CN109842589A - A kind of cloud storage encryption method, device, equipment and storage medium - Google Patents
A kind of cloud storage encryption method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN109842589A CN109842589A CN201711208362.XA CN201711208362A CN109842589A CN 109842589 A CN109842589 A CN 109842589A CN 201711208362 A CN201711208362 A CN 201711208362A CN 109842589 A CN109842589 A CN 109842589A
- Authority
- CN
- China
- Prior art keywords
- key
- data
- encryption
- pair
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a kind of cloud storage encryption method, device, equipment and storage mediums, it is related to the field of data encryption of cloud computation data center, which comprises virtual key management server obtains the master key for being used to encrypt the customer data that customer data and client to be stored are arranged from client;The virtual key management server utilizes the master key, generates the data encryption key for encryption;The virtual key management server utilizes the data encryption key, encrypts to the customer data to be stored, obtains customer data ciphertext, and the customer data ciphertext is saved to storage server.The embodiment of the present invention is based on cloud computing virtualization technology and data encryption technology, can effectively manage the key for encryption, improve the authentication security and key safety of cloud computation data center, improve the cloud storage safety of cloud computation data center.
Description
Technical field
The present invention relates to the field of data encryption of cloud computation data center, in particular to a kind of cloud storage encryption method, dress
It sets, equipment and storage medium.
Background technique
Cloud storage is the major way of cloud computation data center information storage, it provides easy-to-use memory space, but
It is to worry the loss of data of oneself due to cloud storage client, lacks the trust to cloud storage, causing cloud storage to popularize becomes
It is difficult.Whether client, which trusts, is stored in private data in cloud, is the key point whether cloud storage can be widely popularized.
From current many instance analysis, the leakage of cloud data is derived from some people for obtaining operating resource privilege on the surface,
Such as server admin personnel or successfully invade the hacker of server;From the point of view of from the root, the industry standardization being widely present now,
Such as encoding mechanism, universal method (such as general encipher-decipher method) are only the root for generating leaking data.
Existing data center's security means is divided into two kinds: static data encryption and dynamic data encrypt.
Static data encryption is that the digital certificate based on user is authenticated and encrypted.User is recognized using digital certificate
Card and encryption.User carries out authentication to cloud management system using digital certificate, and using symmetric key in local cipher cloud
The data of middle storage, while certificate public key encryption symmetric key is used, then encrypted data are passed in cloud and are stored.
These clients control and save key, first that ciphertext in cloud is locally downloading when client will obtain data, then voluntarily by client
Decrypt the data.This method is used simultaneously the disadvantage is that client is needed to have stronger crypto-operation ability to realize encryption function
The encryption key of user data must take care of safety, once losing, will be unable to restore data, and this method is only applicable to client oneself
The static data of generation encrypts.
Dynamic data encryption method is under the cloud computing application mode of multi-tenant, and client rents the calculating of cloud computing system
Ability, the dynamic data that client generates in cloud computing environment are encrypted by cloud computing management system.This method is the disadvantage is that visitor
Family is unable to control dynamic data, all depend on cloud computing service provider, while cloud computing management system needs to provide one
Unified, effective, expansible cloud computing key management framework, for providing the unified pipe of various types key for all kinds of clients
Reason, realizes various cipher key operations.
Summary of the invention
Technical solution provided in an embodiment of the present invention solves the problems, such as that the cloud storage safety of cloud computation data center is low.
A kind of cloud storage encryption method provided according to embodiments of the present invention, comprising:
Virtual key management server obtains customer data to be stored from client and client is arranged for encrypting institute
State the master key of customer data;
The virtual key management server utilizes the master key, generates the data encryption key for encryption;
The virtual key management server utilizes the data encryption key, carries out to the customer data to be stored
Encryption, obtains customer data ciphertext, and the customer data ciphertext is saved to storage server.
Preferably, the virtual key management server utilizes the master key, generates close for the data encryption of encryption
Key includes:
The virtual key management server is generated and master key cooperation using the customer data to be stored
Pair-wise key;
The virtual key management server utilizes the master key and the pair-wise key, generates the data for encryption
Encryption key.
Preferably, after generating the pair-wise key cooperated with the master key, further includes:
The virtual key management server utilizes the master key, encrypts to the pair-wise key, obtains described
Pair-wise key ciphertext, and save the pair-wise key ciphertext.
Preferably, it saves by the customer data ciphertext to storage server, further includes:
The virtual key management server obtains the master key from the client, and utilizes the master key, raw
At the data encryption key;
The virtual key management server obtains the customer data ciphertext from the storage server, and described in utilization
Data encryption key is decrypted the customer data ciphertext, obtains the customer data, and is sent to the client.
Preferably, described to utilize the master key, generating the data encryption key includes:
The virtual key management server obtains the pair-wise key ciphertext saved, and utilizes the master key,
The pair-wise key ciphertext is decrypted, the pair-wise key is obtained;
The virtual key management server utilizes the master key and the pair-wise key, generates the data for encryption
Encryption key.
A kind of cloud storage encryption device provided according to embodiments of the present invention, comprising:
Module is obtained, for obtaining customer data to be stored from client and client is arranged for encrypting the client
The master key of data;
Key production module generates the data encryption key for encryption for utilizing the master key;
Encryption/decryption module encrypts the customer data to be stored, obtains for utilizing the data encryption key
It saves to customer data ciphertext, and by the customer data ciphertext to storage server.
Preferably, the key production module generates and cooperates with the master key using the customer data to be stored
Pair-wise key, and utilize the master key and the pair-wise key, generate for encryption data encryption key.
Preferably, the encryption/decryption module is also used to after generating the pair-wise key cooperated with the master key, benefit
With the master key, the pair-wise key is encrypted, obtains the pair-wise key ciphertext, and it is close to save the pair-wise key
Text.
There is provided according to embodiments of the present invention a kind of cloud storage encryption equipment, the equipment includes: processor, and with institute
State the memory of processor coupling;The cloud storage encipheror that can be run on the processor is stored on the memory,
The cloud storage encipheror realizes the step of above-mentioned cloud storage encryption method when being executed by the processor.
A kind of storage medium provided according to embodiments of the present invention, is stored thereon with cloud storage encipheror, and the cloud is deposited
The step of storage encipheror realizes above-mentioned cloud storage encryption method when being executed by processor
Technical solution provided in an embodiment of the present invention has the following beneficial effects:
The embodiment of the present invention is based on cloud computing virtualization technology and data encryption technology, can effectively manage for encrypting
Key, improve the authentication security and key safety of cloud computation data center, improve the cloud of cloud computation data center
Storage security.
Detailed description of the invention
Fig. 1 is data center's cloud storage encryption method flow chart provided in an embodiment of the present invention;
Fig. 2 is data center's cloud storage encryption device block diagram provided in an embodiment of the present invention;
Fig. 3 is virtual key management service block schematic illustration provided in an embodiment of the present invention;
Fig. 4 is separation key storage cipher key relation schematic diagram provided in an embodiment of the present invention;
Fig. 5 is separation key storage service workflow schematic diagram provided in an embodiment of the present invention;
Fig. 6 is the realization principle schematic diagram that another embodiment provides.
Specific embodiment
Below in conjunction with attached drawing to a preferred embodiment of the present invention will be described in detail, it should be understood that described below is excellent
Select embodiment only for the purpose of illustrating and explaining the present invention and is not intended to limit the present invention.
Fig. 1 is data center's cloud storage encryption method flow chart provided in an embodiment of the present invention, as shown in Figure 1, step packet
It includes:
Step S101: virtual key management server obtains the use that customer data and client to be stored are arranged from client
In the master key for encrypting the customer data.
The master key is taken care of by client, for encrypting customer data during encryption, for decrypting visitor during decryption
User data ciphertext.
Step S102: the virtual key management server utilizes the master key, generates the data encryption for encryption
Key.
Step S102 includes: that the virtual key management server utilizes the customer data to be stored, generation and institute
The pair-wise key of master key cooperation is stated, and utilizes the master key and the pair-wise key, generates the data encryption for encryption
Key.
The data encryption key is stored in the virtual key management server in the form of ciphertext, specifically,
It generates with after the pair-wise key of master key cooperation, the virtual key management server utilizes the master key, right
The pair-wise key is encrypted, and the pair-wise key ciphertext is obtained, and saves the pair-wise key ciphertext.
Step S103: the virtual key management server utilizes the data encryption key, to the visitor to be stored
User data is encrypted, and obtains customer data ciphertext, and the customer data ciphertext is saved to storage server.
When specific encryption, using symmetrical decipherment algorithm, such as Advanced Encryption Standard (AdvancedEncryption
Standard, AES) symmetric encipherment algorithm.
Further include decryption step after executing step S103, specifically: the virtual key management server described first from
The client obtains the master key, and utilizes the master key, the data encryption key is generated, specifically, described
Virtual key management server utilizes the master key, is decrypted to the pair-wise key ciphertext in preceding preservation, obtains institute
Pair-wise key is stated, and utilizes the master key and the pair-wise key, generates the data encryption key.Then described virtual close
Key management server obtains the customer data ciphertext from the storage server, and utilizes the data encryption key, to institute
It states customer data ciphertext to be decrypted, obtains the customer data, and be sent to the client.
It will appreciated by the skilled person that implement the method for the above embodiments be can be with
Relevant hardware is instructed to complete by program, the program can store in computer-readable storage medium.Into
One step says that the present invention can also provide a kind of storage medium, is stored thereon with cloud storage encipheror, and the cloud storage encrypts journey
The step of above-mentioned cloud storage encryption method is realized when sequence is executed by processor.Wherein, the storage medium may include
ROM/RAM, magnetic disk, CD, USB flash disk.
Fig. 2 is data center's cloud storage encryption device block diagram provided in an embodiment of the present invention, as shown in Figure 2, comprising:
Module is obtained, for obtaining customer data to be stored from client and client is arranged for encrypting the client
The master key of data;
Key production module generates the data encryption key for encryption for utilizing the master key;
Encryption/decryption module encrypts the customer data to be stored, obtains for utilizing the data encryption key
It saves to customer data ciphertext, and by the customer data ciphertext to storage server.
Described device can be set in virtual key management server, and workflow includes:
1. during encryption: obtaining that module obtains customer data to be stored from client and client is arranged for encrypting institute
State the master key of customer data.Key production module generates and cooperates with the master key using the customer data to be stored
Pair-wise key, and utilize the master key and the pair-wise key, generate for encryption data encryption key.Described plus solution
Close module utilizes the master key, encrypts to the pair-wise key, obtains the pair-wise key ciphertext, and in local preservation
The pair-wise key ciphertext.The encryption/decryption module utilize the data encryption key, to the customer data to be stored into
Row encryption, obtains customer data ciphertext, and the customer data ciphertext is saved to storage server.
2. during decryption: obtaining module from client and obtain the master key.The key production module utilizes the master
The pair-wise key ciphertext in preceding preservation is decrypted in key, obtains the pair-wise key, and using the master key and
The pair-wise key generates the data encryption key;The encryption/decryption module utilizes the data encryption key, to from described
The customer data ciphertext that storage server obtains is decrypted, and obtains the customer data, and be sent to the client.
The present embodiment provides a kind of cloud storage encrypt equipment, the equipment includes: processor, and with the processor coupling
The memory connect;The cloud storage encipheror that can be run on the processor, the cloud storage are stored on the memory
Encipheror realizes the step of above-mentioned cloud storage encryption method when being executed by the processor.
In summary, since the pressure of data center's safety is concentrated mainly on two aspects: first is that the safety problem of certification,
Second is that the safety problem of master key, the embodiment of the present invention designs a set of new key management method separation key storage service, should
The core of service is virtual key management service, can be realized the privatization truly of data, guarantees the number of cloud storage
According to safety.
Fig. 3 is virtual key management service block schematic illustration provided in an embodiment of the present invention, as shown in figure 3, virtual key
Management server is beyond the clouds between server and storage server, to ensure every byte between cloud server and storage server
Data are all encrypted, virtual key management service using VPN Database (Virtual Private Database,
VPD) application program, VPD are the virtual units that any disk or storage array are decrypted using Encryption Algorithm.It is stored in data
When with read operation, VPD is responsible for retrieval server pair-wise key and request client key, completes the encryption and decryption of storing data.
Data encryption process is as follows:
1, client submits data encrypting and deciphering application to Cloud Server (i.e. cloud server);
2, after the encryption application of Cloud Server verifying client, data encryption instruction is issued to virtual key management server;
3, virtual key management server needs to request master key to client during handling encryption;
4, client is transferred to virtual key by returning to master key after the verifying to key request, and by data to be encrypted
Management server;
5, virtual key management server generates data encryption key according to master key and customer data is encrypted and matched
To distribution storage on corresponding cloud storage service device (i.e. storage server), master key and eventually for data in the process
The key of encryption can't be stored in any way on the server, this is the key that guarantee data security;
6, after the completion of data encryption storage, cloud storage service device is to virtual key server (i.e. virtual key management service
Device) return to verification information;
7, virtual key management server returns to verification information to Cloud Server;
8, Cloud Server returns to verification information to client.
In above process, client takes part in the process of data encrypting and deciphering each time and plays decisive role, only
It when client holds master key participates in that above-mentioned encryption process could be completed, that is to say, that complete encryption when the data of client and deposit
After storage, master key must be just provided if you need to decrypt, otherwise data cannot be decrypted, and then client becomes and can uniquely decrypt
The people of data realizes the complete privatization for storing data into cloud and guaranteeing data.
Two keys are arranged in management for key, the embodiment of the present invention, and one is given client's keeping, and it is close that it is known as master
Key K, another gives virtual key management (Virtual Key Management, VKM) VKM service, by VKM according to client's number
According to and create-rule (i.e. key schedule A) generate server pair-wise key k, before data are encrypted, virtual key
Management service requests guest master key, and according to master key K and server pair-wise key k, used safety is calculated according to the present embodiment
Method B generates new data encryption key K ', carries out encryption storage to storing data, mathematic(al) representation is E (K, k)=K' and EK'
(M)=CM, i.e., the master key K and virtual key management server provided using client is according to be-encrypted data (i.e. customer data
M, data to be stored M or plaintext M) and create-rule generate server pair-wise key k, generate data encryption key K ', then
Using data encryption key K ', plaintext M is encrypted, obtains ciphertext CM。
If client cannot provide service provider offer server pair-wise key k, just can not ciphertext data, equally, if
Service provider does not provide the client master key K held, also can not ciphertext data, cipher key relation is as shown in Figure 4.
Other than key to be transferred to client and the keeping of virtual key management service respectively, for settlement server pair-wise key
The safety problem of k encrypts server pair-wise key by the master key of client, and master key only has client itself keeping,
Its mathematical expression is expressed as EK(k)=Ck。
Even if privilege management personnel can hold the storage ciphertext C of pair-wise key k by invading serverk, but cannot
Key k is read, because it is already encrypted, and the degree that he can invade is only limitted to this, because leaving on the server
Storage control information only have it is so more, in the case where not knowing guest master key K and pair-wise key k ', privilege management people
Member can not obtain final data encryption key K ', and according to the safety of aes algorithm, the attempt for invading customer data can not be obtained
Show off.Service provider cannot still crack the data of client's storage beyond the clouds, then hacker is just more helpless, even if hacker invades cloud
Server is held, what he can steal is also the no-good ciphertext of a pile, and the data M stored beyond the clouds would not be compromised,
Data realize privatization truly, have reached the condition of data safety, in addition, the master key by using client comes
Encryption server pair-wise key, the complete incidence graph pressure of protecting terminal data, working principle are as shown in Fig. 5.Wherein, scheme
The 5 algorithm A and algorithm B can be the existing ripe algorithm such as MD5, RSA, DES, AES-256.
The huge advantage of separation key encryption storage scheme is very easy to find from analysis and comparison above, in the set side
In case, cloud certification is separated with customer data encryption and decryption, and key is realized separation, such master key in data encryption process
Become the unique key to guarantee data security, and client Cheng Liao uniquely knows the people of master key in the world, master key can be by
It is stored in the place that only client itself is just known, realizes cloud static data privatization truly.
Following embodiment is made of client and server end, can be interacted with server end after installing client,
Upload and downloading data, deployment separates key storage service on server end physical host respectively, and Fig. 6 is the reality of another offer
Existing schematic illustration, as shown in fig. 6, detailed process is as follows:
1) client uploads encryption and decryption master key master s3key after first logging into Cloud Server, is denoted as K, virtual key pipe
Reason service saves it on server, and the form that master key saves may be that plaintext is also likely to be ciphertext, wherein encryption function
For E.
2) when data encryption, virtual key management service generates encryption pair-wise key k according to own key generating algorithm, by
Cloud Server needs encrypted stored data M to encrypt and stores on cloud storage service device to what client uploaded.
3) virtual key management service is encrypted and is stored to pair-wise key k according to Encryption Algorithm with guest master key
On Cloud Server.
4) it is carried out when digital decrypted according to encryption vice versa.
Although describing the invention in detail above, but the invention is not restricted to this, those skilled in the art of the present technique
It can be carry out various modifications with principle according to the present invention.Therefore, all to be modified according to made by the principle of the invention, all it should be understood as
Fall into protection scope of the present invention.
Claims (10)
1. a kind of cloud storage encryption method characterized by comprising
Virtual key management server obtains customer data to be stored from client and client is arranged for encrypting the visitor
The master key of user data;
The virtual key management server utilizes the master key, generates the data encryption key for encryption;
The virtual key management server utilizes the data encryption key, adds to the customer data to be stored
It is close, customer data ciphertext is obtained, and the customer data ciphertext is saved to storage server.
2. the method according to claim 1, wherein the virtual key management server is close using the master
Key, generating the data encryption key for encrypting includes:
The virtual key management server generates the pairing with master key cooperation using the customer data to be stored
Key;
The virtual key management server utilizes the master key and the pair-wise key, generates the data encryption for encryption
Key.
3. according to the method described in claim 2, it is characterized in that, generating the pair-wise key with master key cooperation
Afterwards, further includes:
The virtual key management server utilizes the master key, encrypts to the pair-wise key, obtains the pairing
Key ciphertext, and save the pair-wise key ciphertext.
4. according to the method described in claim 3, it is characterized in that, saving by the customer data ciphertext to storage server
Later, further includes:
The virtual key management server obtains the master key from the client, and utilizes the master key, generates institute
State data encryption key;
The virtual key management server obtains the customer data ciphertext from the storage server, and utilizes the data
Encryption key is decrypted the customer data ciphertext, obtains the customer data, and is sent to the client.
5. according to the method described in claim 4, it is characterized in that, the utilization master key, generates the data encryption
Key includes:
The virtual key management server obtains the pair-wise key ciphertext saved, and utilizes the master key, to institute
It states pair-wise key ciphertext to be decrypted, obtains the pair-wise key;
The virtual key management server utilizes the master key and the pair-wise key, generates the data encryption key.
6. a kind of cloud storage encryption device characterized by comprising
Module is obtained, for obtaining customer data to be stored from client and client is arranged for encrypting the customer data
Master key;
Key production module generates the data encryption key for encryption for utilizing the master key;
Encryption/decryption module encrypts the customer data to be stored, obtains visitor for utilizing the data encryption key
User data ciphertext, and the customer data ciphertext is saved to storage server.
7. device according to claim 6, which is characterized in that the key production module utilizes the client to be stored
Data, the pair-wise key of generation and master key cooperation, and the master key and the pair-wise key are utilized, it generates and is used to add
Close data encryption key.
8. device according to claim 7, which is characterized in that the encryption/decryption module is also used to close with the master in generation
After the pair-wise key of key cooperation, using the master key, the pair-wise key is encrypted, obtains the pair-wise key
Ciphertext, and save the pair-wise key ciphertext.
9. a kind of cloud storage encrypts equipment, which is characterized in that the equipment includes: processor, and is coupled with the processor
Memory;The cloud storage encipheror that can be run on the processor is stored on the memory, the cloud storage adds
The step of cloud storage encryption method as described in any one of claims 1 to 5 is realized when close program is executed by the processor.
10. a kind of storage medium, which is characterized in that be stored with cloud storage encipheror, the cloud storage encipheror is processed
The step of cloud storage encryption method as described in any one of claims 1 to 5 is realized when device executes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711208362.XA CN109842589A (en) | 2017-11-27 | 2017-11-27 | A kind of cloud storage encryption method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711208362.XA CN109842589A (en) | 2017-11-27 | 2017-11-27 | A kind of cloud storage encryption method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109842589A true CN109842589A (en) | 2019-06-04 |
Family
ID=66880491
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711208362.XA Pending CN109842589A (en) | 2017-11-27 | 2017-11-27 | A kind of cloud storage encryption method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109842589A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110990851A (en) * | 2019-11-26 | 2020-04-10 | 山东三未信安信息科技有限公司 | Static data encryption protection method and system |
| CN111132150A (en) * | 2019-12-31 | 2020-05-08 | 中科曙光国际信息产业有限公司 | Method and device for protecting data, storage medium and electronic equipment |
| CN111371546A (en) * | 2020-03-11 | 2020-07-03 | 核芯互联(北京)科技有限公司 | Communication system, communication method and device based on enterprise communication office platform |
| CN112380548A (en) * | 2020-11-13 | 2021-02-19 | 杭州弗兰科信息安全科技有限公司 | Data storage method, system, equipment and readable storage medium |
| CN113407242A (en) * | 2020-03-16 | 2021-09-17 | 中移(苏州)软件技术有限公司 | Cloud hard disk encryption mounting method and device, electronic equipment and storage medium |
| CN117201204A (en) * | 2023-11-07 | 2023-12-08 | 阿里云计算有限公司 | Cloud storage system, data reading and writing method and device and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101141461A (en) * | 2006-09-07 | 2008-03-12 | 国际商业机器公司 | Method and system for key generation and retrieval using key servers |
| CN103457932A (en) * | 2013-08-15 | 2013-12-18 | 中电长城网际系统应用有限公司 | Data safety storage method and system under cloud computing environment |
| CN103595730A (en) * | 2013-11-28 | 2014-02-19 | 中国科学院信息工程研究所 | Ciphertext cloud storage method and system |
| US20140283010A1 (en) * | 2013-03-15 | 2014-09-18 | International Business Machines Corporation | Virtual key management and isolation of data deployments in multi-tenant environments |
| CN105320896A (en) * | 2015-10-21 | 2016-02-10 | 成都卫士通信息产业股份有限公司 | Cloud storage encryption and ciphertext retrieval methods and systems |
| CN106612271A (en) * | 2016-05-20 | 2017-05-03 | 四川用联信息技术有限公司 | Encryption and access control method for cloud storage |
| CN106682069A (en) * | 2016-11-14 | 2017-05-17 | 湖南工业大学 | User-controllable data retravel method and data storage method, terminal and system |
| US20170286695A1 (en) * | 2016-04-01 | 2017-10-05 | Egnyte, Inc. | Methods for Improving Performance and Security in a Cloud Computing System |
-
2017
- 2017-11-27 CN CN201711208362.XA patent/CN109842589A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101141461A (en) * | 2006-09-07 | 2008-03-12 | 国际商业机器公司 | Method and system for key generation and retrieval using key servers |
| US20140283010A1 (en) * | 2013-03-15 | 2014-09-18 | International Business Machines Corporation | Virtual key management and isolation of data deployments in multi-tenant environments |
| CN103457932A (en) * | 2013-08-15 | 2013-12-18 | 中电长城网际系统应用有限公司 | Data safety storage method and system under cloud computing environment |
| CN103595730A (en) * | 2013-11-28 | 2014-02-19 | 中国科学院信息工程研究所 | Ciphertext cloud storage method and system |
| CN105320896A (en) * | 2015-10-21 | 2016-02-10 | 成都卫士通信息产业股份有限公司 | Cloud storage encryption and ciphertext retrieval methods and systems |
| US20170286695A1 (en) * | 2016-04-01 | 2017-10-05 | Egnyte, Inc. | Methods for Improving Performance and Security in a Cloud Computing System |
| CN106612271A (en) * | 2016-05-20 | 2017-05-03 | 四川用联信息技术有限公司 | Encryption and access control method for cloud storage |
| CN106682069A (en) * | 2016-11-14 | 2017-05-17 | 湖南工业大学 | User-controllable data retravel method and data storage method, terminal and system |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110990851A (en) * | 2019-11-26 | 2020-04-10 | 山东三未信安信息科技有限公司 | Static data encryption protection method and system |
| CN111132150A (en) * | 2019-12-31 | 2020-05-08 | 中科曙光国际信息产业有限公司 | Method and device for protecting data, storage medium and electronic equipment |
| CN111371546A (en) * | 2020-03-11 | 2020-07-03 | 核芯互联(北京)科技有限公司 | Communication system, communication method and device based on enterprise communication office platform |
| CN113407242A (en) * | 2020-03-16 | 2021-09-17 | 中移(苏州)软件技术有限公司 | Cloud hard disk encryption mounting method and device, electronic equipment and storage medium |
| CN113407242B (en) * | 2020-03-16 | 2023-04-07 | 中移(苏州)软件技术有限公司 | Cloud hard disk encryption mounting method and device, electronic equipment and storage medium |
| CN112380548A (en) * | 2020-11-13 | 2021-02-19 | 杭州弗兰科信息安全科技有限公司 | Data storage method, system, equipment and readable storage medium |
| CN117201204A (en) * | 2023-11-07 | 2023-12-08 | 阿里云计算有限公司 | Cloud storage system, data reading and writing method and device and storage medium |
| CN117201204B (en) * | 2023-11-07 | 2024-03-29 | 阿里云计算有限公司 | Cloud storage system, data reading and writing method and device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109842589A (en) | A kind of cloud storage encryption method, device, equipment and storage medium | |
| US20180013555A1 (en) | Data transmission method and apparatus | |
| US9020149B1 (en) | Protected storage for cryptographic materials | |
| WO2017041603A1 (en) | Data encryption method and apparatus, mobile terminal, and computer storage medium | |
| CN109040090A (en) | A kind of data ciphering method and device | |
| CN110100422B (en) | Data writing method and device based on block chain intelligent contract and storage medium | |
| CN103701829B (en) | A kind of off-line resolves the method for DPAPI encryption data | |
| CN104618096B (en) | Protect method, equipment and the TPM key administrative center of key authorization data | |
| JP2020508619A (en) | Data backup method and data backup device, storage medium, and server | |
| CN107453880B (en) | Cloud data secure storage method and system | |
| CN103067160A (en) | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) | |
| EP3506560A1 (en) | Secure provisioning of keys | |
| US11757625B2 (en) | Multi-factor-protected private key distribution | |
| CN107465665A (en) | A kind of file encryption-decryption method based on fingerprint identification technology | |
| US11632246B2 (en) | Hybrid key derivation to secure data | |
| CN104901810A (en) | Data encrypted storage method based on domestic cryptographic algorithm | |
| US20160330022A1 (en) | Cryptographic system, key generation apparatus, re-encryption apparatus and user terminal | |
| US11431489B2 (en) | Encryption processing system and encryption processing method | |
| CN204180095U (en) | A kind of ciphering and deciphering device for network data encryption transmission | |
| US11783091B2 (en) | Executing entity-specific cryptographic code in a cryptographic coprocessor | |
| US20210194694A1 (en) | Data processing system | |
| CN110750326B (en) | Disk encryption and decryption method and system for virtual machine | |
| CN106487509B (en) | A kind of method and host equipment generating key | |
| CN115499118A (en) | Message key generation method, message key generation device, file encryption method, message key decryption method, file encryption device, file decryption device and medium | |
| TWI430643B (en) | Secure key recovery system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190604 |