CN107025409A - A kind of data safety storaging platform - Google Patents
A kind of data safety storaging platform Download PDFInfo
- Publication number
- CN107025409A CN107025409A CN201710227547.9A CN201710227547A CN107025409A CN 107025409 A CN107025409 A CN 107025409A CN 201710227547 A CN201710227547 A CN 201710227547A CN 107025409 A CN107025409 A CN 107025409A
- Authority
- CN
- China
- Prior art keywords
- client
- server
- distributed type
- type assemblies
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Abstract
The invention discloses a kind of data safety storaging platform, including:Certificate server, is connected to client, for after client sends access request to distributed type assemblies, security verification to be carried out to access request;Security key management server, is connected to certificate server, for managing file key, and the private key of file key is distributed into given client end;Application server, is connected between distributed type assemblies and client, and distributed type assemblies are conducted interviews as the access agent of client;Distributed type assemblies, are connected to application server, for storing cloud data, after certificate server judges client for given server according to private key and access request, it is allowed to which application server conducts interviews to distributed type assemblies.By technical scheme, on the premise of platform extensibility, economy, validity and scalability is ensured, the security of storage platform is improved.
Description
Technical field
The present invention relates to technical field of data storage, in particular to a kind of data safety storaging platform.
Background technology
At present, identical file data are generally retained copy by cloud storage system on multiple nodes, can with ensure data
By property.Cloud storage system is integrated with substantial amounts of storage node, because the geographical position where storage node is different with management strategy,
There is great difference in the confidence level of storage node.Therefore, it is the high efficiency for ensuring the security of data and accessing, cloud storage system
The data store strategy of system needs to consider node confidence level, the reliability of each storage node is measured with node confidence level, true
While protecting lower data access time, the also reliability with good data.
As the distributed file system platform of a cloud, with following some advantages:
(1)Scalability, can reliably process level data.
(2)Economy, whole cluster can be made up of thousands of nodes, user can by by data distribution to by
Handled in the cluster of cheap machine composition.
(3)Data are distributed by validity by different nodes, and such data can parallel be located on different nodes
Reason, the processing procedure for the data that thus greatly raised speed.
(4)Reliability, multiple copies of a data can be safeguarded automatically, and when calculating task fails, it can be automatic
Task to failure is redeployed.
Although oneself is through by the acknowledged preferable Open Source Platform for current processing big data, many enterprises all oneself through using it
To carry out the analysis and design of mass data, file system has very strong storage performance, but in use, itself is still
With certain limitation, its security performance is high not enough, therefore, the security performance strengthened is imperative.
The content of the invention
The present invention is in order to solve at least one above-mentioned technical problem, it is proposed that a kind of new storage platform, is deposited by setting
Storing up platform includes certificate server, security key management server, application server and distributed type assemblies(That is Hadoop), wherein
Certificate server is connected to client, for after client sends access request to distributed type assemblies, being carried out to access request
Security verification, security key management server is connected to certificate server, for managing file key, by file key
Private key distributes to given client end, and application server is connected between distributed type assemblies and client, is used as the access of client
Agency conducts interviews to distributed type assemblies, and distributed type assemblies are connected to application server, for storing cloud data, in authentication service
After device judges client for given server according to private key and access request, it is allowed to which application server is visited distributed type assemblies
Ask.
A kind of embodiment according to the first aspect of the invention, it is proposed that data safety storaging platform, including:Authentication service
Device, is connected to client, for after client sends access request to distributed type assemblies, carrying out security to access request and testing
Card;Security key management server, is connected to certificate server, for managing file key, by the private key of file key point
Dispensing given client end;Application server, is connected between distributed type assemblies and client, is used as the access agent pair of client
Distributed type assemblies conduct interviews;Distributed type assemblies, are connected to application server, for storing cloud data, in certificate server root
After judging client for given server according to private key and access request, it is allowed to which application server conducts interviews to distributed type assemblies.
In the technical scheme, in order to improve the security of storage platform, authentication service is connected by above-mentioned set-up mode
Device, security key management server, application server and distributed type assemblies(Hadoop), pass on the client after cloud data, energy
The data encryption processing of correlation is done before enough real storages beyond the clouds, to ensure integrality, the confidentiality of data, and ensures the party
Method is feasible.
Further, data are encrypted in transmission and storing process.
Specifically, client is mainly responsible for the preservation of user file and held, application server is used as access storage system
Agency access file, certificate server completes user and carries out authentication accessing file inch and wait, security key management clothes
Business device is used to manage that file is close bright, and provides safe and reliable close bright service, including Mi Lang storage, generation, renewal etc. are operated,
Distributed file system is mainly responsible for the storage of encryption file and reliability and the completeness guarantee of file system.
Client is performed as follows to the specific steps of storage platform:
(1)User accesses cluster by client;
(2)The cluster sends authenticating user identification request to authentication center;
(3)Ca authentication center is received after certification request, and user can complete numeral with access registrar center by the private key of oneself
Signature carries out authentication;
(4)Ca authentication center is completed after authentication, and returning to client to show proves that identity is legal and the additional numeral of oneself
Signature;
(5)User can access cluster by the proof of identification of oneself checking.
In the above-mentioned technical solutions, distributed type assemblies are specifically included:One host node and at least one child node;Exchange
Machine, is connected between host node and any child node, and child node is stored with fragment data, and be stored with whole burst numbers in host node
According to mapping table.
In the technical scheme, compared with existing distributed type assemblies, security key management is provided with storage platform
Server, concrete modification operation is before file write-in, to enter the encryption of line position to file first, then managed by safe Mi Lang
In server generate a random key, this it is close it is bright oneself encrypted ciphertext key can be again encrypted, finally by file
In ciphertext write-in, and return in ciphertext address write-in security key management server.
In any of the above-described technical scheme, security key management server is additionally operable to:Child node is write in fragment data
Before, the aes algorithm that 128 are carried out to fragment data is encrypted;And random key is generated according to aes algorithm;It will be calculated by AES
In the fragment data write-in child node of method encryption, and return to the positional information of write-in child node.
In the technical scheme, the execution of aes algorithm is broadly divided into three phases:Map, Shuffle and Reduce.
In the Map stages, it is necessary first to by clear text file according to block(Give tacit consent to 64MB)Acquiescence carries out the division of Map tasks, so
Block size of the clear data in same according to aes algorithm is directed to afterwards(AES is 64)Generation<key,value>Value pair.Its
Middle key is that value values are the cleartext informations of actual bit length in plain text relative to the offset of block file.
Then to each<key,value>The key A ES AESs provided according to user, correspondence is encrypted as by Plaintext block
Ciphertext blocks.It is parallel when performing Map tasks, this also means that during the encryption of clear text file, it is impossible to control Map
The execution sequence of task, the ciphertext order after encryption can be disturbed.Therefore, article is ensured original using Shuffle processes
Content order.The output in Map stages is grouped by the Shuffle stages, is divided identical in the same set according to group values,
And be ranked up according to offset values, the data for most unifying group at last are sent on single Reduce nodes, and this greatly reduces
The quantity of system Reduce tasks, improves the parallel execution efficiency of whole system.In the Reduce stages, it is only necessary to according to group
Interior order arranges ciphertext, is output in file system.If the user desired that final encrypted result is stored in list
One file, then Reduce task data should be 1, but the Reduce degree of parallelisms that can so influence.Therefore, for smaller
File, task can be set to 1, and multiple files are arrived in larger file storage, it is final close to characterize to provide filename
File comes from same clear text file.
Equally, the decrypting process of file is also carried out using Hadoop distributed computing platform MapReduce, it is decrypted
Process is similar with ciphering process, and simply the Map stages use decipherment algorithm in decrypting process, and other parts are substantially similar, here not
Repeat.
In any of the above-described technical scheme, aes algorithm is that operation is encrypted to plaintext using MapReduce model,
And determine that the order of the ciphertext of generation is identical with before cryptographic operation using shuffle models.
In any of the above-described technical scheme, security key management server includes:MySQL database, for preserving RSA
The private key of algorithm for encryption, and preserve the ciphertext path of the cryptographic operation of aes algorithm.
In the technical scheme, RSA is a kind of public towards AES, therefore when generating random key, can use public key pair
The ciphertext key of AES encryption is encrypted, and corresponding private key needs to carry out appropriate keeping.Because HDFS file system is not good at
In preserving small documents, MySQL database is introduced in security key management server herein, for preserving RSA private key.Protecting
During depositing, in order to which decrypting process below can smoothly find the key and correspondence ciphertext of AES encryption, before also needing to herein
Ciphertext path after encryption.It therefore, it can preserve data by this row format in MySQL:Ciphertext path-private key-key is close
Text.
The certificate server and safety management key server and application server are performing each request operation
All update the journal file of itself respectively afterwards.
In any of the above-described technical scheme, security key management server is only carried out with the host node in distributed type assemblies
Data interaction.
In the technical scheme, because all private keys in security key management server admin, therefore have to it compared with
High safety requirements, in this regard, peace Key Management server needs maximum physical isolation, user can not directly access it.
Host node communication of the security key management server only and in HDFS, needs to carry out authentication when accessing.
By technical scheme, cryptographic operation is carried out when file is stored, it to a certain extent may
The readwrite performance of whole system is influenceed, still, because many information of user or the privacy level of data file are especially high, such as
Personal secret is shone, and personal proof of identification message etc. needs to carry out the safe encryption measures of highest level, the peace introduced for this
Full Key Management server, it is ensured that the security performance of system.By the performance test analysis of last whole experiment porch, entirely
Readwrite performance, CPU and memory efficient of system etc. can all decline, but sometimes, in hydraulic performance decline tolerance interval,
Personal information security is more even more important than systematic function.
Brief description of the drawings
Fig. 1 shows the block schematic illustration of storage platform according to an embodiment of the invention;
Fig. 2 shows the schematic diagram of the data writing process of storage platform according to an embodiment of the invention.
Embodiment
It is below in conjunction with the accompanying drawings and specific real in order to be more clearly understood that the above objects, features and advantages of the present invention
Mode is applied the present invention is further described in detail.It should be noted that in the case where not conflicting, the implementation of the application
Feature in example and embodiment can be mutually combined.
Many details are elaborated in the following description to facilitate a thorough understanding of the present invention, still, the present invention may be used also
Implemented with being different from third party's mode described here using third party, therefore, protection scope of the present invention is not by following
The limitation of disclosed specific embodiment.
Fig. 1 shows the block schematic illustration of storage platform according to an embodiment of the invention.
Fig. 2 shows the schematic diagram of the data writing process of storage platform according to an embodiment of the invention.
Storage platform according to an embodiment of the invention is specifically described with reference to Fig. 1 and Fig. 2.
As shown in figure 1, storage platform according to an embodiment of the invention, including:Certificate server, is connected to client,
For after client sends access request to distributed type assemblies, security verification to be carried out to access request;Security key management
Server, is connected to certificate server, for managing file key, and the private key of file key is distributed into given client end;
Application server, is connected between distributed type assemblies and client, and distributed type assemblies are carried out as the access agent of client
Access;Distributed type assemblies, are connected to application server, for storing cloud data, please according to private key and access in certificate server
Ask after judging client for given server, it is allowed to which application server conducts interviews to distributed type assemblies.
In the technical scheme, in order to improve the security of storage platform, authentication service is connected by above-mentioned set-up mode
Device, security key management server, application server and distributed type assemblies(Hadoop), pass on the client after cloud data, energy
The data encryption processing of correlation is done before enough real storages beyond the clouds, to ensure integrality, the confidentiality of data, and ensures the party
Method is feasible.
Further, data are encrypted in transmission and storing process.
Specifically, client is mainly responsible for the preservation of user file and held, application server is used as access storage system
Agency access file, certificate server completes user and carries out authentication accessing file inch and wait, security key management clothes
Business device is used to manage that file is close bright, and provides safe and reliable close bright service, including Mi Lang storage, generation, renewal etc. are operated,
Distributed file system is mainly responsible for the storage of encryption file and reliability and the completeness guarantee of file system.
Client is performed as follows to the specific steps of storage platform:
(1)User accesses cluster by client;
(2)The cluster sends authenticating user identification request to authentication center;
(3)Ca authentication center is received after certification request, and user can complete numeral with access registrar center by the private key of oneself
Signature carries out authentication;
(4)Ca authentication center is completed after authentication, and returning to client to show proves that identity is legal and the additional numeral of oneself
Signature;
(5)User can access cluster by the proof of identification of oneself checking.
In the above-mentioned technical solutions, distributed type assemblies are specifically included:One host node and at least one child node;Exchange
Machine, is connected between host node and any child node, and child node is stored with fragment data, and be stored with whole burst numbers in host node
According to mapping table.
In the technical scheme, compared with existing distributed type assemblies, security key management is provided with storage platform
Server, concrete modification operation is before file write-in, to enter the encryption of line position to file first, then managed by safe Mi Lang
In server generate a random key, this it is close it is bright oneself encrypted ciphertext key can be again encrypted, finally by file
In ciphertext write-in, and return in ciphertext address write-in security key management server.
Specifically, as shown in Fig. 2 HDFS ablation process includes:
1. in the ablation process of file, HDFS clients are by this object of DistributedFilesystem and calling
creat()Function creates a file.
2.DistributedFilesystem creates a RPC to namenode and called, in the NameSpace of file system
One new file of middle establishment, now this document is also without corresponding data block.
3.namenode execution is a variety of to check to ensure that this file is not present, and client has establishment this article
The authority of part, otherwise will be in client if by all inspections, will record a new record to create new file
Dish out an abnormal operation.
4. thus creating after record, DistributedFilesystem returns to one to HDFS clients
FSDataoutputsteam objects, thus client just really start to write data, data are by FSDataoutputsteam point
Into packet one by one(data packet), and write internal queues, referred to as data queue(Data queue, DQ).
5. FSDataoutputsteam is divided into packet one by one(data packet), by transmitting as a stream to
One back end, and by the back end data storage bag, similar operations, second back end, the 3rd back end
All store the data.
6. back end datanode returns to FSDataoutputsteam-individual verification value, it is referred to as " confirmation queue "
(Ack queue, AQ)The packet can just be deleted until receiving after confirmation message from queue.
7. after the completion of whole ablation process, client can call a close()Method, end data packet is write
Enter.
The ablation process of the application contrasts original operation and introduces the close bright management service of safety in i.e. general frame figure
Device.Concrete modification operation is before file write-in, to enter the encryption of line position to file first, then by the close bright management service of safety
In device generate a random key, this it is close it is bright oneself encrypted ciphertext key can be again encrypted, finally by the ciphertext of file
In write-in, and return in ciphertext address write-in security key management server.
In any of the above-described technical scheme, security key management server is additionally operable to:Child node is write in fragment data
Before, the aes algorithm that 128 are carried out to fragment data is encrypted;And random key is generated according to aes algorithm;It will be calculated by AES
In the fragment data write-in child node of method encryption, and return to the positional information of write-in child node.
In the technical scheme, the execution of aes algorithm is broadly divided into three phases:Map, Shuffle and Reduce.
In the Map stages, it is necessary first to by clear text file according to block(Give tacit consent to 64MB)Acquiescence carries out the division of Map tasks, so
Block size of the clear data in same according to aes algorithm is directed to afterwards(AES is 64)Generation<key,value>Value pair.Its
Middle key is that value values are the cleartext informations of actual bit length in plain text relative to the offset of block file.
Then to each<key,value>The key A ES AESs provided according to user, correspondence is encrypted as by Plaintext block
Ciphertext blocks.It is parallel when performing Map tasks, this also means that during the encryption of clear text file, it is impossible to control Map
The execution sequence of task, the ciphertext order after encryption can be disturbed.Therefore, article is ensured original using Shuffle processes
Content order.The output in Map stages is grouped by the Shuffle stages, is divided identical in the same set according to group values,
And be ranked up according to offset values, the data for most unifying group at last are sent on single Reduce nodes, and this greatly reduces
The quantity of system Reduce tasks, improves the parallel execution efficiency of whole system.In the Reduce stages, it is only necessary to according to group
Interior order arranges ciphertext, is output in file system.If the user desired that final encrypted result is stored in list
One file, then Reduce task data should be 1, but the Reduce degree of parallelisms that can so influence.Therefore, for smaller
File, task can be set to 1, and multiple files are arrived in larger file storage, it is final close to characterize to provide filename
File comes from same clear text file.
Equally, the decrypting process of file is also carried out using Hadoop distributed computing platform MapReduce, it is decrypted
Process is similar with ciphering process, and simply the Map stages use decipherment algorithm in decrypting process, and other parts are substantially similar, here not
Repeat.
In any of the above-described technical scheme, aes algorithm is that operation is encrypted to plaintext using MapReduce model,
And determine that the order of the ciphertext of generation is identical with before cryptographic operation using shuffle models.
In any of the above-described technical scheme, security key management server includes:MySQL database, for preserving RSA
The private key of algorithm for encryption, and preserve the ciphertext path of the cryptographic operation of aes algorithm.
In the technical scheme, RSA is a kind of public towards AES, therefore when generating random key, can use public key pair
The ciphertext key of AES encryption is encrypted, and corresponding private key needs to carry out appropriate keeping.Because HDFS file system is not good at
In preserving small documents, MySQL database is introduced in security key management server herein, for preserving RSA private key.Protecting
During depositing, in order to which decrypting process below can smoothly find the key and correspondence ciphertext of AES encryption, before also needing to herein
Ciphertext path after encryption.It therefore, it can preserve data by this row format in MySQL:Ciphertext path-private key-key is close
Text.
In any of the above-described technical scheme, security key management server is only carried out with the host node in distributed type assemblies
Data interaction.
The certificate server and safety management key server and application server are performing each request operation
All update the journal file of itself respectively afterwards.So as to inquire about each request record, and available for robust parsing.
In the technical scheme, because all private keys in security key management server admin, therefore have to it compared with
High safety requirements, in this regard, peace Key Management server needs maximum physical isolation, user can not directly access it.
Host node communication of the security key management server only and in HDFS, needs to carry out authentication when accessing.
In view of the safety problem of the cloud data storage proposed in correlation technique, the present invention proposes a kind of new storage and put down
Platform, by setting storage platform to include certificate server, security key management server, application server and distributed type assemblies
(That is Hadoop), wherein certificate server is connected to client, after in client to distributed type assemblies transmission access request,
Security verification is carried out to access request, security key management server is connected to certificate server, for managing file key,
So that the private key of file key is distributed into given client end, application server is connected between distributed type assemblies and client, is made
Distributed type assemblies are conducted interviews for the access agent of client, distributed type assemblies are connected to application server, for storing cloud
Data, after certificate server judges client for given server according to private key and access request, it is allowed to application server pair
Distributed type assemblies conduct interviews.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies
Change, equivalent substitution, improvement etc., should be included in the scope of the protection.
Claims (7)
1. a kind of data safety storaging platform, it is characterised in that including:
Certificate server, is connected to client, for after the client sends access request to distributed type assemblies, to described
Access request carries out security verification;
Security key management server, is connected to the certificate server, for managing file key, by the file key
Private key distribute to given client end;
Application server, is connected between the distributed type assemblies and the client, is used as the access agent of the client
The distributed type assemblies are conducted interviews;
The distributed type assemblies, are connected to the application server, for storing cloud data, in the certificate server according to institute
State private key and after the access request judges client for the given server, it is allowed to which the application server is to the distribution
Formula cluster conducts interviews.
2. storage platform according to claim 1, it is characterised in that the distributed type assemblies are specifically included:
One host node and at least one child node;
Interchanger, is connected between the host node and any child node, and the child node is stored with fragment data, described
Be stored with the mapping tables of whole fragment datas in host node.
3. storage platform according to claim 2, it is characterised in that the security key management server is additionally operable to:
Before the fragment data writes the child node, the aes algorithm that 128 are carried out to the fragment data is encrypted;
And random key is generated according to the aes algorithm;
The fragment data encrypted by the aes algorithm is write in the child node, and returns to the position for writing the child node
Confidence ceases.
4. storage platform according to claim 3, it is characterised in that
The aes algorithm is plaintext to be encrypted operation using MapReduce model, and determines life using shuffle models
Into ciphertext order it is identical with before the cryptographic operation.
5. storage platform according to claim 3, it is characterised in that the security key management server includes:
MySQL database, for preserving the private key of RSA Algorithm encryption, and preserves the ciphertext road of the cryptographic operation of the aes algorithm
Footpath.
6. storage platform according to claim 1, it is characterised in that
The security key management server only carries out data interaction with the host node in the distributed type assemblies.
7. storage platform according to claim 1, it is characterised in that the certificate server and the service of safety management key
Device and application server all update the journal file of itself respectively after each request operation has been performed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710227547.9A CN107025409A (en) | 2017-06-27 | 2017-06-27 | A kind of data safety storaging platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710227547.9A CN107025409A (en) | 2017-06-27 | 2017-06-27 | A kind of data safety storaging platform |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107025409A true CN107025409A (en) | 2017-08-08 |
Family
ID=59526797
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710227547.9A Pending CN107025409A (en) | 2017-06-27 | 2017-06-27 | A kind of data safety storaging platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107025409A (en) |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107659574A (en) * | 2017-10-10 | 2018-02-02 | 郑州云海信息技术有限公司 | A kind of data access control system |
CN107800787A (en) * | 2017-10-23 | 2018-03-13 | 广州百兴网络科技有限公司 | A kind of shared computer network system of distributed big data real-time exchange |
CN108111479A (en) * | 2017-11-10 | 2018-06-01 | 中国电子科技集团公司第三十二研究所 | Key management method for transparent encryption and decryption of Hadoop distributed file system |
CN109040263A (en) * | 2018-08-10 | 2018-12-18 | 北京奇虎科技有限公司 | Method for processing business and device based on distributed system |
CN109120614A (en) * | 2018-08-10 | 2019-01-01 | 北京奇虎科技有限公司 | Method for processing business and device based on distributed system |
CN109344620A (en) * | 2018-09-07 | 2019-02-15 | 国网福建省电力有限公司 | A kind of detection method based on to hadoop security configuration |
CN109586924A (en) * | 2019-01-02 | 2019-04-05 | 大连理工大学 | A kind of intelligent distribution network data safe transmission method based on cloud computing |
CN110008750A (en) * | 2019-04-09 | 2019-07-12 | 广东绍林科技开发有限公司 | A kind of data-storage system and method with block chain distributed management characteristic |
CN111010408A (en) * | 2020-01-06 | 2020-04-14 | 中国银联股份有限公司 | Distributed encryption and decryption method and system |
CN111163056A (en) * | 2019-12-06 | 2020-05-15 | 西安电子科技大学 | Data confidentiality method and system aiming at MapReduce calculation |
CN111291360A (en) * | 2020-01-21 | 2020-06-16 | 中电福富信息科技有限公司 | Big data authority management method and system based on service governance |
CN111447275A (en) * | 2020-03-26 | 2020-07-24 | 深圳市中盛瑞达科技有限公司 | Storage system and storage device |
CN111464360A (en) * | 2020-04-07 | 2020-07-28 | 无锡信捷电气股份有限公司 | Remote communication module batch management system and implementation method |
CN112165381A (en) * | 2020-08-18 | 2021-01-01 | 远景智能国际私人投资有限公司 | Key management system and method |
CN112463171A (en) * | 2020-10-29 | 2021-03-09 | 苏州浪潮智能科技有限公司 | Client installation method based on big data platform and electronic equipment |
CN112487445A (en) * | 2020-11-25 | 2021-03-12 | 湖南麒麟信安科技股份有限公司 | Hadoop system with file type entrance guard type storage encryption function and application method thereof |
CN113630365A (en) * | 2020-05-07 | 2021-11-09 | 中移动信息技术有限公司 | Parallel transmission method, device and equipment for mass heterogeneous data and storage medium |
CN113872760A (en) * | 2021-11-03 | 2021-12-31 | 中电科鹏跃电子科技有限公司 | SM9 key infrastructure and security system |
CN114281805A (en) * | 2022-01-06 | 2022-04-05 | 深圳软牛科技有限公司 | Data migration method and device based on WhatsApp software and terminal equipment |
CN114826614A (en) * | 2022-04-22 | 2022-07-29 | 安天科技集团股份有限公司 | Certifiable password library file distributed storage method and device and electronic equipment |
CN116915520A (en) * | 2023-09-14 | 2023-10-20 | 南京龟兔赛跑软件研究院有限公司 | Agricultural product informatization data security optimization method based on distributed computing |
CN117195300A (en) * | 2023-09-20 | 2023-12-08 | 全拓科技(杭州)股份有限公司 | Big data safety protection method, device and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102394894A (en) * | 2011-11-28 | 2012-03-28 | 武汉大学 | Network virtual disk file safety management method based on cloud computing |
CN103457932A (en) * | 2013-08-15 | 2013-12-18 | 中电长城网际系统应用有限公司 | Data safety storage method and system under cloud computing environment |
CN105122265A (en) * | 2013-02-12 | 2015-12-02 | 亚马逊技术股份有限公司 | Data security service system |
CN106789848A (en) * | 2015-11-23 | 2017-05-31 | 阿里巴巴集团控股有限公司 | A kind of user key storage method and server |
-
2017
- 2017-06-27 CN CN201710227547.9A patent/CN107025409A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102394894A (en) * | 2011-11-28 | 2012-03-28 | 武汉大学 | Network virtual disk file safety management method based on cloud computing |
CN105122265A (en) * | 2013-02-12 | 2015-12-02 | 亚马逊技术股份有限公司 | Data security service system |
CN103457932A (en) * | 2013-08-15 | 2013-12-18 | 中电长城网际系统应用有限公司 | Data safety storage method and system under cloud computing environment |
CN106789848A (en) * | 2015-11-23 | 2017-05-31 | 阿里巴巴集团控股有限公司 | A kind of user key storage method and server |
Non-Patent Citations (1)
Title |
---|
师金钢: "云环境中海量数据的并行分组密码体制研究", 《计算机科学与探索》 * |
Cited By (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107659574A (en) * | 2017-10-10 | 2018-02-02 | 郑州云海信息技术有限公司 | A kind of data access control system |
CN107800787A (en) * | 2017-10-23 | 2018-03-13 | 广州百兴网络科技有限公司 | A kind of shared computer network system of distributed big data real-time exchange |
CN108111479A (en) * | 2017-11-10 | 2018-06-01 | 中国电子科技集团公司第三十二研究所 | Key management method for transparent encryption and decryption of Hadoop distributed file system |
CN109040263A (en) * | 2018-08-10 | 2018-12-18 | 北京奇虎科技有限公司 | Method for processing business and device based on distributed system |
CN109120614A (en) * | 2018-08-10 | 2019-01-01 | 北京奇虎科技有限公司 | Method for processing business and device based on distributed system |
CN109040263B (en) * | 2018-08-10 | 2022-02-25 | 北京奇虎科技有限公司 | Service processing method and device based on distributed system |
CN109344620A (en) * | 2018-09-07 | 2019-02-15 | 国网福建省电力有限公司 | A kind of detection method based on to hadoop security configuration |
CN109344620B (en) * | 2018-09-07 | 2021-08-31 | 国网福建省电力有限公司 | Detection method based on hadoop security configuration |
CN109586924A (en) * | 2019-01-02 | 2019-04-05 | 大连理工大学 | A kind of intelligent distribution network data safe transmission method based on cloud computing |
CN110008750A (en) * | 2019-04-09 | 2019-07-12 | 广东绍林科技开发有限公司 | A kind of data-storage system and method with block chain distributed management characteristic |
CN110008750B (en) * | 2019-04-09 | 2021-01-15 | 广东绍林科技开发有限公司 | Data storage system and method with block chain distributed management characteristic |
CN111163056A (en) * | 2019-12-06 | 2020-05-15 | 西安电子科技大学 | Data confidentiality method and system aiming at MapReduce calculation |
CN111163056B (en) * | 2019-12-06 | 2021-08-31 | 西安电子科技大学 | Data confidentiality method and system aiming at MapReduce calculation |
CN111010408B (en) * | 2020-01-06 | 2022-02-11 | 中国银联股份有限公司 | Distributed encryption and decryption method and system |
CN111010408A (en) * | 2020-01-06 | 2020-04-14 | 中国银联股份有限公司 | Distributed encryption and decryption method and system |
CN111291360A (en) * | 2020-01-21 | 2020-06-16 | 中电福富信息科技有限公司 | Big data authority management method and system based on service governance |
CN111291360B (en) * | 2020-01-21 | 2023-05-26 | 中电福富信息科技有限公司 | Big data authority management method and system based on service management |
CN111447275A (en) * | 2020-03-26 | 2020-07-24 | 深圳市中盛瑞达科技有限公司 | Storage system and storage device |
CN111464360A (en) * | 2020-04-07 | 2020-07-28 | 无锡信捷电气股份有限公司 | Remote communication module batch management system and implementation method |
CN113630365A (en) * | 2020-05-07 | 2021-11-09 | 中移动信息技术有限公司 | Parallel transmission method, device and equipment for mass heterogeneous data and storage medium |
CN113630365B (en) * | 2020-05-07 | 2023-03-21 | 中移动信息技术有限公司 | Parallel transmission method, device and equipment for mass heterogeneous data and storage medium |
CN112165381B (en) * | 2020-08-18 | 2023-12-05 | 远景智能国际私人投资有限公司 | Key management system and method |
CN112165381A (en) * | 2020-08-18 | 2021-01-01 | 远景智能国际私人投资有限公司 | Key management system and method |
CN112463171A (en) * | 2020-10-29 | 2021-03-09 | 苏州浪潮智能科技有限公司 | Client installation method based on big data platform and electronic equipment |
CN112487445A (en) * | 2020-11-25 | 2021-03-12 | 湖南麒麟信安科技股份有限公司 | Hadoop system with file type entrance guard type storage encryption function and application method thereof |
CN113872760A (en) * | 2021-11-03 | 2021-12-31 | 中电科鹏跃电子科技有限公司 | SM9 key infrastructure and security system |
CN114281805A (en) * | 2022-01-06 | 2022-04-05 | 深圳软牛科技有限公司 | Data migration method and device based on WhatsApp software and terminal equipment |
CN114826614A (en) * | 2022-04-22 | 2022-07-29 | 安天科技集团股份有限公司 | Certifiable password library file distributed storage method and device and electronic equipment |
CN114826614B (en) * | 2022-04-22 | 2024-02-23 | 安天科技集团股份有限公司 | Distributed storage method and device for authenticatable password library file and electronic equipment |
CN116915520A (en) * | 2023-09-14 | 2023-10-20 | 南京龟兔赛跑软件研究院有限公司 | Agricultural product informatization data security optimization method based on distributed computing |
CN116915520B (en) * | 2023-09-14 | 2023-12-19 | 南京龟兔赛跑软件研究院有限公司 | Agricultural product informatization data security optimization method based on distributed computing |
CN117195300A (en) * | 2023-09-20 | 2023-12-08 | 全拓科技(杭州)股份有限公司 | Big data safety protection method, device and system |
CN117195300B (en) * | 2023-09-20 | 2024-03-29 | 全拓科技(杭州)股份有限公司 | Big data safety protection method, device and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107025409A (en) | A kind of data safety storaging platform | |
CN108768988B (en) | Block chain access control method, block chain access control equipment and computer readable storage medium | |
CN109829326B (en) | Cross-domain authentication and fair audit de-duplication cloud storage system based on block chain | |
Omar et al. | Identity management in IoT networks using blockchain and smart contracts | |
CN102394894B (en) | Network virtual disk file safety management method based on cloud computing | |
CN102291268B (en) | Safety domain name server and hostile domain name monitoring system and method based on same | |
CN109376528B (en) | Trusted identity management system and method based on block chain | |
CN103078841B (en) | The method and system that a kind of preventative electronic data is saved from damage | |
US9219722B2 (en) | Unclonable ID based chip-to-chip communication | |
Huang et al. | SeShare: Secure cloud data sharing based on blockchain and public auditing | |
KR20190085106A (en) | METHODS, SYSTEMS AND DEVICES FOR DATA ACCESS | |
US20140237231A1 (en) | Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method | |
CN102546664A (en) | User and authority management method and system for distributed file system | |
CN108737374A (en) | The method for secret protection that data store in a kind of block chain | |
CN108923932A (en) | A kind of decentralization co-verification model and verification algorithm | |
CN108667612A (en) | A kind of trust service framework and method based on block chain | |
JP2016535476A (en) | Systems and methods for encryption key management, collaboration, and distribution | |
CN105516110A (en) | Mobile equipment secure data transmission method | |
US11405198B2 (en) | System and method for storing and managing keys for signing transactions using key of cluster managed in trusted execution environment | |
WO2022206453A1 (en) | Method and apparatus for providing cross-chain private data | |
CN103973698B (en) | User access right revoking method in cloud storage environment | |
Tapas et al. | Blockchain-based publicly verifiable cloud storage | |
CN114629713A (en) | Identity verification method, device and system | |
Xie et al. | A novel blockchain-based and proxy-oriented public audit scheme for low performance terminal devices | |
CN108334792B (en) | Financial industry foreign aid information sharing method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170808 |
|
RJ01 | Rejection of invention patent application after publication |