CN106712943A - Secure storage system - Google Patents

Secure storage system Download PDF

Info

Publication number
CN106712943A
CN106712943A CN201710042299.0A CN201710042299A CN106712943A CN 106712943 A CN106712943 A CN 106712943A CN 201710042299 A CN201710042299 A CN 201710042299A CN 106712943 A CN106712943 A CN 106712943A
Authority
CN
China
Prior art keywords
key
data
storage
management server
encrypting module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710042299.0A
Other languages
Chinese (zh)
Inventor
徐洪志
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201710042299.0A priority Critical patent/CN106712943A/en
Publication of CN106712943A publication Critical patent/CN106712943A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a secure storage system which comprises a storage device for storing data; the storage device is provided with a storage agent and an encryption module; the storage agent is used for issuing a key application to a key management server, and the key management server sends the key generated according to the key application to an encryption module; and the encryption module is used for encrypting or decrypting the data according to the key. As the storage agent and the encryption module are arranged in the storage device, all that is needed is to manage the storage device by a user. Compared with the prior art in which an encoder is managed independently, the management load of a user on a device can be reduced to encrypt and decrypt data. The storage agent and the encryption module are set in the storage device in the system. The user only needs to manage the storage device together, avoiding the separate management of the encryption machine compared with the prior art, thereby reducing the user's management burden on the device.

Description

A kind of safe storage system
Technical field
The present invention relates to technical field of memory, more particularly to a kind of safe storage system.
Background technology
At present, domestic safe storage system product is fewer, wherein having using the safety storage system of entrance guard's formula encryption equipment System, in this storage system, the data that client application main frame is produced are initially transmitted to encryption equipment, and encryption equipment utilizes key pipe The data key of reason center (Key Management Center, KMC) distribution is encrypted, then by encryption data Transmit to storage device and stored;When data are obtained, encryption equipment is solved client to the data obtained from storage device It is close, the data transfer that will then obtain to applied host machine.In this kind of storage system, user will not only supervise to storage device Keyholed back plate is managed, in addition it is also necessary to which to the independent management of encryption equipment, therefore this brings larger administrative burden to user.
The content of the invention
It is an object of the invention to provide a kind of safe storage system, pipe of the user to equipment can be reduced compared with prior art Reason burden.
To achieve the above object, the present invention provides following technical scheme:
A kind of safe storage system, including for the storage device of data storage, the storage device is provided with storage generation Reason and encrypting module;
The storage agent is used to send key application to Key Management server, and by the Key Management server root The key generated according to the key application sends the encrypting module to;
The encrypting module is used to be encrypted or be decrypted using the data key.
Alternatively, data storage includes in the storage device:
Storage pool is created in the storage device;
Choose disk and create disk array, disk array is added in the storage pool;
Selection disk array creates the logical volume for data storage in the storage pool.
Alternatively, the encrypting module is used to be encrypted or be decrypted using the data key to include:
The encrypting module specifically for:
According to write request, the key is used to be encrypted to write-in data in units of logical volume, by the number after encryption According to being written to the corresponding disk areas of logical volume;
According to read request, the data read from the corresponding disk areas of logical volume are decrypted using the key.
Alternatively, the storage agent is used to send key application to Key Management server, and by the key management Server sends the encrypting module to according to the key that the key application is generated to be included:
The storage agent specifically for:
The encrypting module generation public and private key pair is called, comprising public key first is sent to the Key Management server Key application, and the Key Management server is generated according to the public key and using the public key encryption equipment it is close Key sends the encrypting module to;
To the Key Management server send the second key application, and by the Key Management server generate and The data encryption key encrypted using the device keyses sends the encrypting module to;
To the Key Management server send the 3rd key application, and by the Key Management server generate and The data key encrypted using the data encryption key sends the encrypting module to, and the encrypting module uses the data Data key is encrypted or decrypts.
Alternatively, the encrypting module is additionally operable to:
It is decrypted and preserves using the device keys of private key pair encryption;
The data encryption key encrypted is decrypted and preserved using the device keyses;
The data key encrypted is decrypted and preserved using the data encryption key.
Alternatively, by the passage using secure encrypted protocol between the Key Management server and the storage device Transmission key.
Alternatively, the encrypting module is arranged in the controller of the storage device.
Alternatively, one or two described encrypting modules are provided with the controller of the storage device.
Alternatively, the storage device includes two or four controllers.
As shown from the above technical solution, safe storage system provided by the present invention, including for the storage of data storage Equipment, storage agent and encrypting module are provided with storage device.Wherein, send close to Key Management server from storage agent Key application sends Key Management server to encrypting module to apply for key according to the key that key application is generated, encryption Module is used to be encrypted or be decrypted using the data key.
Safe storage system of the present invention, realizes being interacted to apply for key with Key Management server by storage agent, Realize carrying out encryption and decryption using data key by encrypting module, storage agent and encrypting module are arranged on storage in the system In equipment, therefore user only need to be together managed storage device, and the independent management to encryption equipment is avoided compared with prior art, So as to administrative burden of the user to equipment can be reduced.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is a kind of schematic diagram of safe storage system provided in an embodiment of the present invention;
Fig. 2 is the schematic diagram that safe storage system provided in an embodiment of the present invention writes data to storage device;
Fig. 3 is the schematic diagram that safe storage system provided in an embodiment of the present invention reads data from storage device;
A kind of schematic diagram of safe storage system that Fig. 4 is provided for further embodiment of this invention.
Specific embodiment
In order that those skilled in the art more fully understand the technical scheme in the present invention, below in conjunction with of the invention real The accompanying drawing in example is applied, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described implementation Example is only a part of embodiment of the invention, rather than whole embodiments.Based on the embodiment in the present invention, this area is common The every other embodiment that technical staff is obtained under the premise of creative work is not made, should all belong to protection of the present invention Scope.
Refer to Fig. 1, a kind of safe storage system provided in an embodiment of the present invention, including set for the storage of data storage Standby 10, the storage device 10 is provided with storage agent 100 and encrypting module 101;
The storage agent 100 is used to send key application to Key Management server, and by the cipher key management services Device sends the encrypting module 101 to according to the key that the key application is generated;
The encrypting module 101 is used to be encrypted or be decrypted using the data key.
Wherein, interacted by storage agent 100 and Key Management server, the Key Management server is key pipe Reason center (KMC), for distributing and issuing key.
As can be seen that the present embodiment safe storage system, storage agent and encrypting module are provided with storage device.By depositing Storage agency sends key application to apply for key to Key Management server, and Key Management server is given birth to according to key application Into key send encrypting module to, encrypting module is used to be encrypted or be decrypted using the data key.
The present embodiment safe storage system, is realized close to apply with interacting for Key Management server by storage agent Key, realizes carrying out encryption and decryption using data key by encrypting module, and storage agent and encrypting module are arranged in the system In storage device, therefore user only need to be together managed storage device, avoided compared with prior art to the independent of encryption equipment Management, so as to administrative burden of the user to equipment can be reduced.
The present embodiment safe storage system is described further below.The present embodiment safe storage system is included for depositing Store up the storage device 10 of data.
Specifically, the framework of the storage device 10 can be set as follows, the data storage in the storage device 10 Including:
S100:Storage pool is created in the storage device;
S101:Choose disk and create disk array, disk array is added in the storage pool;
S102:Selection disk array creates the logical volume for data storage in the storage pool.Wherein, mathematical logic Volume can by the storage pool a disk array (Redundant Arrays of Independent Disks, RAID the segment space composition on), it is also possible to across disk array establishment, but mathematical logic volume can only use disk in this storage pool The space that array is provided.
S103:File system is set up on logical volume.Reuse.
Preferably, storage device 10 uses storage area network (Storage Area Network, SAN) in the present embodiment Storage device, SAN storage devices use netted passage (Fibre Channel, FC) technology, and connecting storage by FC interchangers sets Standby and server host, foundation is exclusively used in the Local Area Network of data storage.
The storage device 10 is provided with storage agent (Storage Agent, SA) 100 and encrypting module 101.Its In, interacted with Key Management server by storage agent, key application is sent to Key Management server, and key management is taken Business device sends encrypting module 101 to according to the key that key application is generated.
In the present embodiment, the key used in storage device is divided into three-level, specifically includes:For with logical volume as single The data key (Data-Key) that position is encrypted to data;For the data encryption key (ED- being encrypted to data key Key);For the device keyses (Storage-Key) being encrypted to data encryption key.
The storage agent 100 is used to send key application to Key Management server, and by the cipher key management services Device sends the encrypting module to according to the key that the key application is generated to be included:
The storage agent 100 specifically for:
The encrypting module generation public and private key pair is called, comprising public key first is sent to the Key Management server Key application, and the Key Management server is generated according to the public key and using the public key encryption equipment it is close Key sends the encrypting module to;
To the Key Management server send the second key application, and by the Key Management server generate and The data encryption key encrypted using the device keyses sends the encrypting module to;
To the Key Management server send the 3rd key application, and by the Key Management server generate and The data key encrypted using the data encryption key sends the encrypting module to, and the encrypting module uses the data Data key is encrypted or decrypts.
The encrypting module 101 also particularly useful for:
It is decrypted and preserves using the device keys of private key pair encryption;
The data encryption key encrypted is decrypted and preserved using the device keyses;
The data key encrypted is decrypted and preserved using the data encryption key.
Accordingly, storage agent 100 is interacted with Key Management server in the present embodiment, realizes the generation and distribution of key Process is as follows:
After storage device start, if reached the standard grade first, registered to Key Management server by storage agent 100 first, Storage agent 100 calls encrypting module 101 to generate public and private key pair, and it is close to send comprising public key first to Key Management server Key application, Key Management server generates device keyses (Storage-Key), and the public key sent using storage agent 100 Device keyses are encrypted, storage device 10 is then sent to.Encrypting module is decrypted using the device keyses of private key pair encryption, And preserve.
Request for data encryption key (ED-Key):Storage device 10 is sent out by storage agent 100 to Key Management server The second key application is sent, Key Management server generates data encryption key (ED-Key), and uses device keyses (Storage- Key) data encryption key is encrypted, storage device 10 is sent to.Encrypting module 101 is using device keyses to data encryption Secret key decryption, and preserve.
Request for data key (Data-Key):Storage device 10 is sent by storage agent 100 to Key Management server 3rd key application, Key Management server generates data key (Data-Key), and uses data encryption key (ED-Key) Data key is encrypted, storage device 10 is sent to.Encrypting module uses data encryption key to data secret key decryption, and Preserve.
After storage device 10 is shut down, the whole keys preserved in encrypting module disappear.After storage device 10 is restarted, can be by depositing Storage agency applies for Storage-Key, ED-Key and Data-Key again to Key Management server, and is stored in encrypting module In.
Encrypting module 101 is used to be encrypted or be decrypted using data key.
Specifically, the schematic diagram that Fig. 2 and Fig. 3, Fig. 2 write data for safety storage system to storage device is refer to, Fig. 3 Read the schematic diagram of data from storage device for safety storage system.The encrypting module 101 is used to use the key logarithm Include according to being encrypted or decrypting:
The encrypting module 101 specifically for:
According to write request, the key is used to be encrypted to write-in data in units of logical volume, by the number after encryption According to being written to the corresponding disk areas of logical volume;
According to read request, the data read from the corresponding disk areas of logical volume are decrypted using the key.
The encrypting module 101 uses data key that data are encrypted or are decrypted in units of logical volume, is patrolling Volume roll up this layer storage device data is encrypted or decrypted.
In the present embodiment, encrypting module 101 can support the close algorithm of state's business men, and support general AES.
Preferably, by using the logical of secure encrypted protocol between the Key Management server and the storage device 10 Road is connected, and transmits key, it is ensured that the security of data transfer.
In the present embodiment, the encrypting module 101 is arranged in the controller of the storage device 10.The storage device Two or four controllers can be included, you can be dual control or four control storage devices.
One or two described encrypting modules 101 can be set in the controller of the storage device 10.The encryption Module can be specifically encrypted card, and the driving of encrypted card itself can ensure that the encrypted card set in controller is more, encryption and decryption Speed is higher.
In the present embodiment, Fig. 4 is refer to, storage device 10 can be connected by IP/FC interchangers and Key Management server Connect, in this case, by using IP/FC interchangers Key Management server can easily by with many storage devices 10 Many storage devices are carried out key management by connection.
It is less for existing domestic safe storage system product, and the safe storage system that external storage manufacturer provides is simultaneously The close algorithm of state's business men is not supported, and the present embodiment safe storage system not only supports state's close algorithm of business men by the close certification of state, also General AES is supported, current domestic application demand is met.
A kind of safe storage system provided by the present invention is described in detail above.It is used herein specifically individual Example is set forth to principle of the invention and implementation method, and the explanation of above example is only intended to help and understands of the invention Method and its core concept.It should be pointed out that for those skilled in the art, not departing from the principle of the invention On the premise of, some improvement and modification can also be carried out to the present invention, these are improved and modification also falls into the claims in the present invention Protection domain in.

Claims (9)

1. a kind of safe storage system, it is characterised in that including the storage device for data storage, the storage device is set There are storage agent and encrypting module;
The storage agent is used to send key application to Key Management server, and by the Key Management server according to institute The key for stating key application generation sends the encrypting module to;
The encrypting module is used to be encrypted or be decrypted using the data key.
2. safe storage system according to claim 1, it is characterised in that the data storage bag in the storage device Include:
Storage pool is created in the storage device;
Choose disk and create disk array, disk array is added in the storage pool;
Selection disk array creates the logical volume for data storage in the storage pool.
3. safe storage system according to claim 2, it is characterised in that the encrypting module is used to use the key Data are encrypted or are decrypted includes:
The encrypting module specifically for:
According to write request, use the key to be encrypted to write-in data in units of logical volume, the data after encryption are write Enter disk areas corresponding to logical volume;
According to read request, the data read from the corresponding disk areas of logical volume are decrypted using the key.
4. safe storage system according to claim 1, it is characterised in that the storage agent is used to be taken to key management Business device sends key application, and the Key Management server is added according to the key that the key application is generated sends to Close module includes:
The storage agent specifically for:
The encrypting module generation public and private key pair is called, the first key comprising public key is sent to the Key Management server Application, and the Key Management server generate according to the public key and using the public key encryption device keyses biography Give the encrypting module;
To the Key Management server send the second key application, and by the Key Management server generate and use The data encryption key of the device keyses encryption sends the encrypting module to;
To the Key Management server send the 3rd key application, and by the Key Management server generate and use The data key of the data encryption key encryption sends the encrypting module to, and the encrypting module uses the data key Data are encrypted or are decrypted.
5. safe storage system according to claim 4, it is characterised in that the encrypting module is additionally operable to:
It is decrypted and preserves using the device keys of private key pair encryption;
The data encryption key encrypted is decrypted and preserved using the device keyses;
The data key encrypted is decrypted and preserved using the data encryption key.
6. safe storage system according to claim 1, it is characterised in that the Key Management server and the storage By the channel transfer key using secure encrypted protocol between equipment.
7. safe storage system according to claim 1, it is characterised in that the encrypting module is arranged on the storage and sets In standby controller.
8. safe storage system according to claim 7, it is characterised in that set in the controller of the storage device There are one or two encrypting modules.
9. safe storage system according to claim 8, it is characterised in that the storage device includes two or four Controller.
CN201710042299.0A 2017-01-20 2017-01-20 Secure storage system Pending CN106712943A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710042299.0A CN106712943A (en) 2017-01-20 2017-01-20 Secure storage system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710042299.0A CN106712943A (en) 2017-01-20 2017-01-20 Secure storage system

Publications (1)

Publication Number Publication Date
CN106712943A true CN106712943A (en) 2017-05-24

Family

ID=58909978

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710042299.0A Pending CN106712943A (en) 2017-01-20 2017-01-20 Secure storage system

Country Status (1)

Country Link
CN (1) CN106712943A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107018208A (en) * 2017-06-07 2017-08-04 湖南麒麟信安科技有限公司 A kind of data ciphering method of the SAN storage system with function extending transversely
CN107315964A (en) * 2017-06-14 2017-11-03 郑州云海信息技术有限公司 A kind of method that encryption volume switching is realized based on encryption equipment
CN110414245A (en) * 2018-04-28 2019-11-05 伊姆西Ip控股有限责任公司 Method, apparatus and computer program product for managing encrypted key within the storage system
CN111709027A (en) * 2020-06-22 2020-09-25 湖南大学 Data storage safety management method
CN112601219A (en) * 2021-03-03 2021-04-02 四川微巨芯科技有限公司 Data encryption and decryption method and system, server, storage device and mobile device
CN114172733A (en) * 2021-12-10 2022-03-11 中科计算技术西部研究院 Medical sample data encryption transmission method based on plug-in encryption terminal

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003032133A2 (en) * 2001-10-12 2003-04-17 Kasten Chase Applied Research Ltd. Distributed security architecture for storage area networks (san)
CN101788889A (en) * 2010-03-03 2010-07-28 浪潮(北京)电子信息产业有限公司 Memory virtualization system and method
CN101815078A (en) * 2009-02-24 2010-08-25 北京众志和达信息技术有限公司 Embedded type virtual tape library parallel memory system
CN104216805A (en) * 2014-08-26 2014-12-17 浪潮(北京)电子信息产业有限公司 System and method for link failure protection of disk cabinet at rear end of high-end disk array
CN104407939A (en) * 2014-11-24 2015-03-11 浪潮电子信息产业股份有限公司 Method and device for processing storage pool element data among plurality of controllers
CN105119719A (en) * 2015-10-16 2015-12-02 成都卫士通信息产业股份有限公司 Key management method of secure storage system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003032133A2 (en) * 2001-10-12 2003-04-17 Kasten Chase Applied Research Ltd. Distributed security architecture for storage area networks (san)
CN101815078A (en) * 2009-02-24 2010-08-25 北京众志和达信息技术有限公司 Embedded type virtual tape library parallel memory system
CN101788889A (en) * 2010-03-03 2010-07-28 浪潮(北京)电子信息产业有限公司 Memory virtualization system and method
CN104216805A (en) * 2014-08-26 2014-12-17 浪潮(北京)电子信息产业有限公司 System and method for link failure protection of disk cabinet at rear end of high-end disk array
CN104407939A (en) * 2014-11-24 2015-03-11 浪潮电子信息产业股份有限公司 Method and device for processing storage pool element data among plurality of controllers
CN105119719A (en) * 2015-10-16 2015-12-02 成都卫士通信息产业股份有限公司 Key management method of secure storage system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈少春: "《计算机存储技术与应用》", 31 December 2014 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107018208A (en) * 2017-06-07 2017-08-04 湖南麒麟信安科技有限公司 A kind of data ciphering method of the SAN storage system with function extending transversely
CN107315964A (en) * 2017-06-14 2017-11-03 郑州云海信息技术有限公司 A kind of method that encryption volume switching is realized based on encryption equipment
CN110414245A (en) * 2018-04-28 2019-11-05 伊姆西Ip控股有限责任公司 Method, apparatus and computer program product for managing encrypted key within the storage system
CN110414245B (en) * 2018-04-28 2023-09-22 伊姆西Ip控股有限责任公司 Method, apparatus and computer program product for managing encryption keys in a storage system
CN111709027A (en) * 2020-06-22 2020-09-25 湖南大学 Data storage safety management method
CN112601219A (en) * 2021-03-03 2021-04-02 四川微巨芯科技有限公司 Data encryption and decryption method and system, server, storage device and mobile device
CN114172733A (en) * 2021-12-10 2022-03-11 中科计算技术西部研究院 Medical sample data encryption transmission method based on plug-in encryption terminal
CN114172733B (en) * 2021-12-10 2024-04-05 中科计算技术西部研究院 Medical sample data encryption transmission method based on pluggable encryption terminal

Similar Documents

Publication Publication Date Title
CN106712943A (en) Secure storage system
CN106330868B (en) A kind of high speed network encryption storage key management system and method
CN111143870B (en) Distributed encryption storage device, system and encryption and decryption method
CN103729942B (en) Transmission security key is transferred to the method and system of key server from terminal server
CN101986596B (en) Key management mechanism
CN105656864B (en) Key management system and management method based on TCM
CN103534976A (en) Data security protection method, server, host, and system
CN105022966B (en) Database data encryption decryption method and system
CN101983385A (en) Distribution of storage area network encryption keys across data centers
CN112560058B (en) SSD partition encryption storage system based on intelligent password key and implementation method thereof
CN105100076A (en) Cloud data security system based on USB Key
CN102930212B (en) For the anti-leakage of data method of office system
CN101488110A (en) Memory encryption method, apparatus and system
CN101296086A (en) Method, system and device for access authentication
CN103885830A (en) Data processing method used in cross-data-center live migration process of virtual machine
WO2012161417A1 (en) Method and device for managing the distribution of access rights in a cloud computing environment
CN110430053B (en) Quantum key distribution method, device and system
CN206611427U (en) A kind of key storage management system based on trust computing device
CN111865609A (en) Private cloud platform data encryption and decryption system based on state cryptographic algorithm
CN101656720B (en) Method for uniformly maintaining access object information in information system and device thereof
CN109842589A (en) A kind of cloud storage encryption method, device, equipment and storage medium
CN107609428A (en) Date safety storing system and method
US20080098217A1 (en) Method for efficient and secure data migration between data processing systems
CN109039598A (en) Data transfer encryption method, client and server-side
CN113836553A (en) Distributed storage data protection method for dynamic reconstruction of cryptographic algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170524

RJ01 Rejection of invention patent application after publication