CN106712943A - Secure storage system - Google Patents
Secure storage system Download PDFInfo
- Publication number
- CN106712943A CN106712943A CN201710042299.0A CN201710042299A CN106712943A CN 106712943 A CN106712943 A CN 106712943A CN 201710042299 A CN201710042299 A CN 201710042299A CN 106712943 A CN106712943 A CN 106712943A
- Authority
- CN
- China
- Prior art keywords
- key
- data
- storage
- management server
- encrypting module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a secure storage system which comprises a storage device for storing data; the storage device is provided with a storage agent and an encryption module; the storage agent is used for issuing a key application to a key management server, and the key management server sends the key generated according to the key application to an encryption module; and the encryption module is used for encrypting or decrypting the data according to the key. As the storage agent and the encryption module are arranged in the storage device, all that is needed is to manage the storage device by a user. Compared with the prior art in which an encoder is managed independently, the management load of a user on a device can be reduced to encrypt and decrypt data. The storage agent and the encryption module are set in the storage device in the system. The user only needs to manage the storage device together, avoiding the separate management of the encryption machine compared with the prior art, thereby reducing the user's management burden on the device.
Description
Technical field
The present invention relates to technical field of memory, more particularly to a kind of safe storage system.
Background technology
At present, domestic safe storage system product is fewer, wherein having using the safety storage system of entrance guard's formula encryption equipment
System, in this storage system, the data that client application main frame is produced are initially transmitted to encryption equipment, and encryption equipment utilizes key pipe
The data key of reason center (Key Management Center, KMC) distribution is encrypted, then by encryption data
Transmit to storage device and stored;When data are obtained, encryption equipment is solved client to the data obtained from storage device
It is close, the data transfer that will then obtain to applied host machine.In this kind of storage system, user will not only supervise to storage device
Keyholed back plate is managed, in addition it is also necessary to which to the independent management of encryption equipment, therefore this brings larger administrative burden to user.
The content of the invention
It is an object of the invention to provide a kind of safe storage system, pipe of the user to equipment can be reduced compared with prior art
Reason burden.
To achieve the above object, the present invention provides following technical scheme:
A kind of safe storage system, including for the storage device of data storage, the storage device is provided with storage generation
Reason and encrypting module;
The storage agent is used to send key application to Key Management server, and by the Key Management server root
The key generated according to the key application sends the encrypting module to;
The encrypting module is used to be encrypted or be decrypted using the data key.
Alternatively, data storage includes in the storage device:
Storage pool is created in the storage device;
Choose disk and create disk array, disk array is added in the storage pool;
Selection disk array creates the logical volume for data storage in the storage pool.
Alternatively, the encrypting module is used to be encrypted or be decrypted using the data key to include:
The encrypting module specifically for:
According to write request, the key is used to be encrypted to write-in data in units of logical volume, by the number after encryption
According to being written to the corresponding disk areas of logical volume;
According to read request, the data read from the corresponding disk areas of logical volume are decrypted using the key.
Alternatively, the storage agent is used to send key application to Key Management server, and by the key management
Server sends the encrypting module to according to the key that the key application is generated to be included:
The storage agent specifically for:
The encrypting module generation public and private key pair is called, comprising public key first is sent to the Key Management server
Key application, and the Key Management server is generated according to the public key and using the public key encryption equipment it is close
Key sends the encrypting module to;
To the Key Management server send the second key application, and by the Key Management server generate and
The data encryption key encrypted using the device keyses sends the encrypting module to;
To the Key Management server send the 3rd key application, and by the Key Management server generate and
The data key encrypted using the data encryption key sends the encrypting module to, and the encrypting module uses the data
Data key is encrypted or decrypts.
Alternatively, the encrypting module is additionally operable to:
It is decrypted and preserves using the device keys of private key pair encryption;
The data encryption key encrypted is decrypted and preserved using the device keyses;
The data key encrypted is decrypted and preserved using the data encryption key.
Alternatively, by the passage using secure encrypted protocol between the Key Management server and the storage device
Transmission key.
Alternatively, the encrypting module is arranged in the controller of the storage device.
Alternatively, one or two described encrypting modules are provided with the controller of the storage device.
Alternatively, the storage device includes two or four controllers.
As shown from the above technical solution, safe storage system provided by the present invention, including for the storage of data storage
Equipment, storage agent and encrypting module are provided with storage device.Wherein, send close to Key Management server from storage agent
Key application sends Key Management server to encrypting module to apply for key according to the key that key application is generated, encryption
Module is used to be encrypted or be decrypted using the data key.
Safe storage system of the present invention, realizes being interacted to apply for key with Key Management server by storage agent,
Realize carrying out encryption and decryption using data key by encrypting module, storage agent and encrypting module are arranged on storage in the system
In equipment, therefore user only need to be together managed storage device, and the independent management to encryption equipment is avoided compared with prior art,
So as to administrative burden of the user to equipment can be reduced.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is a kind of schematic diagram of safe storage system provided in an embodiment of the present invention;
Fig. 2 is the schematic diagram that safe storage system provided in an embodiment of the present invention writes data to storage device;
Fig. 3 is the schematic diagram that safe storage system provided in an embodiment of the present invention reads data from storage device;
A kind of schematic diagram of safe storage system that Fig. 4 is provided for further embodiment of this invention.
Specific embodiment
In order that those skilled in the art more fully understand the technical scheme in the present invention, below in conjunction with of the invention real
The accompanying drawing in example is applied, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described implementation
Example is only a part of embodiment of the invention, rather than whole embodiments.Based on the embodiment in the present invention, this area is common
The every other embodiment that technical staff is obtained under the premise of creative work is not made, should all belong to protection of the present invention
Scope.
Refer to Fig. 1, a kind of safe storage system provided in an embodiment of the present invention, including set for the storage of data storage
Standby 10, the storage device 10 is provided with storage agent 100 and encrypting module 101;
The storage agent 100 is used to send key application to Key Management server, and by the cipher key management services
Device sends the encrypting module 101 to according to the key that the key application is generated;
The encrypting module 101 is used to be encrypted or be decrypted using the data key.
Wherein, interacted by storage agent 100 and Key Management server, the Key Management server is key pipe
Reason center (KMC), for distributing and issuing key.
As can be seen that the present embodiment safe storage system, storage agent and encrypting module are provided with storage device.By depositing
Storage agency sends key application to apply for key to Key Management server, and Key Management server is given birth to according to key application
Into key send encrypting module to, encrypting module is used to be encrypted or be decrypted using the data key.
The present embodiment safe storage system, is realized close to apply with interacting for Key Management server by storage agent
Key, realizes carrying out encryption and decryption using data key by encrypting module, and storage agent and encrypting module are arranged in the system
In storage device, therefore user only need to be together managed storage device, avoided compared with prior art to the independent of encryption equipment
Management, so as to administrative burden of the user to equipment can be reduced.
The present embodiment safe storage system is described further below.The present embodiment safe storage system is included for depositing
Store up the storage device 10 of data.
Specifically, the framework of the storage device 10 can be set as follows, the data storage in the storage device 10
Including:
S100:Storage pool is created in the storage device;
S101:Choose disk and create disk array, disk array is added in the storage pool;
S102:Selection disk array creates the logical volume for data storage in the storage pool.Wherein, mathematical logic
Volume can by the storage pool a disk array (Redundant Arrays of Independent Disks,
RAID the segment space composition on), it is also possible to across disk array establishment, but mathematical logic volume can only use disk in this storage pool
The space that array is provided.
S103:File system is set up on logical volume.Reuse.
Preferably, storage device 10 uses storage area network (Storage Area Network, SAN) in the present embodiment
Storage device, SAN storage devices use netted passage (Fibre Channel, FC) technology, and connecting storage by FC interchangers sets
Standby and server host, foundation is exclusively used in the Local Area Network of data storage.
The storage device 10 is provided with storage agent (Storage Agent, SA) 100 and encrypting module 101.Its
In, interacted with Key Management server by storage agent, key application is sent to Key Management server, and key management is taken
Business device sends encrypting module 101 to according to the key that key application is generated.
In the present embodiment, the key used in storage device is divided into three-level, specifically includes:For with logical volume as single
The data key (Data-Key) that position is encrypted to data;For the data encryption key (ED- being encrypted to data key
Key);For the device keyses (Storage-Key) being encrypted to data encryption key.
The storage agent 100 is used to send key application to Key Management server, and by the cipher key management services
Device sends the encrypting module to according to the key that the key application is generated to be included:
The storage agent 100 specifically for:
The encrypting module generation public and private key pair is called, comprising public key first is sent to the Key Management server
Key application, and the Key Management server is generated according to the public key and using the public key encryption equipment it is close
Key sends the encrypting module to;
To the Key Management server send the second key application, and by the Key Management server generate and
The data encryption key encrypted using the device keyses sends the encrypting module to;
To the Key Management server send the 3rd key application, and by the Key Management server generate and
The data key encrypted using the data encryption key sends the encrypting module to, and the encrypting module uses the data
Data key is encrypted or decrypts.
The encrypting module 101 also particularly useful for:
It is decrypted and preserves using the device keys of private key pair encryption;
The data encryption key encrypted is decrypted and preserved using the device keyses;
The data key encrypted is decrypted and preserved using the data encryption key.
Accordingly, storage agent 100 is interacted with Key Management server in the present embodiment, realizes the generation and distribution of key
Process is as follows:
After storage device start, if reached the standard grade first, registered to Key Management server by storage agent 100 first,
Storage agent 100 calls encrypting module 101 to generate public and private key pair, and it is close to send comprising public key first to Key Management server
Key application, Key Management server generates device keyses (Storage-Key), and the public key sent using storage agent 100
Device keyses are encrypted, storage device 10 is then sent to.Encrypting module is decrypted using the device keyses of private key pair encryption,
And preserve.
Request for data encryption key (ED-Key):Storage device 10 is sent out by storage agent 100 to Key Management server
The second key application is sent, Key Management server generates data encryption key (ED-Key), and uses device keyses (Storage-
Key) data encryption key is encrypted, storage device 10 is sent to.Encrypting module 101 is using device keyses to data encryption
Secret key decryption, and preserve.
Request for data key (Data-Key):Storage device 10 is sent by storage agent 100 to Key Management server
3rd key application, Key Management server generates data key (Data-Key), and uses data encryption key (ED-Key)
Data key is encrypted, storage device 10 is sent to.Encrypting module uses data encryption key to data secret key decryption, and
Preserve.
After storage device 10 is shut down, the whole keys preserved in encrypting module disappear.After storage device 10 is restarted, can be by depositing
Storage agency applies for Storage-Key, ED-Key and Data-Key again to Key Management server, and is stored in encrypting module
In.
Encrypting module 101 is used to be encrypted or be decrypted using data key.
Specifically, the schematic diagram that Fig. 2 and Fig. 3, Fig. 2 write data for safety storage system to storage device is refer to, Fig. 3
Read the schematic diagram of data from storage device for safety storage system.The encrypting module 101 is used to use the key logarithm
Include according to being encrypted or decrypting:
The encrypting module 101 specifically for:
According to write request, the key is used to be encrypted to write-in data in units of logical volume, by the number after encryption
According to being written to the corresponding disk areas of logical volume;
According to read request, the data read from the corresponding disk areas of logical volume are decrypted using the key.
The encrypting module 101 uses data key that data are encrypted or are decrypted in units of logical volume, is patrolling
Volume roll up this layer storage device data is encrypted or decrypted.
In the present embodiment, encrypting module 101 can support the close algorithm of state's business men, and support general AES.
Preferably, by using the logical of secure encrypted protocol between the Key Management server and the storage device 10
Road is connected, and transmits key, it is ensured that the security of data transfer.
In the present embodiment, the encrypting module 101 is arranged in the controller of the storage device 10.The storage device
Two or four controllers can be included, you can be dual control or four control storage devices.
One or two described encrypting modules 101 can be set in the controller of the storage device 10.The encryption
Module can be specifically encrypted card, and the driving of encrypted card itself can ensure that the encrypted card set in controller is more, encryption and decryption
Speed is higher.
In the present embodiment, Fig. 4 is refer to, storage device 10 can be connected by IP/FC interchangers and Key Management server
Connect, in this case, by using IP/FC interchangers Key Management server can easily by with many storage devices 10
Many storage devices are carried out key management by connection.
It is less for existing domestic safe storage system product, and the safe storage system that external storage manufacturer provides is simultaneously
The close algorithm of state's business men is not supported, and the present embodiment safe storage system not only supports state's close algorithm of business men by the close certification of state, also
General AES is supported, current domestic application demand is met.
A kind of safe storage system provided by the present invention is described in detail above.It is used herein specifically individual
Example is set forth to principle of the invention and implementation method, and the explanation of above example is only intended to help and understands of the invention
Method and its core concept.It should be pointed out that for those skilled in the art, not departing from the principle of the invention
On the premise of, some improvement and modification can also be carried out to the present invention, these are improved and modification also falls into the claims in the present invention
Protection domain in.
Claims (9)
1. a kind of safe storage system, it is characterised in that including the storage device for data storage, the storage device is set
There are storage agent and encrypting module;
The storage agent is used to send key application to Key Management server, and by the Key Management server according to institute
The key for stating key application generation sends the encrypting module to;
The encrypting module is used to be encrypted or be decrypted using the data key.
2. safe storage system according to claim 1, it is characterised in that the data storage bag in the storage device
Include:
Storage pool is created in the storage device;
Choose disk and create disk array, disk array is added in the storage pool;
Selection disk array creates the logical volume for data storage in the storage pool.
3. safe storage system according to claim 2, it is characterised in that the encrypting module is used to use the key
Data are encrypted or are decrypted includes:
The encrypting module specifically for:
According to write request, use the key to be encrypted to write-in data in units of logical volume, the data after encryption are write
Enter disk areas corresponding to logical volume;
According to read request, the data read from the corresponding disk areas of logical volume are decrypted using the key.
4. safe storage system according to claim 1, it is characterised in that the storage agent is used to be taken to key management
Business device sends key application, and the Key Management server is added according to the key that the key application is generated sends to
Close module includes:
The storage agent specifically for:
The encrypting module generation public and private key pair is called, the first key comprising public key is sent to the Key Management server
Application, and the Key Management server generate according to the public key and using the public key encryption device keyses biography
Give the encrypting module;
To the Key Management server send the second key application, and by the Key Management server generate and use
The data encryption key of the device keyses encryption sends the encrypting module to;
To the Key Management server send the 3rd key application, and by the Key Management server generate and use
The data key of the data encryption key encryption sends the encrypting module to, and the encrypting module uses the data key
Data are encrypted or are decrypted.
5. safe storage system according to claim 4, it is characterised in that the encrypting module is additionally operable to:
It is decrypted and preserves using the device keys of private key pair encryption;
The data encryption key encrypted is decrypted and preserved using the device keyses;
The data key encrypted is decrypted and preserved using the data encryption key.
6. safe storage system according to claim 1, it is characterised in that the Key Management server and the storage
By the channel transfer key using secure encrypted protocol between equipment.
7. safe storage system according to claim 1, it is characterised in that the encrypting module is arranged on the storage and sets
In standby controller.
8. safe storage system according to claim 7, it is characterised in that set in the controller of the storage device
There are one or two encrypting modules.
9. safe storage system according to claim 8, it is characterised in that the storage device includes two or four
Controller.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710042299.0A CN106712943A (en) | 2017-01-20 | 2017-01-20 | Secure storage system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710042299.0A CN106712943A (en) | 2017-01-20 | 2017-01-20 | Secure storage system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106712943A true CN106712943A (en) | 2017-05-24 |
Family
ID=58909978
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710042299.0A Pending CN106712943A (en) | 2017-01-20 | 2017-01-20 | Secure storage system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106712943A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107018208A (en) * | 2017-06-07 | 2017-08-04 | 湖南麒麟信安科技有限公司 | A kind of data ciphering method of the SAN storage system with function extending transversely |
CN107315964A (en) * | 2017-06-14 | 2017-11-03 | 郑州云海信息技术有限公司 | A kind of method that encryption volume switching is realized based on encryption equipment |
CN110414245A (en) * | 2018-04-28 | 2019-11-05 | 伊姆西Ip控股有限责任公司 | Method, apparatus and computer program product for managing encrypted key within the storage system |
CN111709027A (en) * | 2020-06-22 | 2020-09-25 | 湖南大学 | Data storage safety management method |
CN112601219A (en) * | 2021-03-03 | 2021-04-02 | 四川微巨芯科技有限公司 | Data encryption and decryption method and system, server, storage device and mobile device |
CN114172733A (en) * | 2021-12-10 | 2022-03-11 | 中科计算技术西部研究院 | Medical sample data encryption transmission method based on plug-in encryption terminal |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003032133A2 (en) * | 2001-10-12 | 2003-04-17 | Kasten Chase Applied Research Ltd. | Distributed security architecture for storage area networks (san) |
CN101788889A (en) * | 2010-03-03 | 2010-07-28 | 浪潮(北京)电子信息产业有限公司 | Memory virtualization system and method |
CN101815078A (en) * | 2009-02-24 | 2010-08-25 | 北京众志和达信息技术有限公司 | Embedded type virtual tape library parallel memory system |
CN104216805A (en) * | 2014-08-26 | 2014-12-17 | 浪潮(北京)电子信息产业有限公司 | System and method for link failure protection of disk cabinet at rear end of high-end disk array |
CN104407939A (en) * | 2014-11-24 | 2015-03-11 | 浪潮电子信息产业股份有限公司 | Method and device for processing storage pool element data among plurality of controllers |
CN105119719A (en) * | 2015-10-16 | 2015-12-02 | 成都卫士通信息产业股份有限公司 | Key management method of secure storage system |
-
2017
- 2017-01-20 CN CN201710042299.0A patent/CN106712943A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003032133A2 (en) * | 2001-10-12 | 2003-04-17 | Kasten Chase Applied Research Ltd. | Distributed security architecture for storage area networks (san) |
CN101815078A (en) * | 2009-02-24 | 2010-08-25 | 北京众志和达信息技术有限公司 | Embedded type virtual tape library parallel memory system |
CN101788889A (en) * | 2010-03-03 | 2010-07-28 | 浪潮(北京)电子信息产业有限公司 | Memory virtualization system and method |
CN104216805A (en) * | 2014-08-26 | 2014-12-17 | 浪潮(北京)电子信息产业有限公司 | System and method for link failure protection of disk cabinet at rear end of high-end disk array |
CN104407939A (en) * | 2014-11-24 | 2015-03-11 | 浪潮电子信息产业股份有限公司 | Method and device for processing storage pool element data among plurality of controllers |
CN105119719A (en) * | 2015-10-16 | 2015-12-02 | 成都卫士通信息产业股份有限公司 | Key management method of secure storage system |
Non-Patent Citations (1)
Title |
---|
陈少春: "《计算机存储技术与应用》", 31 December 2014 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107018208A (en) * | 2017-06-07 | 2017-08-04 | 湖南麒麟信安科技有限公司 | A kind of data ciphering method of the SAN storage system with function extending transversely |
CN107315964A (en) * | 2017-06-14 | 2017-11-03 | 郑州云海信息技术有限公司 | A kind of method that encryption volume switching is realized based on encryption equipment |
CN110414245A (en) * | 2018-04-28 | 2019-11-05 | 伊姆西Ip控股有限责任公司 | Method, apparatus and computer program product for managing encrypted key within the storage system |
CN110414245B (en) * | 2018-04-28 | 2023-09-22 | 伊姆西Ip控股有限责任公司 | Method, apparatus and computer program product for managing encryption keys in a storage system |
CN111709027A (en) * | 2020-06-22 | 2020-09-25 | 湖南大学 | Data storage safety management method |
CN112601219A (en) * | 2021-03-03 | 2021-04-02 | 四川微巨芯科技有限公司 | Data encryption and decryption method and system, server, storage device and mobile device |
CN114172733A (en) * | 2021-12-10 | 2022-03-11 | 中科计算技术西部研究院 | Medical sample data encryption transmission method based on plug-in encryption terminal |
CN114172733B (en) * | 2021-12-10 | 2024-04-05 | 中科计算技术西部研究院 | Medical sample data encryption transmission method based on pluggable encryption terminal |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106712943A (en) | Secure storage system | |
CN106330868B (en) | A kind of high speed network encryption storage key management system and method | |
CN111143870B (en) | Distributed encryption storage device, system and encryption and decryption method | |
CN103729942B (en) | Transmission security key is transferred to the method and system of key server from terminal server | |
CN101986596B (en) | Key management mechanism | |
CN105656864B (en) | Key management system and management method based on TCM | |
CN103534976A (en) | Data security protection method, server, host, and system | |
CN105022966B (en) | Database data encryption decryption method and system | |
CN101983385A (en) | Distribution of storage area network encryption keys across data centers | |
CN112560058B (en) | SSD partition encryption storage system based on intelligent password key and implementation method thereof | |
CN105100076A (en) | Cloud data security system based on USB Key | |
CN102930212B (en) | For the anti-leakage of data method of office system | |
CN101488110A (en) | Memory encryption method, apparatus and system | |
CN101296086A (en) | Method, system and device for access authentication | |
CN103885830A (en) | Data processing method used in cross-data-center live migration process of virtual machine | |
WO2012161417A1 (en) | Method and device for managing the distribution of access rights in a cloud computing environment | |
CN110430053B (en) | Quantum key distribution method, device and system | |
CN206611427U (en) | A kind of key storage management system based on trust computing device | |
CN111865609A (en) | Private cloud platform data encryption and decryption system based on state cryptographic algorithm | |
CN101656720B (en) | Method for uniformly maintaining access object information in information system and device thereof | |
CN109842589A (en) | A kind of cloud storage encryption method, device, equipment and storage medium | |
CN107609428A (en) | Date safety storing system and method | |
US20080098217A1 (en) | Method for efficient and secure data migration between data processing systems | |
CN109039598A (en) | Data transfer encryption method, client and server-side | |
CN113836553A (en) | Distributed storage data protection method for dynamic reconstruction of cryptographic algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170524 |
|
RJ01 | Rejection of invention patent application after publication |