CN107025409A - A kind of data safety storaging platform - Google Patents

A kind of data safety storaging platform Download PDF

Info

Publication number
CN107025409A
CN107025409A CN201710227547.9A CN201710227547A CN107025409A CN 107025409 A CN107025409 A CN 107025409A CN 201710227547 A CN201710227547 A CN 201710227547A CN 107025409 A CN107025409 A CN 107025409A
Authority
CN
China
Prior art keywords
client
server
distributed type
type assemblies
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710227547.9A
Other languages
Chinese (zh)
Inventor
晏金成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CHINA EXPRESS E-COMMERCE Co Ltd
Original Assignee
CHINA EXPRESS E-COMMERCE Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CHINA EXPRESS E-COMMERCE Co Ltd filed Critical CHINA EXPRESS E-COMMERCE Co Ltd
Priority to CN201710227547.9A priority Critical patent/CN107025409A/en
Publication of CN107025409A publication Critical patent/CN107025409A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Abstract

The invention discloses a kind of data safety storaging platform, including:Certificate server, is connected to client, for after client sends access request to distributed type assemblies, security verification to be carried out to access request;Security key management server, is connected to certificate server, for managing file key, and the private key of file key is distributed into given client end;Application server, is connected between distributed type assemblies and client, and distributed type assemblies are conducted interviews as the access agent of client;Distributed type assemblies, are connected to application server, for storing cloud data, after certificate server judges client for given server according to private key and access request, it is allowed to which application server conducts interviews to distributed type assemblies.By technical scheme, on the premise of platform extensibility, economy, validity and scalability is ensured, the security of storage platform is improved.

Description

A kind of data safety storaging platform
Technical field
The present invention relates to technical field of data storage, in particular to a kind of data safety storaging platform.
Background technology
At present, identical file data are generally retained copy by cloud storage system on multiple nodes, can with ensure data By property.Cloud storage system is integrated with substantial amounts of storage node, because the geographical position where storage node is different with management strategy, There is great difference in the confidence level of storage node.Therefore, it is the high efficiency for ensuring the security of data and accessing, cloud storage system The data store strategy of system needs to consider node confidence level, the reliability of each storage node is measured with node confidence level, true While protecting lower data access time, the also reliability with good data.
As the distributed file system platform of a cloud, with following some advantages:
(1)Scalability, can reliably process level data.
(2)Economy, whole cluster can be made up of thousands of nodes, user can by by data distribution to by Handled in the cluster of cheap machine composition.
(3)Data are distributed by validity by different nodes, and such data can parallel be located on different nodes Reason, the processing procedure for the data that thus greatly raised speed.
(4)Reliability, multiple copies of a data can be safeguarded automatically, and when calculating task fails, it can be automatic Task to failure is redeployed.
Although oneself is through by the acknowledged preferable Open Source Platform for current processing big data, many enterprises all oneself through using it To carry out the analysis and design of mass data, file system has very strong storage performance, but in use, itself is still With certain limitation, its security performance is high not enough, therefore, the security performance strengthened is imperative.
The content of the invention
The present invention is in order to solve at least one above-mentioned technical problem, it is proposed that a kind of new storage platform, is deposited by setting Storing up platform includes certificate server, security key management server, application server and distributed type assemblies(That is Hadoop), wherein Certificate server is connected to client, for after client sends access request to distributed type assemblies, being carried out to access request Security verification, security key management server is connected to certificate server, for managing file key, by file key Private key distributes to given client end, and application server is connected between distributed type assemblies and client, is used as the access of client Agency conducts interviews to distributed type assemblies, and distributed type assemblies are connected to application server, for storing cloud data, in authentication service After device judges client for given server according to private key and access request, it is allowed to which application server is visited distributed type assemblies Ask.
A kind of embodiment according to the first aspect of the invention, it is proposed that data safety storaging platform, including:Authentication service Device, is connected to client, for after client sends access request to distributed type assemblies, carrying out security to access request and testing Card;Security key management server, is connected to certificate server, for managing file key, by the private key of file key point Dispensing given client end;Application server, is connected between distributed type assemblies and client, is used as the access agent pair of client Distributed type assemblies conduct interviews;Distributed type assemblies, are connected to application server, for storing cloud data, in certificate server root After judging client for given server according to private key and access request, it is allowed to which application server conducts interviews to distributed type assemblies.
In the technical scheme, in order to improve the security of storage platform, authentication service is connected by above-mentioned set-up mode Device, security key management server, application server and distributed type assemblies(Hadoop), pass on the client after cloud data, energy The data encryption processing of correlation is done before enough real storages beyond the clouds, to ensure integrality, the confidentiality of data, and ensures the party Method is feasible.
Further, data are encrypted in transmission and storing process.
Specifically, client is mainly responsible for the preservation of user file and held, application server is used as access storage system Agency access file, certificate server completes user and carries out authentication accessing file inch and wait, security key management clothes Business device is used to manage that file is close bright, and provides safe and reliable close bright service, including Mi Lang storage, generation, renewal etc. are operated, Distributed file system is mainly responsible for the storage of encryption file and reliability and the completeness guarantee of file system.
Client is performed as follows to the specific steps of storage platform:
(1)User accesses cluster by client;
(2)The cluster sends authenticating user identification request to authentication center;
(3)Ca authentication center is received after certification request, and user can complete numeral with access registrar center by the private key of oneself Signature carries out authentication;
(4)Ca authentication center is completed after authentication, and returning to client to show proves that identity is legal and the additional numeral of oneself Signature;
(5)User can access cluster by the proof of identification of oneself checking.
In the above-mentioned technical solutions, distributed type assemblies are specifically included:One host node and at least one child node;Exchange Machine, is connected between host node and any child node, and child node is stored with fragment data, and be stored with whole burst numbers in host node According to mapping table.
In the technical scheme, compared with existing distributed type assemblies, security key management is provided with storage platform Server, concrete modification operation is before file write-in, to enter the encryption of line position to file first, then managed by safe Mi Lang In server generate a random key, this it is close it is bright oneself encrypted ciphertext key can be again encrypted, finally by file In ciphertext write-in, and return in ciphertext address write-in security key management server.
In any of the above-described technical scheme, security key management server is additionally operable to:Child node is write in fragment data Before, the aes algorithm that 128 are carried out to fragment data is encrypted;And random key is generated according to aes algorithm;It will be calculated by AES In the fragment data write-in child node of method encryption, and return to the positional information of write-in child node.
In the technical scheme, the execution of aes algorithm is broadly divided into three phases:Map, Shuffle and Reduce.
In the Map stages, it is necessary first to by clear text file according to block(Give tacit consent to 64MB)Acquiescence carries out the division of Map tasks, so Block size of the clear data in same according to aes algorithm is directed to afterwards(AES is 64)Generation<key,value>Value pair.Its Middle key is that value values are the cleartext informations of actual bit length in plain text relative to the offset of block file.
Then to each<key,value>The key A ES AESs provided according to user, correspondence is encrypted as by Plaintext block Ciphertext blocks.It is parallel when performing Map tasks, this also means that during the encryption of clear text file, it is impossible to control Map The execution sequence of task, the ciphertext order after encryption can be disturbed.Therefore, article is ensured original using Shuffle processes Content order.The output in Map stages is grouped by the Shuffle stages, is divided identical in the same set according to group values, And be ranked up according to offset values, the data for most unifying group at last are sent on single Reduce nodes, and this greatly reduces The quantity of system Reduce tasks, improves the parallel execution efficiency of whole system.In the Reduce stages, it is only necessary to according to group Interior order arranges ciphertext, is output in file system.If the user desired that final encrypted result is stored in list One file, then Reduce task data should be 1, but the Reduce degree of parallelisms that can so influence.Therefore, for smaller File, task can be set to 1, and multiple files are arrived in larger file storage, it is final close to characterize to provide filename File comes from same clear text file.
Equally, the decrypting process of file is also carried out using Hadoop distributed computing platform MapReduce, it is decrypted Process is similar with ciphering process, and simply the Map stages use decipherment algorithm in decrypting process, and other parts are substantially similar, here not Repeat.
In any of the above-described technical scheme, aes algorithm is that operation is encrypted to plaintext using MapReduce model, And determine that the order of the ciphertext of generation is identical with before cryptographic operation using shuffle models.
In any of the above-described technical scheme, security key management server includes:MySQL database, for preserving RSA The private key of algorithm for encryption, and preserve the ciphertext path of the cryptographic operation of aes algorithm.
In the technical scheme, RSA is a kind of public towards AES, therefore when generating random key, can use public key pair The ciphertext key of AES encryption is encrypted, and corresponding private key needs to carry out appropriate keeping.Because HDFS file system is not good at In preserving small documents, MySQL database is introduced in security key management server herein, for preserving RSA private key.Protecting During depositing, in order to which decrypting process below can smoothly find the key and correspondence ciphertext of AES encryption, before also needing to herein Ciphertext path after encryption.It therefore, it can preserve data by this row format in MySQL:Ciphertext path-private key-key is close Text.
The certificate server and safety management key server and application server are performing each request operation All update the journal file of itself respectively afterwards.
In any of the above-described technical scheme, security key management server is only carried out with the host node in distributed type assemblies Data interaction.
In the technical scheme, because all private keys in security key management server admin, therefore have to it compared with High safety requirements, in this regard, peace Key Management server needs maximum physical isolation, user can not directly access it. Host node communication of the security key management server only and in HDFS, needs to carry out authentication when accessing.
By technical scheme, cryptographic operation is carried out when file is stored, it to a certain extent may The readwrite performance of whole system is influenceed, still, because many information of user or the privacy level of data file are especially high, such as Personal secret is shone, and personal proof of identification message etc. needs to carry out the safe encryption measures of highest level, the peace introduced for this Full Key Management server, it is ensured that the security performance of system.By the performance test analysis of last whole experiment porch, entirely Readwrite performance, CPU and memory efficient of system etc. can all decline, but sometimes, in hydraulic performance decline tolerance interval, Personal information security is more even more important than systematic function.
Brief description of the drawings
Fig. 1 shows the block schematic illustration of storage platform according to an embodiment of the invention;
Fig. 2 shows the schematic diagram of the data writing process of storage platform according to an embodiment of the invention.
Embodiment
It is below in conjunction with the accompanying drawings and specific real in order to be more clearly understood that the above objects, features and advantages of the present invention Mode is applied the present invention is further described in detail.It should be noted that in the case where not conflicting, the implementation of the application Feature in example and embodiment can be mutually combined.
Many details are elaborated in the following description to facilitate a thorough understanding of the present invention, still, the present invention may be used also Implemented with being different from third party's mode described here using third party, therefore, protection scope of the present invention is not by following The limitation of disclosed specific embodiment.
Fig. 1 shows the block schematic illustration of storage platform according to an embodiment of the invention.
Fig. 2 shows the schematic diagram of the data writing process of storage platform according to an embodiment of the invention.
Storage platform according to an embodiment of the invention is specifically described with reference to Fig. 1 and Fig. 2.
As shown in figure 1, storage platform according to an embodiment of the invention, including:Certificate server, is connected to client, For after client sends access request to distributed type assemblies, security verification to be carried out to access request;Security key management Server, is connected to certificate server, for managing file key, and the private key of file key is distributed into given client end; Application server, is connected between distributed type assemblies and client, and distributed type assemblies are carried out as the access agent of client Access;Distributed type assemblies, are connected to application server, for storing cloud data, please according to private key and access in certificate server Ask after judging client for given server, it is allowed to which application server conducts interviews to distributed type assemblies.
In the technical scheme, in order to improve the security of storage platform, authentication service is connected by above-mentioned set-up mode Device, security key management server, application server and distributed type assemblies(Hadoop), pass on the client after cloud data, energy The data encryption processing of correlation is done before enough real storages beyond the clouds, to ensure integrality, the confidentiality of data, and ensures the party Method is feasible.
Further, data are encrypted in transmission and storing process.
Specifically, client is mainly responsible for the preservation of user file and held, application server is used as access storage system Agency access file, certificate server completes user and carries out authentication accessing file inch and wait, security key management clothes Business device is used to manage that file is close bright, and provides safe and reliable close bright service, including Mi Lang storage, generation, renewal etc. are operated, Distributed file system is mainly responsible for the storage of encryption file and reliability and the completeness guarantee of file system.
Client is performed as follows to the specific steps of storage platform:
(1)User accesses cluster by client;
(2)The cluster sends authenticating user identification request to authentication center;
(3)Ca authentication center is received after certification request, and user can complete numeral with access registrar center by the private key of oneself Signature carries out authentication;
(4)Ca authentication center is completed after authentication, and returning to client to show proves that identity is legal and the additional numeral of oneself Signature;
(5)User can access cluster by the proof of identification of oneself checking.
In the above-mentioned technical solutions, distributed type assemblies are specifically included:One host node and at least one child node;Exchange Machine, is connected between host node and any child node, and child node is stored with fragment data, and be stored with whole burst numbers in host node According to mapping table.
In the technical scheme, compared with existing distributed type assemblies, security key management is provided with storage platform Server, concrete modification operation is before file write-in, to enter the encryption of line position to file first, then managed by safe Mi Lang In server generate a random key, this it is close it is bright oneself encrypted ciphertext key can be again encrypted, finally by file In ciphertext write-in, and return in ciphertext address write-in security key management server.
Specifically, as shown in Fig. 2 HDFS ablation process includes:
1. in the ablation process of file, HDFS clients are by this object of DistributedFilesystem and calling creat()Function creates a file.
2.DistributedFilesystem creates a RPC to namenode and called, in the NameSpace of file system One new file of middle establishment, now this document is also without corresponding data block.
3.namenode execution is a variety of to check to ensure that this file is not present, and client has establishment this article The authority of part, otherwise will be in client if by all inspections, will record a new record to create new file Dish out an abnormal operation.
4. thus creating after record, DistributedFilesystem returns to one to HDFS clients FSDataoutputsteam objects, thus client just really start to write data, data are by FSDataoutputsteam point Into packet one by one(data packet), and write internal queues, referred to as data queue(Data queue, DQ).
5. FSDataoutputsteam is divided into packet one by one(data packet), by transmitting as a stream to One back end, and by the back end data storage bag, similar operations, second back end, the 3rd back end All store the data.
6. back end datanode returns to FSDataoutputsteam-individual verification value, it is referred to as " confirmation queue " (Ack queue, AQ)The packet can just be deleted until receiving after confirmation message from queue.
7. after the completion of whole ablation process, client can call a close()Method, end data packet is write Enter.
The ablation process of the application contrasts original operation and introduces the close bright management service of safety in i.e. general frame figure Device.Concrete modification operation is before file write-in, to enter the encryption of line position to file first, then by the close bright management service of safety In device generate a random key, this it is close it is bright oneself encrypted ciphertext key can be again encrypted, finally by the ciphertext of file In write-in, and return in ciphertext address write-in security key management server.
In any of the above-described technical scheme, security key management server is additionally operable to:Child node is write in fragment data Before, the aes algorithm that 128 are carried out to fragment data is encrypted;And random key is generated according to aes algorithm;It will be calculated by AES In the fragment data write-in child node of method encryption, and return to the positional information of write-in child node.
In the technical scheme, the execution of aes algorithm is broadly divided into three phases:Map, Shuffle and Reduce.
In the Map stages, it is necessary first to by clear text file according to block(Give tacit consent to 64MB)Acquiescence carries out the division of Map tasks, so Block size of the clear data in same according to aes algorithm is directed to afterwards(AES is 64)Generation<key,value>Value pair.Its Middle key is that value values are the cleartext informations of actual bit length in plain text relative to the offset of block file.
Then to each<key,value>The key A ES AESs provided according to user, correspondence is encrypted as by Plaintext block Ciphertext blocks.It is parallel when performing Map tasks, this also means that during the encryption of clear text file, it is impossible to control Map The execution sequence of task, the ciphertext order after encryption can be disturbed.Therefore, article is ensured original using Shuffle processes Content order.The output in Map stages is grouped by the Shuffle stages, is divided identical in the same set according to group values, And be ranked up according to offset values, the data for most unifying group at last are sent on single Reduce nodes, and this greatly reduces The quantity of system Reduce tasks, improves the parallel execution efficiency of whole system.In the Reduce stages, it is only necessary to according to group Interior order arranges ciphertext, is output in file system.If the user desired that final encrypted result is stored in list One file, then Reduce task data should be 1, but the Reduce degree of parallelisms that can so influence.Therefore, for smaller File, task can be set to 1, and multiple files are arrived in larger file storage, it is final close to characterize to provide filename File comes from same clear text file.
Equally, the decrypting process of file is also carried out using Hadoop distributed computing platform MapReduce, it is decrypted Process is similar with ciphering process, and simply the Map stages use decipherment algorithm in decrypting process, and other parts are substantially similar, here not Repeat.
In any of the above-described technical scheme, aes algorithm is that operation is encrypted to plaintext using MapReduce model, And determine that the order of the ciphertext of generation is identical with before cryptographic operation using shuffle models.
In any of the above-described technical scheme, security key management server includes:MySQL database, for preserving RSA The private key of algorithm for encryption, and preserve the ciphertext path of the cryptographic operation of aes algorithm.
In the technical scheme, RSA is a kind of public towards AES, therefore when generating random key, can use public key pair The ciphertext key of AES encryption is encrypted, and corresponding private key needs to carry out appropriate keeping.Because HDFS file system is not good at In preserving small documents, MySQL database is introduced in security key management server herein, for preserving RSA private key.Protecting During depositing, in order to which decrypting process below can smoothly find the key and correspondence ciphertext of AES encryption, before also needing to herein Ciphertext path after encryption.It therefore, it can preserve data by this row format in MySQL:Ciphertext path-private key-key is close Text.
In any of the above-described technical scheme, security key management server is only carried out with the host node in distributed type assemblies Data interaction.
The certificate server and safety management key server and application server are performing each request operation All update the journal file of itself respectively afterwards.So as to inquire about each request record, and available for robust parsing.
In the technical scheme, because all private keys in security key management server admin, therefore have to it compared with High safety requirements, in this regard, peace Key Management server needs maximum physical isolation, user can not directly access it. Host node communication of the security key management server only and in HDFS, needs to carry out authentication when accessing.
In view of the safety problem of the cloud data storage proposed in correlation technique, the present invention proposes a kind of new storage and put down Platform, by setting storage platform to include certificate server, security key management server, application server and distributed type assemblies (That is Hadoop), wherein certificate server is connected to client, after in client to distributed type assemblies transmission access request, Security verification is carried out to access request, security key management server is connected to certificate server, for managing file key, So that the private key of file key is distributed into given client end, application server is connected between distributed type assemblies and client, is made Distributed type assemblies are conducted interviews for the access agent of client, distributed type assemblies are connected to application server, for storing cloud Data, after certificate server judges client for given server according to private key and access request, it is allowed to application server pair Distributed type assemblies conduct interviews.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies Change, equivalent substitution, improvement etc., should be included in the scope of the protection.

Claims (7)

1. a kind of data safety storaging platform, it is characterised in that including:
Certificate server, is connected to client, for after the client sends access request to distributed type assemblies, to described Access request carries out security verification;
Security key management server, is connected to the certificate server, for managing file key, by the file key Private key distribute to given client end;
Application server, is connected between the distributed type assemblies and the client, is used as the access agent of the client The distributed type assemblies are conducted interviews;
The distributed type assemblies, are connected to the application server, for storing cloud data, in the certificate server according to institute State private key and after the access request judges client for the given server, it is allowed to which the application server is to the distribution Formula cluster conducts interviews.
2. storage platform according to claim 1, it is characterised in that the distributed type assemblies are specifically included:
One host node and at least one child node;
Interchanger, is connected between the host node and any child node, and the child node is stored with fragment data, described Be stored with the mapping tables of whole fragment datas in host node.
3. storage platform according to claim 2, it is characterised in that the security key management server is additionally operable to:
Before the fragment data writes the child node, the aes algorithm that 128 are carried out to the fragment data is encrypted;
And random key is generated according to the aes algorithm;
The fragment data encrypted by the aes algorithm is write in the child node, and returns to the position for writing the child node Confidence ceases.
4. storage platform according to claim 3, it is characterised in that
The aes algorithm is plaintext to be encrypted operation using MapReduce model, and determines life using shuffle models Into ciphertext order it is identical with before the cryptographic operation.
5. storage platform according to claim 3, it is characterised in that the security key management server includes:
MySQL database, for preserving the private key of RSA Algorithm encryption, and preserves the ciphertext road of the cryptographic operation of the aes algorithm Footpath.
6. storage platform according to claim 1, it is characterised in that
The security key management server only carries out data interaction with the host node in the distributed type assemblies.
7. storage platform according to claim 1, it is characterised in that the certificate server and the service of safety management key Device and application server all update the journal file of itself respectively after each request operation has been performed.
CN201710227547.9A 2017-06-27 2017-06-27 A kind of data safety storaging platform Pending CN107025409A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710227547.9A CN107025409A (en) 2017-06-27 2017-06-27 A kind of data safety storaging platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710227547.9A CN107025409A (en) 2017-06-27 2017-06-27 A kind of data safety storaging platform

Publications (1)

Publication Number Publication Date
CN107025409A true CN107025409A (en) 2017-08-08

Family

ID=59526797

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710227547.9A Pending CN107025409A (en) 2017-06-27 2017-06-27 A kind of data safety storaging platform

Country Status (1)

Country Link
CN (1) CN107025409A (en)

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107659574A (en) * 2017-10-10 2018-02-02 郑州云海信息技术有限公司 A kind of data access control system
CN107800787A (en) * 2017-10-23 2018-03-13 广州百兴网络科技有限公司 A kind of shared computer network system of distributed big data real-time exchange
CN108111479A (en) * 2017-11-10 2018-06-01 中国电子科技集团公司第三十二研究所 Key management method for transparent encryption and decryption of Hadoop distributed file system
CN109040263A (en) * 2018-08-10 2018-12-18 北京奇虎科技有限公司 Method for processing business and device based on distributed system
CN109120614A (en) * 2018-08-10 2019-01-01 北京奇虎科技有限公司 Method for processing business and device based on distributed system
CN109344620A (en) * 2018-09-07 2019-02-15 国网福建省电力有限公司 A kind of detection method based on to hadoop security configuration
CN109586924A (en) * 2019-01-02 2019-04-05 大连理工大学 A kind of intelligent distribution network data safe transmission method based on cloud computing
CN110008750A (en) * 2019-04-09 2019-07-12 广东绍林科技开发有限公司 A kind of data-storage system and method with block chain distributed management characteristic
CN111010408A (en) * 2020-01-06 2020-04-14 中国银联股份有限公司 Distributed encryption and decryption method and system
CN111163056A (en) * 2019-12-06 2020-05-15 西安电子科技大学 Data confidentiality method and system aiming at MapReduce calculation
CN111291360A (en) * 2020-01-21 2020-06-16 中电福富信息科技有限公司 Big data authority management method and system based on service governance
CN111447275A (en) * 2020-03-26 2020-07-24 深圳市中盛瑞达科技有限公司 Storage system and storage device
CN111464360A (en) * 2020-04-07 2020-07-28 无锡信捷电气股份有限公司 Remote communication module batch management system and implementation method
CN112165381A (en) * 2020-08-18 2021-01-01 远景智能国际私人投资有限公司 Key management system and method
CN112463171A (en) * 2020-10-29 2021-03-09 苏州浪潮智能科技有限公司 Client installation method based on big data platform and electronic equipment
CN112487445A (en) * 2020-11-25 2021-03-12 湖南麒麟信安科技股份有限公司 Hadoop system with file type entrance guard type storage encryption function and application method thereof
CN113630365A (en) * 2020-05-07 2021-11-09 中移动信息技术有限公司 Parallel transmission method, device and equipment for mass heterogeneous data and storage medium
CN113872760A (en) * 2021-11-03 2021-12-31 中电科鹏跃电子科技有限公司 SM9 key infrastructure and security system
CN114281805A (en) * 2022-01-06 2022-04-05 深圳软牛科技有限公司 Data migration method and device based on WhatsApp software and terminal equipment
CN114826614A (en) * 2022-04-22 2022-07-29 安天科技集团股份有限公司 Certifiable password library file distributed storage method and device and electronic equipment
CN116915520A (en) * 2023-09-14 2023-10-20 南京龟兔赛跑软件研究院有限公司 Agricultural product informatization data security optimization method based on distributed computing
CN117195300A (en) * 2023-09-20 2023-12-08 全拓科技(杭州)股份有限公司 Big data safety protection method, device and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102394894A (en) * 2011-11-28 2012-03-28 武汉大学 Network virtual disk file safety management method based on cloud computing
CN103457932A (en) * 2013-08-15 2013-12-18 中电长城网际系统应用有限公司 Data safety storage method and system under cloud computing environment
CN105122265A (en) * 2013-02-12 2015-12-02 亚马逊技术股份有限公司 Data security service system
CN106789848A (en) * 2015-11-23 2017-05-31 阿里巴巴集团控股有限公司 A kind of user key storage method and server

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102394894A (en) * 2011-11-28 2012-03-28 武汉大学 Network virtual disk file safety management method based on cloud computing
CN105122265A (en) * 2013-02-12 2015-12-02 亚马逊技术股份有限公司 Data security service system
CN103457932A (en) * 2013-08-15 2013-12-18 中电长城网际系统应用有限公司 Data safety storage method and system under cloud computing environment
CN106789848A (en) * 2015-11-23 2017-05-31 阿里巴巴集团控股有限公司 A kind of user key storage method and server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
师金钢: "云环境中海量数据的并行分组密码体制研究", 《计算机科学与探索》 *

Cited By (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107659574A (en) * 2017-10-10 2018-02-02 郑州云海信息技术有限公司 A kind of data access control system
CN107800787A (en) * 2017-10-23 2018-03-13 广州百兴网络科技有限公司 A kind of shared computer network system of distributed big data real-time exchange
CN108111479A (en) * 2017-11-10 2018-06-01 中国电子科技集团公司第三十二研究所 Key management method for transparent encryption and decryption of Hadoop distributed file system
CN109040263A (en) * 2018-08-10 2018-12-18 北京奇虎科技有限公司 Method for processing business and device based on distributed system
CN109120614A (en) * 2018-08-10 2019-01-01 北京奇虎科技有限公司 Method for processing business and device based on distributed system
CN109040263B (en) * 2018-08-10 2022-02-25 北京奇虎科技有限公司 Service processing method and device based on distributed system
CN109344620A (en) * 2018-09-07 2019-02-15 国网福建省电力有限公司 A kind of detection method based on to hadoop security configuration
CN109344620B (en) * 2018-09-07 2021-08-31 国网福建省电力有限公司 Detection method based on hadoop security configuration
CN109586924A (en) * 2019-01-02 2019-04-05 大连理工大学 A kind of intelligent distribution network data safe transmission method based on cloud computing
CN110008750A (en) * 2019-04-09 2019-07-12 广东绍林科技开发有限公司 A kind of data-storage system and method with block chain distributed management characteristic
CN110008750B (en) * 2019-04-09 2021-01-15 广东绍林科技开发有限公司 Data storage system and method with block chain distributed management characteristic
CN111163056A (en) * 2019-12-06 2020-05-15 西安电子科技大学 Data confidentiality method and system aiming at MapReduce calculation
CN111163056B (en) * 2019-12-06 2021-08-31 西安电子科技大学 Data confidentiality method and system aiming at MapReduce calculation
CN111010408B (en) * 2020-01-06 2022-02-11 中国银联股份有限公司 Distributed encryption and decryption method and system
CN111010408A (en) * 2020-01-06 2020-04-14 中国银联股份有限公司 Distributed encryption and decryption method and system
CN111291360A (en) * 2020-01-21 2020-06-16 中电福富信息科技有限公司 Big data authority management method and system based on service governance
CN111291360B (en) * 2020-01-21 2023-05-26 中电福富信息科技有限公司 Big data authority management method and system based on service management
CN111447275A (en) * 2020-03-26 2020-07-24 深圳市中盛瑞达科技有限公司 Storage system and storage device
CN111464360A (en) * 2020-04-07 2020-07-28 无锡信捷电气股份有限公司 Remote communication module batch management system and implementation method
CN113630365A (en) * 2020-05-07 2021-11-09 中移动信息技术有限公司 Parallel transmission method, device and equipment for mass heterogeneous data and storage medium
CN113630365B (en) * 2020-05-07 2023-03-21 中移动信息技术有限公司 Parallel transmission method, device and equipment for mass heterogeneous data and storage medium
CN112165381B (en) * 2020-08-18 2023-12-05 远景智能国际私人投资有限公司 Key management system and method
CN112165381A (en) * 2020-08-18 2021-01-01 远景智能国际私人投资有限公司 Key management system and method
CN112463171A (en) * 2020-10-29 2021-03-09 苏州浪潮智能科技有限公司 Client installation method based on big data platform and electronic equipment
CN112487445A (en) * 2020-11-25 2021-03-12 湖南麒麟信安科技股份有限公司 Hadoop system with file type entrance guard type storage encryption function and application method thereof
CN113872760A (en) * 2021-11-03 2021-12-31 中电科鹏跃电子科技有限公司 SM9 key infrastructure and security system
CN114281805A (en) * 2022-01-06 2022-04-05 深圳软牛科技有限公司 Data migration method and device based on WhatsApp software and terminal equipment
CN114826614A (en) * 2022-04-22 2022-07-29 安天科技集团股份有限公司 Certifiable password library file distributed storage method and device and electronic equipment
CN114826614B (en) * 2022-04-22 2024-02-23 安天科技集团股份有限公司 Distributed storage method and device for authenticatable password library file and electronic equipment
CN116915520A (en) * 2023-09-14 2023-10-20 南京龟兔赛跑软件研究院有限公司 Agricultural product informatization data security optimization method based on distributed computing
CN116915520B (en) * 2023-09-14 2023-12-19 南京龟兔赛跑软件研究院有限公司 Agricultural product informatization data security optimization method based on distributed computing
CN117195300A (en) * 2023-09-20 2023-12-08 全拓科技(杭州)股份有限公司 Big data safety protection method, device and system
CN117195300B (en) * 2023-09-20 2024-03-29 全拓科技(杭州)股份有限公司 Big data safety protection method, device and system

Similar Documents

Publication Publication Date Title
CN107025409A (en) A kind of data safety storaging platform
CN108768988B (en) Block chain access control method, block chain access control equipment and computer readable storage medium
CN109829326B (en) Cross-domain authentication and fair audit de-duplication cloud storage system based on block chain
Omar et al. Identity management in IoT networks using blockchain and smart contracts
CN102394894B (en) Network virtual disk file safety management method based on cloud computing
CN102291268B (en) Safety domain name server and hostile domain name monitoring system and method based on same
CN109376528B (en) Trusted identity management system and method based on block chain
CN103078841B (en) The method and system that a kind of preventative electronic data is saved from damage
US9219722B2 (en) Unclonable ID based chip-to-chip communication
Huang et al. SeShare: Secure cloud data sharing based on blockchain and public auditing
KR20190085106A (en) METHODS, SYSTEMS AND DEVICES FOR DATA ACCESS
US20140237231A1 (en) Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method
CN102546664A (en) User and authority management method and system for distributed file system
CN108737374A (en) The method for secret protection that data store in a kind of block chain
CN108923932A (en) A kind of decentralization co-verification model and verification algorithm
CN108667612A (en) A kind of trust service framework and method based on block chain
JP2016535476A (en) Systems and methods for encryption key management, collaboration, and distribution
CN105516110A (en) Mobile equipment secure data transmission method
US11405198B2 (en) System and method for storing and managing keys for signing transactions using key of cluster managed in trusted execution environment
WO2022206453A1 (en) Method and apparatus for providing cross-chain private data
CN103973698B (en) User access right revoking method in cloud storage environment
Tapas et al. Blockchain-based publicly verifiable cloud storage
CN114629713A (en) Identity verification method, device and system
Xie et al. A novel blockchain-based and proxy-oriented public audit scheme for low performance terminal devices
CN108334792B (en) Financial industry foreign aid information sharing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170808

RJ01 Rejection of invention patent application after publication