CN105391543A - Encryption realization method of iSCSI-based network storage and realization system thereof - Google Patents
Encryption realization method of iSCSI-based network storage and realization system thereof Download PDFInfo
- Publication number
- CN105391543A CN105391543A CN201510751177.XA CN201510751177A CN105391543A CN 105391543 A CN105391543 A CN 105391543A CN 201510751177 A CN201510751177 A CN 201510751177A CN 105391543 A CN105391543 A CN 105391543A
- Authority
- CN
- China
- Prior art keywords
- iscsi
- storage
- tcp
- encryption
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides an encryption realization method of iSCSI-based network storage and a realization system thereof. When an iSCSI server stores storage data into an iSCSI storage array, grouped encryption is carried out on storage data contained by a TCP packet according to a length requirement of a grouping algorithm and the encrypted ciphertext data are stored into the storage array; and when the iSCSI server reads the storage data from the iSCSI storage array, grouped decryption is carried out on the storage data contained by the TCP packet according to the length requirement of the grouping algorithm and decrypted storage plaintext data are sent to the iSCSI server. The method and system have high operability under the circumstances that no existing equipment of the user is changed and the network environment of the user is not changed. Meanwhile, problems that the storage data are easy to intercept illegally during plaintext transmission in a TCP/IP network and the storage data are easy to steal when being stored into the storage array in a plaintext mode can be solved simultaneously.
Description
Technical field
The present invention relates to a kind of encryption implementation method based on the iSCSI network storage and realize system, particularly relate to a kind of be applicable to based on the iSCSI network storage encryption implementation method and realize system.
Background technology
ISCSI protocol construction, on Transmission Control Protocol, based on the Network storage technology of iSCSI protocol realization, does not consider following two problems at the beginning of design:
(1) store data plaintext transmission in TCP/IP network easily illegally to be intercepted and captured;
(2) data are stored on storage array with clear-text way and are easily stolen.
Vehicles Collected from Market does not also provide for the network storage based on iSCSI agreement the effective workaround that storage encryption is relevant, but there is the solution of Internet Transmission encryption, also there is the solution of local disk encryption.
Two solutions are encrypted in Internet Transmission encryption and local disk combine to be applied in iSCSI network store system and can solve above two problems, method model as shown in Figure 1.
Above Internet Transmission encryption and local disk are encrypted two solutions combinations and are implemented poor operability, poor user experience.The storage encryption function that first will realize on iSCSI storage array needs storage array producer to support.Need the network encryption equipment adding two symmetrical expressions in storage networking simultaneously, reduce network transmission efficiency, in addition the once storage data interaction between iSCSI server and iSCSI storage array once need to be deciphered or twice deciphering is once encrypted through twice encryption, add time delay, poor user experience.
Summary of the invention
It is stronger that the technical problem to be solved in the present invention is to provide a kind of operability, time delay is lower, Consumer's Experience is better, can solve " storing data plaintext transmission in TCP/IP network easily illegally to be intercepted and captured " simultaneously, the encryption implementation method based on the iSCSI network storage of " store data clear text be stored on storage array be easily stolen " two technical problems realizes system.
The technical solution used in the present invention is as follows: a kind of encryption implementation method based on the iSCSI network storage, is characterized in that, adopt general packet encryption technology, be encrypted according to grouping encryption method and be decrypted with packet deciphering method, concrete grammar is:
(1), when iSCSI server deposits storage data to iSCSI storage array, the storage data comprised in being wrapped by TCP, according to the length requirement of grouping algorithm, carry out block encryption, are saved in storage array by the encrypt data storage after encryption;
(2), when iSCSI server reads storage data from iSCSI storage array, the storage data comprised in being wrapped by TCP, according to the length requirement of grouping algorithm, carry out packet deciphering, and the storage clear data after deciphering is sent to iSCSI server.
When iSCSI server stores data toward iSCSI storage array, can send by Transmission Control Protocol and store clear data, the storage data length comprised in each TCP bag does not generally meet the length requirement of grouping algorithm, by waiting for that the methods such as adjacent TCP wraps, storage data are pieced together reach the length requirement of grouping algorithm, then block encryption is carried out to storage data, store encrypt data after encryption and be kept in storage array.
When iSCSI server reads storage data from iSCSI storage array, iSCSI storage array can send by Transmission Control Protocol and store encrypt data, the storage data length comprised in each TCP bag does not generally meet the length requirement of grouping algorithm, by waiting for that the methods such as adjacent TCP wraps, storage data are pieced together reach the length requirement of grouping algorithm, then carry out packet deciphering, store clear data after deciphering and be sent to iSCSI server.
As preferably, the concrete grammar flow process of described step (1) is:
1-1, the TCP from iSCSI server to be wrapped, carry out iSCSI protocol analysis, determine whether iSCSI protocol package, be, enter next step, otherwise carry out transparent transmission;
1-2, judging that this TCP wraps whether containing storing data, being enter next step, otherwise carrying out transparent transmission;
1-3, judge this TCP wrap store data length be whether block encryption often group require the integral multiple of length, be that block encryption is carried out to these storage data, and send to iSCSI storage array to preserve this TCP bag after encryption, otherwise enter next step;
1-4, wait for that adjacent TCP bag is come, receive this adjacent TCP bag, unencrypted in two TCP bags is stored data piece together, be divided into two parts: meet the part of block encryption length multiple and do not meet the part of block encryption length, the part meeting block encryption length is sent to encryption;
1-5, TCP bag storage data all encrypted send to iSCSI storage array to preserve, and the TCP bag storing data division encryption jumps to step 1-4, and continuation waits for that next adjacent TCP bag is come.
ISCSI server send to the storage data length sum of iSCSI storage array necessarily meet block encryption often group require the integral multiple of length, according to the circular treatment of step 1-3,1-4 and 1-5, one sends to iSCSI storage array to preserve by after whole for storage data block encryption surely.
As preferably, described method flow also comprises: after step 1-3 and before step 1-4, if do not receive adjacent TCP bag in threshold time, structure response instruction, to iSCSI server, tells that iSCSI server should send adjacent TCP bag.
As preferably, the concrete grammar flow process of described step (2) is:
2-1, the TCP from iscsi disk storage array to be wrapped, carry out iSCSI protocol analysis, determine whether iSCSI protocol package, be, enter next step, otherwise carry out transparent transmission;
2-2, judging that this TCP wraps whether containing storing data, being enter next step, otherwise carrying out transparent transmission;
2-3, judge this TCP wrap store data length be whether packet deciphering often group require the integral multiple of length, be that packet deciphering is carried out to these storage data, and this TCP bag after deciphering sent to iSCSI server, otherwise enter next step;
2-4, wait for that adjacent TCP bag is come, receive this adjacent TCP bag, the storage data of not deciphering in two TCP bags are pieced together, is divided into two parts: meet the part of packet deciphering length multiple and do not meet the part of packet deciphering length, the part meeting packet deciphering length is sent to deciphering;
2-5, TCP bag storage data all deciphered send to iSCSI server, and the TCP bag storing data division deciphering jumps to step 2-4, and continuation waits for that next adjacent TCP bag is come.
ISCSI server from the storage data length sum that iSCSI storage array reads necessarily meet packet deciphering often group require the integral multiple of length, according to the circular treatment of step 2-3,2-4 and 2-5, one sends to iSCSI server by after whole for storage data packet deciphering surely.
As preferably, described method flow also comprises: after step 2-3 and before step 2-4, if do not receive adjacent TCP bag in threshold time, then structure response instruction is to iSCSI storage array, tells that iSCSI storage array should send adjacent TCP bag.
As preferably, described block encryption algorithm often group require length and packet deciphering algorithm often group require that length is equal.
Encryption based on the above-mentioned encryption implementation method based on the iSCSI network storage realizes system, comprises iSCSI server and iSCSI storage array module, it is characterized in that: also comprise and be connected between iSCSI server and iSCSI storage array module,
Block encryption module, the storage data comprised in the TCP bag that will be stored to iSCSI storage array by iSCSI server, according to the length requirement of grouping algorithm, carry out block encryption, are saved in storage array by the encrypt data storage after encryption;
Packet deciphering module, the storage data comprised the TCP bag that will be read from iscsi disk storage array by iSCSI server, according to the length requirement of grouping algorithm, carry out packet deciphering, the storage clear data after deciphering are sent to iSCSI server.
As preferably, described block encryption module comprises:
ISCSI protocol package analysis judgment module, wraps the TCP from iSCSI server, carries out iSCSI protocol analysis, determine whether iSCSI protocol package;
Store data judge module, judge that current TCP wraps whether to contain and store data;
Packet judge module, judge this TCP wrap store data length be whether block encryption often group require the integral multiple of length;
Storage data encryption module, carries out block encryption to the storage data after grouping;
Data transmission blocks, sends to iSCSI storage array by the TCP bag after encryption;
Described packet deciphering module comprises:
ISCSI protocol package analysis judgment module, wraps the TCP from iscsi disk storage array, carries out iSCSI protocol analysis, determine whether iSCSI protocol package;
Store data judge module, judge that current TCP wraps whether to contain and store data;
Packet judge module, judge this TCP wrap store data length be whether packet deciphering often group require the integral multiple of length;
Store data decryption module, packet deciphering is carried out to the storage data after grouping;
Data transmission blocks, sends to iSCSI storage array by the TCP bag after deciphering.
As preferably, described block encryption module also comprises:
Retransmission instructions sending module, structure response instruction, to iSCSI server, tells that iSCSI server should send adjacent TCP bag;
Described packet deciphering module also comprises:
Retransmission instructions sending module, structure response instruction, to iSCSI storage array, tells that iSCSI storage array should send adjacent TCP bag.
Compared with prior art, the invention has the beneficial effects as follows: this method adopts existing general packet encryption technology, the iSCSI network storage block encryption process realized, do not transform user's existing equipment, do not change user network environment, technically possesses operability, " storing data plaintext transmission in TCP/IP network easily illegally to be intercepted and captured ", " storage data clear text is stored on storage array and is easily stolen " two problems can be solved simultaneously, solve the practical and market universalness problem that iSCSI Internet Transmission encrypts this kind of safe practice and product.
Accompanying drawing explanation
Fig. 1 is prior art network storage encryption method model schematic.
Fig. 2 is iSCSI grouping encryption method module diagram of the present invention.
The encryption realization flow figure that Fig. 3 is a specific embodiment shown in Fig. 2.
The deciphering realization flow figure that Fig. 4 is a specific embodiment shown in Fig. 2.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
Arbitrary feature disclosed in this specification (comprise summary and accompanying drawing), unless specifically stated otherwise, all can be replaced by other equivalences or the alternative features with similar object.That is, unless specifically stated otherwise, each feature is an example in a series of equivalence or similar characteristics.
As shown in Fig. 2 to Fig. 4.
Specific embodiment one
Based on the iSCSI network storage encryption implementation method and realize system, this realizes system and comprises iSCSI server and iSCSI storage array module, also comprises and is connected between iSCSI server and iSCSI storage array module,
Block encryption module, the storage data comprised in the TCP bag that will be stored to iSCSI storage array by iSCSI server, according to the length requirement of grouping algorithm, carry out block encryption, are saved in storage array by the encrypt data storage after encryption;
Packet deciphering module, the storage data comprised the TCP bag that will be read from iscsi disk storage array by iSCSI server, according to the length requirement of grouping algorithm, carry out packet deciphering, the storage clear data after deciphering are sent to iSCSI server.
In this specific embodiment, described block encryption module comprises: iSCSI protocol package analysis judgment module, wraps, carry out iSCSI protocol analysis, determine whether iSCSI protocol package the TCP from iSCSI server; Store data judge module, judge that current TCP wraps whether to contain and store data; Packet judge module, judge this TCP wrap store data length be whether block encryption often group require the integral multiple of length; Storage data encryption module, carries out block encryption to the storage data after grouping; Data transmission blocks, sends to iSCSI storage array by the TCP bag after encryption;
Described packet deciphering module comprises: iSCSI protocol package analysis judgment module, wraps, carry out iSCSI protocol analysis, determine whether iSCSI protocol package the TCP from iscsi disk storage array; Store data judge module, judge that current TCP wraps whether to contain and store data; Packet judge module, judge this TCP wrap store data length be whether packet deciphering often group require the integral multiple of length; Store data decryption module, packet deciphering is carried out to the storage data after grouping; Data transmission blocks, sends to iSCSI storage array by the TCP bag after deciphering.
Implementation method adopts general packet encryption technology, and be encrypted according to grouping encryption method and be decrypted with packet deciphering method, concrete grammar is:
(1), when iSCSI server deposits storage data to iSCSI storage array, concrete grammar flow process is:
1-1, the TCP from iSCSI server to be wrapped, carry out iSCSI protocol analysis, determine whether iSCSI protocol package, be, enter next step, otherwise carry out transparent transmission;
1-2, judging that this TCP wraps whether containing storing data, being enter next step, otherwise carrying out transparent transmission;
1-3, judge this TCP wrap store data length be whether block encryption often group require the integral multiple of length, be that block encryption is carried out to these storage data, and send to iSCSI storage array to preserve this TCP bag after encryption, otherwise enter next step;
1-4, wait for that adjacent TCP bag is come, receive this adjacent TCP bag, unencrypted in two TCP bags is stored data piece together, be divided into two parts: meet the part of block encryption length multiple and do not meet the part of block encryption length, the part meeting block encryption length is sent to encryption;
1-5, TCP bag storage data all encrypted send to iSCSI storage array to preserve, and the TCP bag storing data division encryption jumps to 1-4, and continuation waits for that next adjacent TCP bag is come.
(2), when iSCSI server reads storage data from iSCSI storage array, concrete grammar flow process is:
2-1, the TCP from iscsi disk storage array to be wrapped, carry out iSCSI protocol analysis, determine whether iSCSI protocol package, be, enter next step, otherwise carry out transparent transmission;
2-2, judging that this TCP wraps whether containing storing data, being enter next step, otherwise carrying out transparent transmission;
2-3, judge this TCP wrap store data length be whether packet deciphering often group require the integral multiple of length, be that packet deciphering is carried out to these storage data, and this TCP bag after deciphering sent to iSCSI server, otherwise enter next step;
2-4, wait for that adjacent TCP bag is come, receive this adjacent TCP bag, the storage data of not deciphering in two TCP bags are pieced together, is divided into two parts: meet the part of packet deciphering length multiple and do not meet the part of packet deciphering length, the part meeting packet deciphering length is sent to deciphering;
2-5, TCP bag storage data all deciphered send to iSCSI server, and the TCP bag storing data division deciphering jumps to 2-4, and continuation waits for that next adjacent TCP bag is come.
When iSCSI server stores data toward iSCSI storage array, can send by Transmission Control Protocol and store clear data, the storage data length comprised in each TCP bag does not generally meet the length requirement of grouping algorithm, by waiting for that the methods such as adjacent TCP wraps, storage data are pieced together reach the length requirement of grouping algorithm, then block encryption is carried out to storage data, store encrypt data after encryption and be kept in storage array.
When iSCSI server reads storage data from iSCSI storage array, iSCSI storage array can send by Transmission Control Protocol and store encrypt data, the storage data length comprised in each TCP bag does not generally meet the length requirement of grouping algorithm, by waiting for that the methods such as adjacent TCP wraps, storage data are pieced together reach the length requirement of grouping algorithm, then carry out packet deciphering, store clear data after deciphering and be sent to iSCSI server.
In this specific embodiment, described block encryption algorithm often group require length and packet deciphering algorithm often group require that length is equal.
This method adopts existing general packet encryption technology, the iSCSI network storage block encryption process realized, do not transform user's existing equipment, do not change user network environment, technically possesses operability, " storing data plaintext transmission in TCP/IP network easily illegally to be intercepted and captured ", " storage data clear text is stored on storage array and is easily stolen " two problems can be solved simultaneously, solve the practical and market universalness problem that iSCSI Internet Transmission encrypts this kind of safe practice and product.
Specific embodiment two
On the basis of specific embodiment one or two, described method flow also comprises: after step 1-3 and before step 1-4, if do not receive adjacent TCP bag in threshold time, then abandon the current TCP being in wait wrap and sends the current TCP of repeating transmission wrap and the instruction of adjacent bag to iSCSI server.
Specific embodiment three
On the basis of specific embodiment one or two or three, described block encryption module also comprises: retransmission instructions sending module, and structure response instruction, to iSCSI server, tells that iSCSI server should send adjacent TCP bag.
Specific embodiment four
On the basis of specific embodiment one or two or three or four, described packet deciphering module also comprises: retransmission instructions sending module, and structure response instruction, to iSCSI storage array, tells that iSCSI storage array should send adjacent TCP bag.Described method flow also comprises: after step 2-3 and before step 2-4, if do not receive adjacent TCP bag in threshold time, structure response instruction, to iSCSI storage array, tells that iSCSI storage array should send adjacent TCP bag.
Claims (8)
1. based on an encryption implementation method for the iSCSI network storage, it is characterized in that, adopt general packet encryption technology, be encrypted according to grouping encryption method, concrete grammar is:
When iSCSI server deposits storage data to iSCSI storage array, the storage data comprised in being wrapped by TCP, according to the length requirement of grouping algorithm, carry out block encryption, are saved in storage array by the encrypt data storage after encryption;
When iSCSI server reads storage data from iSCSI storage array, the storage data comprised in being wrapped by TCP, according to the length requirement of grouping algorithm, carry out packet deciphering, and the storage clear data after deciphering is sent to iSCSI server.
2. the encryption implementation method based on the iSCSI network storage according to claim 1, is characterized in that, the concrete grammar flow process of described step (1) is:
1-1, the TCP from iSCSI server to be wrapped, carry out iSCSI protocol analysis, determine whether iSCSI protocol package, be, enter next step, otherwise carry out transparent transmission;
1-2, judging that this TCP wraps whether containing storing data, being enter next step, otherwise carrying out transparent transmission;
1-3, judge this TCP wrap store data length be whether block encryption often group require the integral multiple of length, be that block encryption is carried out to these storage data, and send to iSCSI storage array to preserve this TCP bag after encryption, otherwise enter next step;
1-4, wait for that adjacent TCP bag is come, receive this adjacent TCP bag, unencrypted in two TCP bags is stored data piece together, be divided into two parts: meet the part of block encryption length multiple and do not meet the part of block encryption length, the part meeting block encryption length is sent to encryption;
1-5, TCP bag storage data all encrypted send to iSCSI storage array to preserve, and the TCP bag storing data division encryption jumps to step 1-4, and continuation waits for that next adjacent TCP bag is come.
3. the encryption implementation method based on the iSCSI network storage according to claim 2, it is characterized in that, described method flow also comprises: after step 1-3 and before step 1-4, if do not receive adjacent TCP bag in threshold time, then structure response instruction is to iSCSI server, tells that iSCSI server should send adjacent TCP bag.
4. the encryption implementation method based on the iSCSI network storage according to claim 1 and 2, is characterized in that, the concrete grammar flow process of described step (2) is:
2-1, the TCP from iscsi disk storage array to be wrapped, carry out iSCSI protocol analysis, determine whether iSCSI protocol package, be, enter next step, otherwise carry out transparent transmission;
2-2, judging that this TCP wraps whether containing storing data, being enter next step, otherwise carrying out transparent transmission;
2-3, judge this TCP wrap store data length be whether packet deciphering often group require the integral multiple of length, be that packet deciphering is carried out to these storage data, and this TCP bag after deciphering sent to iSCSI server, otherwise enter next step;
2-4, wait for that adjacent TCP bag is come, receive this adjacent TCP bag, the storage data of not deciphering in two TCP bags are pieced together, is divided into two parts: meet the part of packet deciphering length multiple and do not meet the part of packet deciphering length, the part meeting packet deciphering length is sent to deciphering;
2-5, TCP bag storage data all deciphered send to iSCSI server, and the TCP bag storing data division deciphering jumps to step 2-4, and continuation waits for that next adjacent TCP bag is come.
5. the encryption implementation method based on the iSCSI network storage according to claim 4, it is characterized in that, described method flow also comprises: after step 2-3 and before step 2-4, if do not receive adjacent TCP bag in threshold time, then structure response instruction is to iSCSI storage array, tells that iSCSI storage array should send adjacent TCP bag.
6. the encryption of one of 1 to 5 described encryption implementation method based on the iSCSI network storage to be gone to realize system based on right, comprise iSCSI server and iSCSI storage array module, it is characterized in that: also comprise and being connected between iSCSI server and iSCSI storage array module
Block encryption module, the storage data comprised in the TCP bag that will be stored to iSCSI storage array by iSCSI server, according to the length requirement of grouping algorithm, carry out block encryption, are saved in storage array by the encrypt data storage after encryption;
Packet deciphering module, the storage data comprised the TCP bag that will be read from iscsi disk storage array by iSCSI server, according to the length requirement of grouping algorithm, carry out packet deciphering, the storage clear data after deciphering are sent to iSCSI server.
7. the encryption based on the iSCSI network storage according to claim 6 realizes system, it is characterized in that, described block encryption module comprises:
ISCSI protocol package analysis judgment module, wraps the TCP from iSCSI server, carries out iSCSI protocol analysis, determine whether iSCSI protocol package;
Store data judge module, judge that current TCP wraps whether to contain and store data;
Packet judge module, judge this TCP wrap store data length be whether block encryption often group require the integral multiple of length;
Storage data encryption module, carries out block encryption to the storage data after grouping;
Data transmission blocks, sends to iSCSI storage array by the TCP bag after encryption;
Described packet deciphering module comprises:
ISCSI protocol package analysis judgment module, wraps the TCP from iscsi disk storage array, carries out iSCSI protocol analysis, determine whether iSCSI protocol package;
Store data judge module, judge that current TCP wraps whether to contain and store data;
Packet judge module, judge this TCP wrap store data length be whether packet deciphering often group require the integral multiple of length;
Store data decryption module, packet deciphering is carried out to the storage data after grouping;
Data transmission blocks, sends to iSCSI storage array by the TCP bag after deciphering.
8. the encryption based on the iSCSI network storage according to claim 7 realizes system, it is characterized in that, described block encryption module also comprises:
Retransmission instructions sending module, structure response instruction, to iSCSI server, tells that iSCSI server should send adjacent TCP bag;
Described packet deciphering module also comprises:
Retransmission instructions sending module, structure response instruction, to iSCSI server, tells that iSCSI storage array should send adjacent TCP bag.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510751177.XA CN105391543A (en) | 2015-11-09 | 2015-11-09 | Encryption realization method of iSCSI-based network storage and realization system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510751177.XA CN105391543A (en) | 2015-11-09 | 2015-11-09 | Encryption realization method of iSCSI-based network storage and realization system thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105391543A true CN105391543A (en) | 2016-03-09 |
Family
ID=55423398
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510751177.XA Pending CN105391543A (en) | 2015-11-09 | 2015-11-09 | Encryption realization method of iSCSI-based network storage and realization system thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105391543A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106534169A (en) * | 2016-12-06 | 2017-03-22 | 中国电子科技集团公司第三十二研究所 | Storage encryption method based on network |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050031123A1 (en) * | 2002-10-04 | 2005-02-10 | Tsutomu Ichinose | Block encoding/decoding method, circuit, and device |
| CN101841412A (en) * | 2010-04-09 | 2010-09-22 | 兰州韦尔斯信息科技有限公司 | Method and device for encrypting network environment of storage domain |
| CN103414704A (en) * | 2013-07-29 | 2013-11-27 | 相韶华 | General virtual data encrypted storage system |
-
2015
- 2015-11-09 CN CN201510751177.XA patent/CN105391543A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050031123A1 (en) * | 2002-10-04 | 2005-02-10 | Tsutomu Ichinose | Block encoding/decoding method, circuit, and device |
| CN101841412A (en) * | 2010-04-09 | 2010-09-22 | 兰州韦尔斯信息科技有限公司 | Method and device for encrypting network environment of storage domain |
| CN103414704A (en) * | 2013-07-29 | 2013-11-27 | 相韶华 | General virtual data encrypted storage system |
Non-Patent Citations (1)
| Title |
|---|
| 陈宇燕 等: "高性能前置网关式iSCSI存储加密解决方案", 《信息安全与通信保密》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106534169A (en) * | 2016-12-06 | 2017-03-22 | 中国电子科技集团公司第三十二研究所 | Storage encryption method based on network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11706026B2 (en) | Location aware cryptography | |
| CN104539439B (en) | Data transmission method and terminal | |
| CN105262772B (en) | Data transmission method, system and related device | |
| US20140355757A1 (en) | Encryption / decryption of data with non-persistent, non-shared passkey | |
| EP3185466B1 (en) | Encrypted communications method and communications terminal, and computer storage medium | |
| CN103139222A (en) | Internet protocol security (IPSEC) tunnel data transmission method and device thereof | |
| CN103442059A (en) | File sharing method and device | |
| CN103428221A (en) | Safety logging method, system and device of mobile application | |
| CN103166757B (en) | A kind of method and system of dynamic protection privacy of user data | |
| CN104202158A (en) | Symmetric and asymmetric hybrid data encryption/decryption method based on cloud computing | |
| CN108900540B (en) | Service data processing method of power distribution terminal based on double encryption | |
| CN108777677A (en) | cloud storage data security protection method and device, storage medium, camera, computing device | |
| CN103457952B (en) | A kind of IPSec processing methods and equipment based on crypto engine | |
| CN110061996A (en) | A kind of data transmission method, device, equipment and readable storage medium storing program for executing | |
| US20140229386A1 (en) | Secure mobile payments | |
| CN109005027A (en) | A kind of random data encryption and decryption method, apparatus and system | |
| US20150188699A1 (en) | Method and apparatus for establishing secure session between client and server | |
| CN105848145A (en) | WIFI intelligent configuration method and device | |
| CN105515757B (en) | Security information exchange device based on credible performing environment | |
| CN106789008B (en) | Method, device and system for decrypting sharable encrypted data | |
| CN113193958B (en) | Quantum key service method and system | |
| CN105391543A (en) | Encryption realization method of iSCSI-based network storage and realization system thereof | |
| CN108965278A (en) | Transaction request processing method and processing device | |
| CN108134777A (en) | A kind of communication encryption system based on timestamp | |
| WO2016180180A1 (en) | Voice call encryption method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160309 |