CN103699855A - Data processing method and data processing device - Google Patents
Data processing method and data processing device Download PDFInfo
- Publication number
- CN103699855A CN103699855A CN201310654603.9A CN201310654603A CN103699855A CN 103699855 A CN103699855 A CN 103699855A CN 201310654603 A CN201310654603 A CN 201310654603A CN 103699855 A CN103699855 A CN 103699855A
- Authority
- CN
- China
- Prior art keywords
- metadata
- logic storage
- storage unit
- unit
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a data processing method and a data processing device. The method comprises the steps of confirming at least one target logic storage unit from a plurality of logic storage units in a storage array; reading metadata stored in the target logic storage unit; encrypting the metadata; storing the encrypted metadata into the target logic storage unit. Before the storage array is moved, the metadata in the logic storage units in the storage array can be encrypted by the data processing method, so that the data leakage in the moving process of the storage array can be reduced, and the safety of the data can be improved.
Description
Technical field
The present invention relates to technical field of data processing, relate in particular a kind of data processing method and device.
Background technology
Storage array is also referred to as disk array, it is that a plurality of disks are formed together, being used as single disk uses, by data, the mode with segmentation is stored in different disks for it, when access data, associative disk in this disk array can move together, thereby has significantly reduced data time.
In actual applications, the position that often needs mobile storage array, for example, because machine room is aging or enlarging, and the physical equipment that is provided with storage array in this machine room is moved to other places, yet in the process of mobile storage array, if undelegated user maliciously copies the data in disk, can cause the data in disk to be revealed, affect the security of data.
Summary of the invention
In view of this, the invention provides a kind of data processing method and device, to reduce storage array, move in process, the situation that in disk, data are revealed, the security that improves data.
For realizing above object, a first aspect of the present invention provides a kind of data processing method, comprising:
From a plurality of logic storage units of storage array, determine at least one target logic storage unit;
Read the metadata of storing in described target logic storage unit;
Described metadata is encrypted, obtains the metadata of encrypting;
The metadata that is described encryption by the described metadata updates of storing in described target logic storage unit.
In conjunction with first aspect, in the possible implementation of the first, described at least one target logic storage unit of determining from a plurality of logic storage units of storage array, comprising:
The information that receives the logic storage unit to be encrypted of specified node transmission, is defined as described target logic storage unit by described logic storage unit to be encrypted.
Or, all logic storage units of described storage array are all defined as to described target logic storage unit.
In conjunction with the possible implementation of the first of first aspect or first aspect, in the possible implementation of the second, described from a plurality of logic storage units of storage array, determine at least one target logic storage unit after, also comprise:
Inquire about in described target logic storage unit and whether store the data outside described metadata;
The described metadata of storing in described target logic storage unit that reads, comprising:
While storing the data outside described metadata in described target logic storage unit, read the described metadata of storing in described target logic storage unit.
In conjunction with first aspect, in the third possible implementation, described at least one target logic storage unit of determining from a plurality of logic storage units of storage array, comprising:
From a plurality of logic storage units of described storage array, determine the target logic storage unit of the data that store outside metadata.
In conjunction with first aspect, in the 4th kind of possible implementation, after the described metadata that is described encryption by the metadata updates of storing in described target logic storage unit, also comprise:
For described target logic storage unit generating identification information, described identification information is for showing that the described metadata of described destination logical unit is encrypted.
A second aspect of the present invention also provides a kind of data processing equipment, comprising:
Target determining unit, for determining at least one target logic storage unit from a plurality of logic storage units of storage array;
Data-reading unit, the metadata of storing for reading described target logic storage unit that described target determining unit determines;
Ciphering unit, is encrypted for the described metadata that described data-reading unit is read, and obtains the metadata of encrypting;
Data updating unit is the metadata of the described encryption that obtains of described ciphering unit for the described metadata updates that described target logic storage unit is stored.
In conjunction with second aspect, in the possible implementation of the first, described target determining unit, comprising:
First object determining unit, for receiving the information of the logic storage unit to be encrypted of specified node transmission, is defined as described target logic storage unit by described logic storage unit to be encrypted.
Or the second target determining unit, for being all defined as described target logic storage unit by all logic storage units of described storage array.
In conjunction with the possible implementation of the first of second aspect or second aspect, in the possible implementation of the second, described device also comprises:
Whether query unit, store the data outside described metadata for inquiring about the described target logic storage unit that described target determining unit determines;
Described data-reading unit, comprising:
The first data-reading unit, while storing the data outside described metadata for determine described target logic storage unit when described query unit, reads the described metadata of storing in described target logic storage unit.
In conjunction with second aspect, in the third possible implementation, described target determining unit, comprising:
The 3rd target determining unit, for a plurality of logic storage units from described storage array, determines the target logic storage unit of the data that store outside metadata.
In conjunction with second aspect, in the 4th kind of possible implementation, described device also comprises:
Identify unit, after the described metadata updates of described target logic storage unit being the metadata of encrypting in described data updating unit, for described target logic storage unit generating identification information, described identification information is for showing that the described metadata of described destination logical unit is encrypted.
Known via above-mentioned technical scheme, metadata in destination logical unit in storage array of the present invention is the metadata after encrypting, like this, moving in process of storage array, unwarranted user is owing to can not this metadata being decrypted, also just cannot get the metadata information in this target logic storage unit, thereby cannot be according to the data of storing in this disk of metadata access, and then avoided unwarranted user maliciously to steal the data in this storage array, improved the security of data.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only embodiments of the invention, for those of ordinary skills, do not paying under the prerequisite of creative work, other accompanying drawing can also be provided according to the accompanying drawing providing.
Fig. 1 shows the schematic flow sheet of an embodiment of a kind of data processing method of the present invention;
Fig. 2 shows the schematic flow sheet of a kind of another embodiment of data processing method of the present invention
Fig. 3 shows the structural representation of a kind of another embodiment of data processing method of the present invention;
Fig. 4 shows the structural representation of an embodiment of a kind of data processing method of the present invention;
Fig. 5 shows the structural representation of a kind of another embodiment of data processing method of the present invention;
Fig. 6 shows the structural representation of a kind of storage array of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
The invention provides a kind of data processing method, by the method, can effectively reduce at storage array and be moved the situation that the data in process are revealed, the security that improves data.
Referring to Fig. 1, show the schematic flow sheet of an embodiment of a kind of data processing method of the present invention, the method of the present embodiment can be applied to have the storage networking of storage array, as storage area network (SAN, Storage Area Network), direct-connected storage networking (DAS, Direct-Attached Storage) etc., the method for the present embodiment can comprise:
S101 determines at least one target logic storage unit from a plurality of logic storage units of storage array.
The storage space of storage array is the summation of the storage space of each disk in this storage array.In actual applications, generally regard total storage space of all disks of storage array as a virtual logic magnetic disc space, this logic magnetic disc space is divided and can be obtained a plurality of logic storage units.The storage space of each logic storage unit generally can be crossed over a plurality of disks
Logic storage unit is an elementary cell of carrying out data storage in this storage array, and each logic storage unit is all to there being a logical unit number (LUN, Logical Unit Number).
Wherein, this target logic storage unit is the logic storage unit that need to carry out data protection, the logic storage unit of namely pending encryption.
S102, reads the metadata of storing in this target logic storage unit.
Wherein, metadata refers to the data about data, is to data definition and description, is a kind of special data.
The data of storing in this logic storage unit comprise: metadata, and the data that do not belong to metadata, wherein, the data that do not belong to metadata of storing in this logic storage unit are the user data being commonly called as.Generally in logic storage unit, stored after user data, in this logic storage unit, the corresponding generation of meeting is for describing the metadata of user data.Wherein, the metadata of describing this user data can be title, storage time of user data etc.For the user data of storing in logic storage unit, the data volume of this metadata is very little.
When user passes through certain logic storage unit in this storage array of other device accesses, must search the metadata of this logic storage unit, then could be according to metadata query to corresponding user data, if metadata is inaccurate, have influence on reading the user data in this logic storage unit.As, make the user data that reads incorrect.
In the present embodiment, for any one target logic storage unit, the controller of this storage array all can read the metadata of this target logic storage unit.
S103, is encrypted this metadata, obtains the metadata of encrypting.
The controller of storage array reads out after metadata from this destination logical unit, can be encrypted the metadata reading out, thus the metadata after being encrypted.
While passing through the destination logical unit of other these storage arrays of device access due to user, must first get after the metadata in this target logic storage unit, can be according to the user data in this target logic storage unit of this metadata access, therefore, in the situation that the metadata of this target logic storage unit is encrypted, other people cannot correctly read the user data of storing in this target logic storage unit by other equipment.
It can be the key according to setting that metadata is encrypted, and be encrypted in conjunction with default cryptographic algorithm, wherein, ciphering process can be identical with existing data encryption process, as, can be based on Advanced Encryption Standard (AES, Advanced Encryption Standard), also can be encrypted based on other cryptographic algorithm, at this, do not limited.
S104, the metadata that is this encryption by the metadata updates of storing in this target logic storage unit.
The controller of storage array completes metadata to reading out encrypt after, the metadata store after encrypting, to this target logic storage unit, be take to the metadata after encrypting by the metadata updates of storing in this target logic storage unit.
In the present embodiment, metadata in destination logical unit in this storage array is the metadata after encrypting, if user cannot be decrypted the metadata of this encryption, also just cannot get the metadata information in this target logic storage unit, thus cannot be according to the data of storing in this target logic storage unit of metadata access.Like this, before resettlement storage array, by method of the present invention, metadata in the target logic storage unit of this storage array is encrypted, in the process of this storage array of resettlement, unwarranted user is owing to can not this metadata being decrypted, also just cannot be according to the data in metadata access target logic storage unit, thus guaranteed that the data of storing in disk are not maliciously stolen by other users, improved the security of data.
In addition, due to the data volume of the metadata in the target logic storage unit data volume much smaller than user data, with all data in target logic storage unit are all encrypted and are compared, only read in this destination logical unit metadata and metadata is encrypted, when improving data security, can also reduce data processing amount, reduce data processing consuming time short, and then reduce resource consumption.
In embodiments of the present invention, triggering storage array and determine that the condition of target logic storage unit can be an encrypted instruction to be detected, can be also to arrive default encryption constantly.Wherein, encrypted instruction to be detected can be that this storage array receives the encrypted instruction that specified node sends to this storage array.Wherein, this specified node can be connected with this storage array for passing through physical circuit or network, and controls computing machine or other opertaing devices of this storage array.
Wherein, the mode of the definite target logic storage unit of this storage array can have multiple.
Optionally, a kind of mode of definite target logic storage unit can be: this storage array using logic storage units all in this storage array all as the target logic storage unit of pending encryption.
The mode of another kind of definite target logic storage unit can be, the information of the logic storage unit of the pending encryption that this storage array reception user sends by specified node, and the logic storage unit corresponding with this information is defined as to target logic storage unit.As, before encrypting, user can access this storage array by specified node, and then select this user and think the logic storage unit of need encrypting, by this specified node, the logical unit number of the logic storage unit of selecting is sent to this storage array, storage array is defined as target logic storage unit by logic storage unit corresponding to this logical unit number.
Be understandable that, in the situation that do not store user data in the logic storage unit of storage array, this logic storage unit also has metadata, when deposited user data in after the meeting in this logic storage unit, in this logic storage unit, also can generate the metadata that this user data is relevant.Therefore, the in the situation that of not storing user data in logic storage unit, the metadata in this logic storage unit is encrypted and there is no any meaning, also can waste data processing time, consumption of natural resource.
In order to reduce resource consumption, referring to Fig. 2, show the schematic flow sheet of a kind of another embodiment of data processing method of the present invention, the method for the present embodiment can comprise:
S201 determines at least one target logic storage unit from a plurality of logic storage units of storage array.
Wherein, in the present embodiment, the mode of definite target logic storage unit is not limited.
Optionally, the mode of determining this target logic storage unit can be two kinds of situations introducing above.
S202, inquires about in this target logic storage unit whether store the data outside metadata.
Wherein, in this logic storage unit, store in data, the data except metadata, judge in this logic storage unit, whether there is user data.
Inquire about the data that whether store outside metadata in this target logic storage unit and can adopt existing arbitary inquiry mode, at this, do not limited.
S203, while storing the data outside this metadata in target logic storage unit, reads the metadata of storing in this target logic storage unit.
S204, the metadata by the metadata updates of storing in this target logic storage unit for encrypting.
In this target logic storage unit, only have metadata and do not store in the situation of user data, the risk that does not exist user data to reveal or be stolen, without reading the metadata in this target logic storage unit and carrying out cryptographic operation.
Visible, owing to not storing in target logic storage unit in the situation of user data, the risk that does not exist data to reveal, therefore,, while storing user data in inquiring target logic storage unit, just can read the metadata in this target logic storage unit, and metadata is encrypted, can avoid reading useless metadata, reduced the data amount of reading and treatment capacity, thereby it be consuming time to have reduced data processing.
Be understandable that, under the prerequisite of guaranteeing data security property, in order to reduce data processing amount, at storage array, during in definite target logic storage unit, can be that the logic storage unit that stores the data outside metadata in this storage array is defined as to target logic storage unit.As, when definite target logic storage unit, the controller of storage array can be inquired about in each logic storage unit successively except storing metadata, whether also stores user data, and the logic storage unit that stores user data is defined as storage unit.For example, in this storage array, there are 10 logic storage units, but wherein only have in 6 logic storage units and store data, this storage array inquires these 6 logic storage units and stores after data, these 6 logic storage units is defined as to the target logic storage unit of pending encryption.
The target logic storage unit of determining by this kind of mode all stores user data, perhaps carries out query manipulation again, does not also have the situation that reads insignificant metadata, that is to say the situation that does not have the waste data amount of reading and treatment capacity.
Certainly, in actual applications, user accesses after this storage array by specified node, this user can see which logic storage unit stores data, therefore, user can select the target logic storage unit that need to be encrypted from store the logic storage unit of user data, like this, the logical block that storage array is selected user is defined as after target logic storage unit, also without inquiring about in this target logic storage unit whether store the data outside metadata again.
Referring to Fig. 3, show the schematic flow sheet of a kind of another embodiment of data processing method of the present invention, the method for the present embodiment can comprise:
S301 determines at least one target logic storage unit from a plurality of logic storage units of storage array.
S302, reads the metadata of storing in this target logic storage unit
S303, is encrypted this metadata, obtains the metadata of encrypting.
S304, the metadata by the metadata updates of storing in this target logic storage unit for encrypting.
Wherein, above step 301 to step 304 can, with reference to the associated description of any embodiment above, not repeat at this.
Optionally, in this embodiment before this step 302, can also comprise in this target logic storage unit of inquiry whether storing the data outside metadata, and when definite this target logic cell stores has the data outside metadata, carry out this step 302.
S305, is this target logic storage unit generating identification information, and this identification information is for showing that the metadata of described destination logical unit is encrypted.
Owing to there being a plurality of logic storage units in storage array, for when the follow-up deciphering, can determine more fast and accurately the target logic storage unit of the metadata storing after encryption, by the metadata updates in target logic storage unit for after the metadata after encrypting,, also need for this target logic storage unit generating identification information.Like this, when needs are decrypted storage array, just the target logic storage unit with identification information can be defined as to the logic storage unit that need to be decrypted.
Wherein, this identification information can be stored in the assigned address of this target logic storage unit, and when this metadata is encrypted, the data of this assigned address still can be read.
Wherein, the order of this step 204 and step 205 is not limited to shown in Fig. 2, also can this step 204 and the order of step 205 can exchange, first perform step 205 and then execution step 204, can be also to carry out this step 204 and step 205 simultaneously.
After target logic storage unit being encrypted by above any means, just can move this storage array to assigned address.At this storage array, be moved to after assigned address, the controller of this storage array can be decrypted the metadata in target logic storage unit.As, this storage array can, after decryption instructions being detected, be decrypted the metadata in this target logic storage unit.When the metadata in target logic storage unit is decrypted, can be according to the key with default, and be decrypted in conjunction with specific decipherment algorithm.
Wherein, when needs carry out metadata deciphering, the controller of this storage array can judge that whether each logic storage unit is encrypted successively, and then determines the target logic storage unit that stores encrypted metadata, and the metadata in this target logic storage unit is decrypted.
Especially, after metadata is encrypted, if storage array has generated identification information for this target logic storage unit, when needs are deciphered, can determine the encrypted target logic storage unit of metadata according to this identification information, and then the metadata in this target logic storage unit is decrypted.
Corresponding a kind of data processing method of the present invention, the present invention also provides a kind of data processing equipment, this data processing equipment can be applied in storage array, referring to Fig. 4, the structural representation that shows an embodiment of a kind of data processing equipment of the present invention, the device of the present embodiment can comprise: target determining unit 401, data-reading unit 402, ciphering unit 403 and data updating unit 404.
Wherein, target determining unit 401, for determining at least one target logic storage unit from a plurality of logic storage units of storage array.
Data-reading unit 402, the metadata of storing for reading described target logic storage unit that described target determining unit determines.
After the metadata in the destination logical unit in storage array being encrypted by ciphering unit in the present embodiment, then by the metadata updates in this target storage array, be this metadata after encrypting by data updating unit.Like this, moving in process of storage array, unwarranted user is owing to can not this metadata being decrypted, also just cannot get the metadata information in this target logic storage unit, thereby cannot be according to the data of storing in this disk of metadata access, thereby avoided unwarranted user maliciously to steal the data in this storage array, improved the security of data.
Optionally, described target determining unit, comprising:
First object determining unit, for receiving the information of the logic storage unit to be encrypted of specified node transmission, is defined as described target logic storage unit by described logic storage unit to be encrypted.
Or the second target determining unit, for being all defined as described target logic storage unit by all logic storage units of described storage array.
Referring to Fig. 5, show another embodiment of a kind of data processing equipment of the present invention, the device of the present embodiment, is with the embodiment difference of installing above:
In the present embodiment, also comprise: whether query unit 405, store the data outside described metadata for inquiring about the described target logic storage unit that described target determining unit 401 determines;
Accordingly, described data-reading unit 402, comprising:
The first data-reading unit 4021, while storing the data outside described metadata for determine described target logic storage unit when described query unit, reads the described metadata of storing in described target logic storage unit.
After target determining unit is determined target logic storage unit, by query unit, inquire about in this target logic storage unit whether store the data outside metadata, only have while storing metadata in determining this target logic storage unit, this first data-reading unit just can go to read this metadata, thereby the in the situation that of having avoided not storing user data in target logic storage unit, read insignificant metadata, and then reduced the data amount of reading.
Optionally, on the other hand, this target determining unit can also be to comprise:
The 3rd target determining unit, for a plurality of logic storage units from described storage array, determines the target logic storage unit of the data that store outside metadata.
In the target logic storage unit of determining by the 3rd target determining unit, all store user data, thereby without inquiring about again in this target logic storage unit whether store the data outside metadata.
Further, in above any one embodiment, this data processing equipment can also comprise:
Identify unit, after the described metadata updates of described target logic storage unit being the metadata of encrypting in described data updating unit, for described target logic storage unit generating identification information, described identification information is for showing that the described metadata of described destination logical unit is encrypted.
By this identify unit, to storing the target logic storage unit of the metadata after encryption, identify, can be when needs be deciphered, can be very fast determine the encrypted target logic storage unit of metadata.
In addition, the present invention also provides a kind of storage array, referring to Fig. 6, shows the structural representation of a kind of storage array of the present invention, and this storage array 600 includes controller 601 and a plurality of disk 602, and described a plurality of disks are fixed together by disk frame.
Wherein, described controller is connected with described a plurality of disks.Wherein, the storage space of these a plurality of disks is virtualized as a plurality of logic storage units.
Described controller 601, determines at least one target logic storage unit for storing from a plurality of logic storage units of storage array; Read the metadata of storing in described target logic storage unit; Described metadata is encrypted, obtains the metadata of encrypting; It by the described metadata updates of storing in described target logic storage unit, is the metadata of the described encryption that obtains of described ciphering unit.
In described disk array 602, store the information of the program of described controller execution.
In this storage array, be also provided with disk frame, this disk frame does not draw in Fig. 6, in this disk frame, be provided with communication bus, controller is connected with the communication bus in disk frame, and each disk is connected with the communication bus in this disk frame, and then realize being connected between this controller and this disk.
For device embodiment, because it is substantially corresponding to embodiment of the method, so relevant part is referring to the part explanation of embodiment of the method.System embodiment described above is only schematically, can select according to the actual needs some or all of module wherein to realize the object of the present embodiment scheme.Those of ordinary skills, in the situation that not paying creative work, are appreciated that and implement.
In several embodiment provided by the present invention, should be understood that, disclosed in apparatus and method, not surpassing in the application's spirit and scope, can realize in other way.Current embodiment is a kind of exemplary example, should be as restriction, and given particular content should in no way limit the application's object.For example, the division of described unit or subelement, is only that a kind of logic function is divided, and during actual realization, can have other dividing mode, and for example a plurality of unit or a plurality of subelement combine.In addition, a plurality of unit can or assembly can in conjunction with or can be integrated into another system, or some features can ignore, or do not carry out.
The above is only the specific embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (10)
1. a data processing method, is characterized in that, comprising:
From a plurality of logic storage units of storage array, determine at least one target logic storage unit;
Read the metadata of storing in described target logic storage unit;
Described metadata is encrypted, obtains the metadata of encrypting;
The metadata that is described encryption by the described metadata updates of storing in described target logic storage unit.
2. method according to claim 1, is characterized in that, described at least one target logic storage unit of determining from a plurality of logic storage units of storage array, comprising:
The information that receives the logic storage unit to be encrypted of specified node transmission, is defined as described target logic storage unit by described logic storage unit to be encrypted;
Or, all logic storage units of described storage array are all defined as to described target logic storage unit.
3. method according to claim 1 and 2, is characterized in that, described from a plurality of logic storage units of storage array, determine at least one target logic storage unit after, also comprise:
Inquire about in described target logic storage unit and whether store the data outside described metadata;
The described metadata of storing in described target logic storage unit that reads, comprising:
While storing the data outside described metadata in described target logic storage unit, read the described metadata of storing in described target logic storage unit.
4. method according to claim 1, is characterized in that, described at least one target logic storage unit of determining from a plurality of logic storage units of storage array, comprising:
From a plurality of logic storage units of described storage array, determine the target logic storage unit of the data that store outside metadata.
5. method according to claim 1, is characterized in that, after the described metadata that is described encryption by the metadata updates of storing in described target logic storage unit, also comprises:
For described target logic storage unit generating identification information, described identification information is for showing that the described metadata of described destination logical unit is encrypted.
6. a data processing equipment, is characterized in that, comprising:
Target determining unit, for determining at least one target logic storage unit from a plurality of logic storage units of storage array;
Data-reading unit, the metadata of storing for reading described target logic storage unit that described target determining unit determines;
Ciphering unit, is encrypted for the described metadata that described data-reading unit is read, and obtains the metadata of encrypting;
Data updating unit is the metadata of the described encryption that obtains of described ciphering unit for the described metadata updates that described target logic storage unit is stored.
7. device according to claim 6, is characterized in that, described target determining unit, comprising:
First object determining unit, for receiving the information of the logic storage unit to be encrypted of specified node transmission, is defined as described target logic storage unit by described logic storage unit to be encrypted;
Or the second target determining unit, for being all defined as described target logic storage unit by all logic storage units of described storage array.
8. according to the device described in claim 6 or 7, it is characterized in that, also comprise:
Whether query unit, store the data outside described metadata for inquiring about the described target logic storage unit that described target determining unit determines;
Described data-reading unit, comprising:
The first data-reading unit, while storing the data outside described metadata for determine described target logic storage unit when described query unit, reads the described metadata of storing in described target logic storage unit.
9. device according to claim 6, is characterized in that, described target determining unit, comprising:
The 3rd target determining unit, for a plurality of logic storage units from described storage array, determines the target logic storage unit of the data that store outside metadata.
10. device according to claim 6, is characterized in that, described device also comprises:
Identify unit, after the described metadata updates of described target logic storage unit being the metadata of encrypting in described data updating unit, for described target logic storage unit generating identification information, described identification information is for showing that the described metadata of described destination logical unit is encrypted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310654603.9A CN103699855B (en) | 2013-12-05 | 2013-12-05 | A kind of data processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310654603.9A CN103699855B (en) | 2013-12-05 | 2013-12-05 | A kind of data processing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103699855A true CN103699855A (en) | 2014-04-02 |
| CN103699855B CN103699855B (en) | 2018-04-27 |
Family
ID=50361379
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310654603.9A Active CN103699855B (en) | 2013-12-05 | 2013-12-05 | A kind of data processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103699855B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109033849A (en) * | 2018-06-29 | 2018-12-18 | 无锡艾立德智能科技有限公司 | The encryption method and device encrypted to deposit data of magnetic disk array |
| CN111181899A (en) * | 2018-11-13 | 2020-05-19 | 阿里巴巴集团控股有限公司 | Data processing method, device and system and electronic equipment |
| US11210406B2 (en) | 2016-07-15 | 2021-12-28 | Seagate Technology Llc | Encrypting system level data structures |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070113084A1 (en) * | 2005-08-04 | 2007-05-17 | Sony Corporation | Method, apparatus, and program for processing information |
| CN101055511A (en) * | 2007-05-16 | 2007-10-17 | 华为技术有限公司 | Memory array system and its data operation method |
| CN101097556A (en) * | 2006-06-29 | 2008-01-02 | 国际商业机器公司 | Method and system for updating metadata in a logical volume |
| CN101313283A (en) * | 2005-12-22 | 2008-11-26 | 英特尔公司 | Method for dynamically exposing backup and restore volumes |
| CN102024059A (en) * | 2010-12-31 | 2011-04-20 | 成都市华为赛门铁克科技有限公司 | Method and device for protecting redundant array of independent disk in file system |
| CN102656589A (en) * | 2009-12-15 | 2012-09-05 | 微软公司 | Verifiable trust for data through wrapper composition |
| CN103019894A (en) * | 2012-12-25 | 2013-04-03 | 创新科存储技术(深圳)有限公司 | Reconstruction method for redundant array of independent disks |
| CN103279694A (en) * | 2013-05-31 | 2013-09-04 | 华为技术有限公司 | Loading method, protecting method, loading device and protecting device for file system |
| CN103392178A (en) * | 2011-11-11 | 2013-11-13 | 日本电气株式会社 | Database encryption system, method and program |
-
2013
- 2013-12-05 CN CN201310654603.9A patent/CN103699855B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070113084A1 (en) * | 2005-08-04 | 2007-05-17 | Sony Corporation | Method, apparatus, and program for processing information |
| CN101313283A (en) * | 2005-12-22 | 2008-11-26 | 英特尔公司 | Method for dynamically exposing backup and restore volumes |
| CN101097556A (en) * | 2006-06-29 | 2008-01-02 | 国际商业机器公司 | Method and system for updating metadata in a logical volume |
| CN101055511A (en) * | 2007-05-16 | 2007-10-17 | 华为技术有限公司 | Memory array system and its data operation method |
| CN102656589A (en) * | 2009-12-15 | 2012-09-05 | 微软公司 | Verifiable trust for data through wrapper composition |
| CN102024059A (en) * | 2010-12-31 | 2011-04-20 | 成都市华为赛门铁克科技有限公司 | Method and device for protecting redundant array of independent disk in file system |
| CN103392178A (en) * | 2011-11-11 | 2013-11-13 | 日本电气株式会社 | Database encryption system, method and program |
| CN103019894A (en) * | 2012-12-25 | 2013-04-03 | 创新科存储技术(深圳)有限公司 | Reconstruction method for redundant array of independent disks |
| CN103279694A (en) * | 2013-05-31 | 2013-09-04 | 华为技术有限公司 | Loading method, protecting method, loading device and protecting device for file system |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11210406B2 (en) | 2016-07-15 | 2021-12-28 | Seagate Technology Llc | Encrypting system level data structures |
| CN109033849A (en) * | 2018-06-29 | 2018-12-18 | 无锡艾立德智能科技有限公司 | The encryption method and device encrypted to deposit data of magnetic disk array |
| CN111181899A (en) * | 2018-11-13 | 2020-05-19 | 阿里巴巴集团控股有限公司 | Data processing method, device and system and electronic equipment |
| CN111181899B (en) * | 2018-11-13 | 2022-11-11 | 阿里巴巴集团控股有限公司 | Data processing method, device and system and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103699855B (en) | 2018-04-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9626497B2 (en) | Sharing USB key by multiple virtual machines located at different hosts | |
| TWI596475B (en) | Address validation using signatures | |
| EP3198781B1 (en) | Techniques for distributing secret shares | |
| US9811478B2 (en) | Self-encrypting flash drive | |
| CN109564553B (en) | Multi-stage memory integrity method and apparatus | |
| CN103020537B (en) | Data encrypting method, data encrypting device, data deciphering method and data deciphering device | |
| US9769654B2 (en) | Method of implementing a right over a content | |
| CN105450620A (en) | Information processing method and device | |
| CN106657052B (en) | Access management method and system for stored data | |
| CN105577379A (en) | Information processing method and apparatus thereof | |
| CN109347839B (en) | Centralized password management method and device, electronic equipment and computer storage medium | |
| CN109725983B (en) | Data exchange method, device, related equipment and system | |
| EP3008732B1 (en) | Non-volatile memory operations | |
| CN103279694B (en) | A kind of loading, guard method and device of file system | |
| KR20170102219A (en) | Method and apparatus for processing transactions | |
| KR20210078437A (en) | System, apparatus, and method for secure deduplication | |
| CN107885864A (en) | A kind of encryption data querying method, system, device and readable storage medium storing program for executing | |
| CN107026730B (en) | Data processing method, device and system | |
| CN103699855A (en) | Data processing method and data processing device | |
| CN108154042B (en) | File system encryption method and device | |
| CN114153396A (en) | Data processing method and device, data storage equipment and terminal equipment | |
| CN105701424B (en) | A kind of method and controller creating storage unit | |
| CN109711207B (en) | Data encryption method and device | |
| CN110032529B (en) | Memory management method and related device | |
| CN110659472A (en) | Password card and data storage system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |