the embodiments of the present invention bring about the following advantageous effects.
[0056] 1. None of the data producer and the data user comes in contact with the encryption/decryption secret keys during the process of data encryption and data decryption, whereby the risk for the data producer and the data user to leak the secret key is reduced, and security of data is rendered higher.
[0057] 2. Guarantee is supplied to the settlement of the principle of minimization of data access permissions, it is ensured that the data is transmitted and stored always by a specific cyphertext format, the plaintext cannot be obtained by both the system and the personnel involved during the transmission process and the storage phase, so high security is achieved.
BRIEF DESCRIPTION OF THE DRAWINGS
BRIEF DESCRIPTION OF THE DRAWINGS
[0058] To describe the technical solutions in the embodiments of the present invention more clearly, drawings required for use in the description of the embodiments will be briefly introduced below. Apparently, the drawings introduced below are merely directed to some embodiments of the present invention, and it is possible for persons ordinarily skilled in Date Regue/Date Received 2022-09-23 the art to acquire other drawings without creative effort being spent in the process based on these drawings.
[0059] Fig. 1 is a view schematically illustrating an application environment provided by the embodiments of the present invention;
[0060] Fig. 2 is a flowchart illustrating a data processing method provided by Embodiment 1 of the present invention;
[0061] Fig. 3 is a flowchart illustrating a data processing method provided by Embodiment 2 of the present invention; and
[0062] Fig. 4 is a block diagram illustrating a data processing system provided by Embodiment 3 of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
DETAILED DESCRIPTION OF THE INVENTION
[0063] To make the objectives, technical solutions and advantages of the present invention more lucid and clear, the technical solutions in the embodiments of the present invention will be clearly and comprehensively described below in conjunction with accompanying drawings in the embodiments of the present invention. Apparently, the embodiments as described below are merely partial, rather than the entire, embodiments of the present invention. All other embodiments makeable by persons ordinarily skilled in the art on the basis of the embodiments in the present invention without spending any creative effort in the process shall all fall within the protection scope of the present invention.
[0064] As should be understood, the terms "first" and "second" etc. used in the description of the present application are merely for descriptive purposes, rather than for indicating or implying relative importance. In addition, unless explained otherwise in the description Date Regue/Date Received 2022-09-23 of the present application, the wordings of "plural" and "a plurality of' denote the meaning of "two or more".
[0065] Fig. 1 is a view schematically illustrating an application environment provided by the embodiments of the present invention, as shown in Fig. 1, the application environment can include client end 01, service gateway 02, and service cluster 03, wherein client end 01 can be run in a user equipment of a data producer or a data supplier, and can also be run in a user equipment of a data user, understandably, client end 01 is not restricted to be one, and the user equipment includes, but is not limited to, any of such an entity equipment as a table computer, a panel computer, a notebook computer, a smart mobile phone, etc. Service gateway 02 can uniformly supply REST API (Application Programming Interface) to client end 01 to receive an external request, and to forward the received external request to the backend service cluster, in addition, the service gateway further possesses such function as permission control; service cluster 03 includes such plural service instances as service instance 1, service instance 2 ........
service instance n, the plural service instances include many different types of service instances, each type of service instances is at least one, and each service instance can supply encryption and decryption services by deploying encryption and decryption algorithms therein.
service instance n, the plural service instances include many different types of service instances, each type of service instances is at least one, and each service instance can supply encryption and decryption services by deploying encryption and decryption algorithms therein.
[0066] Embodiment 1
[0067] This embodiment of the present invention provides a data processing method, this data processing method is applied to a data processing system that comprises a service gateway and a service cluster, of which the service cluster includes a plurality of service instances, and in the service cluster is deployed a database; as shown in Fig.
2, the data processing method comprises the following steps.
2, the data processing method comprises the following steps.
[0068] 201 - receiving, by the service gateway, a data encryption request sent from a first user, and routing the data encryption request to the service cluster, wherein the data encryption Date Regue/Date Received 2022-09-23 request carries therewith data to be encrypted and a data access permission.
[0069] In this embodiment, the first user can be a data producer or a data supplier, and the first user submits the data encryption request to the service gateway through a first client end.
[0070] The data to be encrypted as carried in the data encryption request can be data that contains sensitive information, such as user identification information or assets information, etc.
[0071] The data access permission carried in the data encryption request is used to indicate the permission to decrypt cyphertext of the data to be encrypted, the data access permission can include a user identifier of the user authorized to access, and the user identifier can be a username, a client end address (such as MAC address), and so on, to which no definition is made here.
[0072] The service cluster can be any one of a symmetric encryption service cluster, a Hash algorithm service cluster, an asymmetric encryption service cluster, and a business customization encryption service cluster. The plural service instances included in the server cluster can include various different types of service instances, each type of service instances is at least one, and each service instance can supply encryption and decryption services by deploying encryption and decryption algorithms therein. The types here are identical with the deployed encryption and decryption algorithms.
[0073] When the service cluster is an asymmetric service cluster, the service cluster can include several DES encryption service instances, plural 3DES encryption service instances, plural 5M4 encryption service instances, and plural AES encryption service instances;
when the service cluster is a Hash algorithm service cluster, the service cluster can include plural MD5 service instances, plural SHA service instances, plural 5M3 service instances, and plural AES encryption service instances; when the service cluster is an asymmetric encryption service cluster, the server cluster can include plural RSA
encryption service Date Regue/Date Received 2022-09-23 instances, plural ECC encryption service instances, and plural SM2 encryption service instances.
when the service cluster is a Hash algorithm service cluster, the service cluster can include plural MD5 service instances, plural SHA service instances, plural 5M3 service instances, and plural AES encryption service instances; when the service cluster is an asymmetric encryption service cluster, the server cluster can include plural RSA
encryption service Date Regue/Date Received 2022-09-23 instances, plural ECC encryption service instances, and plural SM2 encryption service instances.
[0074] Moreover, before routing the data encryption request to the service cluster in step 201, the method provided by this embodiment of the present invention can further comprise:
[0075] performing identification verification and authentication on the first user, returning encryption request failure information to the first user if the first user does not pass the identification verification and authentication, and routing the data encryption request to the service cluster if the first user passes authentication.
[0076] In this embodiment, by performing identification verification and authentication on service invokers, different permissions can be supplied to different client ends through permission control, surveillance functions are provided for accesses and availabilities of service clusters, and different service clusters can be opened up to different client ends, so that security in accessing service clusters is enhanced.
[0077] Further, when there are plural service clusters, the process of routing the data encryption request to the service cluster in step 201 can include:
[0078] determining a service cluster having mapping relation to the user identifier in the data encryption request from the plural service clusters according to a preset mapping relation table, and routing the data encryption request to the service cluster having mapping relation to the user identifier.
[0079] The plural service clusters include at least two selected from a symmetric encryption service cluster, a Hash algorithm service cluster, an asymmetric encryption service cluster, and a business customization encryption service cluster.
[0080] During the process of specific implementation, after the data producer or the data supplier has completed service registration, the service gateway can create mapping relations Date Regue/Date Received 2022-09-23 between user identifiers of the data producer or the data supplier and plural service clusters, the mapping relations can be one-to-one relations and can also be one-to-many relations, whereby the data producer or the data supplier can randomly route the data encryption request to a service cluster having mapping relation to the user identifier through the first client end.
[0081] Besides, when the data encryption request carries therewith a designated encryption service identifier, the data encryption request can be routed to the service cluster having mapping relation to the user identifier and corresponding to encryption service identifier.
[0082] In this embodiment, when there are plural service clusters, the encryption request is routed to the service cluster having mapping relation to the user identifier in the data encryption request according to a preset mapping relation table, whereby invoking requests for different encryption services by different users can be satisfied, and it is realized to control secure access to encrypted service clusters, so that security in accessing service clusters is enhanced.
[0083] 202 - invoking, by the service cluster, a corresponding service instance from the plural service instances to encrypt the data to be encrypted to generate a cyphertext, and to generate an encrypted event.
[0084] Specifically, this process can include:
[0085] selecting the corresponding service instance from the plural service instances according to a load balancing mode or a random mode; and
[0086] invoking the service instance to encrypt the data to be encrypted, to generate a cyphertext, and to simultaneously generate an encrypted event according to an encryption algorithm and a pre-generated secret key preset on the service instance.
[0087] The step of selecting the corresponding service instance from the plural service instances Date Regue/Date Received 2022-09-23 according to a load balancing mode includes:
[0088] monitoring in real time load statuses of plural service instances, and selecting the service instance with the smallest current load from the plural service instances according to the load balancing mode and in accordance with the monitoring result.
[0089] The load status of a service instance can include one or more selected from a CPU
utilization rate, a memory utilization rate, magnetic disk reading/writing, and network connection status.
utilization rate, a memory utilization rate, magnetic disk reading/writing, and network connection status.
[0090] The secret key used for encrypting the data to be encrypted is randomly extracted from a secret key pool. In this embodiment, encryption/decryption secret key pools can be respectively set in advance with respect to different types of encryption algorithms, and preset numbers of secret keys are generated in advance in the encryption/decryption secret key pools, when the service cluster invokes a service instance to perform encryption service, one/a pair of secret key(s) can be randomly extracted from the corresponding encryption/decryption secret key pool to serve as the secret key(s) to encrypt the data to be encrypted this time.
[0091] Moreover, the method provided by this embodiment of the present invention further comprises:
[0092] replacing a secret key in the secret key pool according to a preset secret key replacing condition.
[0093] The secret key replacing condition is one of the following conditions:
[0094] the number of uses of the secret key in the secret key pool reaches a number of uses threshold; or
[0095] a time of existence of the secret key in the secret key pool reaches a time threshold.
[0096] Specifically, when the number of uses of a secret key in the secret key pool reaches the Date Regue/Date Received 2022-09-23 number of uses threshold, the secret key can be deleted from the secret key pool, and one/a pair of new secret key(s) is/are simultaneously generated and placed in the secret key pool; alternatively, when the time of existence of a secret key in the secret key pool reaches the time threshold, the secret key can be deleted from the secret key pool, and one/a pair of new secret key(s) is/are simultaneously generated and placed in the secret key pool.
[0097] In the embodiments of the present invention, by replacing the secret key in the secret key pool according to a preset secret key replacing condition, security in the data encrypting process can be further supplied.
[0098] Exemplarily, suppose that the service instance invoked from a plurality of service instances is an AES encryption service instance, if the data to be encrypted is an identification card number, the AES encryption service instance is invoked to encrypt the identification card number according to an AES algorithm and a secret key randomly extracted from the secret key pool, the cyphertext generated from the identification card number is " eeL3F XVj nhb7J3x0j YJbki QZnnQj YOQH ScUG7VsWvCE=", the corresponding cyphertext length is 44 bytes, the encryption service simultaneously generates an event number, and the event number is used to uniquely identify the encrypted event this time, wherein the event number can be a serial number with a length of 64 bits, and is expressed decimally.
[0099] 203 - correspondingly storing the data access permission, an event number of the encrypted event, an encryption algorithm and a secret key used to encrypt the data to be encrypted in the database.
[0100] The database can be embodied as a key-value database, in which data can be organized, retrieved, and stored in the form of key-value pairs.
Date Regue/Date Received 2022-09-23
Date Regue/Date Received 2022-09-23
[0101] Specifically, the event number of the encrypted event is taken as the Key, the data access permission, the encryption algorithm and the secret key used to encrypt the data to be encrypted are taken as the Value, and these are correspondingly stored in the key-value database.
[0102] In this embodiment, by using a key-value database to store the event number of the encrypted event, the data access permission, the encryption algorithm and the secret key used to encrypt the data to be encrypted, it can be facilitated to subsequently lessen resource consumption of the database by virtue of the quick and high-performance retrieval of the encrypted event number, and it is realized to manage and control data access permissions of cyphertexts, to prevent encryption algorithms and secret keys in the database from being decrypted by inadequate users to invoke decryption services in the service clusters to obtain plaintexts, whereby security of the data is further enhanced.
[0103] 204 - returning to the service gateway an encryption result containing the cyphertext, an identifier of the service cluster, and the event number.
[0104] Specifically, the encrypted event number, the identifier of the service cluster, and the encrypted event number are assembled with a certain data format to obtain the encryption result.
[0105] During the process of specific implementation, the encryption result can be a byte array obtained by sequentially joining a byte array of the event number, the identifier of the service cluster, and a byte array of the cyphertext.
[0106] 205 - returning, by the service gateway, the encryption result to the first user.
[0107] After the service gateway has returned the encryption result to the first user, the first user can store the encryption result in a data warehouse or to transmit it to other users.
Date Regue/Date Received 2022-09-23
Date Regue/Date Received 2022-09-23
[0108] In the data processing method provided by the embodiments of the present invention, since the data encryption request sent from the user is routed and forwarded through the service gateway to the corresponding service cluster for encryption processing, and an encryption result is received returned from the service cluster, during the process of encryption, since the encryption algorithm and the secret key used to generate the cyphertext are stored by the service cluster in the database, the user cannot come in contact with the encryption secret key, so there is no risk of leaking the secret key through the data producer or the data user, so that higher data security is guaranteed; at the same time, since the data encryption request carries therewith a data access permission, guarantee is hence supplied to the settlement of the principle of minimization of data access permissions, it is ensured that the data is always transmitted and stored with a specific cyphertext format, and none of the system and personnel involved in the transmission process and the storage phase can obtain the plaintext, so the data security is further ensured.
[0109] Embodiment 2
[0110] This embodiment of the present invention provides a data processing method, in this embodiment, besides including the steps described with reference to Fig. 2, the data processing method further comprises step 301 to step 304 following step 205, for the sake of brevity, the steps described in Fig. 2 are omitted. As shown in Fig. 3, the data processing method further comprises the following steps.
[0111] 301 - receiving, by the service gateway, a data decryption request sent from a second user, wherein the data decryption request carries therewith a cyphertext to be encrypted, a service cluster identifier, and an encrypted event number.
[0112] In this embodiment, the second user can be a data user, and the second user submits a Date Regue/Date Received 2022-09-23 data encryption request to the service gateway through a second client end.
[0113] 302 - routing, by the service gateway, the data decryption request to a service cluster to which the service cluster identifier corresponds.
[0114] In this embodiment, the service gateway can determine the corresponding service cluster according to the service cluster identifier, and route the data decryption request to the corresponding service cluster.
[0115] Moreover, prior to step 302, the method provided by this embodiment of the present invention can further comprise:
[0116] performing identification verification and authentication on the second user by the service gateway, returning decryption request failure information to the second user if the second user does not pass the identification verification and authentication, and routing the data decryption request to the corresponding service cluster if the second user passes authentication.
[0117] In this embodiment, by performing identification verification and authentication on service invokers by the service gateway, different permissions can be supplied to different client ends through permission control, surveillance functions are provided for accesses and availabilities of service clusters, and different service clusters can be opened up to different client ends, so that security in accessing service clusters is ensured, and permission management and control are achieved for the invoked decryption services.
[0118] 303 - enquiring in the database, by the service cluster, a data access permission to which the encrypted event number corresponds, and invoking a corresponding service instance from the plural service instances, when the second user possesses the data access permission, to decrypt the cyphertext to be encrypted based on an encryption algorithm and a secret key to which the encrypted event number corresponds and obtain a plaintext.
Date Regue/Date Received 2022-09-23
Date Regue/Date Received 2022-09-23
[0119] In this embodiment, the service cluster can enquire the data access permission to which the encrypted event number corresponds in the database, and compare the user identifier of the second user with the user identifier of the authorized accessing user in the data access permission, in the case of consistent comparison, it is determined that the second user has the data access permission, in the case of inconsistent comparison, the second user does not have the data access permission, when the second user does not have the data access permission, the service cluster returns decryption request failure information to the second user through the service gateway.
[0120] After the service cluster has determined that the second user has the data access permission, a service instance is selected according to a load balancing mode or a random mode from a plurality of service instances all preset with the encryption algorithm to which the encrypted event number corresponds, so as to enable the service instance to decrypt the cyphertext to obtain a plaintext according to the encryption algorithm and the secret key.
[0121] During the process of specific implementation, load statuses of plural service instances preset with the encryption algorithm to which the encrypted event number corresponds can be monitored in real time, and the service instance with the smallest current load is selected from the plural service instances according to the load balancing mode to perform the decryption service.
[0122] The load status of a service instance can include one or more selected from a CPU
utilization rate, a memory utilization rate, magnetic disk reading/writing, and network connection status.
utilization rate, a memory utilization rate, magnetic disk reading/writing, and network connection status.
[0123] 304 - returning, by the service cluster, a decryption result containing the plaintext to the service gateway, so that the service gateway returns the decryption result to the second Date Regue/Date Received 2022-09-23 user.
[0124] In the data processing method provided by the embodiments of the present invention, since the data decryption request sent from the user is routed and forwarded through the service gateway to the corresponding service cluster for decryption processing, in the data decrypting process, it is firstly judged whether the user as the data user has the data access permission, and the data decryption service is performed only when the data access permission is possessed, so that the data user is prevented from possibly leaking the secret key due to the contact of the data user with the secret key used to decrypt the cyphertext, whereby data security is rendered higher; in addition, it is also realized to manage and control data access permissions of cyphertexts, to prevent encryption algorithms and secret keys in the database from being decrypted by inadequate users to invoke decryption services in the service clusters to obtain plaintexts, whereby security of the data is further ensured.
[0125] Embodiment 3
[0126] This embodiment of the present invention provides a data processing system, as shown in Fig. 4, the data processing system can comprise service gateway 41 and service clusters 42 that each includes a plurality of service instances and a database is deployed in each service cluster, wherein:
[0127] the service gateway 41 is employed for receiving a data encryption request sent from a first user, and routing the data encryption request to the service cluster, wherein the data encryption request carries therewith data to be encrypted and a data access permission;
[0128] the service cluster 42 is employed for invoking a corresponding service instance from the plural service instances to encrypt the data to be encrypted to generate a cyphertext, and to generate an encrypted event;
[0129] the service cluster 42 is further employed for correspondingly storing the data access permission, an event number of the encrypted event, an encryption algorithm and a secret Date Regue/Date Received 2022-09-23 key used to encrypt the data to be encrypted in the database; and
[0130] returning to the service gateway an encryption result containing the cyphertext, an identifier of the service cluster, and the event number; and
[0131] the service gateway 41 is further employed for returning the encryption result to the first user.
[0132] Further, when there are plural service clusters, the service gateway 41 is specifically employed for:
[0133] determining a service cluster having mapping relation to the first user from the plural service clusters according to a preset mapping relation table; and
[0134] routing the data encryption request to the service cluster having mapping relation to the first user.
[0135] Further, the plural service clusters 42 include at least two selected from a symmetric encryption service cluster, a Hash algorithm service cluster, an asymmetric encryption service cluster, and a business customization encryption service cluster.
[0136] Further, the secret key is randomly extracted from a secret key pool, and the service cluster 42 is specifically employed for:
[0137] replacing a secret key in the secret key pool according to a preset secret key replacing condition.
[0138] Further, the secret key replacing condition is one of the following conditions:
[0139] the number of uses of the secret key in the secret key pool reaches a number of uses threshold; or
[0140] a time of existence of the secret key in the secret key pool reaches a time threshold.
[0141] Further, the service gateway 41 is further employed for receiving a data decryption request sent from a second user, wherein the data decryption request carries therewith a Date Regue/Date Received 2022-09-23 cyphertext to be encrypted, a service cluster identifier, and an encrypted event number;
[0142] the service gateway 41 is further employed for routing the data decryption request to a service cluster to which the service cluster identifier corresponds;
[0143] the service cluster 42 is further employed for enquiring in the database a data access permission to which the encrypted event number corresponds, and invoking a corresponding service instance from the plural service instances, when the second user possesses the data access permission, to decrypt the cyphertext to be encrypted based on an encryption algorithm and a secret key to which the encrypted event number corresponds and obtain a plaintext;
[0144] the service cluster 42 is further employed for returning a decryption result containing the plaintext to the service gateway; and
[0145] the service gateway 41 is further employed for returning the decryption result to the second user.
[0146] Moreover, the service cluster 42 is specifically further employed for:
[0147] selecting the corresponding service instance from the plural service instances according to a load balancing mode or a random mode.
[0148] The data processing system provided by this embodiment pertains to the same inventive concept as the data processing method provided by the foregoing embodiment of the present invention, can execute the data processing method provided by the foregoing embodiments of the present invention, and has corresponding functional modules and advantageous effects of executing data processing method. Technical details not particularized in this embodiment can be inferred from the data processing method provided by the foregoing embodiment of the present invention, and are not redundantly described in this context.
[0149] All the above optional technical solutions can be randomly combined to form optional embodiments of the present invention, and these are not redundantly described in a one-Date Regue/Date Received 2022-09-23 by-one basis.
[0150] As understandable by persons ordinarily skilled in the art, realization of the entire or partial steps of the aforementioned embodiments can be completed by hardware, or by a program instructing relevant hardware, the program can be stored in a computer-readable storage medium, and the storage medium can be a read-only memory, a magnetic disk, or an optical disk, etc.
[0151] What is described above is merely directed to preferred embodiments of the present invention, and is not meant to restrict the present invention. Any modification, equivalent substitution, and improvement makeable within the spirit and principle of the present invention shall all be covered by the protection scope of the present invention.
Date Regue/Date Received 2022-09-23
Date Regue/Date Received 2022-09-23
Claims (14)
1. A data processing method, characterized in being applied to a data processing system that comprises a service gateway and a service cluster, wherin the service cluster includes a plurality of service instances, and a database is deployed in the service cluster, the method comprising:
receiving, by the service gateway, a data encryption request sent from a first user, and routing the data encryption request to the service cluster, wherein the data encryption request carries therewith data to be encrypted and a data access permission;
invoking, by the service cluster, a corresponding service instance from the plural service instances to encrypt the data to be encrypted to generate a cyphertext, and to generate an encrypted event;
correspondingly storing the data access permission, an event number of the encrypted event, an encryption algorithm and a secret key used to encrypt the data to be encrypted in the database;
returning to the service gateway an encryption result containing the cyphertext, an identifier of the service cluster, and the event number; and returning, by the service gateway, the encryption result to the first user.
receiving, by the service gateway, a data encryption request sent from a first user, and routing the data encryption request to the service cluster, wherein the data encryption request carries therewith data to be encrypted and a data access permission;
invoking, by the service cluster, a corresponding service instance from the plural service instances to encrypt the data to be encrypted to generate a cyphertext, and to generate an encrypted event;
correspondingly storing the data access permission, an event number of the encrypted event, an encryption algorithm and a secret key used to encrypt the data to be encrypted in the database;
returning to the service gateway an encryption result containing the cyphertext, an identifier of the service cluster, and the event number; and returning, by the service gateway, the encryption result to the first user.
2. The method according to Claim 1, characterized in that, when there are plural service clusters, the step of routing the data encryption request to the service cluster includes:
determining a service cluster having mapping relation to the first user from the plural service clusters according to a preset mapping relation table; and routing the data encryption request to the service cluster having mapping relation to the first user.
determining a service cluster having mapping relation to the first user from the plural service clusters according to a preset mapping relation table; and routing the data encryption request to the service cluster having mapping relation to the first user.
3. The method according to Claim 2, characterized in that the plural service clusters include at least two selected from a symmetric encryption service cluster, a Hash algorithm service cluster, an asymmetric encryption service cluster, and a business customization encryption service cluster.
Date Regue/Date Received 2022-09-23
Date Regue/Date Received 2022-09-23
4. The method according to any one of Claims 1 to 3, characterized in that the secret key is randomly extracted from a secret key pool, and that the method further comprises:
replacing a secret key in the secret key pool according to a preset secret key replacing condition.
replacing a secret key in the secret key pool according to a preset secret key replacing condition.
5. The method according to Claim 4, characterized in that the secret key replacing condition is one of the following conditions:
the number of uses of the secret key in the secret key pool reaches a number of uses threshold;
or a time of existence of the secret key in the secret key pool reaches a time threshold.
the number of uses of the secret key in the secret key pool reaches a number of uses threshold;
or a time of existence of the secret key in the secret key pool reaches a time threshold.
6. The method according to Claim 1, characterized in that the method further comprises:
receiving, by the service gateway, a data decryption request sent from a second user, wherein the data decryption request carries therewith a cyphertext to be encrypted, a service cluster identifier, and an encrypted event number;
routing, by the service gateway, the data decryption request to a service cluster to which the service cluster identifier corresponds;
enquiring in the database, by the service cluster, a data access permission to which the encrypted event number corresponds, and invoking a corresponding service instance from the plural service instances, when the second user possesses the data access permission, to decrypt the cyphertext to be encrypted based on an encryption algorithm and a secret key to which the encrypted event number corresponds and obtain a plaintext; and returning, by the service cluster, a decryption result containing the plaintext to the service gateway, so that the service gateway returns the decryption result to the second user.
receiving, by the service gateway, a data decryption request sent from a second user, wherein the data decryption request carries therewith a cyphertext to be encrypted, a service cluster identifier, and an encrypted event number;
routing, by the service gateway, the data decryption request to a service cluster to which the service cluster identifier corresponds;
enquiring in the database, by the service cluster, a data access permission to which the encrypted event number corresponds, and invoking a corresponding service instance from the plural service instances, when the second user possesses the data access permission, to decrypt the cyphertext to be encrypted based on an encryption algorithm and a secret key to which the encrypted event number corresponds and obtain a plaintext; and returning, by the service cluster, a decryption result containing the plaintext to the service gateway, so that the service gateway returns the decryption result to the second user.
7. The method according to Claim 1 or 6, characterized in that the corresponding service instance is selected from the plural service instances according to a load balancing mode or a random mode.
8. A data processing system, characterized in comprising a service gateway and a service cluster, Date Regue/Date Received 2022-09-23 wherein the service cluster includes a plurality of service instances, and a database is deployed in the service cluster, wherein:
the service gateway is employed for receiving a data encryption request sent from a first user, and routing the data encryption request to the service cluster, wherein the data encryption request carries therewith data to be encrypted and a data access permission;
the service cluster is employed for invoking a corresponding service instance from the plural service instances to encrypt the data to be encrypted to generate a cyphertext, and to generate an encrypted event;
the service cluster is further employed for correspondingly storing the data access permission, an event number of the encrypted event, an encryption algorithm and a secret key used to encrypt the data to be encrypted in the database; and returning to the service gateway an encryption result containing the cyphertext, an identifier of the service cluster, and the event number; and the service gateway is further employed for returning the encryption result to the first user.
the service gateway is employed for receiving a data encryption request sent from a first user, and routing the data encryption request to the service cluster, wherein the data encryption request carries therewith data to be encrypted and a data access permission;
the service cluster is employed for invoking a corresponding service instance from the plural service instances to encrypt the data to be encrypted to generate a cyphertext, and to generate an encrypted event;
the service cluster is further employed for correspondingly storing the data access permission, an event number of the encrypted event, an encryption algorithm and a secret key used to encrypt the data to be encrypted in the database; and returning to the service gateway an encryption result containing the cyphertext, an identifier of the service cluster, and the event number; and the service gateway is further employed for returning the encryption result to the first user.
9. The system according to Claim 8, characterized in that, when there are plural service clusters, the service gateway is specifically employed for:
determining a service cluster having mapping relation to the first user from the plural service clusters according to a preset mapping relation table; and routing the data encryption request to the service cluster having mapping relation to the first user.
determining a service cluster having mapping relation to the first user from the plural service clusters according to a preset mapping relation table; and routing the data encryption request to the service cluster having mapping relation to the first user.
10. The system according to Claim 9, characterized in that the plural service clusters include at least two selected from a symmetric encryption service cluster, a Hash algorithm service cluster, an asymmetric encryption service cluster, and a business customization encryption service cluster.
11. The system according to any one of Claims 8 to 10, characterized in that the secret key is randomly extracted from a secret key pool, and that the service cluster is specifically employed for:
replacing a secret key in the secret key pool according to a preset secret key replacing condition.
Date Regue/Date Received 2022-09-23
replacing a secret key in the secret key pool according to a preset secret key replacing condition.
Date Regue/Date Received 2022-09-23
12 The system according to Claim 11, characterized in that the secret key replacing condition is one of the following conditions:
the number of uses of the secret key in the secret key pool reaches a number of uses threshold;
or a time of existence of the secret key in the secret key pool reaches a time threshold.
the number of uses of the secret key in the secret key pool reaches a number of uses threshold;
or a time of existence of the secret key in the secret key pool reaches a time threshold.
13. The system according to Claim 8, characterized in that:
the service gateway is further employed for receiving a data decryption request sent from a second user, wherein the data decryption request carries therewith a cyphertext to be encrypted, a service cluster identifier, and an encrypted event number;
the service gateway is further employed for routing the data decryption request to a service cluster to which the service cluster identifier corresponds;
the service cluster is further employed for enquiring in the database a data access permission to which the encrypted event number corresponds, and invoking a corresponding service instance from the plural service instances, when the second user possesses the data access permission, to decrypt the cyphertext to be encrypted based on an encryption algorithm and a secret key to which the encrypted event number corresponds and obtain a plaintext;
the service cluster is further employed for returning a decryption result containing the plaintext to the service gateway; and the service gateway is further employed for returning the decryption result to the second user.
the service gateway is further employed for receiving a data decryption request sent from a second user, wherein the data decryption request carries therewith a cyphertext to be encrypted, a service cluster identifier, and an encrypted event number;
the service gateway is further employed for routing the data decryption request to a service cluster to which the service cluster identifier corresponds;
the service cluster is further employed for enquiring in the database a data access permission to which the encrypted event number corresponds, and invoking a corresponding service instance from the plural service instances, when the second user possesses the data access permission, to decrypt the cyphertext to be encrypted based on an encryption algorithm and a secret key to which the encrypted event number corresponds and obtain a plaintext;
the service cluster is further employed for returning a decryption result containing the plaintext to the service gateway; and the service gateway is further employed for returning the decryption result to the second user.
14. The system according to Claim 8 or 13, characterized in that the service cluster is specifically further employed for:
selecting the corresponding service instance from the plural service instances according to a load balancing mode or a random mode.
Date Regue/Date Received 2022-09-23
selecting the corresponding service instance from the plural service instances according to a load balancing mode or a random mode.
Date Regue/Date Received 2022-09-23
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910281710.9A CN110061983B (en) | 2019-04-09 | 2019-04-09 | Data processing method and system |
| CN201910281710.9 | 2019-04-09 | ||
| PCT/CN2019/109098 WO2020206953A1 (en) | 2019-04-09 | 2019-09-29 | Data processing method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA3176858A1 true CA3176858A1 (en) | 2020-10-15 |
Family
ID=67317620
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA3176858A Pending CA3176858A1 (en) | 2019-04-09 | 2019-09-29 | Data processing method and system |
Country Status (3)
| Country | Link |
|---|---|
| CN (1) | CN110061983B (en) |
| CA (1) | CA3176858A1 (en) |
| WO (1) | WO2020206953A1 (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110061983B (en) * | 2019-04-09 | 2020-11-06 | 苏宁云计算有限公司 | Data processing method and system |
| CN111526184B (en) * | 2020-04-07 | 2022-07-29 | 中国建设银行股份有限公司 | Business auditing method and device |
| CN111818032B (en) * | 2020-06-30 | 2021-09-07 | 腾讯科技(深圳)有限公司 | Data processing method and device based on cloud platform and computer program |
| CN112003697B (en) * | 2020-08-25 | 2023-09-29 | 成都卫士通信息产业股份有限公司 | Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium |
| CN112153072B (en) * | 2020-09-30 | 2023-05-26 | 重庆电子工程职业学院 | Computer network information safety control device |
| CN113259407B (en) * | 2021-03-25 | 2023-02-03 | 上海卓悠网络科技有限公司 | Data interaction method and device based on application market architecture |
| CN113407967B (en) * | 2021-06-25 | 2023-02-07 | 上海卓悠网络科技有限公司 | Service security method and device based on application market architecture |
| CN115544530A (en) * | 2021-06-30 | 2022-12-30 | 阿里巴巴新加坡控股有限公司 | Key management system and method and computing node for realizing key management |
| CN113656819A (en) * | 2021-08-20 | 2021-11-16 | 蚌埠学院 | Information security processing method and system in electronic commerce system |
| CN115314269A (en) * | 2022-07-29 | 2022-11-08 | 北京国领科技有限公司 | Method for realizing high-performance network encryption by serial task division |
Family Cites Families (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080209231A1 (en) * | 2004-10-12 | 2008-08-28 | Information And Communications University Research And Industrial Cooperation Group | Contents Encryption Method, System and Method for Providing Contents Through Network Using the Encryption Method |
| CN102769675B (en) * | 2012-08-13 | 2015-04-22 | 广州杰赛科技股份有限公司 | Method used for keeping host resource stable and based on cloud computing platform |
| CN103581196B (en) * | 2013-11-13 | 2016-05-11 | 上海众人网络安全技术有限公司 | Distributed document transparent encryption method and transparent decryption method |
| CN105320896B (en) * | 2015-10-21 | 2018-04-06 | 成都卫士通信息产业股份有限公司 | A kind of cloud storage encryption and its cipher text retrieval method and system |
| CN105678156B (en) * | 2016-01-04 | 2019-06-28 | 成都卫士通信息产业股份有限公司 | A kind of cloud cryptographic service platform and its workflow based on virtualization technology |
| CN108809906B (en) * | 2017-05-03 | 2020-07-07 | 腾讯科技(深圳)有限公司 | Data processing method, system and device |
| CN107454590A (en) * | 2017-07-26 | 2017-12-08 | 上海斐讯数据通信技术有限公司 | A kind of data ciphering method, decryption method and wireless router |
| CN108228316B (en) * | 2017-12-26 | 2022-01-25 | 成都卫士通信息产业股份有限公司 | Method and device for virtualizing password device |
| CN108280369B (en) * | 2018-03-05 | 2021-11-02 | 中国工商银行股份有限公司 | Cloud document offline access system, intelligent terminal and method |
| CN108521424B (en) * | 2018-04-10 | 2021-01-05 | 西安石油大学 | Distributed data processing method for heterogeneous terminal equipment |
| CN108449358B (en) * | 2018-04-10 | 2021-04-09 | 深圳市深银联易办事金融服务有限公司 | Cloud-based low-delay secure computing method |
| CN108985094B (en) * | 2018-06-28 | 2020-07-21 | 电子科技大学 | Method for realizing access control and range query of ciphertext spatial data in cloud environment |
| CN109361517B (en) * | 2018-08-21 | 2021-09-07 | 西安得安信息技术有限公司 | Virtualized cloud password machine system based on cloud computing and implementation method thereof |
| CN110061983B (en) * | 2019-04-09 | 2020-11-06 | 苏宁云计算有限公司 | Data processing method and system |
-
2019
- 2019-04-09 CN CN201910281710.9A patent/CN110061983B/en active Active
- 2019-09-29 CA CA3176858A patent/CA3176858A1/en active Pending
- 2019-09-29 WO PCT/CN2019/109098 patent/WO2020206953A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| WO2020206953A1 (en) | 2020-10-15 |
| CN110061983B (en) | 2020-11-06 |
| CN110061983A (en) | 2019-07-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA3176858A1 (en) | Data processing method and system | |
| LU101903B1 (en) | System and method for storing and accessing private data of Hyperledger Fabric blockchain | |
| US9122888B2 (en) | System and method to create resilient site master-key for automated access | |
| CN111008228A (en) | Method and device for inquiring account privacy information in block chain | |
| US6839437B1 (en) | Method and apparatus for managing keys for cryptographic operations | |
| US10250613B2 (en) | Data access method based on cloud computing platform, and user terminal | |
| CN110489996B (en) | Database data security management method and system | |
| WO2021164166A1 (en) | Service data protection method, apparatus and device, and readable storage medium | |
| US20110276490A1 (en) | Security service level agreements with publicly verifiable proofs of compliance | |
| US11025415B2 (en) | Cryptographic operation method, method for creating working key, cryptographic service platform, and cryptographic service device | |
| CN109450633B (en) | Information encryption transmission method and device, electronic equipment and storage medium | |
| US11082220B1 (en) | Securing recovery data distributed amongst multiple cloud-based storage services | |
| CN110688666B (en) | Data encryption and preservation method in distributed storage | |
| US11017110B1 (en) | Enhanced securing of data at rest | |
| US20220366030A1 (en) | Password Management Method and Related Apparatus | |
| CN113886862B (en) | Trusted computing system and resource processing method based on trusted computing system | |
| CN111917711B (en) | Data access method and device, computer equipment and storage medium | |
| US11997215B2 (en) | Secret protection during software development life cycle | |
| US9087211B2 (en) | Method and system for annotation based secure caching | |
| US11044079B2 (en) | Enhanced key availability for data services | |
| CN113901507B (en) | Multi-party resource processing method and privacy computing system | |
| US11601285B2 (en) | Securely authorizing service level access to a backup system using a specialized access key | |
| Raja et al. | An enhanced study on cloud data services using security technologies | |
| US20240022418A1 (en) | Cryptographic processing | |
| CN117879819B (en) | Key management method, device, storage medium, equipment and computing power service system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request |
Effective date: 20220923 |
|
| EEER | Examination request |
Effective date: 20220923 |
|
| EEER | Examination request |
Effective date: 20220923 |
|
| EEER | Examination request |
Effective date: 20220923 |
|
| EEER | Examination request |
Effective date: 20220923 |
|
| EEER | Examination request |
Effective date: 20220923 |
|
| EEER | Examination request |
Effective date: 20220923 |
|
| EEER | Examination request |
Effective date: 20220923 |
|
| EEER | Examination request |
Effective date: 20220923 |