Detailed Description
In the prior art, when the network server encrypts the user data, it can usually adopt symmetric encryption or asymmetric encryption. The symmetric encryption is mainly based on a DES algorithm and an AES algorithm, has the advantages of high encryption and decryption speed, is widely applied to data transmission and storage, and the asymmetric encryption is mainly based on an ECC algorithm and an RSA algorithm.
However, when encrypting a large amount of user data, the use of symmetric encryption or asymmetric encryption has at least the following problems:
(1) in the symmetric encryption, the same key is used for both encryption and decryption, so that the key is easy to leak, and the security of user data cannot be guaranteed;
(2) the amount of computation is relatively large when data is encrypted by adopting asymmetric encryption, so that the encryption efficiency is relatively low when a large amount of user data is encrypted.
According to the data encryption method provided by the embodiment of the application, different encryption methods are adopted, so that compared with the prior art, when a large amount of user data are encrypted, high safety and high efficiency of data encryption can be ensured, and the requirement for encrypting a large amount of user data is met.
The technical solutions of the present application will be described clearly and completely below with reference to the specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the data encryption and decryption method provided by the embodiment of the present application can be applied to an application scenario of a distributed cloud storage platform in the internet, where the distributed cloud storage platform stores a file in a network cloud, and requirements on security and privacy of the file are high.
It should be further noted that the data encryption method provided in this embodiment of the present application may be used for encrypting data in a data transmission process, and may also be used for encrypting data when the data is stored, which is not specifically limited.
The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic flowchart of a data encryption method according to an embodiment of the present application. The method is as follows. The straightforward main body in the embodiment of the present application may be a server (hereinafter referred to as a cloud server) corresponding to the distributed cloud storage platform.
Step 101: and determining the data to be encrypted containing the key identification.
And the key corresponding to the key identification is used for encrypting the data to be encrypted, and the key identification is obtained by dynamic distribution of a server.
In step 101, when a user stores data in a distributed cloud storage platform, the data to be stored may be sent to a cloud server, the cloud server may receive the data to be stored sent by the user, and when receiving the data to be stored, the cloud server may encrypt the data to be stored, and at this time, the data to be stored may be regarded as the data to be encrypted.
It should be noted that, in this embodiment of the present application, the data to be encrypted may include a key identifier corresponding to a key used for encrypting the data to be encrypted. The cloud server determining the data to be encrypted containing the key identifier specifically includes:
receiving data to be encrypted sent by a user;
distributing the key identification to the data to be encrypted according to the use condition of the thread;
and storing the key identification into the data to be encrypted.
In the embodiment of the application, after the user establishes connection with the cloud server, the user data of the user may correspond to one thread in the cloud server or correspond to a plurality of threads in the cloud server, and after receiving the data to be encrypted sent by the user, the cloud server may randomly allocate a key identifier for the data to be encrypted of the user according to the use condition of the thread. The key identifier may be an identity identifier of the key, and is used to distinguish different keys.
In the embodiment of the application, the key identifier can be stored in an independent dynamic cache space, and when the cloud server allocates the key to the data to be encrypted, the cloud server can randomly select the key identifier from the independent cache space and allocate the randomly selected key identifier to the data to be encrypted.
Wherein the independent dynamic cache space may allow and support highly concurrent key identification assignment operations. The number of the specific allowed key identifier allocation operations can be determined according to the space size of the independent dynamic cache space. For example, the capacity of the independent buffer space is 8G, then the length of the key identifier is 32 bits (can mark 2)32Keys), then 8 x 1024 x 1024/32=268435456(2.6 billion) operations may be allowed to concurrently distribute the identification of keys.
In this way, the cloud server can distribute an independent key for each thread, realize that one user corresponds to one key, and can distribute an algorithm, an algorithm execution component and the like at the same time, so that an effective key distribution system can be realized, and not only can the security of data storage be ensured, but also the encryption performance can be ensured not to be influenced.
In practical application, a storage space included in a distributed cloud storage platform may be divided into a plurality of storage areas, each storage area may be used for storing data of one user and may also be used for storing data of a plurality of users, then, when a cloud server allocates a key for data to be encrypted, the cloud server may first determine the number of users corresponding to the storage area where the user stores the data to be encrypted, and if the number of users corresponding to the storage area is one, the cloud server may directly allocate a key identifier for the data to be encrypted according to a thread; if the number of the users corresponding to the storage area is multiple, the cloud server may allocate a key identifier to the data to be encrypted according to the key identifier corresponding to the storage area (the number of the key identifiers corresponding to the storage area is also multiple).
After distributing a key identifier for the data to be stored, the cloud server may store the key identifier in the data to be stored, and determine to obtain the data to be encrypted, where a key corresponding to the key identifier is used to encrypt the data to be encrypted.
For example, if the data to be stored is a file, the identifier of the key may be saved in a file node, and if the data to be stored is a virtual block device, the identifier of the key may be saved as an attribute of the virtual block device.
In step 101, after determining that the data to be encrypted is obtained, the cloud server may further determine that a key identifier in the data to be encrypted is obtained, and at this time, step 102 may be executed.
Step 102: and determining a key corresponding to the key identifier according to the key identifier.
In step 102, after determining the key identifier included in the data to be encrypted, the cloud server may search, according to the key identifier, a key corresponding to the key identifier from a key repository, so as to encrypt the data to be encrypted by using the key.
In the embodiment of the application, the key library may pre-store keys corresponding to different key identifiers, so that after the key identifier is determined, the cloud server may search for the key corresponding to the key identifier from the key library.
Step 103: and encrypting the data to be encrypted according to the secret key to obtain encrypted data.
In step 103, after finding the key corresponding to the identifier, the cloud server may encrypt the data to be encrypted by using the key, and obtain encrypted data.
Specifically, the encrypting the data to be encrypted by the cloud server according to the key includes:
determining an encryption algorithm for encrypting the data to be encrypted, wherein the encryption algorithm is obtained by pre-distributing the data to be encrypted by the server;
and encrypting the data to be encrypted by using the encryption algorithm according to the key.
After determining a plurality of storage areas for storing user data of different users, the cloud server may pre-allocate an encryption algorithm to each storage area, and after allocating the encryption algorithm to the storage areas, when encrypting the data to be encrypted, the cloud server may determine the storage areas pre-allocated to the user for storing the data to be encrypted, and determine the encryption algorithm pre-allocated to the storage areas, so that the cloud server may encrypt the data to be encrypted by using the encryption algorithm according to the key, and obtain the encrypted data.
It should be noted that, based on the above-mentioned description, when the cloud server allocates the identifier of the key, the cloud server may allocate the identifier of the key based on the thread, so that when encrypting data to be encrypted, on one hand, it may support a highly concurrent key request, and improve the efficiency of data encryption, and on the other hand, it may be implemented that data to be encrypted of one user corresponds to one key.
In another embodiment provided by the present application, after the cloud server encrypts the data to be encrypted according to the key, the method further includes:
carrying out encryption operation on the secret key to obtain an encrypted secret key;
and storing the encrypted key.
That is to say, after the cloud server encrypts the data to be encrypted by using the key, in order to ensure the security of the key, the key may be encrypted and stored, where the storage location may be in the key repository, and the storage manner may be storing the correspondence between the identifier of the key and the encrypted key. After the key is encrypted, the identifier of the key may not be changed, that is, the identifier of the encrypted key may be the same as the identifier of the key when the key is not encrypted.
In another embodiment provided by the present application, after the encrypted data is obtained by encryption, the encrypted data may be stored in a storage array.
Specifically, in the embodiment of the present application, security domains may be isolated by taking Pool (storage Pool) as a unit of a storage space of the storage array, and the security domains may be regarded as the storage regions for storing the user data described above. Therefore, isolation is carried out by taking the Pool as a unit, and data cannot be exchanged because different pools are logically isolated, so that the safety of data storage can be ensured.
Fig. 2 is a schematic view of a scene of data encryption storage according to an embodiment of the present application.
As shown in fig. 2, a cloud service network (i.e., a distributed cloud storage platform) may be used to store user data, and when a user accesses data in the cloud service network, the user may access the data through a terminal such as a computer or a mobile phone.
Data in the cloud service Network can be stored by adopting a unified Storage architecture, so that a Storage Area Network (SAN) (English name: Storage Area Network, Chinese name: Storage Area Network) Storage service based on blocks can be provided, and a Network Attached Storage (NAS) (English full name: Network Attached Storage, Chinese name: Network Attached Storage) Storage service based on files can also be provided.
Data in the cloud service network in fig. 2 may be stored in three storage manners, which are respectively: the storage service of NAS, the storage service of SAN, the unified storage service of NAS and SAN. In practical applications, the user data in the cloud service network may be stored in any one or two of the three storage manners described above.
In fig. 2, when receiving user data sent by a user, a cloud server may determine a storage area of the user data, and allocate an identifier of a corresponding key to the storage area. The storage areas of the distributed cloud storage platform may include a plurality of storage areas, and the cloud server may allocate identifiers of a plurality of keys to each storage area, that is, for one storage area, the keys corresponding to the plurality of identifiers included in the storage area may partition the storage area, and each partition may be used to store user data.
When the cloud service network stores the user data, in order to ensure the security of the stored user data, the security domain of the storage area can be isolated in the form of Pool. For the SAN storage service, the user data may be encrypted in units of LUNs (Logical Unit numbers, chinese names: Logical units), and for the NAS service, the user data may be encrypted in units of files.
As shown in fig. 2, the high-speed secure solid-state disk array may be used to store user data, wherein for NAS storage service, after security domain isolation is performed on a storage area in the form of Pool, the user data may be stored in a RAID (Redundant Arrays of Independent Disks, chinese name: disk array) group in the form of a file; for SAN storage service, after a storage area is isolated in a security domain in a Pool form, user data can be stored in a RAID (Redundant Arrays of Independent Disks, Chinese name: disk array) group in an LUN form.
In this way, on the one hand, the security of the stored user data can be improved, and on the other hand, the system performance can also be improved.
According to the technical scheme, before the data to be encrypted is encrypted, the key identification corresponding to the key used for encrypting the data to be encrypted is randomly distributed to the data to be encrypted, so that when the data to be encrypted is encrypted, the key corresponding to the key identification in the data to be encrypted can be determined according to the key identification in the data to be encrypted, and then the data to be encrypted is encrypted according to the determined key.
In addition, because the identifier corresponding to the key is stored in the data to be encrypted, the data to be encrypted and the key can be stored separately, so that even if the key identifier and the encrypted data are obtained, the key cannot be obtained to decrypt the encrypted data, and the security of data encryption can be further improved.
Fig. 3 is a schematic flowchart of a data decryption method according to an embodiment of the present application. The method is as follows. The execution subject of the embodiment of the present application may be the cloud server in the embodiment described in fig. 1.
Step 301: and determining the data to be decrypted containing the key identification.
And the key corresponding to the key identification is used for decrypting the data to be decrypted, and the key identification is obtained by dynamic distribution of the server.
In step 301, when a user needs to access encrypted data stored in the distributed cloud storage platform, the cloud server needs to decrypt the stored encrypted data, and at this time, the cloud server may use the encrypted data that the user needs to access as data to be decrypted.
In this embodiment of the application, the encryption method for the encrypted data stored in the distributed cloud storage platform may be the encryption method described in the embodiment shown in fig. 1.
The data to be decrypted determined by the cloud server may include a key identifier corresponding to a key used for decrypting the data to be decrypted, where the key identifier may be randomly and dynamically allocated by the cloud server when the data to be decrypted is encrypted, and stored in the data to be decrypted. The specific method can be referred to the content recorded in the embodiment shown in fig. 1, and the description is not repeated here.
Step 302: and determining a key corresponding to the key identifier according to the key identifier.
In step 302, the cloud server may search, according to the key identifier, a key corresponding to the key identifier in a key repository, where the key repository may store keys corresponding to different key identifiers, and the key is used to decrypt to-be-decrypted.
It should be noted that, in order to improve the security of the data in the decryption process, the key stored in the keystore may be an encrypted key. Specifically, when the data to be decrypted is encrypted, after the encryption is successful, the key used in the encryption may be encrypted and stored in the key store. The keystore may be the same as the keystore described in the embodiment shown in fig. 1, or may be a different keystore, which is not particularly limited.
Step 303: and decrypting the data to be decrypted according to the secret key to obtain decrypted data.
In step 303, after determining the key corresponding to the identifier, the cloud server may decrypt the data to be decrypted according to the key.
In another embodiment provided by the present application, the key in the key store may be an encrypted key, and therefore, when decrypting the data to be decrypted according to the key, the cloud server specifically includes:
decrypting the key to obtain a decrypted key, wherein the key contained in the key library is an encrypted key;
and decrypting the data to be decrypted according to the decrypted key.
In this way, when the cloud server decrypts the data to be decrypted by using the key, the cloud server may perform decryption operation on the key, decrypt the data to be decrypted by using the decrypted key, and obtain the decrypted data.
After obtaining the decrypted data, the cloud server can provide the decrypted data to the user, so that the user can access the data conveniently.
According to the technical scheme provided by the embodiment of the application, when the encrypted data is decrypted, the key identification contained in the data to be decrypted is determined, the key identification is obtained by the cloud server through random dynamic allocation in advance, the key used for decrypting the data to be decrypted is searched according to the key identification contained in the data to be decrypted, and the data to be decrypted is decrypted according to the key. In this way, the key identifier corresponding to the key for decryption is randomly allocated and stored in the data to be decrypted, and the key for decrypting the data to be decrypted is randomly allocated, so that the security of encrypting the data can be improved compared with the prior art.
Fig. 4 is a schematic structural diagram of a data encryption device according to an embodiment of the present application. The data encryption device includes: a determination unit 41, a key determination unit 42, and an encryption unit 43, wherein:
a determining unit 41, configured to determine to-be-encrypted data including a key identifier, where a key corresponding to the key identifier is used to encrypt the to-be-encrypted data, and the key identifier is obtained by dynamic allocation of a server;
a key determining unit 42, which determines a key corresponding to the key identifier according to the key identifier;
and the encryption unit 43 encrypts the data to be encrypted according to the key to obtain encrypted data.
The determining unit 41 includes data to be encrypted with key identification, and includes:
receiving data to be encrypted sent by a user;
distributing the key identification to the data to be encrypted according to the use condition of the thread;
and storing the key identification into the data to be encrypted.
In the embodiment of the present application, the key identifier is stored in an independent dynamic cache space, and the independent dynamic cache space allows highly concurrent key identifier allocation operation.
The encrypting unit 43, according to the key, encrypts the data to be encrypted, including:
determining an encryption algorithm for encrypting the data to be encrypted, wherein the encryption algorithm is obtained by pre-distributing the data to be encrypted by the server;
and encrypting the data to be encrypted by using the encryption algorithm according to the key.
The encryption unit 43 encrypts the data to be encrypted according to the secret key, and then performs an encryption operation on the secret key to obtain an encrypted secret key; and storing the encrypted key.
In another embodiment provided by the present application, the data encryption device further includes: a storage unit, wherein:
and the storage unit stores the encrypted data into a storage array which is isolated from a security domain in advance.
Fig. 5 is a schematic structural diagram of another data encryption device according to an embodiment of the present application.
Another data encryption device provided in this embodiment of the present application may be a cryptographic module shown in fig. 5.
As shown in fig. 5, the cryptographic module has a built-in high-capacity memory for storing connection information for encryption and decryption currently processed by the cryptographic module.
The cryptographic module shown in fig. 5 may be configured to establish a sending queue, and specifically, may establish a data sending queue according to the number of Cores of the CPU, where an initial key value of the queue is set in a configuration file.
The cipher module is also used for sending and receiving data, specifically, a sending thread is responsible for reading out data of a sending queue, an engine sending thread firstly reads operation packet data from a downlink message queue and sends the data to a service board through a socket; and the receiving thread is responsible for receiving the data returned by the service board through the socket and sending the data to a receiving queue corresponding to the user.
The cipher service engine is a daemon deployed on the application server, is logically positioned at the lower layer of the application interface, and is responsible for communication with the cipher machine service board and service distribution. And establishing Socket connection with a cipher machine service board and communicating, and supporting encryption and decryption operations with thread-level granularity.
Taking the encryption of the file and the virtual block device as an example:
each file in the file system is assigned its own key. When a file is created, reading the security domain of the pool (storage pool) where the created file is located, applying the encryption/decryption key identification of the security domain to the encryption card/high-performance encryption machine through the cryptographic module, and storing the applied key identification in the node of the file. When the file is encrypted and decrypted, the encryption key identification of the file is used for sending an encryption and decryption request to the cryptographic module, and the cryptographic module selects the encryption card/the high-performance encryption machine to complete the encryption and decryption work.
When the virtual block device is created, reading the security domain of the pool (storage pool) where the virtual block device is located, applying an encryption key identifier of the security domain to the encryption card/high-performance encryption machine through the cryptographic module, storing the applied key identifier as the attribute of the virtual block device, and not modifying the virtual block device after the virtual block device is created. When the virtual block device is encrypted and decrypted, all the encryption and decryption of the virtual block device use the stored key identification to send an encryption and decryption request to the cryptographic module, and the cryptographic module selects the encryption card/the high-performance encryption machine to complete the encryption and decryption work.
Fig. 6 is a schematic structural diagram of a data decryption device according to an embodiment of the present application. The data decryption apparatus includes: a determination unit 61, a key determination unit 62, and a decryption unit 63, wherein:
the determining unit 61 is configured to determine to-be-decrypted data including a key identifier, where a key corresponding to the key identifier is used to decrypt the to-be-decrypted data, and the key identifier is obtained by dynamic allocation of a server;
a key determining unit 62, which determines a key corresponding to the key identifier according to the key identifier;
and the decryption unit 63 decrypts the data to be decrypted according to the secret key to obtain decrypted data.
In another embodiment provided by the present application, the key is an encrypted key; the decryption unit 63 decrypts the data to be decrypted according to the key, and includes:
decrypting the key to obtain a decrypted key;
and decrypting the data to be decrypted according to the decrypted key.
Fig. 7 is a schematic structural diagram of a data storage according to an embodiment of the present application.
The data storage structure shown in fig. 7 may be used to store encrypted data, which may be obtained by encrypting the data by the encryption method described in the embodiment shown in fig. 1.
As shown in fig. 7, the data storage structure may be divided into a user side and an operating system side.
For the user side, the data storage structure may include: file system users (file systems Consumers), Device users (Device Consumers), and hypervisors. Wherein:
the File System user can interact with ZFS (named as dynamic File System) independently through POSIX (named as Portable Operating System Interface) File System API. In fact, each application can be classified into this category. The system call is passed to zpl (zfs POSIX layer) through the OpenSolaris (open source operating system) VFS layer.
The device user, ZFS, provides a way to create "emulated volumes" that can be backed up by storage in the storage pool, but appear as a generic device under the device node. There are a small number of applications that interact directly with these devices, but the most used for the devices are kernel file systems or object drivers that are located above the device layer.
The hypervisor, these applications are the one that manages the ZFS file system or storage pool (including checking the attributes and dataset hierarchies).
For the operating system side, the data storage structure may include three basic layers: an Interface Layer (Interface Layer), a transaction Object Layer (transaction Object Layer), and a Storage pool Layer (Storage pool Layer).
The Interface Layer may correspond to the ZPL and is configured to provide a storage access Interface and a management Interface, including three modules, i.e., ZPL, a virtual volume device driver, and a device node "/dev/zfs". Wherein, ZPL provides file access interface to NFS storage request and CIFS storage request; the virtual volume device driver provides a data block access interface to the SAN storage request; the device node/dev/zfs provides a storage management interface to the management subsystem through a management dynamic library of the user layer.
The Transactional Object Layer may correspond to a DMU, and includes ZIL (log), ZAP (data mapper), DMU (data management), DSL (snapshot/copy management), and Transactional (Object traverser) five modules.
The Storage porous Layer can correspond to the SPA component and comprises three sub-modules of ARC (cache management), ZIO (Storage scheduling management) and VDEL (virtual device management). The cache management module uses the memory of the system as the read-write cache of the storage subsystem, so that the read-write performance of the system can be improved; the storage scheduling management module is responsible for the conversion, checksum, compression, encryption and other work between the virtual address and the logical address of the equipment; the virtual device management module is responsible for providing a unified method for accessing the solid state disk for the storage subsystem, organizing a plurality of solid state disks together in an RAID mode, and is responsible for management of available space and block format distribution on the solid state disks.
The ZIO (storage scheduling management) is connected to the cryptographic module (the cryptographic module may be the cryptographic module shown in fig. 5), and may send a request for applying a key and encrypting and decrypting to the cryptographic module, and the cryptographic module transmits a processed result to the ZIO. And calling the cryptographic module through the ZIO, namely processing encryption and decryption in the ZOL, wherein the position is just the position where the file node disappears and is converted into an actual virtual address, so that when the ZOL is reached, the position where the file node is located can be accurately read, and further the identifier of the secret key is read.
Storage Pooled Layer organizes a plurality of solid state disks into a RAID in a Storage Layer, and organizes a plurality of RAIDs into a pool. Creating a plurality of file systems on the pool, wherein the created file systems provide the bottommost file storage service for the NFS storage service subsystem and the CIFS storage service subsystem; and creating a plurality of virtual block devices on the pool as the block devices corresponding to the logical units of the SAN storage service subsystem.
The storage subsystem can create a plurality of pools, the security domain management takes the pools as basic units for management, and the storage layer can specify the security domain to which the pools belong when creating the pools.
The cryptographic module can be used for encrypting data to be encrypted and decrypting the data to be decrypted, and after encrypting the secret key, the encrypted secret key can be stored in a Flash chip of the cryptographic module.
The cryptographic module can also use an independent cache space (dynamic RAM) as a key pool, when the key is needed, the encrypted key in the Flash chip is decrypted and enters the key pool, only an FPGA (Field-Programmable Gate Array) chip is used for cryptographic operation, and other chips except the FPGA chip of the cryptographic module cannot access the key pool.
The dynamic RAM of the password module and the dynamic RAM of the operating system are physically separated, so that other modules except the FPGA password chip cannot obtain data in the password operation dynamic RAM from the operating system, and the storage isolation is guaranteed.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.