CN105303124A - Mother and child key encryption method for physical tape library - Google Patents
Mother and child key encryption method for physical tape library Download PDFInfo
- Publication number
- CN105303124A CN105303124A CN201510837780.XA CN201510837780A CN105303124A CN 105303124 A CN105303124 A CN 105303124A CN 201510837780 A CN201510837780 A CN 201510837780A CN 105303124 A CN105303124 A CN 105303124A
- Authority
- CN
- China
- Prior art keywords
- key
- tape library
- usb
- mother
- physical tape
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 230000001360 synchronised effect Effects 0.000 claims abstract description 17
- 230000008676 import Effects 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 4
- 230000009467 reduction Effects 0.000 description 4
- 238000007726 management method Methods 0.000 description 3
- 230000005012 migration Effects 0.000 description 2
- 238000013508 migration Methods 0.000 description 2
- 238000004321 preservation Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000035800 maturation Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a mother and child key encryption method for a physical tape library, belonging to the technical field of key encryption; the encryption device comprises a pair of mutual backup encryption devices which are respectively a master key USB hard disk and a slave key USB hard disk, and an encryption key generated by the master key USB hard disk is synchronized to the slave key USB hard disk through physical tape library equipment. The USB hard disk with the sub-secret key can also restore the data encrypted by the USB hard disk with the mother secret key. The sub-key USB hard disk can keep synchronous with the key setting of the main key at any time and is stored in a safe place, the encryption work of the physical tape library is perfected, and the problems that once the backup data before the hard disk is lost cannot be restored normally and the normal work of the physical tape library cannot be guaranteed are solved.
Description
Technical field
The present invention discloses a kind of mother and sons' key encryption method for physical tape library, belongs to Key Encryption Technology field.
Background technology
Data encryption is the pith of computer security, as a kind of mode ensureing data security, along with the development of network, people more and more use backup, physical tape library and physical tape storehouse are as the senior statesman's equipment in backup, from that day that backup produces, just carry the important task of data backup.The advantages such as the function such as off-line preservation, data backup, data filing in physical tape storehouse and cost is low, technology maturation, capacity are large, speed is fast, data preservation security height, make it cannot be replaced in standby system always.The data recording on tape encryption of tape library is hardware level encryption the most fast, is directly responsible for automatic encryption and the deciphering automatically of data recording on tape by LTO tape drive.And usb key Management Unit is the tape library scrambling solutions of the easiest economy of tape library, for tape library provide without the need to unnecessary software, terminal computer or encryption server from maintenance mode.But current single usb key management still has many leaks, cannot improve physical tape storehouse encrypted work, once this hard disk lose before Backup Data cannot normal reduction, can not ensure that physical tape storehouse normally works.The invention provides a kind of mother and sons' key encryption method for physical tape library, comprise a pair standby encryption device mutually, be respectively a female key USB hard disk and a sub-key USB hard disk, the encryption key that female key USB hard disk produces, by physical tape library equipment, be synchronized to sub-key USB hard disk.Sub-key USB hard disk can restore the data by female key USB HD encryption equally.Sub-key USB hard disk can arrange with the key of master key at any time and keep synchronous; and be stored in safe place; perfect physical tape storehouse encrypted work, solve once this hard disk lose before Backup Data cannot normal reduction, the problem that physical tape storehouse normally works can not be ensured.
Summary of the invention
The present invention is directed in prior art the equipment not having SMBUS interface; at power up phase; owing to continuing the longer program initialization time; SMBUS interface level state can be very unstable; may BUSBUSY be caused thus affect the problem that BMC normally works, a kind of mother and sons' key encryption method for physical tape library is provided, perfect physical tape storehouse encrypted work; solve once this hard disk lose before Backup Data cannot normal reduction, the problem that physical tape storehouse normally works can not be ensured.
The concrete scheme that the present invention proposes is:
A kind of mother and sons' key encryption method for physical tape library, mother and sons' key USB is standby encryption mutually, female key USB produces encryption key at physical tape library, by physical tape library equipment, be synchronized to sub-key USB, sub-key USB arranges with female key usb key and keeps synchronous, and sub-key USB restores by the encrypted data of female key USB.
Female key USB by using the random number generator of physical tape library, stochastic generation encryption key, and preserves key.
Described random number generator operates in the crypto module on FIPS140-2 standard 3 level verification hardware.
An access physical tape library in mother and sons' key USB, utilizes telemanagement to open USB encryption function.
By telemanagement, encryption key is saved as secure file, by network delivery secure file, reciever, by other physical tape library and mother and sons' key USB, imports this encryption key, reads corresponding enciphered data.
Mother and sons' key USB supports LTO-6, LTO-5 tape drive.
Usefulness of the present invention is:
The invention provides a kind of mother and sons' key encryption method for physical tape library, comprise a pair standby encryption device mutually, be respectively a female key USB hard disk and a sub-key USB hard disk, the encryption key that female key USB hard disk produces, by physical tape library equipment, be synchronized to sub-key USB hard disk.Sub-key USB hard disk can restore the data by female key USB HD encryption equally.Sub-key USB hard disk can arrange with the key of master key at any time and keep synchronous; and be stored in safe place; perfect physical tape storehouse encrypted work, solve once this hard disk lose before Backup Data cannot normal reduction, the problem that physical tape storehouse normally works can not be ensured.
Embodiment
A kind of mother and sons' key encryption method for physical tape library, mother and sons' key USB is standby encryption mutually, female key USB produces encryption key at physical tape library, by physical tape library equipment, be synchronized to sub-key USB, sub-key USB arranges with female key usb key and keeps synchronous, and sub-key USB restores by the encrypted data of female key USB.
According to said method and summary of the invention, the present invention will be further described.
Mother and sons' key USB, comprises a pair standby encryption device mutually, is respectively a female key USB hard disk and a sub-key USB hard disk.
For mother and sons' key encryption method of physical tape library, mother and sons' key USB is standby encryption mutually, and female key USB produces encryption key at physical tape library;
The process wherein producing encryption key is: female key USB by using the random number generator of physical tape library, stochastic generation encryption key, and preserves key; And random number generator can be operate in the crypto module on FIPS140-2 standard 3 level verification hardware;
By physical tape library equipment, be synchronized to sub-key USB, sub-key USB arranges with female key usb key and keeps synchronous, and sub-key USB restores by the encrypted data of female key USB.
Key USB reduces encrypted data:
Backup Data by transmitting encrypt tapes medium and corresponding key USB realization safety exports and migration, and this mode can prevent data and key to be exposed in unsafe PC, server and network.
Also by encryption key content is saved as secure file by remote administrative interface, by network delivery secure file, reciever, by other physical tape library and key USB hard disk, imports this key, to read corresponding enciphered data.
Again when a kind of for mother and sons' key encryption method of physical tape library, mother and sons' key USB is standby encryption mutually, and female key USB produces encryption key at physical tape library;
The process wherein producing encryption key is: female key USB by using the random number generator of physical tape library, stochastic generation encryption key, and preserves key; And random number generator can be operate in the crypto module on FIPS140-2 standard 3 level verification hardware;
By physical tape library equipment, be synchronized to sub-key USB, sub-key USB arranges with female key usb key and keeps synchronous, and sub-key USB restores by the encrypted data of female key USB.
Key USB reduces encrypted data:
Backup Data by transmitting encrypt tapes medium and corresponding key USB realization safety exports and migration, and this mode can prevent data and key to be exposed in unsafe PC, server and network.
Also by encryption key content is saved as secure file by remote administrative interface, by network delivery secure file, reciever, by other physical tape library and key USB hard disk, imports this key, to read corresponding enciphered data.
Wherein user is before carrying out data backup, one of them key USB hard disk of mother and sons' key USB can be inserted in the USB interface of physical tape library, and open in remote administrative interface and use USB encryption function.PIN code in the safety management page of remote administrative interface is arranged provides extra safety protecting mechanism by for key USB.Key US needs to keep the connection with tape library.
Wherein mother and sons' key USB supports LTO-6, LTO-5 tape drive, shares using in homologous series physical tape library.
In mother and sons' key USB use procedure, sub-key USB hard disk can arrange with the key of master key at any time and keep synchronous, and is stored in safe place.Such as back up in Jinan at female key, cipher key content is saved as secure file by remote administrative interface, by network delivery secure file to Beijing, reciever imports sub-key USB hard disk by other physical tape library, to read corresponding enciphered data.Achieve local cipher, the function that strange land is read.
Claims (7)
1. the mother and sons' key encryption method for physical tape library, it is characterized in that mother and sons' key USB standby encryption mutually, female key USB produces encryption key at physical tape library, by physical tape library equipment, be synchronized to sub-key USB, sub-key USB arranges with female key usb key and keeps synchronous, and sub-key USB restores by the encrypted data of female key USB.
2. a kind of mother and sons' key encryption method for physical tape library according to claim 1, is characterized in that female key USB is by using the random number generator of physical tape library, stochastic generation encryption key, and preserves key.
3. a kind of mother and sons' key encryption method for physical tape library according to claim 1 and 2, is characterized in that described random number generator operates in the crypto module on FIPS140-2 standard 3 level verification hardware.
4. a kind of mother and sons' key encryption method for physical tape library according to claim 1, is characterized in that an access physical tape library in mother and sons' key USB, utilizes telemanagement to open USB encryption function.
5. a kind of mother and sons' key encryption method for physical tape library according to claim 1 or 4, it is characterized in that, by telemanagement, encryption key is saved as secure file, by network delivery secure file, reciever is by other physical tape library and mother and sons' key USB, import this encryption key, read corresponding enciphered data.
6. a kind of mother and sons' key encryption method for physical tape library according to claim 3, it is characterized in that, by telemanagement, encryption key is saved as secure file, by network delivery secure file, reciever is by other physical tape library and mother and sons' key USB, import this encryption key, read corresponding enciphered data.
7. a kind of mother and sons' key encryption method for physical tape library according to claim 1,2,4,6, is characterized in that mother and sons' key USB supports LTO-6, LTO-5 tape drive.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510837780.XA CN105303124A (en) | 2015-11-26 | 2015-11-26 | Mother and child key encryption method for physical tape library |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510837780.XA CN105303124A (en) | 2015-11-26 | 2015-11-26 | Mother and child key encryption method for physical tape library |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105303124A true CN105303124A (en) | 2016-02-03 |
Family
ID=55200378
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510837780.XA Pending CN105303124A (en) | 2015-11-26 | 2015-11-26 | Mother and child key encryption method for physical tape library |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105303124A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106326757A (en) * | 2016-08-26 | 2017-01-11 | 浪潮(北京)电子信息产业有限公司 | Data encryption device of storage system |
| CN106529350A (en) * | 2016-11-11 | 2017-03-22 | 郑州云海信息技术有限公司 | Secure storage system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101141257A (en) * | 2006-09-07 | 2008-03-12 | 国际商业机器公司 | Method, cipher key unit and storage driver for maintaining encryption key integrity |
| CN101325603A (en) * | 2008-07-24 | 2008-12-17 | 上海众恒信息产业有限公司 | Network memory structure for special certificate management system |
| US20090202080A1 (en) * | 2008-02-12 | 2009-08-13 | Hitachi, Ltd. | Method and system for managing encryption key |
| CN203054824U (en) * | 2013-02-02 | 2013-07-10 | 陕西长城信息有限责任公司 | Server storage system |
| CN203070292U (en) * | 2013-02-02 | 2013-07-17 | 陕西长城信息有限责任公司 | Server-based data management system |
| US20140281518A1 (en) * | 2013-03-12 | 2014-09-18 | Commvault Systems, Inc. | Multi-tier file restoration |
-
2015
- 2015-11-26 CN CN201510837780.XA patent/CN105303124A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101141257A (en) * | 2006-09-07 | 2008-03-12 | 国际商业机器公司 | Method, cipher key unit and storage driver for maintaining encryption key integrity |
| US20090202080A1 (en) * | 2008-02-12 | 2009-08-13 | Hitachi, Ltd. | Method and system for managing encryption key |
| CN101325603A (en) * | 2008-07-24 | 2008-12-17 | 上海众恒信息产业有限公司 | Network memory structure for special certificate management system |
| CN203054824U (en) * | 2013-02-02 | 2013-07-10 | 陕西长城信息有限责任公司 | Server storage system |
| CN203070292U (en) * | 2013-02-02 | 2013-07-17 | 陕西长城信息有限责任公司 | Server-based data management system |
| US20140281518A1 (en) * | 2013-03-12 | 2014-09-18 | Commvault Systems, Inc. | Multi-tier file restoration |
Non-Patent Citations (3)
| Title |
|---|
| SHONHARRIS: "《CISSP认证考试指南 第6版》", 31 January 2014 * |
| 张蕾: "《高校计算机房的运行管理与技术控制》", 31 August 2015 * |
| 李得荣: "两地三中心模式下的加密备份和恢复", 《新金融世界》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106326757A (en) * | 2016-08-26 | 2017-01-11 | 浪潮(北京)电子信息产业有限公司 | Data encryption device of storage system |
| CN106529350A (en) * | 2016-11-11 | 2017-03-22 | 郑州云海信息技术有限公司 | Secure storage system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106330868B (en) | A kind of high speed network encryption storage key management system and method | |
| CN100464549C (en) | Method for realizing data safety storing business | |
| US9069940B2 (en) | Secure host authentication using symmetric key cryptography | |
| CN105830086B (en) | Use the data protection in external secret storage system | |
| EP2901357B1 (en) | Multi-drive cooperation to generate an encryption key | |
| CN106685645B (en) | A kind of cipher key backup for safety chip business cipher key and restoration methods and system | |
| CN101038568B (en) | Method and device for encrypting date of external computer hard disk | |
| CN105656621A (en) | Safety management method for cryptographic device | |
| CN104852922B (en) | Big data encipher-decipher method based on distributed file system | |
| CN105072107A (en) | System and method for enhancing data transmission and storage security | |
| CN103580855A (en) | Usbkey management plan based on sharing technology | |
| CN104035891A (en) | Android mobile terminal data security protection system | |
| CN104901810A (en) | Data encryption storage method based on domestic cryptographic algorithm | |
| CN104333545A (en) | Method for encrypting cloud storage file data | |
| CN105471901A (en) | Industrial information security authentication system | |
| CN202364240U (en) | Trusted calculating chip key backup recovery system | |
| CN106529261B (en) | UKey and method for synchronizing offline service data | |
| CN105303124A (en) | Mother and child key encryption method for physical tape library | |
| CN103207976B (en) | Mobile storage file prevents the method for divulging a secret and the secret USB flash disk based on the method | |
| CN112989320B (en) | User state management system and method for password equipment | |
| CN102004873B (en) | Method for restoring encrypted information in encryption card | |
| CN204808325U (en) | Carry out black equipment to data | |
| CN105426705A (en) | Encryption control system for accounting software | |
| JP7138642B2 (en) | Method and apparatus for performing secure backup and restore | |
| CN110378131A (en) | A kind of method, system and device using trusted root management cryptsetup key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160203 |