CN108429733A - A kind of system of data processing - Google Patents
A kind of system of data processing Download PDFInfo
- Publication number
- CN108429733A CN108429733A CN201810113588.XA CN201810113588A CN108429733A CN 108429733 A CN108429733 A CN 108429733A CN 201810113588 A CN201810113588 A CN 201810113588A CN 108429733 A CN108429733 A CN 108429733A
- Authority
- CN
- China
- Prior art keywords
- key
- sent
- target
- data
- active user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of systems of data processing, including:Client, encrypting and decrypting device, Key Management server, management node server and data node server;Client, the user information for exporting be-encrypted data and active user;Key Management server determines the encryption key of active user for the user information according to active user, whenever receiving the replacement instruction that management node server is sent, according to the user information of active user, replaces the encryption key of active user;Management node server, the data volume for detecting current encryption keys in real time are more than or equal to data-quantity threshold, instruction are replaced if it is, being sent to Key Management server;Encrypting and decrypting device carries out block encryption for utilizing current encryption key to be-encrypted data;Back end server, for preserving encrypted be-encrypted data.The present invention provides a kind of systems of data processing, can improve the safety of data.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of system of data processing.
Background technology
With cloud computing, the arrival in big data epoch, the information content that today's society generates daily shows explosive growth.
On the one hand, increase severely the difficulty brought to business service for reply information content, on the other hand, to excavate the potential valence of big data information
Value, major enterprises and institutions are intended to solve both of these problems by using more efficient data storage analytical technology, be based on
Distributed cloud storage framework with its scalability, to the harmony of the transparency of user, the flexibility of distribution according to need and load
The features such as their best selections.Data store the safety problem for concerning data the most beyond the clouds.
In the prior art, the encryption of corresponding data is mainly realized by single encryption key, specifically, using same
The data in high in the clouds are encrypted in one encryption key.If the key is cracked, all data of high in the clouds storage can all be revealed.
As can be seen from the above description, in the scheme of existing data processing, the safety of data is relatively low.
Invention content
An embodiment of the present invention provides a kind of systems of data processing, can improve the safety of data.
In a first aspect, an embodiment of the present invention provides a kind of systems of data processing, including:
Client, encrypting and decrypting device, Key Management server, management node server and data node server;
The client, the user information for exporting be-encrypted data and active user;
The Key Management server determines the active user's for the user information according to the active user
Encryption key, whenever receiving the replacement instruction that the management node server is sent, according to the user of the active user
Information replaces the encryption key of the active user;
The management node server, the data volume for detecting the current encryption keys in real time are more than or equal to
The data-quantity threshold, if it is, sending the replacement instruction to the Key Management server;
The encrypting and decrypting device, for using the current encryption key, piecemeal to be carried out to the be-encrypted data
Encryption;
The back end server, for preserving the encrypted be-encrypted data.
With reference to first aspect, in the first possible realization method of first aspect, the encrypting and decrypting device and institute
Client is stated to be connected;
The client, for the be-encrypted data to be sent to the encrypting and decrypting device, by the active user
User information be sent to the Key Management server, it is described current whenever receive that the Key Management server sends
When the encryption key of user, the encryption key of the active user is sent to the encrypting and decrypting device, the encryption is solved
The encrypted be-encrypted data that close device is sent is sent to the back end server;
The encrypting and decrypting device, for whenever the encryption key for receiving the active user that the client is sent
When, the data of unencryption in be-encrypted data described in the encryption key block encryption using the active user received will
The encrypted be-encrypted data is sent to the client;
The Key Management server determines the active user's for the user information according to the active user
The encryption key of the active user is sent to the client by encryption key, whenever receiving the management node service
When the replacement instruction that device is sent, according to the user information of the active user, the encryption key of the active user is replaced, it will more
The encryption key of the active user after changing is sent to the client.
With reference to first aspect, in second of possible realization method of first aspect, the encrypting and decrypting device and institute
Key Management server is stated to be connected;
The client, for the user information of the be-encrypted data and the active user to be sent to the key
Management server;
The Key Management server, the be-encrypted data for sending the client are sent to the encryption
Decryption device determines the encryption key of the active user according to the user information of the active user, by the active user
Encryption key be sent to the encrypting and decrypting device, whenever receiving the replacement instruction that the management node server sends
When, according to the user information of the active user, the encryption key of the active user is replaced, by the current use after replacement
The encryption key at family is sent to the encrypting and decrypting device, the encrypting and decrypting device is sent encrypted described to be encrypted
Data are sent to the back end server;
The encrypting and decrypting device, for whenever receiving the active user's that the Key Management server is sent
When encryption key, unencryption in be-encrypted data described in the encryption key block encryption using the active user received
The encrypted be-encrypted data is sent to the Key Management server by data.
With reference to first aspect, in the third possible realization method of first aspect, the encrypting and decrypting device and institute
Back end server is stated to be connected;
The client, for the user information of the be-encrypted data and the active user to be sent to the data
Node server;
The back end server, for the user information of the active user to be sent to the cipher key management services
The be-encrypted data is sent to the encrypting and decrypting device by device, whenever receiving what the Key Management server was sent
When the encryption key of the active user, the encryption key of the active user is sent to the encrypting and decrypting device, is preserved
The encrypted be-encrypted data that the encrypting and decrypting device is sent;
The Key Management server determines the active user's for the user information according to the active user
The encryption key of the active user is sent to the back end server by encryption key, whenever receiving the management
When the replacement instruction that node server is sent, according to the user information of the active user, the encryption of the active user is replaced
The encryption key of the active user after replacement is sent to the back end server by key;
The encrypting and decrypting device, for whenever receiving the active user's that the back end server is sent
When encryption key, unencryption in be-encrypted data described in the encryption key block encryption using the active user received
The encrypted be-encrypted data is sent to the back end server by data.
The possible realization method of with reference to first aspect the first, in the 4th kind of possible realization method of first aspect
In,
The management node server is further used for determining the first key of each encryption key of the active user
Label determines the data that each first key marks corresponding encryption key encrypted, determines the be-encrypted data pair
The metadata answered returns to described first when receiving the first read data request that the client is sent to the client
The corresponding target first key label of the requested first object data of read data request and the first object data correspond to
First object metadata;
The client is further used for sending first read data request to the management node server, receive
The target first key label and the first object metadata that the management node server returns, by the target the
The user information of one key tag and the active user are sent to the Key Management server, by the first object member number
According to the back end server is sent to, the first decruption key of target and the number that the Key Management server is sent
The first ciphertext of target sent according to node server is sent to the encrypting and decrypting device, receives the encrypting and decrypting device and sends
The first object data;
The Key Management server is further used for establishing and establishes first key label and the first solution for each user
First correspondence of key determines described current according to the user information for the active user that the client is sent
The first correspondence of user, the target sent according to the first correspondence of the active user and the client
One key tag determines that the target first key marks corresponding the first decruption key of the target, by the target first
Decruption key is sent to the client;
The back end server is further used for the first object metadata sent according to the client,
The first ciphertext of target of the first object data is sent to the client;
The encrypting and decrypting device is further used for the first decruption key of the target sent using the client,
The first ciphertext of the target that the client is sent is decrypted, the first object data that will be decrypted are sent to
The client.
Second of possible realization method with reference to first aspect, in the 5th kind of possible realization method of first aspect
In,
The management node server is further used for determining the second key of each encryption key of the active user
Label determines the encrypted data of the corresponding encryption key of each second key tag, determines the be-encrypted data pair
The metadata answered returns to described second when receiving the second read data request that the client is sent to the client
Corresponding the second key tag of target of requested second target data of read data request and second target data correspond to
The second target metadata;
The client is further used for sending second read data request to the management node server, receive
The second key tag of the target and second target metadata that the management node server returns, by the target the
The user information of two key tags and the active user are sent to the Key Management server, by the second target element number
According to the back end server is sent to, second target data that the Key Management server is sent is received;
The Key Management server is further used for establishing and establishes the second key tag and the second solution for each user
Second correspondence of key determines described current according to the user information for the active user that the client is sent
The second correspondence of user, the target sent according to the second correspondence of the active user and the client
Two key tags determine corresponding the second decruption key of the target of the second key tag of the target, by the target second
The second ciphertext of target that decruption key and the back end server are sent, is sent to the encrypting and decrypting device, will be described
Second target data that encrypting and decrypting device is sent is sent to the client;
The back end server is further used for second target metadata sent according to the client,
The second ciphertext of target of second target data is sent to the Key Management server;
The encrypting and decrypting device is further used for solving using the target second that the Key Management server is sent
Key is decrypted the second ciphertext of the target that the Key Management server is sent, described second will decrypted
Target data is sent to the Key Management server.
The third possible realization method with reference to first aspect, in the 6th kind of possible realization method of first aspect
In,
The management node server is further used for determining the third key of each encryption key of the active user
Label determines the encrypted data of the corresponding encryption key of each third key tag, determines the be-encrypted data pair
The metadata answered returns to the third when receiving the third read data request that the client is sent to the client
The corresponding target third key tag of the requested third target data of read data request and the third target data correspond to
Third target metadata;
The client is further used for sending the third read data request to the management node server, receive
The target third key tag and the third target metadata that the management node server returns, by the target the
Three key tags, the user information of the active user and the third target metadata are sent to the back end service
Device receives the third target data that the back end server is sent;
The Key Management server is further used for establishing and establishes third key tag and third solution for each user
The third correspondence of key is determined according to the user information for the active user that the back end server is sent
The third correspondence of the active user, according to the third correspondence of the active user and the back end server
The target third key tag sent determines that the corresponding target third decryption of the target third key tag is close
The target third decruption key is sent to the back end server by key;
The back end server, be further used for the target third key tag for sending the client and
The user information of the active user is sent to the Key Management server, the third mesh sent according to the client
Metadata is marked, the target third ciphertext of the third target data is determined, by the target third ciphertext and the key management
The target third decruption key that server is sent is sent to the encrypting and decrypting device, and the encrypting and decrypting device is sent
The third target data be sent to the client;
The encrypting and decrypting device is further used for the target third solution sent using the back end server
Key is decrypted the target third ciphertext that the back end server is sent, the third that will be decrypted
Target data is sent to the back end server.
With reference to first aspect, in the 7th kind of possible realization method of first aspect,
The client, for the be-encrypted data to be split, the be-encrypted data after output segmentation.
With reference to first aspect, in the 8th kind of possible realization method of first aspect,
The encrypting and decrypting device, including:Isomery accelerator card.
With reference to first aspect, appoint in the first possible realization method of first aspect to the 8th kind of possible realization method
Meaning is a kind of, in the 9th kind of possible realization method of first aspect,
The system further comprises:
Express network interchanger, for being the Key Management server, the management node server and the data
Node server provides high-speed data interactive service.
In embodiments of the present invention, Key Management server determines active user's according to the user information of active user
Encryption key, for different users, encryption key is also different.Whenever management node server detects current encryption key
When encrypted data volume reaches data-quantity threshold, the encryption key that Key Management server more renews is notified that, after replacement
Encryption key be encrypted, if some encryption key is cracked, also only can reveal the encrypted data of the encryption key, no
Other data can be revealed, the safety of data is greatly improved.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.
Fig. 1 is a kind of schematic diagram of the system for data processing that one embodiment of the invention provides;
Fig. 2 is the schematic diagram of the system for another data processing that one embodiment of the invention provides;
Fig. 3 is the schematic diagram of the system for another data processing that one embodiment of the invention provides;
Fig. 4 is the schematic diagram of the system for another data processing that one embodiment of the invention provides.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments, based on the embodiments of the present invention, those of ordinary skill in the art
The every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
As shown in Figure 1, an embodiment of the present invention provides a kind of systems of data processing, including:
Client 101, encrypting and decrypting device 102, Key Management server 103, management node server 104 and data section
Point server 105;
The client 101, the user information for exporting be-encrypted data and active user;
The Key Management server 103 determines the active user for the user information according to the active user
Encryption key, whenever receiving the replacement instruction that the management node server sends, according to the use of the active user
Family information replaces the encryption key of the active user;
The management node server 104, the data volume for detecting the current encryption keys in real time are more than
Equal to the data-quantity threshold, if it is, sending the replacement instruction to the Key Management server;
The encrypting and decrypting device 102, for using the current encryption key, dividing the be-encrypted data
Block encryption;
The back end server 105, for preserving the encrypted be-encrypted data.
In embodiments of the present invention, Key Management server determines active user's according to the user information of active user
Encryption key, for different users, encryption key is also different.Whenever management node server detects current encryption key
When encrypted data volume reaches data-quantity threshold, the encryption key that Key Management server more renews is notified that, after replacement
Encryption key be encrypted, if some encryption key is cracked, also only can reveal the encrypted data of the encryption key, no
Other data can be revealed, the safety of data is greatly improved.
According to the deployed position of encrypting and decrypting device, the system of data processing provided in an embodiment of the present invention may include with
Lower three kinds of realization methods:
In the first realization method, the encrypting and decrypting device is connected with the client.
In the first realization method, the storage of data is accomplished by the following way:
The client, for the be-encrypted data to be sent to the encrypting and decrypting device, by the active user
User information be sent to the Key Management server, it is described current whenever receive that the Key Management server sends
When the encryption key of user, the encryption key of the active user is sent to the encrypting and decrypting device, the encryption is solved
The encrypted be-encrypted data that close device is sent is sent to the back end server;
The encrypting and decrypting device, for whenever the encryption key for receiving the active user that the client is sent
When, the data of unencryption in be-encrypted data described in the encryption key block encryption using the active user received will
The encrypted be-encrypted data is sent to the client;
The Key Management server determines the active user's for the user information according to the active user
The encryption key of the active user is sent to the client by encryption key, whenever receiving the management node service
When the replacement instruction that device is sent, according to the user information of the active user, the encryption key of the active user is replaced, it will more
The encryption key of the active user after changing is sent to the client.
Specifically, in the first realization method, the storing process of data is as follows:
The data volume that management node server detects current encryption keys in real time is more than or equal to data-quantity threshold, such as
Fruit is then to be sent to Key Management server and replace instruction;
Be-encrypted data is sent to encrypting and decrypting device by client, and the user information of active user is sent to key pipe
Manage server;
Key Management server determines the encryption key of active user according to the user information of active user, will currently use
The encryption key at family is sent to client, whenever receiving the replacement instruction that management node server is sent, is used according to current
The user information at family replaces the encryption key of active user, and the encryption key of the active user after replacement is sent to client;
Client is whenever receiving the encryption key for the active user that Key Management server is sent, by active user's
Encryption key is sent to encrypting and decrypting device;
Encrypting and decrypting device is worked as whenever receiving the encryption key for the active user that client is sent using what is received
The data of unencryption, visitor is sent to by encrypted be-encrypted data in the encryption key block encryption be-encrypted data of preceding user
Family end;
The encrypted be-encrypted data that encrypting and decrypting device is sent is sent to back end server by client;
Back end server preserves encrypted be-encrypted data.
In the first realization method, the reading of data is accomplished by the following way:
The management node server is further used for determining the first key of each encryption key of the active user
Label determines the data that each first key marks corresponding encryption key encrypted, determines the be-encrypted data pair
The metadata answered returns to described first when receiving the first read data request that the client is sent to the client
The corresponding target first key label of the requested first object data of read data request and the first object data correspond to
First object metadata;
The client is further used for sending first read data request to the management node server, receive
The target first key label and the first object metadata that the management node server returns, by the target the
The user information of one key tag and the active user are sent to the Key Management server, by the first object member number
According to the back end server is sent to, the first decruption key of target and the number that the Key Management server is sent
The first ciphertext of target sent according to node server is sent to the encrypting and decrypting device, receives the encrypting and decrypting device and sends
The first object data;
The Key Management server is further used for establishing and establishes first key label and the first solution for each user
First correspondence of key determines described current according to the user information for the active user that the client is sent
The first correspondence of user, the target sent according to the first correspondence of the active user and the client
One key tag determines that the target first key marks corresponding the first decruption key of the target, by the target first
Decruption key is sent to the client;
The back end server is further used for the first object metadata sent according to the client,
The first ciphertext of target of the first object data is sent to the client;
The encrypting and decrypting device is further used for the first decruption key of the target sent using the client,
The first ciphertext of the target that the client is sent is decrypted, the first object data that will be decrypted are sent to
The client.
Specifically, in the first realization method, the reading process of data is as follows:
Key Management server establishes the first couple that first key label and the first decruption key is established for each user
It should be related to;
Management node server determines the first key label of each encryption key of active user, determines that each first is close
The data that key marks corresponding encryption key encrypted determine the corresponding metadata of be-encrypted data;
Client sends the first read data request to management node server;
Management node server returns to the corresponding mesh of the requested first object data of the first read data request to client
Mark first key label and the corresponding first object metadata of first object data;
Client receives the target first key label and first object metadata that management node server returns, by target
First key marks and the user information of active user is sent to Key Management server, and first object metadata is sent to number
According to node server;
The user information for the active user that Key Management server is sent according to client, determines the first couple of active user
It should be related to, be marked according to the target first key that the first correspondence and client of active user are sent, determine target first
Corresponding the first decruption key of target of key tag, client is sent to by the first decruption key of target;
The first object metadata that back end server is sent according to client sends first object data to client
The first ciphertext of target;
Client is by the first decruption key of target that Key Management server is sent and mesh that data node server is sent
It marks the first ciphertext and is sent to encrypting and decrypting device;
The first decruption key of target that encrypting and decrypting device is sent using client, the target first sent to client are close
Text is decrypted, and the first object data that will be decrypted are sent to client;
Client receives the first object data that encrypting and decrypting device is sent.
Specifically, encrypting and decrypting device can be isomery accelerator card.Encrypting and decrypting device can be inserted in by PCIE interfaces
In the mainboard expansion slot of client.Data are to be transferred to back end server after encryption, therefore, the transimission and storage of data
The close states of Shi Juncheng, safety higher.
In Key Management server, each user corresponds to first correspondence, and first in each user corresponds to
In relationship, each user can correspond to multiple first decruption keys.Key Management server can be with management node server about
The first key label of fixed each first decruption key.Such as:As soon as Key Management server often determines an encryption key, really
The first key label of the fixed encryption key, and first key label is sent to management node server.
As shown in Fig. 2, a kind of system of data processing of the first realization method provided in an embodiment of the present invention, including:
Client 201, encrypting and decrypting device 202, Key Management server 203, management node server 204 and data node server
205。
Client 201 respectively with encrypting and decrypting device 202, Key Management server 203, management node server 204 and
Back end server 205 is connected;
Key Management server 203 is connected with management node server 204.
In second of realization method, the encrypting and decrypting device is connected with the Key Management server.
In second of realization method, the storage of data is accomplished by the following way:
The client, for the user information of the be-encrypted data and the active user to be sent to the key
Management server;
The Key Management server, the be-encrypted data for sending the client are sent to the encryption
Decryption device determines the encryption key of the active user according to the user information of the active user, by the active user
Encryption key be sent to the encrypting and decrypting device, whenever receiving the replacement instruction that the management node server sends
When, according to the user information of the active user, the encryption key of the active user is replaced, by the current use after replacement
The encryption key at family is sent to the encrypting and decrypting device, the encrypting and decrypting device is sent encrypted described to be encrypted
Data are sent to the back end server;
The encrypting and decrypting device, for whenever receiving the active user's that the Key Management server is sent
When encryption key, unencryption in be-encrypted data described in the encryption key block encryption using the active user received
The encrypted be-encrypted data is sent to the Key Management server by data.
Specifically, in second of realization method, the storing process of data is as follows:
The data volume that management node server detects current encryption keys in real time is more than or equal to data-quantity threshold, such as
Fruit is then to be sent to Key Management server and replace instruction;
The user information of be-encrypted data and active user are sent to Key Management server by client;
The be-encrypted data that client is sent is sent to encrypting and decrypting device by Key Management server, according to active user
User information, determine the encryption key of active user, the encryption key of active user be sent to encrypting and decrypting device, whenever
When receiving the replacement instruction that management node server is sent, according to the user information of active user, adding for active user is replaced
The encryption key of active user after replacement is sent to encrypting and decrypting device by key
Encrypting and decrypting device is whenever receiving the encryption key for the active user that Key Management server is sent, using connecing
The data of unencryption in the encryption key block encryption be-encrypted data of the active user received, by encrypted be-encrypted data
It is sent to Key Management server.
The encrypted be-encrypted data that encrypting and decrypting device is sent is sent to back end clothes by Key Management server
Business device.
Back end server preserves encrypted be-encrypted data.
In second of realization method, the reading of data is accomplished by the following way:
The management node server is further used for determining the second key of each encryption key of the active user
Label determines the encrypted data of the corresponding encryption key of each second key tag, determines the be-encrypted data pair
The metadata answered returns to described second when receiving the second read data request that the client is sent to the client
Corresponding the second key tag of target of requested second target data of read data request and second target data correspond to
The second target metadata;
The client is further used for sending second read data request to the management node server, receive
The second key tag of the target and second target metadata that the management node server returns, by the target the
The user information of two key tags and the active user are sent to the Key Management server, by the second target element number
According to the back end server is sent to, second target data that the Key Management server is sent is received;
The Key Management server is further used for establishing and establishes the second key tag and the second solution for each user
Second correspondence of key determines described current according to the user information for the active user that the client is sent
The second correspondence of user, the target sent according to the second correspondence of the active user and the client
Two key tags determine corresponding the second decruption key of the target of the second key tag of the target, by the target second
The second ciphertext of target that decruption key and the back end server are sent, is sent to the encrypting and decrypting device, will be described
Second target data that encrypting and decrypting device is sent is sent to the client;
The back end server is further used for second target metadata sent according to the client,
The second ciphertext of target of second target data is sent to the Key Management server;
The encrypting and decrypting device is further used for solving using the target second that the Key Management server is sent
Key is decrypted the second ciphertext of the target that the Key Management server is sent, described second will decrypted
Target data is sent to the Key Management server.
Specifically, in second of realization method, the reading process of data is as follows:
Key Management server establishes the second couple that the second key tag and the second decruption key are established for each user
It should be related to;
Management node server determines the second key tag of each encryption key of active user, determines that each second is close
The data that key marks corresponding encryption key encrypted determine the corresponding metadata of be-encrypted data;
Client sends the second read data request to management node server;
Management node server returns to second when receiving the second read data request that client is sent, to client and reads
Corresponding the second key tag of target of requested second target data of request of data and the second target data corresponding second
Target metadata;
Client receives the second key tag of target and the second target metadata that management node server returns, by target
The user information of second key tag and active user are sent to Key Management server, and the second target metadata is sent to number
According to node server;
The second target metadata that back end server is sent according to client sends second to Key Management server
The second ciphertext of target of target data;
The user information for the active user that Key Management server is sent according to client, determines the second couple of active user
It should be related to, the second key tag of target sent according to the second correspondence and client of active user determines target second
Corresponding the second decruption key of target of key tag, the target that the second decruption key of target and data node server are sent
Two ciphertexts are sent to encrypting and decrypting device;
The second decruption key of target that encrypting and decrypting device is sent using Key Management server, to Key Management server
The second ciphertext of target sent is decrypted, and the second target data that will be decrypted is sent to Key Management server;
The second target data that encrypting and decrypting device is sent is sent to client by Key Management server;
Client receives the second target data that Key Management server is sent.
Specifically, encrypting and decrypting device can be isomery accelerator card.Encrypting and decrypting device can be inserted in by PCIE interfaces
In the mainboard expansion slot of Key Management server.
In Key Management server, each user corresponds to second correspondence, and second in each user corresponds to
In relationship, each user can correspond to multiple second decruption keys.Key Management server can be with management node server about
Second key tag of fixed each second decruption key.Such as:As soon as Key Management server often determines an encryption key, really
Second key tag of the fixed encryption key, and the second key tag is sent to management node server.
As shown in figure 3, a kind of system of data processing of second of realization method provided in an embodiment of the present invention, including:
Client 301, encrypting and decrypting device 302, Key Management server 303, management node server 304 and data node server
305。
Client 301 respectively with Key Management server 303, management node server 304 and data node server 305
It is connected;
Key Management server 303 takes with encrypting and decrypting device 302, management node server 304 and back end respectively
Business device 305 is connected.
In the third realization method, the encrypting and decrypting device is connected with the back end server.
In the third realization method, the storage of data is accomplished by the following way:
The client, for the user information of the be-encrypted data and the active user to be sent to the data
Node server;
The back end server, for the user information of the active user to be sent to the cipher key management services
The be-encrypted data is sent to the encrypting and decrypting device by device, whenever receiving what the Key Management server was sent
When the encryption key of the active user, the encryption key of the active user is sent to the encrypting and decrypting device, is preserved
The encrypted be-encrypted data that the encrypting and decrypting device is sent;
The Key Management server determines the active user's for the user information according to the active user
The encryption key of the active user is sent to the back end server by encryption key, whenever receiving the management
When the replacement instruction that node server is sent, according to the user information of the active user, the encryption of the active user is replaced
The encryption key of the active user after replacement is sent to the back end server by key;
The encrypting and decrypting device, for whenever receiving the active user's that the back end server is sent
When encryption key, unencryption in be-encrypted data described in the encryption key block encryption using the active user received
The encrypted be-encrypted data is sent to the back end server by data.
Specifically, in the third realization method, the storing process of data is as follows:
The data volume that management node server detects current encryption keys in real time is more than or equal to data-quantity threshold, such as
Fruit is then to be sent to Key Management server and replace instruction;
The user information of be-encrypted data and active user is sent to back end server by client;
The user information of active user is sent to Key Management server by back end server, and be-encrypted data is sent out
Give encrypting and decrypting device;
Key Management server determines the encryption key of active user according to the user information of active user, will currently use
The encryption key at family is sent to back end server, whenever receiving the replacement instruction that management node server is sent, root
According to the user information of active user, the encryption key of active user is replaced, the encryption key of the active user after replacement is sent
Give back end server;
Back end server will work as whenever receiving the encryption key for the active user that Key Management server is sent
The encryption key of preceding user is sent to encrypting and decrypting device;
Encrypting and decrypting device is whenever receiving the encryption key for the active user that back end server is sent, using connecing
The data of unencryption in the encryption key block encryption be-encrypted data of the active user received, by encrypted be-encrypted data
It is sent to back end server;
Back end server preserves the encrypted be-encrypted data that encrypting and decrypting device is sent.
In the third realization method, the reading of data is accomplished by the following way:
The management node server is further used for determining the third key of each encryption key of the active user
Label determines the encrypted data of the corresponding encryption key of each third key tag, determines the be-encrypted data pair
The metadata answered returns to the third when receiving the third read data request that the client is sent to the client
The corresponding target third key tag of the requested third target data of read data request and the third target data correspond to
Third target metadata;
The client is further used for sending the third read data request to the management node server, receive
The target third key tag and the third target metadata that the management node server returns, by the target the
Three key tags, the user information of the active user and the third target metadata are sent to the back end service
Device receives the third target data that the back end server is sent;
The Key Management server is further used for establishing and establishes third key tag and third solution for each user
The third correspondence of key is determined according to the user information for the active user that the back end server is sent
The third correspondence of the active user, according to the third correspondence of the active user and the back end server
The target third key tag sent determines that the corresponding target third decryption of the target third key tag is close
The target third decruption key is sent to the back end server by key;
The back end server, be further used for the target third key tag for sending the client and
The user information of the active user is sent to the Key Management server, the third mesh sent according to the client
Metadata is marked, the target third ciphertext of the third target data is determined, by the target third ciphertext and the key management
The target third decruption key that server is sent is sent to the encrypting and decrypting device, and the encrypting and decrypting device is sent
The third target data be sent to the client;
The encrypting and decrypting device is further used for the target third solution sent using the back end server
Key is decrypted the target third ciphertext that the back end server is sent, the third that will be decrypted
Target data is sent to the back end server.
Specifically, in the third realization method, the reading process of data is as follows:
Key Management server establishes the third pair that third key tag and third decruption key are established for each user
It should be related to;
Management node server determines the third key tag of each encryption key of active user, determines that each third is close
The data that key marks corresponding encryption key encrypted determine the corresponding metadata of be-encrypted data;
Client sends third read data request to management node server;
Management node server returns to third when receiving the third read data request that client is sent, to client and reads
The corresponding target third key tag of the requested third target data of request of data and the corresponding third of third target data
Target metadata;
Client receives the target third key tag and third target metadata that management node server returns, by target
Third key tag, the user information of active user and third target metadata are sent to back end server;
The user information for the target third key tag and active user that back end server sends client is sent
To Key Management server, the third target metadata sent according to client determines that the target third of third target data is close
Text;
The user information for the active user that Key Management server is sent according to back end server, determines active user
Third correspondence, the target third key mark sent according to the third correspondence of active user and data node server
Note, determines the corresponding target third decruption key of target third key tag, target third decruption key is sent to data section
Point server;
The target third decruption key that back end server sends target third ciphertext and Key Management server is sent out
Give encrypting and decrypting device;
The target third decruption key that encrypting and decrypting device is sent using back end server, to data node server
The target third ciphertext sent is decrypted, and the third target data that will be decrypted is sent to back end server;
The third target data that encrypting and decrypting device is sent is sent to client by back end server;
Client receives the third target data that back end server is sent.
Specifically, encrypting and decrypting device can be isomery accelerator card.Encrypting and decrypting device can be inserted in by PCIE interfaces
In the mainboard expansion slot of Key Management server.
In Key Management server, each user corresponds to second correspondence, and second in each user corresponds to
In relationship, each user can correspond to multiple second decruption keys.Key Management server can be with management node server about
Second key tag of fixed each second decruption key.Such as:As soon as Key Management server often determines an encryption key, really
Second key tag of the fixed encryption key, and the second key tag is sent to management node server.
As shown in figure 4, a kind of system of data processing of the third realization method provided in an embodiment of the present invention, including:
Client 401, encrypting and decrypting device 402, Key Management server 403, management node server 404 and data node server
405。
Client 401 is connected with management node server 404 and data node server 405 respectively;
Back end server 405 is connected with encrypting and decrypting device 402, Key Management server 403 respectively;
Key Management server 403 is connected with management node server 404.
Wherein, the corresponding metadata of be-encrypted data is the index of be-encrypted data, can be determined by metadata to be added
The position that ciphertext data stores in back end server.
In an embodiment of the present invention, the client, for the be-encrypted data to be split, after output segmentation
The be-encrypted data.
Specifically, for encrypting and decrypting device after the be-encrypted data after getting segmentation, block-by-block carries out be-encrypted data
Encryption.
In an embodiment of the present invention, the encrypting and decrypting device, including:Isomery accelerator card.
Specifically, encrypting and decrypting device can be realized by the isomery accelerator card based on FPGA.It can realize quickly simultaneously
Row operation substantially increases the rate of data encryption, decryption.
In an embodiment of the present invention, which further comprises:
Express network interchanger, for being the Key Management server, the management node server and the data
Node server provides high-speed data interactive service.
In an embodiment of the present invention, management node server can be worked as by what is stored in detection data node server
The data of preceding encryption keys, to judge that the data volume of current encryption keys is more than or equal to data-quantity threshold.
In embodiments of the present invention, the data isolation storage encryption based on user is realized, effective guarantee user data is deposited
The safety of storage, the embodiment of the present invention are suitable for distributed storage architecture, it then follows distributed storage rule presses user after deblocking
It is stored in each back end server.The embodiment of the present invention supports storage resource elasticity dilatation, supports single user storage data super
The key for crossing threshold value rolls, and then increases the safety of data storage.
Wherein, client is used to connect user and rear end cluster, management node server and data as front end Web system
Composition of the node server as rear end distributed storage cluster, front end Web system and rear end group system have collectively constituted cloud
The typical architecture of storage, express network interchanger then provide high-speed data for each server node and exchange, cipher key management services
Device mainly provides key for user's accessing storage resources according to user's self information and supports, encrypting and decrypting device is used for rapid data
Encryption and decryption operation.
Different user data effectively can be carried out separation storage by the embodiment of the present invention by block, without on physical resource
It is isolated, is highly suitable for being disposed on distributed storage architecture.
It should be noted that:Data-quantity threshold can be with manual configuration.User information can refer to distinguish the letter of different user
Breath, can be specifically digital certificate or token information.
Encryption key in Key Management server can import in advance, can also be according to user information according to one
Determine algorithm generation.
Client can access the window of storage system as user, specifically, can be used as and access back end service
The window of the data stored in device.Management node server can be used for the management and scheduling of storage system, specifically, can be right
The data stored in back end server are managed and dispatch.
In embodiments of the present invention, may exist at least two clients.There may be at least two back end services
Device.
In the first realization method, each client can configure an encrypting and decrypting device.
In the third realization method, each back end server can configure an encrypting and decrypting device.
The present invention is mainly under cloud storage environment, to ensure secure user data, the data isolation based on user of proposition
Encryption technology is stored, the technology first is suitable for the cloud storage structure of distributed structure/architecture,
The each embodiment of the present invention at least has the advantages that:
1, in embodiments of the present invention, Key Management server determines active user according to the user information of active user
Encryption key, for different users, encryption key is also different.Whenever management node server detects that current encryption is close
When the encrypted data volume of key reaches data-quantity threshold, it is notified that the encryption key that Key Management server more renews, utilizes replacement
Encryption key afterwards is encrypted, if some encryption key is cracked, also only can reveal the encrypted data of the encryption key,
Other data will not be revealed, the safety of data is greatly improved.
2, in embodiments of the present invention, the data isolation storage encryption based on user, effective guarantee user data are realized
The safety of storage, the embodiment of the present invention are suitable for distributed storage architecture, it then follows distributed storage rule, by using after deblocking
Family is stored in each back end server.The embodiment of the present invention supports storage resource elasticity dilatation, and single user is supported to store data
Key more than threshold value rolls, and then increases the safety of data storage.
It should be noted that herein, such as first and second etc relational terms are used merely to an entity
Or operation is distinguished with another entity or operation, is existed without necessarily requiring or implying between these entities or operation
Any actual relationship or order.Moreover, the terms "include", "comprise" or its any other variant be intended to it is non-
It is exclusive to include, so that the process, method, article or equipment including a series of elements includes not only those elements,
But also include other elements that are not explicitly listed, or further include solid by this process, method, article or equipment
Some elements.In the absence of more restrictions, the element limited by sentence " including one ", is not arranged
Except there is also other identical factors in the process, method, article or apparatus that includes the element.
One of ordinary skill in the art will appreciate that:Realize that all or part of step of above method embodiment can pass through
The relevant hardware of program instruction is completed, and program above-mentioned can be stored in computer-readable storage medium, the program
When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes:ROM, RAM, magnetic disc or light
In the various media that can store program code such as disk.
Finally, it should be noted that:The foregoing is merely presently preferred embodiments of the present invention, is merely to illustrate the skill of the present invention
Art scheme, is not intended to limit the scope of the present invention.Any modification for being made all within the spirits and principles of the present invention,
Equivalent replacement, improvement etc., are included within the scope of protection of the present invention.
Claims (10)
1. a kind of system of data processing, which is characterized in that including:
Client, encrypting and decrypting device, Key Management server, management node server and data node server;
The client, the user information for exporting be-encrypted data and active user;
The Key Management server determines the encryption of the active user for the user information according to the active user
Key, whenever receiving the replacement instruction that the management node server sends, according to the user information of the active user,
Replace the encryption key of the active user;
The management node server, the data volume for detecting the current encryption keys in real time are more than or equal to described
Data-quantity threshold, if it is, sending the replacement instruction to the Key Management server;
The encrypting and decrypting device, for using the current encryption key, block encryption to be carried out to the be-encrypted data;
The back end server, for preserving the encrypted be-encrypted data.
2. system according to claim 1, which is characterized in that
The encrypting and decrypting device is connected with the client;
The client, for the be-encrypted data to be sent to the encrypting and decrypting device, by the use of the active user
Family information is sent to the Key Management server, whenever the active user for receiving the Key Management server and sending
Encryption key when, the encryption key of the active user is sent to the encrypting and decrypting device, the encrypting and decrypting is filled
It sets the encrypted be-encrypted data sent and is sent to the back end server;
The encrypting and decrypting device, for whenever receiving the encryption key for the active user that the client is sent,
The data of unencryption, will encrypt in be-encrypted data described in encryption key block encryption using the active user received
The be-encrypted data afterwards is sent to the client;
The Key Management server determines the encryption of the active user for the user information according to the active user
The encryption key of the active user is sent to the client by key, is sent out whenever receiving the management node server
When the replacement instruction come, according to the user information of the active user, the encryption key of the active user is replaced, after replacement
The encryption key of the active user be sent to the client.
3. system according to claim 1, which is characterized in that
The encrypting and decrypting device is connected with the Key Management server;
The client, for the user information of the be-encrypted data and the active user to be sent to the key management
Server;
The Key Management server, the be-encrypted data for sending the client are sent to the encrypting and decrypting
Device determines the encryption key of the active user according to the user information of the active user, by adding for the active user
Key is sent to the encrypting and decrypting device, whenever receiving the replacement instruction that the management node server is sent, root
According to the user information of the active user, the encryption key of the active user is replaced, by the active user's after replacement
Encryption key is sent to the encrypting and decrypting device, the encrypted be-encrypted data that the encrypting and decrypting device is sent
It is sent to the back end server;
The encrypting and decrypting device, for whenever the encryption for receiving the active user that the Key Management server is sent
When key, the number of unencryption in be-encrypted data described in the encryption key block encryption using the active user received
According to the encrypted be-encrypted data is sent to the Key Management server.
4. system according to claim 1, which is characterized in that
The encrypting and decrypting device is connected with the back end server;
The client, for the user information of the be-encrypted data and the active user to be sent to the back end
Server;
The back end server, for the user information of the active user to be sent to the Key Management server,
The be-encrypted data is sent to the encrypting and decrypting device, whenever receiving described in the Key Management server sends
When the encryption key of active user, the encryption key of the active user is sent to the encrypting and decrypting device, described in preservation
The encrypted be-encrypted data that encrypting and decrypting device is sent;
The Key Management server determines the encryption of the active user for the user information according to the active user
The encryption key of the active user is sent to the back end server by key, whenever receiving the management node
When the replacement instruction that server is sent, according to the user information of the active user, the encryption key of the active user is replaced,
The encryption key of the active user after replacement is sent to the back end server;
The encrypting and decrypting device, for whenever the encryption for receiving the active user that the back end server is sent
When key, the number of unencryption in be-encrypted data described in the encryption key block encryption using the active user received
According to the encrypted be-encrypted data is sent to the back end server.
5. system according to claim 2, which is characterized in that
The management node server is further used for determining the first key mark of each encryption key of the active user
Note determines the data that each first key marks corresponding encryption key encrypted, determines that the be-encrypted data corresponds to
Metadata, when receiving the first read data request that the client is sent, to the client return it is described first read
The corresponding target first key label of the requested first object data of request of data and the first object data are corresponding
First object metadata;
The client is further used for sending first read data request to the management node server, described in reception
The target first key label and the first object metadata that management node server returns, the target first is close
Key marks and the user information of the active user is sent to the Key Management server, and the first object metadata is sent out
The back end server is given, the first decruption key of target that the Key Management server is sent and the data section
The first ciphertext of target that point server is sent is sent to the encrypting and decrypting device, receives the institute that the encrypting and decrypting device is sent
State first object data;
The Key Management server, be further used for establish for each user establish first key label and first decrypt it is close
First correspondence of key determines the active user according to the user information for the active user that the client is sent
The first correspondence, the target first sent according to the first correspondence of the active user and the client is close
Key marks, and determines that the target first key marks corresponding the first decruption key of the target, the target first is decrypted
Key is sent to the client;
The back end server is further used for the first object metadata sent according to the client, to institute
State the first ciphertext of target that client sends the first object data;
The encrypting and decrypting device is further used for the first decruption key of the target sent using the client, to institute
It states the first ciphertext of the target that client is sent to be decrypted, the first object data that will be decrypted, be sent to described
Client.
6. system according to claim 3, which is characterized in that
The management node server is further used for determining the second key mark of each encryption key of the active user
Note determines the encrypted data of the corresponding encryption key of each second key tag, determines that the be-encrypted data corresponds to
Metadata, when receiving the second read data request that the client is sent, to the client return it is described second read
Corresponding the second key tag of target of requested second target data of request of data and second target data are corresponding
Second target metadata;
The client is further used for sending second read data request to the management node server, described in reception
The second key tag of the target and second target metadata that management node server returns, the target second is close
Key marks and the user information of the active user is sent to the Key Management server, and second target metadata is sent out
The back end server is given, second target data that the Key Management server is sent is received;
The Key Management server, be further used for establish for each user establish the second key tag and second decrypt it is close
Second correspondence of key determines the active user according to the user information for the active user that the client is sent
The second correspondence, the target second sent according to the second correspondence of the active user and the client is close
Key marks, and determines corresponding the second decruption key of the target of the second key tag of the target, the target second is decrypted
The second ciphertext of target that key and the back end server are sent, is sent to the encrypting and decrypting device, by the encryption
Second target data that decryption device is sent is sent to the client;
The back end server is further used for second target metadata sent according to the client, to institute
State the second ciphertext of target that Key Management server sends second target data;
The encrypting and decrypting device, be further used for the target sent using the Key Management server second decrypt it is close
The second ciphertext of the target that the Key Management server is sent is decrypted in key, second target that will be decrypted
Data are sent to the Key Management server.
7. system according to claim 4, which is characterized in that
The management node server is further used for determining the third key mark of each encryption key of the active user
Note determines the encrypted data of the corresponding encryption key of each third key tag, determines that the be-encrypted data corresponds to
Metadata return to the third when receiving the third read data request that the client is sent to the client and read
The corresponding target third key tag of the requested third target data of request of data and the third target data are corresponding
Third target metadata;
The client is further used for sending the third read data request to the management node server, described in reception
The target third key tag and the third target metadata that management node server returns, the target third is close
Key label, the user information of the active user and the third target metadata are sent to the back end server, connect
Receive the third target data that the back end server is sent;
The Key Management server, be further used for establish for each user establish third key tag and third decryption it is close
The third correspondence of key, according to the user information for the active user that the back end server is sent, determine described in
The third correspondence of active user is sent according to the third correspondence of the active user and the back end server
The target third key tag, determine the corresponding target third decruption key of the target third key tag, will
The target third decruption key is sent to the back end server;
The back end server is further used for the target third key tag for sending the client and described
The user information of active user is sent to the Key Management server, the third target element sent according to the client
Data determine the target third ciphertext of the third target data, by the target third ciphertext and the cipher key management services
The target third decruption key that device is sent is sent to the encrypting and decrypting device, the institute that the encrypting and decrypting device is sent
It states third target data and is sent to the client;
The encrypting and decrypting device is further used for decrypting using the target third that the back end server is sent close
The target third ciphertext that the back end server is sent is decrypted in key, the third target that will be decrypted
Data are sent to the back end server.
8. system according to claim 1, which is characterized in that
The client, for the be-encrypted data to be split, the be-encrypted data after output segmentation.
9. system according to claim 1, which is characterized in that
The encrypting and decrypting device, including:Isomery accelerator card.
10. according to any system in claim 1-9, which is characterized in that
Further comprise:
Express network interchanger, for being the Key Management server, the management node server and the back end
Server provides high-speed data interactive service.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810113588.XA CN108429733A (en) | 2018-02-05 | 2018-02-05 | A kind of system of data processing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810113588.XA CN108429733A (en) | 2018-02-05 | 2018-02-05 | A kind of system of data processing |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108429733A true CN108429733A (en) | 2018-08-21 |
Family
ID=63156552
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810113588.XA Pending CN108429733A (en) | 2018-02-05 | 2018-02-05 | A kind of system of data processing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108429733A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110099064A (en) * | 2019-05-08 | 2019-08-06 | 广州创想云科技有限公司 | A kind of document handling method based on Internet of Things, device, equipment and storage medium |
CN110401689A (en) * | 2018-11-23 | 2019-11-01 | 腾讯科技(深圳)有限公司 | File management method, device and storage medium |
CN115174136A (en) * | 2022-05-23 | 2022-10-11 | 北京旷视科技有限公司 | Data acquisition and data transmission method, terminal, server and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101488110A (en) * | 2008-12-30 | 2009-07-22 | 成都市华为赛门铁克科技有限公司 | Memory encryption method, apparatus and system |
CN103107995A (en) * | 2013-02-06 | 2013-05-15 | 中电长城网际***应用有限公司 | Cloud computing environmental data secure storage system and method |
CN103209202A (en) * | 2012-01-16 | 2013-07-17 | 联想(北京)有限公司 | Method and device for transmitting data |
US20170104592A1 (en) * | 2015-10-07 | 2017-04-13 | Go Daddy Operating Company, LLC | Intermediary organization account asset protection via an encoded physical mechanism |
CN107566374A (en) * | 2017-09-07 | 2018-01-09 | 山东超越数控电子有限公司 | A kind of cloud storage data guard method and system based on user isolation storage |
-
2018
- 2018-02-05 CN CN201810113588.XA patent/CN108429733A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101488110A (en) * | 2008-12-30 | 2009-07-22 | 成都市华为赛门铁克科技有限公司 | Memory encryption method, apparatus and system |
CN103209202A (en) * | 2012-01-16 | 2013-07-17 | 联想(北京)有限公司 | Method and device for transmitting data |
CN103107995A (en) * | 2013-02-06 | 2013-05-15 | 中电长城网际***应用有限公司 | Cloud computing environmental data secure storage system and method |
US20170104592A1 (en) * | 2015-10-07 | 2017-04-13 | Go Daddy Operating Company, LLC | Intermediary organization account asset protection via an encoded physical mechanism |
CN107566374A (en) * | 2017-09-07 | 2018-01-09 | 山东超越数控电子有限公司 | A kind of cloud storage data guard method and system based on user isolation storage |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110401689A (en) * | 2018-11-23 | 2019-11-01 | 腾讯科技(深圳)有限公司 | File management method, device and storage medium |
CN110401689B (en) * | 2018-11-23 | 2021-12-10 | 腾讯科技(深圳)有限公司 | File management method, device and storage medium |
CN110099064A (en) * | 2019-05-08 | 2019-08-06 | 广州创想云科技有限公司 | A kind of document handling method based on Internet of Things, device, equipment and storage medium |
CN110099064B (en) * | 2019-05-08 | 2021-07-09 | 广州创想云科技有限公司 | File processing method, device, equipment and storage medium based on Internet of things |
CN115174136A (en) * | 2022-05-23 | 2022-10-11 | 北京旷视科技有限公司 | Data acquisition and data transmission method, terminal, server and storage medium |
CN115174136B (en) * | 2022-05-23 | 2024-02-02 | 北京旷视科技有限公司 | Data acquisition and data transmission method, terminal, server and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102149996B1 (en) | System and method for establishing links between identifiers without exposing specific identification information | |
EP3075098B1 (en) | Server-aided private set intersection (psi) with data transfer | |
CN108092769B (en) | Quantum cipher network reliable encryption transmission system and method | |
CN108491267B (en) | Method and apparatus for generating information | |
CN110086817B (en) | Reliable user service system and method | |
US20230328043A1 (en) | Privacy protection method and system for financial data sharing based on federated learning | |
CN108429733A (en) | A kind of system of data processing | |
CN111052685B (en) | Method and apparatus for multi-agent messaging | |
CN109257347A (en) | Communication means and relevant apparatus, storage medium suitable for data interaction between bank | |
CN114282692A (en) | Model training method and system for longitudinal federal learning | |
CN107463848A (en) | A kind of application oriented cipher text searching method, apparatus, proxy server and system | |
CN106888213A (en) | Cloud ciphertext access control method and system | |
WO2020140616A1 (en) | Data encryption method and related device | |
JP2017174000A (en) | Dispersion storage system, dispersion storage program and dispersion storage method | |
CN114510734B (en) | Data access control method, device and computer readable storage medium | |
CN113254989B (en) | Fusion method and device of target data and server | |
Hossain et al. | An extension of vigenere technique to enhance the security of communication | |
Pardeshi et al. | Enhancing information security in cloud computing environment using cryptographic techniques | |
Zhang | Research on the security mechanism of cloud computing service model | |
CN114615090B (en) | Data processing method, system, device and medium based on cross-domain label propagation | |
CN109257325A (en) | Transmit the method, apparatus and computer readable storage medium of private information | |
CN114640543B (en) | Method for matching data between cross-network domain data encryption transmission and encryption state | |
Mohan et al. | Enhanced Information Security Over Cloud Computing Environment using Modified Data Cipher Policies | |
CN115801418A (en) | Cross-platform security event notification method, device, system and storage medium | |
Tallapally et al. | A reliable framework for cloud based medical services |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180821 |
|
RJ01 | Rejection of invention patent application after publication |