WO2024045407A1 - Procédé de stockage sécurisé utilisant un disque virtuel - Google Patents

Procédé de stockage sécurisé utilisant un disque virtuel Download PDF

Info

Publication number
WO2024045407A1
WO2024045407A1 PCT/CN2022/137630 CN2022137630W WO2024045407A1 WO 2024045407 A1 WO2024045407 A1 WO 2024045407A1 CN 2022137630 W CN2022137630 W CN 2022137630W WO 2024045407 A1 WO2024045407 A1 WO 2024045407A1
Authority
WO
WIPO (PCT)
Prior art keywords
virtual disk
image
file
qcow2
virtual
Prior art date
Application number
PCT/CN2022/137630
Other languages
English (en)
Chinese (zh)
Inventor
王宇锋
谢明
孙立明
张铎
Original Assignee
麒麟软件有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 麒麟软件有限公司 filed Critical 麒麟软件有限公司
Publication of WO2024045407A1 publication Critical patent/WO2024045407A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/064Management of blocks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/0643Management of files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/0644Management of space entities, e.g. partitions, extents, pools
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0662Virtualisation aspects
    • G06F3/0664Virtualisation aspects at device level, e.g. emulation of a storage device or system

Definitions

  • the present invention relates to the field of information security technology, and in particular to a virtual disk safe storage method.
  • the era of cloud computing is inseparable from the processing and storage of massive data.
  • the storage of massive data often requires a secure disk image storage method. Once a problem occurs with the disk image, it will seriously affect the data security of the cloud computing center. In order to improve the data security of massive virtual machine disk images, it is often necessary to encrypt the data when storing it and decrypt it when using it.
  • Symmetric encryption is typically represented by the Data Encryption Standard (DES) algorithm, and asymmetric encryption is usually represented by the RSA (Rivest Shamir Ademan) algorithm.
  • DES Data Encryption Standard
  • RSA Rivest Shamir Ademan
  • the encryption key and decryption key of symmetric encryption are the same, while the encryption key and decryption key of asymmetric encryption are different.
  • the encryption key can be made public but the decryption key needs to be kept secret.
  • asymmetric keys are mainly used for identity authentication, or to protect symmetric keys.
  • Daily data encryption generally uses symmetric keys.
  • the most commonly used encryption method for virtual machine image storage it is processed where the block device read and write functions are located.
  • the data is encrypted when writing and decrypted when reading.
  • the key can be dynamically transferred or stored on the key card.
  • the specific encryption algorithm can be selected according to your usage scenario.
  • Secure storage is essentially storage and can serve as a remote distributed storage center for files and data. Compared with ordinary storage, distributed storage is safer and more reliable, and can be used in areas that require confidentiality. If the data is placed in one place, you can get all the data by cracking it once. If the data is placed in different places, you need to crack multiple places at the same time to fully recover the complete data, and you need to crack multiple remote storage centers at the same time. So our solution is to make the disk image consist of multiple blocks, with data scattered in various image files, and each image file can be stored in different data centers. In this way, even if a data center is cracked, the disk image content cannot be restored. Therefore, the virtual disk file needs to support block storage and place different storage blocks in different storage locations. Our patent is aimed at allowing disk image files in the qcow2 format to be stored in different files in blocks, and the previously stored data can also be read from each storage block during operation. This allows the data of the virtual machine to be stored in different locations to achieve storage security.
  • the embodiment of the present invention discloses a method for creating and using an encrypted snapshot of a disk image file and a storage medium, which belongs to the field of virtualization.
  • the method of creating an encrypted snapshot of a disk image file includes the following steps: parsing key parameters and generating cipher password information for use in encrypting and decrypting files; copying the cipher password information to the source file operation options; opening the source file according to the source file operation options; judging Check whether the source file is opened successfully. If successful, create a snapshot and set the encryption information of the snapshot.
  • the key of the snapshot can be used to decrypt the source file, thereby changing the problem in the existing function that the key cannot be transferred to the source file and the snapshot at the same time, and realizing the simultaneous implementation of the encryption function and the snapshot function.
  • the method includes: establishing two non-migratory keys RSA_local and RSA_mig of the physical trusted platform module, and RSA_mig key Generate the corresponding digital certificate Certificate_mig; the cloud tenant generates identity authentication information on the local host and saves it; when creating a trusted virtual machine, create a vTPM label for the vTPM instance of each virtual machine; obtain identity_info identity authentication information, vTPM
  • the tag and tenant_info are checked for integrity, timeliness, legality and consistency; similarly, during the running phase of the trusted virtual machine, when migrating the trusted virtual machine, and during the exit, destruction, suspension and snapshot phases, the corresponding fields are completed validity, timeliness, legality and consistency checks.
  • the present invention can perform full life cycle security protection on the vTPM based on libtpms software simulation added to the IaaS cloud platform based on KVM virtualization technology to prevent the leakage of its private information.
  • This patent uses the TPM module for feasibility verification, and the disk security is not protected during shutdown.
  • Chinese invention patent "A method and mobile terminal for secure data storage and rapid retrieval” Patent No.: CN109829324A.
  • the invention discloses a method for secure data storage and quick retrieval and a mobile terminal, which include: encrypting data that the system needs to store under an open public path; and storing the encrypted data under the open public path; Decrypt the data under the open public path, store the decrypted data in virtual memory, and form a mapped path according to the storage address; perform the system call interface whose access path defaults to the open public path. Modify, modify the access path of the system call interface to the mapped path, thereby causing the system to retrieve the decrypted data from the virtual memory for use.
  • the present invention can not only solve the problem of safe storage of data under the default path of the system, but also improve the speed of data calling, avoid system lags, unresponsiveness and other phenomena, and well solve the problem of data storage security and data calling speed. conflicts between issues.
  • the patent only focuses on encrypting data stored in an open public path.
  • Chinese invention patent "Secure storage method of mobile terminal data based on virtual disk” (Patent No.: CN109325355A).
  • the invention provides a virtual disk-based mobile terminal data secure storage method, which belongs to the field of information security.
  • the working method of this invention is to first create an independent disk partition in the hard disk, simulate the disk partition by creating a fixed-size file, and then format the file content into a custom file system, so that it can be simulated into a disk, that is, a virtual disk. disk.
  • encryption and decryption methods are added during the process of reading and writing disks to ensure data security.
  • the invention customizes an encrypted file system for an independent disk partition, constructs an encryption and decryption pipeline for plain text in the memory and cipher text on the disk, avoids leaving traces of plain text on the disk, and provides transparent data protection.
  • the invention has high security and flexibility, provides strong protection for data in the mobile terminal, can customize the encrypted file system and identity verification mechanism, and can also provide a variety of encryption algorithms and working modes.
  • the encryption method implemented by this patent is that qemu already supports disk data segment encryption.
  • the patent discloses a differential virtual disk linking method, which includes the following steps: 1) Improve the differential virtual disk file format, and modify the recorded original virtual disk path information from the current absolute path or relative path in the physical machine system. It is the URL path information that can be accessed through the network; 2) Virtual disk driver improvement, the reading and writing of the differential virtual disk depends on the virtual disk driver, which requires the virtual disk driver to access the server through the IP network based on the network path information recorded by the differential virtual disk.
  • Original virtual disk file 3) Virtual disk access service, a host that stores original virtual disk files, a network service that provides original virtual disk access, monitors access requests from the differential virtual disk host, and completes read and write operations on the original virtual disk according to the request; It has the characteristics of separate deployment of differential virtual disks and its original virtual disks and cross-host access, which facilitates rapid deployment and has the advantages of balancing data security and access speed.
  • This patent already has the "backing file" feature in the qcow2 format to implement it. A certain image is used as the base disk (generally installed with the most basic OS files and data). Other disks that require a base can specify this as the backing file, and then The contents of differential writes will be written to their respective virtual disks. If you create a multi-level backing file, modifying the previous data will lead to data redundancy, which will consume disk space at a very high cost.
  • the present invention provides a virtual disk safe storage method, which includes the following steps:
  • Step S1 Use the qemu-img tool to create a set of block virtual disk files.
  • the block information of the virtual disk file is written into the file header of the first virtual disk file;
  • Step S2 Start the virtual machine, specify the first virtual disk file of the virtual disk image through the qemu-kvm program, read the block information, and find the images of other virtual disk files;
  • Step S3 Open the qcow2 virtual disk image in qemu, and create block meta information through the block information;
  • Step S4 According to the block range of the corresponding read and write requests, send the corresponding read and write requests to the virtual disk file of the corresponding virtual disk image for processing.
  • step S1 a set of block virtual disk files is created through the following command line:
  • parameter 1 is the size of each virtual disk file created
  • parameter 2 is the size of the entire virtual disk image.
  • step S1 the addressing range is determined for each created virtual disk file by adding an image positioning layer to the source code of the qcow2_co_create_opt function;
  • step S2 by adding an image positioning layer to the source code of the qcow2_open function, the block information in the first virtual disk file is read, and the images of other virtual disk files are found;
  • step S4 by adding an image positioning layer to the source code of the qcow2_co_preadv and qcow2_co_pwritev functions, the virtual disk file of the corresponding virtual disk image is determined when processing read and write requests.
  • the image positioning layer added to the source code of the qcow2_co_preadv and qcow2_co_pwritev functions includes an offset parameter and a bytes parameter, where the offset parameter is used to determine the offset position of the virtual disk image, and the bytes parameter is used to determine the requested Content size.
  • step S1 the block information of the virtual disk file is saved by adding the field div_img_size to the file header of the image of the first virtual disk file.
  • step S1 the block information of the virtual disk file is saved in the following directory of the file header of the first virtual disk file: uint64_t div_img_size//.
  • the virtual disk safe storage method provided by the present invention ensures the security of the data in the virtual disk image by storing data in different virtual disk files. If part of the image is stolen, the content of the complete image cannot be restored.
  • Figure 1 Logic diagram of the basic technical concept of the present invention.
  • Figure 2 Prior art virtual disk image IO addressing flow chart.
  • Figure 3 The IO addressing flow chart after segmentation based on the qcow2 virtual disk image of the present invention.
  • Figure 1 is a logic diagram of the basic concept of the present invention: At present, in most cases, the qcow2 virtual disk image is stored in a file. If the backing file function is used, there may be a golden image. If there is an information leak where the virtual disk image file is stored, all data stored in the virtual machine will be easily obtained by the attacker. However, if the virtual disk image can be composed of multiple files, and then put each block of the image in a different location, it is like "putting eggs in different baskets". If the thief only gets a part of the image , it is impossible to restore the contents of the complete image. This allows the virtual disk image to be stored in different locations in blocks, thereby improving the security of the data in the virtual disk image.
  • Blocking strategy in order not to increase the complexity of addressing, we can create a virtual disk image (qemu-img When creating), specify the addressable range of each block, and the operation range will automatically create the next block image.
  • Each block is in qcow2 format, so that the storage space occupied by the block is very small when created. , with the continuous data writing, the mirror slowly expands, retaining the best features of qcow2.
  • the source code of qcow2_co_create_opt / qcow2_open / qcow2_co_preadv / qcow2_co_pwritev adds the image positioning layer (which image read and write requests are assigned to) to realize the block storage of the image.
  • the present invention mainly analyzes the principles of the qcow2 format, and then optimizes the code for the qcow2 format image in the qemu source code, and adds the image positioning layer code by modifying the qcow2 series interface method to achieve image separation. Block storage without affecting the original usage interface and habits.
  • Figure 2 is a prior art virtual disk image IO addressing flow chart.
  • the qcow2 universal addressing process is as follows: Locate the location of the Level1 table in the virtual disk image by reading the qcow2_header, and then find the corresponding addressing in the Level1 table. The location of the Level2 table, and then find the offset corresponding to the cluster where the data is stored.
  • the virtual machine needs to know that the created virtual disk image is a segmented virtual disk image. That is, the virtual machine needs to read this segmentation information when it starts.
  • the file system layer When reading and writing to the virtual disk image, the file system layer will automatically manage the virtual disk image and automatically determine the location from which to write the new file. The program will address and complete the reading and writing based on the information fed back by the file system layer.
  • qemu's qcow2 When qemu's qcow2 processes a "read" read request, it sends the request to the virtual disk file divided into blocks of the corresponding virtual disk image for processing according to the block range.
  • image positioning layer By adding the image positioning layer to the source code of the qcow2_co_preadv function, ensure that the virtual disk file of the corresponding virtual disk image is addressed when processing a read request.
  • qemu's qcow2 When qemu's qcow2 processes a "write" write request, it sends the request to the virtual disk file divided into blocks of the corresponding virtual disk image for processing according to the block range.
  • the virtual disk file of the corresponding virtual disk image By adding the image positioning layer to the source code of the qcow2_co_pwritev function, the virtual disk file of the corresponding virtual disk image can be addressed when processing a write request.
  • the specific steps include the following steps:
  • the so-called “virtual disk file” is a storage method that uses files to simulate hard disk devices and is used by virtual machines. From the perspective of the Host (host), the disk of the virtual machine is just a file, and from the perspective of the Guest (virtual machine), it is no different from an ordinary hard disk.
  • the so-called "QCOW2 format” the full name is qemu copy
  • the Qemu virtual machine dynamically grows the virtual disk image format when a "write” operation occurs.
  • RAW native image format
  • the qcow2 image format is organized into multiple fixed-size units, called clusters. Both actual user data (guest data) and image metadata (metadata) are stored in a cluster unit.
  • This invention avoids the problem that one disk image is stolen and all the data in the entire virtual disk can be cracked by breaking up a previous disk image file into different image files.
  • the present invention can be implemented without changing the original virtual machine usage interface and usage habits, and has good compatibility with upper-layer libvirt and the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

L'invention concerne un procédé de stockage sécurisé utilisant un disque virtuel qui comprend les étapes suivantes : utiliser un outil qemu-img pour créer un ensemble de fichiers de disque virtuel partitionnés, des informations de partition des fichiers de disque virtuel étant écrites dans un en-tête de fichier d'une image d'un premier fichier de disque virtuel ; démarrer une machine virtuelle, spécifier le premier fichier de disque virtuel d'une image de disque virtuel au moyen d'un programme qemu-kvm, lire les informations de partition, et trouver des images des fichiers de disque virtuel restants ; ouvrir un disque virtuel qcow2 en qemu, créer des méta-informations de partition au moyen des informations de partition ; et en fonction des plages de partitions de demandes de lecture/écriture correspondantes, envoyer respectivement les requêtes de lecture/écriture correspondantes aux fichiers de disque virtuel correspondants de l'image de disque virtuel pour un traitement. Selon la présente invention, des données sont stockées dans différents fichiers de disque virtuel, et le contenu d'une image complète ne peut pas être récupéré lorsqu'une partie de l'image est volée, ce qui permet d'assurer la sécurité des données dans une image de disque virtuel.
PCT/CN2022/137630 2022-09-02 2022-12-08 Procédé de stockage sécurisé utilisant un disque virtuel WO2024045407A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202211068135.2 2022-09-02
CN202211068135.2A CN115146318B (zh) 2022-09-02 2022-09-02 虚拟磁盘安全存储方法

Publications (1)

Publication Number Publication Date
WO2024045407A1 true WO2024045407A1 (fr) 2024-03-07

Family

ID=83415825

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/137630 WO2024045407A1 (fr) 2022-09-02 2022-12-08 Procédé de stockage sécurisé utilisant un disque virtuel

Country Status (2)

Country Link
CN (1) CN115146318B (fr)
WO (1) WO2024045407A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115146318B (zh) * 2022-09-02 2022-11-29 麒麟软件有限公司 虚拟磁盘安全存储方法
CN115629716B (zh) * 2022-12-07 2023-04-11 广东睿江云计算股份有限公司 基于磁盘镜像文件的碎片整理方法及碎片整理***

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103516755A (zh) * 2012-06-27 2014-01-15 华为技术有限公司 虚拟存储方法及设备
CN109933278A (zh) * 2017-12-19 2019-06-25 中国电信股份有限公司 用于实现块设备挂载访问的方法和装置
CN113641467A (zh) * 2021-10-19 2021-11-12 杭州优云科技有限公司 一种虚拟机的分布式块存储实现方法
CN115146318A (zh) * 2022-09-02 2022-10-04 麒麟软件有限公司 虚拟磁盘安全存储方法

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101373441B (zh) * 2008-09-19 2012-04-18 苏州壹世通科技有限公司 一种基于固件的虚拟化平台***
US8687814B2 (en) * 2011-05-20 2014-04-01 Citrix Systems, Inc. Securing encrypted virtual hard disks
CN102891876B (zh) * 2011-07-22 2017-06-13 中兴通讯股份有限公司 云计算环境下分布式数据加密方法及***
US10719346B2 (en) * 2016-01-29 2020-07-21 British Telecommunications Public Limited Company Disk encryption
CN108664523B (zh) * 2017-03-31 2021-08-13 华为技术有限公司 一种虚拟磁盘文件格式转换方法和装置
CN109032499B (zh) * 2018-06-09 2022-04-05 西安电子科技大学 一种分布式数据存储的数据存取方法、信息数据处理终端
CN109376119B (zh) * 2018-10-30 2021-10-26 郑州云海信息技术有限公司 一种创建磁盘镜像文件加密快照、使用的方法及存储介质
CN110058813A (zh) * 2019-03-15 2019-07-26 启迪云计算有限公司 一种基于云平台块存储的本地存储管理方法
CN113821170B (zh) * 2021-08-31 2024-06-14 郑州浪潮数据技术有限公司 一种分布式存储***,一种访问方法及组件
CN113961892A (zh) * 2021-11-04 2022-01-21 杭州安恒信息技术股份有限公司 账户安全管控方法、***、可读存储介质及计算机设备
CN114201755A (zh) * 2021-12-15 2022-03-18 电子科技大学广东电子信息工程研究院 一种虚拟机文件***域外安全检测方法
CN114491421A (zh) * 2022-01-21 2022-05-13 北京字跳网络技术有限公司 文件加密、文件处理方法、装置、可读介质和电子设备
CN114968128A (zh) * 2022-07-28 2022-08-30 云宏信息科技股份有限公司 基于qcow2的虚拟磁盘映射方法、***及介质

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103516755A (zh) * 2012-06-27 2014-01-15 华为技术有限公司 虚拟存储方法及设备
CN109933278A (zh) * 2017-12-19 2019-06-25 中国电信股份有限公司 用于实现块设备挂载访问的方法和装置
CN113641467A (zh) * 2021-10-19 2021-11-12 杭州优云科技有限公司 一种虚拟机的分布式块存储实现方法
CN115146318A (zh) * 2022-09-02 2022-10-04 麒麟软件有限公司 虚拟磁盘安全存储方法

Also Published As

Publication number Publication date
CN115146318B (zh) 2022-11-29
CN115146318A (zh) 2022-10-04

Similar Documents

Publication Publication Date Title
JP4089171B2 (ja) 計算機システム
WO2021164166A1 (fr) Procédé, appareil et dispositif de protection de données de service, et support de stockage lisible
WO2024045407A1 (fr) Procédé de stockage sécurisé utilisant un disque virtuel
US20060174352A1 (en) Method and apparatus for providing versatile services on storage devices
WO2011137743A1 (fr) Procédé et système de protection de fichiers
CN100378689C (zh) 一种计算机数据的加密保护及读写控制方法
KR950029930A (ko) 화일 액세스 보안유지 방법 및 장치
EP1012691A1 (fr) Procede et systeme de cryptage de fichiers
KR20080065661A (ko) 파일 시스템으로의 접근을 제어하기 위한 방법, 파일시스템에 사용하기 위한 관련 시스템, sim 카드 및컴퓨터 프로그램 제품
CN106682521B (zh) 基于驱动层的文件透明加解密***及方法
US20220366030A1 (en) Password Management Method and Related Apparatus
WO2019231761A1 (fr) Intégrité de données de bloc à distance mémorisées localement
CN110569651A (zh) 基于国产操作***的文件透明加解密方法及***
WO2023056742A1 (fr) Procédé, appareil et système de chiffrement de disque dur en nuage, procédé, appareil et système de déchiffrement de disque dur en nuage, et support de stockage lisible
WO2023273647A1 (fr) Procédé de réalisation d'un module de plateforme de confiance virtualisée, et processeur sécurisé et support de stockage
WO2023010834A1 (fr) Procédé et appareil pour démarrer un système linux intégré, et support de stockage
CN109376119B (zh) 一种创建磁盘镜像文件加密快照、使用的方法及存储介质
CN108229190A (zh) 透明加解密的控制方法、装置、程序、存储介质和电子设备
CN101447009A (zh) 软件安装方法、装置及***
CN101447013A (zh) 软件运行方法、装置及***
US20080107261A1 (en) Method for Protecting Confidential Data
CN113342473A (zh) 数据处理方法、安全虚拟机的迁移方法及相关装置、架构
CN113568568A (zh) 一种基于分布式存储的硬件加密方法、***及装置
CN116680715A (zh) 一种数据库加密配置方法、装置、电子设备及存储介质
CN110134339A (zh) 一种基于文件虚拟盘的数据保护方法及***

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22957219

Country of ref document: EP

Kind code of ref document: A1