CN104881613A - Disk global data encryption system and method - Google Patents
Disk global data encryption system and method Download PDFInfo
- Publication number
- CN104881613A CN104881613A CN201410069691.0A CN201410069691A CN104881613A CN 104881613 A CN104881613 A CN 104881613A CN 201410069691 A CN201410069691 A CN 201410069691A CN 104881613 A CN104881613 A CN 104881613A
- Authority
- CN
- China
- Prior art keywords
- encryption
- disk
- data
- cryptographic algorithm
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a global data encryption system aiming at disks. The global data encryption system comprises an encryption algorithm configuration module, an initialization module and a data encryption and decryption module. The encryption algorithm configuration module is used for setting a global data encryption algorithm for a disk; the initialization module is used for encrypting disk starting information in dependence on the set global encryption algorithm; and the data encryption and decryption module is used for encrypting and decrypting sector data of the disk in dependence on the set global encryption algorithm. The encryption algorithm configuration module further comprises a global encryption configuration file, an encryption function library and a user configuration interface. The encryption function library is used for storing several encryption algorithms; the user configuration interface is used for selecting the encryption algorithms in the encryption function library; and the encryption configuration module is used for recording the selected encryption algorithm to the global encryption configuration file. According to the invention, the disk is packaged in detail and is hidden to be a unified data object, through encryption and decryption of the data object, efficient encryption and decryption operations of the disk are achieved.
Description
Technical field
The present invention relates to the unified encryption and decryption implementation for total data on disk, be specifically related to a kind of disk global data encryption method and system.
Background technology
Along with the fast development of Internet technology, the enriching constantly of network application, the data produced in network are explosive growth, and the kind of data is varied, to the management of data, analyze and bring huge challenge.Therefore the research for mass data is ripe gradually, and proposes the concept of large data.Large data have 4 notable features, and namely data volume is huge, data structure abundant, growth rate is fast and value density is low, therefore need to use pointed solution to process large data.At present comparatively ripe and the scheme widely applied is Hadoop distributed system framework, this framework comprises three main parts: HDFS(Hadoop distributed file system), MapReduce and HBase(towards row real time distributed database), wherein HDFS has been responsible for high speed storing and the access of large data, MapReduce is responsible for carrying out parallelization process to large data, and HBase manages non-structured large data based on HDFS.As can be seen here, based in the large data solution of Hadoop, high speed storing and the access of mass data are the prerequisite and the key that solve large data problem.
But problem of data safety has much room for improvement in mass data storage always.Hadoop adds the controlling mechanism of node visit authority to improve security; Commercial Hadoop system is introduced the mechanism such as SSL and is provided secure interactive channel for safety problem; The pioneer company Cloudera in Hadoop field has issued enterprise-level Hadoop system, and the network security of Government department and fraud detection application provide safety assurance; OpenStack Swift System Framework provides data security storage encryption plug-in unit to improve the security of system.And Ministry of Industry and Information also proposes clear and definite protecting standard for the information security of the network user; following internet and data analysis application thereof all will be carried out around data security; therefore security mechanism will become large Data processing problem demanding prompt solution, also will be the necessary condition that future network develops in a healthy way.
As can be seen here, security mechanism is the underlying issue of mass data storage, is the key factor affecting the mass data processing application such as Hadoop, becomes the Focal point and difficult point of overriding concern in large data solution gradually.
Summary of the invention
The object of the invention is to, in order to overcome the problems referred to above, the present invention proposes a kind of disk global data encryption method and system, realizing the encryption and decryption process to data all on disk.
To achieve these goals, the invention provides a kind of disk global data encryption system, described system comprises: cryptographic algorithm configuration module, initialization module and data encryption and decryption module;
Described cryptographic algorithm configuration module, for being disk setting global data cryptographic algorithm;
Described initialization module, for being encrypted disk log-on message according to the overall cryptographic algorithm of setting;
Described data encryption and decryption module, for encrypting and decrypting according to the sector data of overall cryptographic algorithm to disk of setting.
Optionally, above-mentioned cryptographic algorithm configuration module comprises further: overall encryption configuration file, encryption function storehouse and user's configuration interface;
Described encryption function storehouse, for depositing some cryptographic algorithm;
Described user's configuration interface, for the cryptographic algorithm in Choice encryption function library;
Described encryption configuration module, for being recorded to the cryptographic algorithm of selection in overall encryption configuration file.
Optionally, above-mentioned initialization module comprises further:
Reading submodule, for the log-on message of plaintext reading disk;
Search submodule, for from the overall encryption configuration file in encryption configuration module, obtain the cryptographic algorithm of specifying according to the global configuration file searched;
Encryption submodule, for being encrypted log-on message according to cryptographic algorithm, and is written to disk, the log-on message on Replace Disk and Press Anykey To Reboot by the ciphertext after encryption.
Optionally, above-mentioned data encryption and decryption module comprises further:
Intercepting and capturing analyzing sub-module, for intercepting and capturing the read-write requests to disk, parsing the disk sector and data of specifying in read-write requests;
Write request encryption submodule, for for write request, the clear data of the cryptographic algorithm of specifying according to overall encryption configuration file to write disk is encrypted, and ciphertext is write the disk sector of specifying;
Read request encryption submodule, for for read request, read encrypt data by the disk sector of specifying, the cryptographic algorithm of specifying according to overall cryptographic algorithm is decrypted encrypt data.
In addition, present invention also offers a kind of disk global data encryption method, described method comprises:
Step 101) Choice encryption algorithm, selection result is write in overall encryption configuration file;
Step 102) with the log-on message of plaintext reading disk, search the cryptographic algorithm that overall encryption configuration file is specified, according to cryptographic algorithm, log-on message is encrypted, and the ciphertext after encryption is written to disk, the log-on message on Replace Disk and Press Anykey To Reboot;
Step 103) read-write requests of intercepting and capturing to disk, parse the disk sector and data of specifying in read-write requests;
For write request, the clear data of the cryptographic algorithm of specifying according to overall encryption configuration file to write disk is encrypted, and ciphertext is write the disk sector of specifying;
For read request, read encrypt data by the disk sector of specifying, the cryptographic algorithm of specifying according to overall cryptographic algorithm is decrypted encrypt data.
Optionally, above-mentioned cryptographic algorithm comprises: the stream cipher algorithm bunch RC4 that triple data encryption algorithm 3DES, Advanced Encryption Standardalgorithm AES or key length are variable.
Compared with prior art, technical advantage of the present invention is:
Disk is realized details encapsulation and hides for unified data object by the present invention, by the encryption to this data object, deciphering, achieves efficient disk encryption and decryption oprerations, and then improves the security of mass data storage.
Accompanying drawing explanation
Fig. 1 is the structural representation of the global data encryption system for disk provided by the invention.
Embodiment
For enabling above-mentioned purpose of the present invention, feature and advantage become apparent more, and below in conjunction with the drawings and specific embodiments, the present invention is further detailed explanation.
The present invention includes cryptographic algorithm configuration module, initialization module and data encryption and decryption module.First, use cryptographic algorithm configuration module that the cryptographic algorithm of described system use is set; Then, initialization module is encrypted according to the log-on message of cryptographic algorithm to disk; Finally, data encrypting and deciphering module is encrypted, to all decrypt data read by disk according to all data of cryptographic algorithm to write disk.
Cryptographic algorithm configuration module comprises overall encryption configuration file, encryption function storehouse and user's configuration interface, user is by the cryptographic algorithm in user's configuration interface Choice encryption function library, and the cryptographic algorithm that user selects is recorded in overall encryption configuration file by encryption configuration module.
Cryptographic algorithm configuration mould calls initialization module, the log-on message of disk reads out with plaintext by initialization module, the cryptographic algorithm of specifying according to encryption configuration file overall in cryptographic algorithm configuration module is encrypted log-on message, and the ciphertext after encryption is written to disk, the log-on message on Replace Disk and Press Anykey To Reboot.
Data encryption and decryption module intercepts and captures user to the read-write requests of disk, parses the disk sector and data of specifying in read-write requests.Find data to be read and write according to disk sector, the cryptographic algorithm of specifying according to encryption configuration file overall in cryptographic algorithm configuration module to read decrypt data, to write data encryption.
The workflow of global data encryption method and system is:
Step 1: user calls cryptographic algorithm configuration module, Choice encryption algorithm in encryption function storehouse, selection result writes in overall encryption configuration file by cryptographic algorithm configuration module.
Step 2: initialization module is with the log-on message of plaintext reading disk, search the cryptographic algorithm that in cryptographic algorithm configuration module, overall encryption configuration file is specified, log-on message is encrypted, and the ciphertext after encryption is written to disk, the log-on message on Replace Disk and Press Anykey To Reboot.
Step 3: data encrypting and deciphering module intercepts and captures user to the read-write requests of disk, parses the disk sector and data of specifying in read-write requests.
Step 3-1: for write request, the clear data of the cryptographic algorithm of specifying according to encryption configuration file overall in cryptographic algorithm configuration module to write disk is encrypted, and ciphertext is write the disk sector of specifying.
Step 3-2: for read request, read encrypt data by the disk sector of specifying, the cryptographic algorithm of specifying according to cryptographic algorithm overall in cryptographic algorithm configuration module is decrypted encrypt data, and returns expressly to user.
Need first to perform step 1 and a step 2 when each disk initialization and the cryptographic algorithm upgraded disk, then circulation performs step 3.
Embodiment
As shown in Figure 1, this system interface comprises disk 126, global data encryption system 109 etc. to the system architecture of embodiment.Wherein disk 126 comprises the sector 127 of log-on message 128 and multiple storage data.Global data encryption method and system 109 comprise cryptographic algorithm configuration module 118, initialization module 112 and data encrypting and deciphering module 119.
After global data encryption method and system 109 complete the initialization to disk 126, by the read-write requests 105 that intercepting and capturing user 101 initiates to disk 126, and the disk sector 107 parsed in read-write requests 105 and data 106.Then encryption and decryption operation is carried out by the data in global data encryption method and system 124 pairs of disks 126.
User 101 calls cryptographic algorithm configuration module 118 pairs of disks and carries out initialized workflow and be:
User 101 sends call request 102 to the user's configuration interface 113 in cryptographic algorithm configuration module 118, Choice encryption algorithm in encryption function storehouse 115, and selection result is write in overall encryption configuration file 117.
Cryptographic algorithm configuration module 118 sends initialization to initialization module 112 and notifies 129, initialization module 112 is with the log-on message 128 in clear-text way 121 reading disk 126, according to the cryptographic algorithm of specifying in overall encryption configuration file 117, choose cryptographic algorithm corresponding in encryption function storehouse 115, log-on message 128 is encrypted, and writes back log-on message 128 with encrypted test mode 120 to disk 126.
Global data encryption method and system 124 intercept and capture the read-write requests 105 of user 101, to the job step that the data of write disk 126 are encrypted are:
User 101 initiates to call 104 to disk 126, produces read-write requests 105.
Global data encryption method and system 124 intercept and capture read-write requests 105, parse the disk sector 107 in read-write requests 105 and data 106.
Data encrypting and deciphering module 119 is according to the cryptographic algorithm of specifying in overall encryption configuration file 117, choose cryptographic algorithm corresponding in encryption function storehouse 115, data 106 in read-write requests 105 are encrypted, and find sector 127 corresponding on disk 126 according to the disk sector 107 in read-write requests 105, the data 106 after encryption are sent to disk 126 by write request 122.
Disk 126 returns write result 123 to data encrypting and deciphering module 119, and data encrypting and deciphering module 119 return data read-write result 103 gives user 101.
Global data encryption method and system 124 intercept and capture the read-write requests 105 of user 101, to the job step being read decrypt data by disk 126 are:
User 101 initiates to call 104 to disk 126, produces read-write requests 105.
Global data encryption method and system 124 intercept and capture read-write requests 105, parse the disk sector 107 in read-write requests 105 and data 106.
Data encrypting and deciphering module 119 finds sector 127 corresponding on disk 126 according to the disk sector 107 in read-write requests 105, and initiate read requests 124, read requests result 125 is returned to data encrypting and deciphering module 119 by disk 126.
Data encrypting and deciphering module 119, according to the cryptographic algorithm of specifying in overall encryption configuration file 117, chooses cryptographic algorithm corresponding in encryption function storehouse 115, the data deciphering that disk 126 returns, and gives user 101 by reading and writing data result 103.
It should be noted last that, above embodiment is only in order to illustrate technical scheme of the present invention and unrestricted.Although with reference to embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that, modify to technical scheme of the present invention or equivalent replacement, do not depart from the spirit and scope of technical solution of the present invention, it all should be encompassed in the middle of right of the present invention.
Claims (6)
1. a disk global data encryption system, is characterized in that, described system comprises: cryptographic algorithm configuration module, initialization module and data encryption and decryption module;
Described cryptographic algorithm configuration module, for being disk setting global data cryptographic algorithm;
Described initialization module, for being encrypted disk log-on message according to the overall cryptographic algorithm of setting;
Described data encryption and decryption module, for encrypting and decrypting according to the sector data of overall cryptographic algorithm to disk of setting.
2. disk global data encryption system according to claim 1, is characterized in that, described cryptographic algorithm configuration module comprises further: overall encryption configuration file, encryption function storehouse and user's configuration interface;
Described encryption function storehouse, for depositing some cryptographic algorithm;
Described user's configuration interface, for the cryptographic algorithm in Choice encryption function library;
Described encryption configuration module, for being recorded to the cryptographic algorithm of selection in overall encryption configuration file.
3. disk global data encryption system according to claim 1, it is characterized in that, described initialization module comprises further:
Reading submodule, for the log-on message of plaintext reading disk;
Search submodule, for from the overall encryption configuration file in encryption configuration module, obtain the cryptographic algorithm of specifying according to the global configuration file searched;
Encryption submodule, for being encrypted log-on message according to cryptographic algorithm, and is written to disk, the log-on message on Replace Disk and Press Anykey To Reboot by the ciphertext after encryption.
4. disk global data encryption system according to claim 1, is characterized in that, described data encryption and decryption module comprises further:
Intercepting and capturing analyzing sub-module, for intercepting and capturing the read-write requests to disk, parsing the disk sector and data of specifying in read-write requests;
Write request encryption submodule, for for write request, the clear data of the cryptographic algorithm of specifying according to overall encryption configuration file to write disk is encrypted, and ciphertext is write the disk sector of specifying;
Read request encryption submodule, for for read request, read encrypt data by the disk sector of specifying, the cryptographic algorithm of specifying according to overall cryptographic algorithm is decrypted encrypt data.
5. a disk global data encryption method, described method comprises:
Step 101) Choice encryption algorithm, selection result is write in overall encryption configuration file;
Step 102) with the log-on message of plaintext reading disk, search the cryptographic algorithm that overall encryption configuration file is specified, according to cryptographic algorithm, log-on message is encrypted, and the ciphertext after encryption is written to disk, the log-on message on Replace Disk and Press Anykey To Reboot;
Step 103) read-write requests of intercepting and capturing to disk, parse the disk sector and data of specifying in read-write requests;
For write request, the clear data of the cryptographic algorithm of specifying according to overall encryption configuration file to write disk is encrypted, and ciphertext is write the disk sector of specifying;
For read request, read encrypt data by the disk sector of specifying, the cryptographic algorithm of specifying according to overall cryptographic algorithm is decrypted encrypt data.
6. disk global data encryption method according to claim 5, it is characterized in that, described cryptographic algorithm comprises: the stream cipher algorithm bunch RC4 that triple data encryption algorithm 3DES, Advanced Encryption Standardalgorithm AES or key length are variable.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410069691.0A CN104881613A (en) | 2014-02-27 | 2014-02-27 | Disk global data encryption system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410069691.0A CN104881613A (en) | 2014-02-27 | 2014-02-27 | Disk global data encryption system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104881613A true CN104881613A (en) | 2015-09-02 |
Family
ID=53949103
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410069691.0A Pending CN104881613A (en) | 2014-02-27 | 2014-02-27 | Disk global data encryption system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104881613A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106295403A (en) * | 2016-10-11 | 2017-01-04 | 北京集奥聚合科技有限公司 | A kind of data safety processing method based on hbase and system |
| CN106485158A (en) * | 2016-10-26 | 2017-03-08 | 北京集奥聚合科技有限公司 | A kind of transparent encryption method based on hdfs and system |
| CN107194286A (en) * | 2017-04-05 | 2017-09-22 | 山东超越数控电子有限公司 | A kind of disk array storage encryption system, method |
| CN109101198A (en) * | 2018-08-28 | 2018-12-28 | 北京明朝万达科技股份有限公司 | The magnetic disc control method and device of movable storage device |
| CN116070295A (en) * | 2023-02-27 | 2023-05-05 | 赛芯半导体技术(北京)有限公司 | Data processing system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101334827A (en) * | 2008-07-10 | 2008-12-31 | 上海罗斯通讯技术发展有限公司 | Magnetic disc encryption method and magnetic disc encryption system for implementing the method |
| CN101604296A (en) * | 2009-07-29 | 2009-12-16 | 福建伊时代信息科技股份有限公司 | Disk-data sector-level encryption method |
| CN101763319A (en) * | 2010-01-15 | 2010-06-30 | 蓝盾信息安全技术股份有限公司 | Disk FDE (Full Disk Encryption) system and method |
| CN102646077A (en) * | 2012-03-28 | 2012-08-22 | 山东超越数控电子有限公司 | Method for full-disk encryption based on trusted cryptography module |
-
2014
- 2014-02-27 CN CN201410069691.0A patent/CN104881613A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101334827A (en) * | 2008-07-10 | 2008-12-31 | 上海罗斯通讯技术发展有限公司 | Magnetic disc encryption method and magnetic disc encryption system for implementing the method |
| CN101604296A (en) * | 2009-07-29 | 2009-12-16 | 福建伊时代信息科技股份有限公司 | Disk-data sector-level encryption method |
| CN101763319A (en) * | 2010-01-15 | 2010-06-30 | 蓝盾信息安全技术股份有限公司 | Disk FDE (Full Disk Encryption) system and method |
| CN102646077A (en) * | 2012-03-28 | 2012-08-22 | 山东超越数控电子有限公司 | Method for full-disk encryption based on trusted cryptography module |
Non-Patent Citations (1)
| Title |
|---|
| 王兴 等: "《Linux网络服务器应用教程》", 30 September 2009 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106295403A (en) * | 2016-10-11 | 2017-01-04 | 北京集奥聚合科技有限公司 | A kind of data safety processing method based on hbase and system |
| CN106485158A (en) * | 2016-10-26 | 2017-03-08 | 北京集奥聚合科技有限公司 | A kind of transparent encryption method based on hdfs and system |
| CN107194286A (en) * | 2017-04-05 | 2017-09-22 | 山东超越数控电子有限公司 | A kind of disk array storage encryption system, method |
| CN109101198A (en) * | 2018-08-28 | 2018-12-28 | 北京明朝万达科技股份有限公司 | The magnetic disc control method and device of movable storage device |
| CN109101198B (en) * | 2018-08-28 | 2020-07-10 | 北京明朝万达科技股份有限公司 | Disk control method and device of mobile storage equipment |
| CN116070295A (en) * | 2023-02-27 | 2023-05-05 | 赛芯半导体技术(北京)有限公司 | Data processing system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109040090B (en) | A kind of data ciphering method and device | |
| Mahmoud et al. | An approach for big data security based on Hadoop distributed file system | |
| US9020149B1 (en) | Protected storage for cryptographic materials | |
| US20130185569A1 (en) | Data protection system and method based on cloud storage | |
| CN103294961A (en) | Method and device for file encrypting/decrypting | |
| US20190384931A1 (en) | Encrypting data records and processing encrypted records without exposing plaintext | |
| CN104881613A (en) | Disk global data encryption system and method | |
| CN102867153A (en) | Methods and devices for encrypting and decrypting video file and mobile terminal | |
| US20140143553A1 (en) | Method and Apparatus for Encapsulating and Encrypting Files in Computer Device | |
| JP2020535693A (en) | Storage data encryption / decryption device and method | |
| US10169600B2 (en) | Encryption policies for various nodes of a file | |
| CN104660551B (en) | A kind of database access device and method based on webservice | |
| CN106231346B (en) | Distributed encryption method for offline video | |
| RU2014149210A (en) | METHOD, APPARATUS AND DEVICE FOR PROCESSING ENCRYPTION AND DECryption | |
| CN107528690A (en) | A kind of symmetrical encryption and decryption method and systems of SM4 for accelerating platform based on isomery | |
| CN104901810A (en) | Data encrypted storage method based on domestic cryptographic algorithm | |
| EP2778953A1 (en) | Encoded-search database device, method for adding and deleting data for encoded search, and addition/deletion program | |
| CN104506504A (en) | Security mechanism and security device for confidential information of card-free terminal | |
| US10102386B2 (en) | Decrypting content protected with initialization vector manipulation | |
| CN109802832A (en) | A kind of processing method of data file, system, big data processing server and computer storage medium | |
| CN104168435A (en) | Method and system for batched mergence and playing of audio files | |
| KR100936937B1 (en) | Database encryption and query methods keeping order within bucket partially | |
| US10536276B2 (en) | Associating identical fields encrypted with different keys | |
| CN106709380A (en) | Encryption and decryption method and system capable of aiming at disk data memory area | |
| WO2017067513A1 (en) | Data processing method and storage gateway |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150902 |