Nothing Special   »   [go: up one dir, main page]

CN108491732A - A kind of mass storage data protection system and method based on business isolated storage - Google Patents

A kind of mass storage data protection system and method based on business isolated storage Download PDF

Info

Publication number
CN108491732A
CN108491732A CN201810204643.6A CN201810204643A CN108491732A CN 108491732 A CN108491732 A CN 108491732A CN 201810204643 A CN201810204643 A CN 201810204643A CN 108491732 A CN108491732 A CN 108491732A
Authority
CN
China
Prior art keywords
data
datanode
nodes
key
operation system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810204643.6A
Other languages
Chinese (zh)
Inventor
孙大军
元河清
孙晓妮
陈小龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Chaoyue CNC Electronics Co Ltd
Original Assignee
Shandong Chaoyue CNC Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Chaoyue CNC Electronics Co Ltd filed Critical Shandong Chaoyue CNC Electronics Co Ltd
Priority to CN201810204643.6A priority Critical patent/CN108491732A/en
Publication of CN108491732A publication Critical patent/CN108491732A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6272Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of, and the mass storage data based on business isolated storage protects system and method, including operation system, if providing business datum to be stored configured with dry doubling;Distributed file system HDFS, including NameNode nodes, DataNode nodes, NameNode nodes, DataNode nodes are all connected with above-mentioned operation system, NameNode nodes store and provide the correspondence of data to be stored and DataNode nodes, corresponding business datum to be stored in DataNode node storage service systems;Key Management server KMS is communicated to connect with DataNode nodes and is provided key for it, by the way that key is sent to the encryption and decryption that storage service data are treated in the completion of DataNode nodes.This it is a kind of based on business isolated storage mass storage data protection system and method compared with prior art; it can effectively prevent access and parsing of the user to mass storage data; even if data are by user's unauthorized access; also data therein can not be correctly parsed, the safety of mass storage data can be effectively protected.

Description

A kind of mass storage data protection system and method based on business isolated storage
Technical field
The present invention relates to technical field of data security, especially specifically it is a kind of it is highly practical, be based on business isolated storage Mass storage data protect system and method.
Background technology
Cloud computing system realizes that the dynamic allocation of resource, elasticity are disposed by virtual machine technology, and virtualization technology is logical Cross realizes system-level isolation to the abstract package of hardware resource, is provided mutually not for the application and service of different safety class The running environment of influence also provides advantage for system security monitoring software deployment.
Cloud storage is the storage service with elastic telescopic ability realized on the basis of cloud computing, when user uploads certainly When body clear data is to mass storage system (MSS), including system manager user be easy to access to mass storage data and Parsing causes data to be easy by user's unauthorized access, and the safety for storing data is unable to get effective protection.
To realize that the data isolation of multi-tenant, book patent of invention propose a kind of magnanimity based on business isolated storage and deposit Store up Data Protection Technologies.
Invention content
The technical assignment of the present invention is to be directed to the above shortcoming, provide it is a kind of it is highly practical, be based on business isolated storage Mass storage data protect system and method.
A kind of mass storage data protection system based on business isolated storage, including,
Operation system, if providing business datum to be stored configured with dry doubling;
Distributed file system HDFS, including NameNode nodes, DataNode nodes, NameNode nodes, DataNode sections Point is all connected with above-mentioned operation system, and NameNode nodes store and provide data to be stored pass corresponding with DataNode nodes It is corresponding business datum to be stored in DataNode node storage service systems;
Key Management server KMS is communicated to connect with DataNode nodes and is provided key for it, by the way that key to be sent to DataNode nodes are completed to treat the encryption and decryption of storage service data.
Business datum Data to be stored is divided into polylith by the operation system first before storing business datum, number Block is used according to piecemealmIt indicates, i.e. Data={ block1, block2..., blockm, wherein m=business datum Data's is big Small divided by system block size, system block size is then by the self-defined setting of administrator.
When the key that the Key Management server KMS is provided is encrypted, according to the data of DataNode nodes acquisition Piecemeal determination, i.e.,:Deblocking is sent to corresponding DataNode nodes by operation system first;DataNode nodes again with it is close Key management server KMS is communicated, and obtains corresponding data encryption key key, then deblocking is encrypted.
The Encryption Algorithm that use is encrypted in the data key piecemeal includes DES algorithms, commercial symmetric encipherment algorithm.
When the key that the Key Management server KMS is provided is decrypted, according to the data of DataNode nodes storage Piecemeal determination, i.e.,:User carries out communicating pair for obtaining deblocking and DataNode with NameNode nodes by operation system It should be related to, the data then read according to user's needs, transmission data piecemeal read requests to DataNode nodes, by DataNode nodes obtain its corresponding key according to user id from Key Management server KMS, are carried out to ciphertext deblocking Decryption, and the data after decryption are returned into operation system and are read by user.
A kind of mass storage data guard method based on business isolated storage is based on above system, and realization process is,
Step 1: business datum to be stored is uploaded to the DataNode sections of distributed file system HDFS by operation system first Point;
Step 2: it is corresponding to carry out communication acquisition by the id and Key Management server KMS of DataNode node foundation operation systems The key of operation system completes the cryptographic operation of data;
Step 3: when operation system reads data, id and cipher key management services by DataNode nodes according to operation system Device KMS carries out the key that communication obtains corresponding operation system, completes the decryption oprerations of data, then returns data to user.
Further include the steps that system initialization before step 1, in this step, Key Management server KMS is initial Change system initial parameter:Key Management server KMS reads the quantity BussNum that operation system configuration file obtains operation system And the safe class SecLevel of operation system, and build key keynWith operation system bussnBetween mapping relations, wherein n Value is 1 ... BussNum, key keynLength determined by operation system safe class SecLevel, i.e. operation system Safe class is higher, and key length is longer.
In the step 1, business datum to be stored uploads to DataNode nodes in the form of data block:Business system Business datum Data to be stored is divided into polylith by system first before storing business datum, and deblocking uses blockmCome It indicates, i.e. Data={ block1, block2..., blockm, the size divided by system block size of wherein m=business datum Data, System block size is then by the self-defined setting of administrator.
It is to the detailed process that data are encrypted in the step 2:
Operation system carries out communicating the correspondence for obtaining deblocking and DataNode nodes with NameNode nodes first;
Then deblocking is sent to corresponding back end DataNode;
It is communicated with Key Management server KMS by DataNode nodes, obtains the data encryption key of the operation system, so Deblocking block is encrypted afterwards;
Finally encrypted deblocking is copied on other DataNode.
It is to the detailed process that data are decrypted in the step 3:
When user needs to read the data of itself,
Operation system carries out communicating the correspondence for obtaining deblocking and DataNode with NameNode nodes first;
Then user inputs the request of data for needing to read in operation system, and operation system transmission data piecemeal read requests arrive DataNode nodes;
Its corresponding key is obtained according to user id by DataNode nodes, ciphertext deblocking is decrypted, use is returned to It reads at family.
A kind of mass storage data based on business isolated storage of the present invention protects system and method, has following excellent Point:
A kind of mass storage data based on business isolated storage of the present invention protects system and method, is capable of providing mass memory The isolated storage of data is protected, and scene is isolated in the storage for multiservice system, multi-tenant, realizes multiservice system, multi-tenant Storage data isolation, ensure the centrally stored safety of multiservice system data, will not be failed due to single operation system or Person is destroyed and other operation system data is caused not read normally, highly practical, applied widely, easy to spread.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this The embodiment of invention for those of ordinary skill in the art without creative efforts, can also basis The attached drawing of offer obtains other attached drawings.
Attached drawing 1 is the realization schematic diagram of the present invention.
Specific implementation mode
In order to make those skilled in the art more fully understand the solution of the present invention, With reference to embodiment to this Invention is described in further detail.Obviously, described embodiments are only a part of the embodiments of the present invention, rather than all Embodiment.Based on the embodiments of the present invention, those of ordinary skill in the art institute without making creative work The every other embodiment obtained, shall fall within the protection scope of the present invention.
As shown in Fig. 1, a kind of mass storage data based on business isolated storage protects system, including,
Operation system, if providing business datum to be stored configured with dry doubling;
Distributed file system HDFS, including NameNode nodes, DataNode nodes, NameNode nodes, DataNode sections Point is all connected with above-mentioned operation system, and NameNode nodes store and provide data to be stored pass corresponding with DataNode nodes It is corresponding business datum to be stored in DataNode node storage service systems;
Key Management server KMS is communicated to connect with DataNode nodes and is provided key for it, by the way that key to be sent to DataNode nodes are completed to treat the encryption and decryption of storage service data.
Business datum Data to be stored is divided into polylith by the operation system first before storing business datum, number Block is used according to piecemealmIt indicates, i.e. Data={ block1, block2..., blockm, wherein m=business datum Data's is big Small divided by system block size, system block size is then by the self-defined setting of administrator.
When the key that the Key Management server KMS is provided is encrypted, according to the data of DataNode nodes acquisition Piecemeal determination, i.e.,:Deblocking is sent to corresponding DataNode nodes by operation system first;DataNode nodes again with it is close Key management server KMS is communicated, and obtains corresponding data encryption key key, then deblocking is encrypted.
The Encryption Algorithm that use is encrypted in the data key piecemeal includes DES algorithms, commercial symmetric encipherment algorithm.
When the key that the Key Management server KMS is provided is decrypted, according to the data of DataNode nodes storage Piecemeal determination, i.e.,:User carries out communicating pair for obtaining deblocking and DataNode with NameNode nodes by operation system It should be related to, the data then read according to user's needs, transmission data piecemeal read requests to DataNode nodes, by DataNode nodes obtain its corresponding key according to user id from Key Management server KMS, are carried out to ciphertext deblocking Decryption, and the data after decryption are returned into operation system and are read by user.
By the present invention, user can be effectively prevent(Containing system manager)Access and parsing to mass storage data, Even if data can not correctly be parsed data therein if user's unauthorized access, mass storage data can be effectively protected Safety.
A kind of mass storage data guard method based on business isolated storage is based on above system, provides mass memory upload Interface, sender completes the upload of data by this interface, when uploading to DataNode, by DataNode according to operation system Id and Key Management server KMS carry out the key of the corresponding operation system of communication acquisition, complete the cryptographic operation of data;Work as business When system reads data, it is corresponding that communication acquisition is carried out by the id and Key Management server KMS of DataNode foundation operation systems The key of operation system, completes the decryption oprerations of data, then returns data to the client programs of user.In the above process In, the key length of operation system and the safe class of operation system have direct relation, and the safe class of operation system is higher, close Key length is longer.
Its realization process is:
Step 1: business datum to be stored is uploaded to the DataNode sections of distributed file system HDFS by operation system first Point;
Step 2: it is corresponding to carry out communication acquisition by the id and Key Management server KMS of DataNode node foundation operation systems The key of operation system completes the cryptographic operation of data;
Step 3: when operation system reads data, id and cipher key management services by DataNode nodes according to operation system Device KMS carries out the key that communication obtains corresponding operation system, completes the decryption oprerations of data, then returns data to user.
Further include the steps that system initialization before step 1, in this step, Key Management server KMS is initial Change system initial parameter:Key Management server KMS reads the quantity BussNum that operation system configuration file obtains operation system And the safe class SecLevel of operation system, and build key keynWith operation system bussnBetween mapping relations, wherein n Value is 1 ... BussNum, key keynLength determined by operation system safe class SecLevel, i.e. operation system Safe class is higher, and key length is longer.
In the step 1, business datum to be stored uploads to DataNode nodes in the form of data block:Business system Business datum Data to be stored is divided into polylith by system first before storing business datum, and deblocking uses blockmCome It indicates, i.e. Data={ block1, block2..., blockm, the size divided by system block size of wherein m=business datum Data, System block size is then by the self-defined setting of administrator.
It is to the detailed process that data are encrypted in the step 2:
Operation system carries out communicating the correspondence for obtaining deblocking and DataNode nodes with NameNode nodes first;
Then deblocking is sent to corresponding back end DataNode;
It is communicated with Key Management server KMS by DataNode nodes, obtains the data encryption key of the operation system, so Deblocking block is encrypted afterwards;
Finally encrypted deblocking is copied on other DataNode.
It is to the detailed process that data are decrypted in the step 3:
When user needs to read the data of itself,
Operation system carries out communicating the correspondence for obtaining deblocking and DataNode with NameNode nodes first;
Then user inputs the request of data for needing to read in operation system, and operation system transmission data piecemeal read requests arrive DataNode nodes;
Its corresponding key is obtained according to user id by DataNode nodes, ciphertext deblocking is decrypted, use is returned to It reads at family.
The above process can realize the mass storage data guard method based on operation system isolated storage, be effectively protected Mass storage data, realize multiservice system, multi-tenant storage data isolation, ensure multiservice system data it is centrally stored Safety will not be failed due to single operation system or be destroyed and other operation system data be caused not read normally.
Above-mentioned specific implementation mode is only the specific case of the present invention, and scope of patent protection of the invention includes but not limited to Above-mentioned specific implementation mode, it is any meet the present invention it is a kind of based on business isolated storage mass storage data protection system and The appropriate change or replacement that the those of ordinary skill of claims of method and any technical field does it, all It shall fall within the protection scope of the present invention.

Claims (10)

1. a kind of mass storage data based on business isolated storage protects system, which is characterized in that including,
Operation system, if providing business datum to be stored configured with dry doubling;
Distributed file system HDFS, including NameNode nodes, DataNode nodes, NameNode nodes, DataNode sections Point is all connected with above-mentioned operation system, and NameNode nodes store and provide data to be stored pass corresponding with DataNode nodes It is corresponding business datum to be stored in DataNode node storage service systems;
Key Management server KMS is communicated to connect with DataNode nodes and is provided key for it, by the way that key to be sent to DataNode nodes are completed to treat the encryption and decryption of storage service data.
2. a kind of mass storage data based on business isolated storage according to claim 1 protects system, feature to exist In business datum Data to be stored is divided into polylith, deblocking by the operation system first before storing business datum Using blockmIt indicates, i.e. Data={ block1, block2..., blockm, the size of wherein m=business datum Data divided by System block size, system block size is then by the self-defined setting of administrator.
3. a kind of mass storage data based on business isolated storage according to claim 1 protects system, feature to exist In when the key that the Key Management server KMS is provided is encrypted, the deblocking obtained according to DataNode nodes is true It is fixed, i.e.,:Deblocking is sent to corresponding DataNode nodes by operation system first;DataNode nodes again with key management Server KMS is communicated, and obtains corresponding data encryption key key, then deblocking is encrypted.
4. a kind of mass storage data based on business isolated storage according to claim 3 protects system, feature to exist In the Encryption Algorithm that use is encrypted in the data key piecemeal includes DES algorithms, commercial symmetric encipherment algorithm.
5. system is protected according to a kind of any mass storage datas based on business isolated storage of claim 1-4, It is characterized in that, when the key that the Key Management server KMS is provided is decrypted, according to the data of DataNode nodes storage Piecemeal determination, i.e.,:User carries out communicating pair for obtaining deblocking and DataNode with NameNode nodes by operation system It should be related to, the data then read according to user's needs, transmission data piecemeal read requests to DataNode nodes, by DataNode nodes obtain its corresponding key according to user id from Key Management server KMS, are carried out to ciphertext deblocking Decryption, and the data after decryption are returned into operation system and are read by user.
6. a kind of mass storage data guard method based on business isolated storage, which is characterized in that be based on above system, in fact Showing process is,
One, business datum to be stored is uploaded to the DataNode nodes of distributed file system HDFS by operation system first;
Two, communicate the corresponding business of acquisition according to the id and Key Management server KMS of operation system by DataNode nodes The key of system completes the cryptographic operation of data;
Three, when operation system reads data, id and Key Management server KMS by DataNode nodes according to operation system The key that communication obtains corresponding operation system is carried out, the decryption oprerations of data is completed, then returns data to user.
7. a kind of mass storage data guard method based on business isolated storage according to claim 6, feature exist In, further include the steps that system initialization before step 1, in this step, Key Management server KMS initialization systems Initial parameter:Key Management server KMS reads the quantity BussNum and business that operation system configuration file obtains operation system The safe class SecLevel of system, and build key keynWith operation system bussnBetween mapping relations, wherein n values are 1 ... BussNum, key keynLength determined by operation system safe class SecLevel, i.e., operation system safety etc. Grade is higher, and key length is longer.
8. a kind of mass storage data guard method based on business isolated storage according to claim 6, feature exist In in the step 1, business datum to be stored uploads to DataNode nodes in the form of data block:Operation system is being incited somebody to action Before business datum storage, business datum Data to be stored is divided into polylith first, deblocking uses blockmIt indicates, i.e., Data={block1, block2..., blockm, the size divided by system block size, system block of wherein m=business datum Data is big It is small then by the self-defined setting of administrator.
9. a kind of mass storage data guard method based on business isolated storage according to claim 8, feature exist In being to the detailed process that data are encrypted in the step 2:
Operation system carries out communicating the correspondence for obtaining deblocking and DataNode nodes with NameNode nodes first;
Then deblocking is sent to corresponding back end DataNode;
It is communicated with Key Management server KMS by DataNode nodes, obtains the data encryption key of the operation system, so Deblocking block is encrypted afterwards;
Finally encrypted deblocking is copied on other DataNode.
10. a kind of mass storage data guard method based on business isolated storage according to claim 8, feature exist In being to the detailed process that data are decrypted in the step 3:
When user needs to read the data of itself,
Operation system carries out communicating the correspondence for obtaining deblocking and DataNode with NameNode nodes first;
Then user inputs the request of data for needing to read in operation system, and operation system transmission data piecemeal read requests arrive DataNode nodes;
Its corresponding key is obtained according to user id by DataNode nodes, ciphertext deblocking is decrypted, use is returned to It reads at family.
CN201810204643.6A 2018-03-13 2018-03-13 A kind of mass storage data protection system and method based on business isolated storage Pending CN108491732A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810204643.6A CN108491732A (en) 2018-03-13 2018-03-13 A kind of mass storage data protection system and method based on business isolated storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810204643.6A CN108491732A (en) 2018-03-13 2018-03-13 A kind of mass storage data protection system and method based on business isolated storage

Publications (1)

Publication Number Publication Date
CN108491732A true CN108491732A (en) 2018-09-04

Family

ID=63338696

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810204643.6A Pending CN108491732A (en) 2018-03-13 2018-03-13 A kind of mass storage data protection system and method based on business isolated storage

Country Status (1)

Country Link
CN (1) CN108491732A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109981579A (en) * 2019-02-25 2019-07-05 北京工业大学 Hadoop code key management service based on SGX reinforces safely method
CN110598440A (en) * 2019-08-08 2019-12-20 中腾信金融信息服务(上海)有限公司 Distributed automatic encryption and decryption system
CN110688666A (en) * 2019-10-08 2020-01-14 卓尔购信息科技(武汉)有限公司 Data encryption and storage method in distributed storage
CN112272174A (en) * 2020-10-22 2021-01-26 北京海泰方圆科技股份有限公司 Encrypted data transmission method, device, equipment and computer storage medium
CN112839013A (en) * 2019-11-22 2021-05-25 航天信息股份有限公司 Key transmission method, device and computer readable storage medium
CN115617763A (en) * 2022-09-23 2023-01-17 中电金信软件有限公司 Data processing method and device, electronic equipment and storage medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101383673A (en) * 2008-10-20 2009-03-11 中兴通讯股份有限公司 Controlling method and system for mobile multimedia broadcast service
CN102427447A (en) * 2011-10-31 2012-04-25 浪潮齐鲁软件产业有限公司 Method of sharing identity authentication information among tax cloud computing systems
CN103312825A (en) * 2013-07-10 2013-09-18 中国人民解放军国防科学技术大学 Method and device for data distribution and storage
US20130282668A1 (en) * 2012-04-20 2013-10-24 Cloudera, Inc. Automatic repair of corrupt hbases
US20140380121A1 (en) * 2011-03-02 2014-12-25 Cleversafe, Inc. Configuring a generic computing device utilizing specific computing device operation information
CN104660583A (en) * 2014-12-29 2015-05-27 国家电网公司 Encryption service method based on Web encryption service
CN105139281A (en) * 2015-08-20 2015-12-09 北京中电普华信息技术有限公司 Method and system for processing big data of electric power marketing
CN106681861A (en) * 2016-12-08 2017-05-17 杭州销冠网络科技有限公司 New environment isolation configuration data management method and system
CN107026881A (en) * 2016-02-02 2017-08-08 腾讯科技(深圳)有限公司 The processing method of business datum, apparatus and system
CN107566374A (en) * 2017-09-07 2018-01-09 山东超越数控电子有限公司 A kind of cloud storage data guard method and system based on user isolation storage

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101383673A (en) * 2008-10-20 2009-03-11 中兴通讯股份有限公司 Controlling method and system for mobile multimedia broadcast service
US20140380121A1 (en) * 2011-03-02 2014-12-25 Cleversafe, Inc. Configuring a generic computing device utilizing specific computing device operation information
CN102427447A (en) * 2011-10-31 2012-04-25 浪潮齐鲁软件产业有限公司 Method of sharing identity authentication information among tax cloud computing systems
US20130282668A1 (en) * 2012-04-20 2013-10-24 Cloudera, Inc. Automatic repair of corrupt hbases
CN103312825A (en) * 2013-07-10 2013-09-18 中国人民解放军国防科学技术大学 Method and device for data distribution and storage
CN104660583A (en) * 2014-12-29 2015-05-27 国家电网公司 Encryption service method based on Web encryption service
CN105139281A (en) * 2015-08-20 2015-12-09 北京中电普华信息技术有限公司 Method and system for processing big data of electric power marketing
CN107026881A (en) * 2016-02-02 2017-08-08 腾讯科技(深圳)有限公司 The processing method of business datum, apparatus and system
CN106681861A (en) * 2016-12-08 2017-05-17 杭州销冠网络科技有限公司 New environment isolation configuration data management method and system
CN107566374A (en) * 2017-09-07 2018-01-09 山东超越数控电子有限公司 A kind of cloud storage data guard method and system based on user isolation storage

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
曹卉: ""基于HDFS的教学资源云存储平台设计", 《软件导刊》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109981579A (en) * 2019-02-25 2019-07-05 北京工业大学 Hadoop code key management service based on SGX reinforces safely method
CN109981579B (en) * 2019-02-25 2021-07-02 北京工业大学 Hadoop key management service security enhancement method based on SGX
CN110598440A (en) * 2019-08-08 2019-12-20 中腾信金融信息服务(上海)有限公司 Distributed automatic encryption and decryption system
CN110598440B (en) * 2019-08-08 2023-05-09 中腾信金融信息服务(上海)有限公司 Distributed automatic encryption and decryption system
CN110688666A (en) * 2019-10-08 2020-01-14 卓尔购信息科技(武汉)有限公司 Data encryption and storage method in distributed storage
CN110688666B (en) * 2019-10-08 2023-07-28 卓尔购信息科技(武汉)有限公司 Data encryption and preservation method in distributed storage
CN112839013A (en) * 2019-11-22 2021-05-25 航天信息股份有限公司 Key transmission method, device and computer readable storage medium
CN112839013B (en) * 2019-11-22 2022-10-11 航天信息股份有限公司 Key transmission method, device and computer readable storage medium
CN112272174A (en) * 2020-10-22 2021-01-26 北京海泰方圆科技股份有限公司 Encrypted data transmission method, device, equipment and computer storage medium
CN115617763A (en) * 2022-09-23 2023-01-17 中电金信软件有限公司 Data processing method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US12008131B2 (en) Systems and methods for a cryptographic file system layer
CN108491732A (en) A kind of mass storage data protection system and method based on business isolated storage
US8285993B1 (en) System and method for establishing a shared secret among nodes of a security appliance
US7983423B1 (en) Re-keying based on pre-generated keys
US8397083B1 (en) System and method for efficiently deleting a file from secure storage served by a storage system
CN107566374A (en) A kind of cloud storage data guard method and system based on user isolation storage
WO2014194494A1 (en) Method, server, host and system for protecting data security
US9774445B1 (en) Host based rekeying
US8245050B1 (en) System and method for initial key establishment using a split knowledge protocol
CN105656864B (en) Key management system and management method based on TCM
US10887085B2 (en) System and method for controlling usage of cryptographic keys
RU2013132739A (en) METHOD AND DEVICE FOR CREATING AND ADMINISTRATING VIRTUAL PRIVATE GROUPS IN A ORIENTED ON A CONTENT NETWORK
US11128460B2 (en) Client-side encryption supporting deduplication across single or multiple tenants in a storage system
US10419212B2 (en) Methods, systems, apparatuses, and devices for securing network communications using multiple security protocols
CN110362984B (en) Method and device for operating service system by multiple devices
CN105183402B (en) Date storage method
CN114091058A (en) Method and system for secure sharing of data between a first area and a second area
CN109063496A (en) A kind of method and device of data processing
CN105224262A (en) Data processing method
CN102984146A (en) Data management method for cloud computing
CN106411826B (en) A kind of method and apparatus of data access
CN105407091A (en) Data processing method
CN205080542U (en) Data storage device
CN205430310U (en) Data storage device
KR102649485B1 (en) Virtual private network system and method for controlling thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180904