CN103107995B - A kind of cloud computing environment date safety storing system and method - Google Patents
A kind of cloud computing environment date safety storing system and method Download PDFInfo
- Publication number
- CN103107995B CN103107995B CN201310048802.5A CN201310048802A CN103107995B CN 103107995 B CN103107995 B CN 103107995B CN 201310048802 A CN201310048802 A CN 201310048802A CN 103107995 B CN103107995 B CN 103107995B
- Authority
- CN
- China
- Prior art keywords
- data
- key
- server
- user
- encrypt
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of cloud computing environment date safety storing system and method, it comprises and connects key mapping server respectively and carry out the Key Management server of exchanges data, encryption and decryption server, user side and cloud platform with key mapping server; Preserved and the mapping relations of maintenance key and enciphered data by key mapping server, break contacting directly between key value and encrypt data.After address data memory sends to user side, or after user data sends to user side, key mapping server deletes key value, user data and encrypt data; Encryption and decryption server deletes key value, user data and encrypt data after completing encryption or deciphering.So just make the position of preservation key mapping relation can not there is key value and encrypt data simultaneously, key value and key mapping relation can not be there is in the position of preserving encrypt data simultaneously, can not there is key mapping relation and encrypt data in the position of preserving key value, reach tripartite's independence of key value, encrypt data, key mapping relation simultaneously.
Description
Technical field
The present invention relates to a kind of information safety system and method, be specifically related to a kind of cloud computing environment date safety storing system and method.
Background technology
Cloud computing is a kind of distributed computing services of Internet, one as IT resource and service is delivered for use model, it can realize whenever and wherever possible, easily, as required from configurable computing resource sharing pond, obtain required resource (as network, server, storage, application, service etc.), these resources can be provided rapidly and are issued, and minimize the interference of management cost or service provider simultaneously.Cloud computing is the technical term that IT circles are the most popular in recent years, and a lot of expert thinks, cloud computing can change the technical foundation of the Internet, even can affect the general layout of whole industry.At present, nearly all in the world IT industry giant throws oneself in the investigation and application industry of cloud computing.
When cloud computing system calculation process to as if the store and management of mass data time, just need in cloud computing system to configure a large amount of memory devices, and dissimilar memory device to be got up collaborative work by software assembly, jointly externally provide data storage service.Like this, In the view of user, the rear end of cloud computing system is exactly a huge cloud platform, and this cloud platform is shared by a large number of users, and the thing that user will do is exactly uploading data in cloud platform, and need not be concerned about how data are deposited.But, the private data of party a subscriber probably with the deposit data of party b subscriber on same storage server, or even on same disk.Party b subscriber just has an opportunity to utilize virtual machine to steal the data stored in cloud platform, if the data of party a subscriber are that expressly so the data of party a subscriber are just difficult to be protected, and can be illegally used or revise, finally causes revealing.
In order to solve the problem of data safety in cloud platform, in prior art, typical solution adopts encryption technology to data encryption in full, will be stored to cloud platform after data encryption.But when relating to mass data, need to generate the encryption and decryption key that also maintenance management is a large amount of, due to the professional of key management and complexity, the cipher key management services that some user's choice for use third parties provide.If but carry out conspiracy attack between the provider of key management side and cloud platform, the data of user just can not get due protection.
Summary of the invention
To the present invention is directed in prior art the data security risk problem that in cloud computing environment cloud computing environment especially exists in cloud storage environment; propose a kind of contact can broken between key and encrypt data; the mapping relations of maintenance key and encrypt data are carried out by third party; under the prerequisite not relying on cloud service provider and cipher key management services provider reliability; for the cloud computing environment date safety storing system using the user of cloud computing to provide data confidentiality safeguard protection, and realize the cloud computing environment secure storage method of data of said system.
Technical scheme of the present invention is as follows:
A kind of cloud computing environment date safety storing system, is characterized in that: it comprises and connects key mapping server respectively and carry out the Key Management server of exchanges data, encryption and decryption server, user side and cloud platform with described key mapping server; Described user side proposes storage resource request or request of data to described key mapping server, and described storage resource request comprises user ID and user data, the address data memory that described request of data comprises user ID and returned by described cloud platform; Described key mapping server generates key identification according to described storage resource request, generates the key value corresponding with described key identification in described Key Management server; Described key mapping server obtains encrypt data and key value by described cloud platform and Key Management server respectively according to described request of data; Described ciphering user data is become encrypt data according to described key value by described encryption and decryption server, or according to described key value, described encrypt data is decrypted into described user data, after completing encryption or deciphering, delete described key value, user data and encrypt data;
Store the mapping relations of described user ID, key identification and address data memory in described key mapping server, in described Key Management server, store described key identification and key value, in described cloud platform, store described encrypt data.
Described key mapping server proposes key request for using described key identification to described Key Management server, receives the key value that described Key Management server generates; Or input described key value and described user data to described encryption and decryption server, described encryption and decryption server converts described user data to encrypt data, preserved in described encrypt data input cloud platform by described key mapping server, the address data memory that described cloud platform exports returns described user side, store the mapping relations of described user ID, key identification and address data memory in described key mapping server, delete described key value, user data and encrypt data;
Or according to the described request of data of described user side, input described address data memory to described cloud platform, receive the described encrypt data corresponding with described address data memory exported by described cloud platform; Or Key Management server returns described key value according to the described key identification request corresponding with described address data memory, described encrypt data and described key value are together inputted described encryption and decryption server, described encryption and decryption server converts described encrypt data to described user data and returns described user side, and described key mapping server deletes described key value, user data and encrypt data.
Described cloud platform, for preserving the described encrypt data inputted by described key mapping server, returns described address data memory to described key mapping server; Or search corresponding described encrypt data according to the described address data memory of described key mapping server input, export described encrypt data to described key mapping server.
Described key identification is stochastic generation.
Described key mapping server, Key Management server and cloud platform are separate.
Described key mapping server and/or encryption and decryption server are the functional module being integrated in described user side itself.
A kind of cloud computing environment secure storage method of data realizing described cloud computing environment date safety storing system, it comprises structure one cloud computing environment date safety storing system, comprises and connects key mapping server respectively and carry out the Key Management server of exchanges data, encryption and decryption server, user side and cloud platform with described key mapping server;
Wherein, the step that ciphering user data stores comprises:
1) user ID and user data are sent to described key mapping server by described user side;
2) described key mapping server generates the key identification corresponding with described user ID, and receives the key value corresponding to described key identification generated by described Key Management server, and described Key Management server stores described key identification and key value;
3) described key value and user data are sent to described encryption and decryption server described ciphering user data are become encrypt data by described key mapping server;
4) after described encrypt data preserved by described cloud platform, address data memory is sent to described user side;
The step that described user data requests uses comprises:
I) described user ID and address data memory are sent to described key mapping server by described user side;
II) described address data memory inputs in described cloud platform and retrieves and return the described encrypt data corresponding with described address data memory by described key mapping server;
III) the described key identification that described key mapping server is corresponding according to described address data memory extracts described key value in described Key Management server;
IV) described encrypt data and key value together input in described encryption and decryption server and described encrypt data are decrypted into described user data by described key mapping server, and described user data is returned described user side.
The mapping relations of described user ID, key identification and address data memory are stored in described key mapping server; Store described key identification and key value in described Key Management server, in described cloud platform, store described encrypt data.
Described encryption and decryption server, after completing encryption or deciphering, deletes described key value, user data and encrypt data.
After described address data memory is sent to described user side, or after described user data is sent to described user side, described key mapping server deletes key value, user data and encrypt data.
Technique effect of the present invention is as follows:
A kind of cloud computing environment date safety storing system of the present invention and method, it is characterized in that: a kind of cloud computing environment date safety storing system, is characterized in that: it comprises and connects key mapping server respectively and carry out the Key Management server of exchanges data, encryption and decryption server, user side and cloud platform with key mapping server; User side proposes storage resource request or request of data to key mapping server, and storage resource request comprises user ID and user data, the address data memory that request of data comprises user ID and returned by cloud platform; Key mapping server generates key identification according to storage resource request, generates the key value corresponding with key identification in Key Management server; The request of key mapping server based on data obtains encrypt data and key value by cloud platform and Key Management server respectively; Ciphering user data is become encrypt data according to key value by encryption and decryption server, or according to key value, encrypt data is decrypted into user data, after completing encryption or deciphering, deletes key value, user data and encrypt data.The present invention is by application key mapping technology, introduce the third party being used for key mapping management, namely key value, encrypt data, key mapping relation are all separately preserved, any two sides making to store respectively these data conspire or data leak all cannot crack the confidentiality of encrypt data, effectively solve the conspiracy attack problem that key management side and cloud store provider, achieve data security storage scheme under cloud computing environment.
The present invention is by the mapping relations of the mark of stored user in key mapping server, key identification and address data memory, key identification and key value is stored in Key Management server, store encrypt data in cloud platform, thus break contacting directly between key value and encrypt data.And after address data memory sends to user side, or after user data sends to user side, key mapping server deletes key value, user data and encrypt data; Encryption and decryption server deletes key value, user data and encrypt data after completing encryption or deciphering.So just make the position of preservation key mapping relation can not there is key value and encrypt data simultaneously, key value and key mapping relation can not be there is in the position of preserving encrypt data simultaneously, key mapping relation and encrypt data can not be there is in the position of preserving key value simultaneously, reach tripartite's independence of key value, encrypt data, key mapping relation, effectively ensure that the data security of user, prevent user data to be maliciously tampered or leakage problem.
In the present invention, the generation of key information and management process, key mapping process, data encrypting and deciphering process have been come by corresponding server, user only need safeguard self user ID and address data memory information, greatly can save the loaded down with trivial details secret generating of user and the operation such as management, data encrypting and deciphering, therefore there is good Consumer's Experience.
Accompanying drawing explanation
Fig. 1 is cloud computing environment date safety storing system structural representation of the present invention
Fig. 2 is the schematic flow sheet of ciphering user data storing process of the present invention
Fig. 3 is the schematic flow sheet of user data requests use procedure of the present invention
Embodiment
Below in conjunction with accompanying drawing, the present invention will be described.
In the following description, the technical staff that some details are computer realm provides and understands entirety of the present invention.In an embodiment, show with the form of schematic diagram or block diagram the element realizing concrete function, so that outstanding technology emphasis, and can not fuzzy the present invention in unnecessary details.Such as, due to cover in the understanding scope of those of ordinary skill in the art about disclosed in this areas such as network service, electromagnetic signal instruction technique, user side interface or I/O technology, the details of common-sense, thus eliminate above-mentioned ins and outs to the full extent in an embodiment, and do not think that these details obtain the necessary feature of complete skill scheme of the present invention.
As shown in Figure 1, cloud computing environment date safety storing system of the present invention comprises key mapping server 1, Key Management server 2, encryption and decryption server 3 and user side 4, key mapping server 1 is connected with Key Management server 2, encryption and decryption server 3 and user side 4 respectively, and carry out exchanges data, key mapping server 1 is also connected with cloud platform 5, realizes the upload and download of encrypt data.Wherein:
User side 4, as the user of cloud computing system, can propose the storage resource request of upload user data to key mapping server 1 and receive the request of data of user data; Wherein the content of storage resource request is user ID User_id and user data Plain_Data, and content data request is user ID User_id and address data memory Data_url.Because same user side 4 may have many numbers certificate, therefore for user side 4, user ID User_id is not unique, but address data memory Data_url has uniqueness for user ID User_id.Wherein address data memory Data_url is for identifying the memory location of encrypt data in cloud platform 4.
The key identification Key_id that key mapping server 1 is corresponding with user ID User_id according to the storage resource request stochastic generation one of user side 4, and use key identification Key_id to propose key request to Key Management server 2, receive the key value Key generated by Key Management server 2 afterwards; Or input key value Key and user data Plain_Data to encryption and decryption server 3, request converts user data Plain_Data to encrypt data Cipher_Data, and the encrypt data Cipher_Data after conversion is inputted cloud platform 5, finally the address data memory Data_url that cloud platform 5 exports is returned user side 4 by key mapping server 1, the mapping relations of stored user mark User_id, key identification Key_id and address data memory Data_url, delete key value Key, user data Plain_Data and encrypt data Cipher_Data;
Or according to the request of data of user side 4, whether the user ID User_id that checking is inputted by user side 4 and address data memory Data_url mates, confirm that backward cloud platform 5 proposes to comprise the encrypt data request of address data memory Data_url, receive the encrypt data Cipher_Data corresponding with address data memory Data_url exported by cloud platform 5 afterwards; Or the key identification Key_id corresponding according to the address data memory Data_url stored before asks Key Management server 2 " return " key" value Key, afterwards encrypt data Cipher_Data and key value Key is together inputted encryption and decryption server 3, request converts encrypt data Cipher_Data to user data Plain_Data, and the user data Plain_Data after conversion is returned to user side 4, delete key value Key, user data Plain_Data and encrypt data Cipher_Data simultaneously.
Key mapping server 1 only stores the mapping relations that maintenance customer identifies User_id, key identification Key_id and address data memory Data_url, typical mapping relations are as (User_id, Key_id, Data_url), and the not any key value Key of longer-term storage, user data Plain_Data or encrypt data Cipher_Data information.
Key Management server 2 answers the key request of key mapping server 1 to be that user side 4 generates the key value Key corresponding to key identification Key_id, and manage, maintenance key information, typical key information comprises the key value Key of key identification Key_id and correspondence thereof.
Encryption and decryption server 3 is for providing data encrypting and deciphering service, the key value Key inputted according to key mapping server 1 and user data Plain_Data, convert user data Plain_Data to encrypt data Cipher_Data, afterwards by encrypt data Cipher_Data " return " key" mapping server 1; Or according to key mapping server 1 input key value Key and encrypt data Cipher_Data, convert encrypt data Cipher_Data to user data Plain_Data, afterwards by user data Plain_Data " return " key" mapping server 1.After completing cryptographic operation or decryption oprerations, encryption and decryption server 3 deletes key value Key, user data Plain_Data and encrypt data Cipher_Data.
Cloud platform 5 i.e. cloud computing service platform, for providing calculating or stores service to user side 4, preserves the encrypt data Cipher_Data inputted by key mapping server 1, and to key mapping server 1 return data memory address Data_url; Or search corresponding encrypt data Cipher_Data according to the address data memory Data_url that key mapping server 1 inputs, and export encrypt data Cipher_Data to key mapping server 1.
For above-described embodiment, key mapping server 1, Key Management server 2 and cloud platform 4 is independently tripartite's entity, and any two sides conspire or data leak all cannot obtain the user data Plain_Data of user side 4.Wherein key mapping server 1 and encryption and decryption server 3 both can be two server entities being totally independent of user side 4, also can be the functional modules being integrated in user side 4 itself, i.e. key mapping module and encryption/decryption module.
Cloud computing environment secure storage method of data of the present invention mainly comprises ciphering user data storage and user data requests uses two processes.Wherein:
As shown in Figure 2, what ciphering user data storing process described is that user data Plain_Data adopts the form of encryption to be stored to cloud platform 5 by user side 4, uses the fail safe of data in key mapping technique guarantee cloud platform 5 simultaneously, comprises the following steps:
1) user side 4 use safety transmission channel, as SSL encrypted tunnel, is sent to key mapping server 1 by user ID User_id and user data Plain_Data, proposes the storage resource request of upload user data;
2) key mapping server 1 corresponds to the key identification Key_id of user ID User_id according to the storage resource request stochastic generation one of user side 4, and uses key identification Key_id to propose key request to Key Management server 2;
3) Key Management server 2 answers the key request of key mapping server 1 to be that user side 4 generates the key value Key corresponding to key identification Key_id, and is stored in Key Management server 2 by key information (Key_id, Key);
4) Key Management server 4 is to key mapping server 1 " return " key" information (Key_id, Key);
5) key value Key and user data Plain_Data is sent to encryption and decryption server 3 by key mapping server 1, request cryptographic operation;
6) encryption and decryption server 3 converts user data Plain_Data to encrypt data Cipher_Data according to the key value Key received;
7) encrypt data Cipher_Data is back to key mapping server 1 by encryption and decryption server 3, deletes key value Key, user data Plain_Data and encrypt data Cipher_Data afterwards;
8) the encrypt data Cipher_Data received is sent to cloud platform 5 by key mapping server 1;
9) encrypt data Cipher_Data is stored in relevant memory device by cloud platform 5;
10) address data memory Data_url is returned to key mapping server 1 by cloud platform 5;
11) in key mapping server 1, Storage Mapping, to (Key_id, Data_url), deletes key value Key, user data Plain_Data and encrypt data Cipher_Data simultaneously;
12) address data memory Data_url is returned to user side 4 by key mapping server 1.
As shown in Figure 3, when what the use procedure of user side request of data described is user side 4 request msg, first key mapping server 1 obtains encrypt data Cipher_Data from cloud platform 5, mapping relations according to the key identification Key_id stored in key mapping server 1 and address data memory Data_url obtain key value Key, return to the process of user side 4 after being deciphered by encrypt data Cipher_Data.It comprises the following steps:
I) user side 4 proposes to key mapping server 1 request of data receiving user data, and the content of request of data comprises user ID User_id and address data memory Data_url;
II) key mapping server 1 is according to the request of data of user side 4, proposes the encrypt data request comprising address data memory Data_url according to address data memory Data_url to cloud platform 5;
III) cloud platform 5 is retrieved according to address data memory Data_url and is returned the encrypt data Cipher_Data corresponding with address data memory Data_url to key mapping server 1;
IV) the key identification Key_id that key mapping server 1 is corresponding according to address data memory Data_url in mapping relations (User_id, Key_id, Data_url);
V) key mapping server 1 proposes key request according to key identification Key_id to Key Management server 2;
VI) Key Management server 2 inquires about corresponding key value Key according to key identification Key_id, and key value Key is returned to key mapping server 1;
VII) encrypt data Cipher_Data and key value Key is together given encryption and decryption server 3 by key mapping server 1, request decryption oprerations;
VIII) encryption and decryption server 3 converts encrypt data Cipher_Data to user data Plain_Data, afterwards user data Plain_Data is inputed to key mapping server 1;
IX) key mapping server 1 returns user data Plain_Data to user side 4.
It should be pointed out that the above embodiment can make the invention of those skilled in the art's comprehend, but do not limit the present invention in any way creation.Therefore; although this specification has been described in detail the invention with reference to drawings and Examples; but; those skilled in the art are to be understood that; still can modify to the invention or equivalent replacement; in a word, all do not depart from technical scheme and the improvement thereof of the spirit and scope of the invention, and it all should be encompassed in the middle of the protection range of the invention patent.
Claims (10)
1. a cloud computing environment date safety storing system, is characterized in that: it comprises and connects key mapping server respectively and carry out the Key Management server of exchanges data, encryption and decryption server, user side and cloud platform with described key mapping server; Described user side proposes storage resource request or request of data to described key mapping server, and described storage resource request comprises user ID and user data, the address data memory that described request of data comprises user ID and returned by described cloud platform; Described key mapping server generates key identification according to described storage resource request, generates the key value corresponding with described key identification in described Key Management server; Described key mapping server obtains encrypt data and key value by described cloud platform and Key Management server respectively according to described request of data; Described ciphering user data is become encrypt data according to described key value by described encryption and decryption server, or according to described key value, described encrypt data is decrypted into described user data, after completing encryption or deciphering, delete described key value, user data and encrypt data;
Store the mapping relations of described user ID, key identification and address data memory in described key mapping server, in described Key Management server, store described key identification and key value, in described cloud platform, store described encrypt data.
2. a kind of cloud computing environment date safety storing system as claimed in claim 1, it is characterized in that: described key mapping server proposes key request for using described key identification to described Key Management server, receives the key value that described Key Management server generates; Or input described key value and described user data to described encryption and decryption server, described encryption and decryption server converts described user data to encrypt data, preserved in described encrypt data input cloud platform by described key mapping server, the address data memory that described cloud platform exports returns described user side, store the mapping relations of described user ID, key identification and address data memory in described key mapping server, delete described key value, user data and encrypt data;
Or according to the described request of data of described user side, input described address data memory to described cloud platform, receive the described encrypt data corresponding with described address data memory exported by described cloud platform; Or Key Management server returns described key value according to the described key identification request corresponding with described address data memory, described encrypt data and described key value are together inputted described encryption and decryption server, described encryption and decryption server converts described encrypt data to described user data and returns described user side, and described key mapping server deletes described key value, user data and encrypt data.
3. a kind of cloud computing environment date safety storing system as claimed in claim 1, it is characterized in that: described cloud platform, for preserving the described encrypt data inputted by described key mapping server, returns described address data memory to described key mapping server; Or search corresponding described encrypt data according to the described address data memory of described key mapping server input, export described encrypt data to described key mapping server.
4. a kind of cloud computing environment date safety storing system as described in claim 1 or 2 or 3, is characterized in that: described key identification is stochastic generation.
5. a kind of cloud computing environment date safety storing system as described in claim 1 or 2 or 3, is characterized in that: described key mapping server, Key Management server and cloud platform are separate.
6. a kind of cloud computing environment date safety storing system as described in claim 1 or 2 or 3, is characterized in that: described key mapping server and/or encryption and decryption server are the functional module being integrated in described user side itself.
7. a cloud computing environment secure storage method of data, it comprises structure one cloud computing environment date safety storing system, comprises and connects key mapping server respectively and carry out the Key Management server of exchanges data, encryption and decryption server, user side and cloud platform with described key mapping server;
Wherein, the step that ciphering user data stores comprises:
1) user ID and user data are sent to described key mapping server by described user side;
2) described key mapping server generates the key identification corresponding with described user ID, and receives the key value corresponding to described key identification generated by described Key Management server, and described Key Management server stores described key identification and key value;
3) described key value and user data are sent to described encryption and decryption server described ciphering user data are become encrypt data by described key mapping server;
4) after described encrypt data preserved by described cloud platform, address data memory is sent to described user side;
The step that described user data requests uses comprises:
I) described user ID and address data memory are sent to described key mapping server by described user side;
II) described address data memory inputs in described cloud platform and retrieves and return the described encrypt data corresponding with described address data memory by described key mapping server;
III) the described key identification that described key mapping server is corresponding according to described address data memory extracts described key value in described Key Management server;
IV) described encrypt data and key value together input in described encryption and decryption server and described encrypt data are decrypted into described user data by described key mapping server, and described user data is returned described user side.
8. a kind of cloud computing environment secure storage method of data as claimed in claim 7, is characterized in that: the mapping relations storing described user ID, key identification and address data memory in described key mapping server; Store described key identification and key value in described Key Management server, in described cloud platform, store described encrypt data.
9. a kind of cloud computing environment secure storage method of data as claimed in claim 7, is characterized in that: described encryption and decryption server, after completing encryption or deciphering, deletes described key value, user data and encrypt data.
10. a kind of cloud computing environment secure storage method of data as described in claim 7 or 8 or 9, it is characterized in that: after described address data memory is sent to described user side, or after described user data is sent to described user side, described key mapping server deletes key value, user data and encrypt data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310048802.5A CN103107995B (en) | 2013-02-06 | 2013-02-06 | A kind of cloud computing environment date safety storing system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310048802.5A CN103107995B (en) | 2013-02-06 | 2013-02-06 | A kind of cloud computing environment date safety storing system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103107995A CN103107995A (en) | 2013-05-15 |
CN103107995B true CN103107995B (en) | 2015-11-25 |
Family
ID=48315565
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310048802.5A Active CN103107995B (en) | 2013-02-06 | 2013-02-06 | A kind of cloud computing environment date safety storing system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103107995B (en) |
Families Citing this family (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103457932B (en) * | 2013-08-15 | 2016-08-10 | 中电长城网际系统应用有限公司 | A kind of cloud computing environment secure storage method of data and system |
US9311500B2 (en) * | 2013-09-25 | 2016-04-12 | Amazon Technologies, Inc. | Data security using request-supplied keys |
US9922200B2 (en) * | 2014-06-30 | 2018-03-20 | Microsoft Technology Licensing, Llc | Securely storing content within public clouds |
CN104363288B (en) * | 2014-11-18 | 2018-09-14 | 深圳市大成天下信息技术有限公司 | A kind of document file management system and method |
CN104601571A (en) * | 2015-01-14 | 2015-05-06 | 浪潮电子信息产业股份有限公司 | Data encryption system and method for interaction between tenants and cloud server memory |
CN105516117A (en) * | 2015-12-02 | 2016-04-20 | 南方电网科学研究院有限责任公司 | Cloud computing-based electric power data secure storage method |
CN105429993B (en) * | 2015-12-10 | 2018-08-10 | 黄信开 | A kind of smart mobile phone privacy protection method based on cloud storage |
CN106936579A (en) * | 2015-12-30 | 2017-07-07 | 航天信息股份有限公司 | Cloud storage data storage and read method based on trusted third party agency |
CN106612172B (en) * | 2016-07-15 | 2019-09-17 | 李福帮 | A kind of data tampering recovery algorithms can verify that restoring data authenticity in cloud storage |
CN107665311A (en) * | 2016-07-28 | 2018-02-06 | 中国电信股份有限公司 | Authentication Client, encryption data access method and system |
CN106059767A (en) * | 2016-08-17 | 2016-10-26 | 王树栋 | Terminal private data protection system and method based on Internet |
CN108429719B (en) * | 2017-02-14 | 2020-12-01 | 华为技术有限公司 | Key protection method and device |
CN107124271B (en) * | 2017-04-28 | 2020-12-04 | 成都梆梆信息技术咨询服务有限公司 | Data encryption and decryption method and equipment |
CN107295069B (en) * | 2017-05-27 | 2020-06-02 | Oppo广东移动通信有限公司 | Data backup method and device, storage medium and server |
CN107707611B (en) * | 2017-08-09 | 2020-11-03 | 南方电网科学研究院有限责任公司 | Electric power data cloud processing method, device and system |
CN108429733A (en) * | 2018-02-05 | 2018-08-21 | 济南浪潮高新科技投资发展有限公司 | A kind of system of data processing |
CN110213201B (en) * | 2018-03-01 | 2021-09-10 | 腾讯科技(深圳)有限公司 | Data security processing method and device, computer equipment and storage medium |
CN109361679A (en) * | 2018-11-08 | 2019-02-19 | 蓝信移动(北京)科技有限公司 | Message monitoring method and system and key server |
CN109726584B (en) * | 2018-12-12 | 2023-08-25 | 西安得安信息技术有限公司 | Cloud database key management system |
CN109858277A (en) * | 2019-01-11 | 2019-06-07 | 广州大学 | A kind of big data construction storage method and system based on data desensitization |
CN109981275B (en) * | 2019-05-06 | 2022-03-08 | 捷德(中国)科技有限公司 | Data transmission method, device, system, equipment and storage medium |
CN112152978B (en) * | 2019-06-28 | 2021-07-20 | 北京金山云网络技术有限公司 | Key management method, device, equipment and storage medium |
CN111988140B (en) * | 2020-08-20 | 2023-04-18 | 四川爱联科技股份有限公司 | Key management method, system and terminal for Internet of things module |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101784045A (en) * | 2009-01-20 | 2010-07-21 | 英华达(上海)电子有限公司 | Method and device for generating secrete key and method and device for loading secrete key |
CN102075542A (en) * | 2011-01-26 | 2011-05-25 | 中国科学院软件研究所 | Cloud computing data security supporting platform |
US20120328105A1 (en) * | 2001-09-20 | 2012-12-27 | CloudByte,Inc. | Techniques for achieving tenant data confidentiality from cloud service provider administrators |
JP5164029B2 (en) * | 2008-04-10 | 2013-03-13 | 日本電気株式会社 | Information leakage prevention apparatus, method and program thereof |
-
2013
- 2013-02-06 CN CN201310048802.5A patent/CN103107995B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120328105A1 (en) * | 2001-09-20 | 2012-12-27 | CloudByte,Inc. | Techniques for achieving tenant data confidentiality from cloud service provider administrators |
JP5164029B2 (en) * | 2008-04-10 | 2013-03-13 | 日本電気株式会社 | Information leakage prevention apparatus, method and program thereof |
CN101784045A (en) * | 2009-01-20 | 2010-07-21 | 英华达(上海)电子有限公司 | Method and device for generating secrete key and method and device for loading secrete key |
CN102075542A (en) * | 2011-01-26 | 2011-05-25 | 中国科学院软件研究所 | Cloud computing data security supporting platform |
Also Published As
Publication number | Publication date |
---|---|
CN103107995A (en) | 2013-05-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103107995B (en) | A kind of cloud computing environment date safety storing system and method | |
CN103327002B (en) | Based on the cloud memory access control system of attribute | |
CN111431713B (en) | Private key storage method and device and related equipment | |
CN104618096B (en) | Protect method, equipment and the TPM key administrative center of key authorization data | |
CN104462949B (en) | The call method and device of a kind of plug-in unit | |
CN101815091A (en) | Cipher providing equipment, cipher authentication system and cipher authentication method | |
CN109067528A (en) | Crypto-operation, method, cryptographic service platform and the equipment for creating working key | |
CN102984273B (en) | Encryption method, decryption method, encryption device and decryption device of virtual disk and cloud server | |
CN107370595A (en) | One kind is based on fine-grained ciphertext access control method | |
US11757625B2 (en) | Multi-factor-protected private key distribution | |
CN103457932A (en) | Data safety storage method and system under cloud computing environment | |
CN105516157A (en) | Independent encryption based network information safe input system and method | |
CN107948212A (en) | A kind of processing method and processing device of daily record | |
CN105022966A (en) | Database data encryption and decryption method and system | |
CN107070856A (en) | Encryption/decryption speed improvement method of encryption is applied compoundly | |
Sengupta et al. | Designing of cryptography based security system for cloud computing | |
Gupta et al. | Compendium of data security in cloud storage by applying hybridization of encryption algorithm | |
CN111181920A (en) | Encryption and decryption method and device | |
Agarkhed et al. | An efficient auditing scheme for data storage security in cloud | |
CN103905557A (en) | Data storage method and device used for cloud environment and downloading method and device | |
CN112308236A (en) | Method, device, electronic equipment and storage medium for processing user request | |
CN113918982B (en) | Data processing method and system based on identification information | |
CN115085917A (en) | Data fusion computing method, device, equipment and medium of trusted execution environment | |
CN107342862B (en) | Method and system for realizing key generation and protection by cloud plus-end triple-authority separation | |
CN114003955A (en) | Block chain-based security credit worthiness control method and related equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |