CN107124271B - Data encryption and decryption method and equipment - Google Patents

Data encryption and decryption method and equipment Download PDF

Info

Publication number
CN107124271B
CN107124271B CN201710295504.4A CN201710295504A CN107124271B CN 107124271 B CN107124271 B CN 107124271B CN 201710295504 A CN201710295504 A CN 201710295504A CN 107124271 B CN107124271 B CN 107124271B
Authority
CN
China
Prior art keywords
data
encrypted
key
storage
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710295504.4A
Other languages
Chinese (zh)
Other versions
CN107124271A (en
Inventor
阚志刚
陈彪
卢佐华
方宁
彭建芬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Bangcle Technology Co ltd
Original Assignee
Beijing Bangcle Technology Co ltd
Chengdu Bangbang Information Technology Consulting Service Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Bangcle Technology Co ltd, Chengdu Bangbang Information Technology Consulting Service Co ltd filed Critical Beijing Bangcle Technology Co ltd
Priority to CN201710295504.4A priority Critical patent/CN107124271B/en
Publication of CN107124271A publication Critical patent/CN107124271A/en
Application granted granted Critical
Publication of CN107124271B publication Critical patent/CN107124271B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Abstract

The application discloses a data encryption method and a data decryption method and equipment, wherein the data encryption method comprises the following steps: determining to-be-encrypted data containing a key identifier, wherein a key corresponding to the key identifier is used for encrypting the to-be-encrypted data, and the key identifier is obtained by dynamic distribution of a server; and encrypting the data to be encrypted according to the secret key to obtain the encrypted data. Before data to be encrypted is encrypted, a key identifier corresponding to a key used for encrypting the data to be encrypted is randomly allocated to the data to be encrypted, so that when the data to be encrypted is encrypted, the key corresponding to the key identifier in the data to be encrypted can be determined according to the key identifier in the data to be encrypted, and then the data to be encrypted is encrypted according to the determined key.

Description

Data encryption and decryption method and equipment
Technical Field
The present application relates to the field of data security, and in particular, to a method and device for encrypting and decrypting data.
Background
With the rapid development of internet technology, more and more network services are provided for users based on internet technology, for example, electronic payment services can be provided for users based on internet technology, so that users can realize payment through a network, network banking services are provided for users, and users can realize fund transfer, remittance and the like through the network.
In providing network services to users, a network server generates a large amount of user data, such as user names of users, user passwords, consumption records of users, and the like. Generally, the network server will store the user data, and before storing the user data, in order to ensure the security of the stored user data, the user data may be encrypted, and the encrypted user data may be stored. Thus, the safety of the stored user data can be effectively ensured.
With the increasing of internet users, more and more user data are stored in the network server, and the security requirement for encrypting the user data is higher and higher. However, when a large amount of user data is encrypted, the conventional encryption method generally has a problem of low security, and cannot meet the requirement of high security when the user data is encrypted.
Accordingly, there is a need for a data encryption method that can solve the above problems.
Disclosure of Invention
The embodiment of the application provides a data encryption and decryption method and equipment, which are used for solving the problems that in the prior art, when a large amount of user data is encrypted, the existing encryption method is low in safety and cannot meet the requirement of high safety.
The embodiment of the application provides a data encryption method, which comprises the following steps:
determining data to be encrypted containing a key identification, wherein a key corresponding to the key identification is used for encrypting the data to be encrypted, and the key identification is obtained by dynamic distribution of a server;
determining a key corresponding to the key identifier according to the key identifier;
and encrypting the data to be encrypted according to the secret key to obtain encrypted data.
The embodiment of the application provides a data decryption method, which comprises the following steps:
determining data to be decrypted containing a key identification, wherein a key corresponding to the key identification is used for decrypting the data to be decrypted, and the key identification is obtained by dynamic distribution of a server;
determining a key corresponding to the key identifier according to the key identifier;
and decrypting the data to be decrypted according to the secret key to obtain decrypted data.
An embodiment of the present application provides a data encryption device, including:
the device comprises a determining unit, a storage unit and a processing unit, wherein the determining unit is used for determining to-be-encrypted data containing a key identifier, the key corresponding to the key identifier is used for encrypting the to-be-encrypted data, and the key identifier is obtained by dynamic distribution of a server;
the key determining unit is used for determining a key corresponding to the key identifier according to the key identifier;
and the encryption unit encrypts the data to be encrypted according to the secret key to obtain encrypted data.
An embodiment of the present application provides a data decryption device, including:
the device comprises a determining unit, a decrypting unit and a processing unit, wherein the determining unit determines to-be-decrypted data containing key identification, the key corresponding to the key identification is used for decrypting the to-be-decrypted data, and the key identification is obtained by dynamic distribution of a server;
the key determining unit is used for determining a key corresponding to the key identifier according to the key identifier;
and the decryption unit is used for decrypting the data to be decrypted according to the secret key to obtain the decrypted data.
The embodiment of the application adopts at least one technical scheme which can achieve the following beneficial effects:
according to the technical scheme provided by the embodiment of the application, data to be encrypted containing key identification is determined, a key corresponding to the key identification is used for encrypting the data to be encrypted, and the key identification is obtained by dynamic distribution of a server; determining a key corresponding to the key identifier according to the key identifier; and encrypting the data to be encrypted according to the secret key to obtain encrypted data. Before data to be encrypted is encrypted, a key identifier corresponding to a key used for encrypting the data to be encrypted is randomly allocated to the data to be encrypted, so that when the data to be encrypted is encrypted, the key corresponding to the key identifier in the data to be encrypted can be determined according to the key identifier in the data to be encrypted, and then the data to be encrypted is encrypted according to the determined key.
In addition, because the identifier corresponding to the key is stored in the data to be encrypted, the data to be encrypted and the key can be stored separately, so that even if the key identifier and the encrypted data are obtained, the key cannot be obtained to decrypt the encrypted data, and the security of data encryption can be further improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic flowchart of a data encryption method according to an embodiment of the present application;
fig. 2 is a schematic view of a scene of data encryption storage according to an embodiment of the present application;
fig. 3 is a schematic flowchart of a data decryption method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a data encryption device according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of another data encryption device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a data decryption device according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a data storage according to an embodiment of the present application.
Detailed Description
In the prior art, when the network server encrypts the user data, it can usually adopt symmetric encryption or asymmetric encryption. The symmetric encryption is mainly based on a DES algorithm and an AES algorithm, has the advantages of high encryption and decryption speed, is widely applied to data transmission and storage, and the asymmetric encryption is mainly based on an ECC algorithm and an RSA algorithm.
However, when encrypting a large amount of user data, the use of symmetric encryption or asymmetric encryption has at least the following problems:
(1) in the symmetric encryption, the same key is used for both encryption and decryption, so that the key is easy to leak, and the security of user data cannot be guaranteed;
(2) the amount of computation is relatively large when data is encrypted by adopting asymmetric encryption, so that the encryption efficiency is relatively low when a large amount of user data is encrypted.
According to the data encryption method provided by the embodiment of the application, different encryption methods are adopted, so that compared with the prior art, when a large amount of user data are encrypted, high safety and high efficiency of data encryption can be ensured, and the requirement for encrypting a large amount of user data is met.
The technical solutions of the present application will be described clearly and completely below with reference to the specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the data encryption and decryption method provided by the embodiment of the present application can be applied to an application scenario of a distributed cloud storage platform in the internet, where the distributed cloud storage platform stores a file in a network cloud, and requirements on security and privacy of the file are high.
It should be further noted that the data encryption method provided in this embodiment of the present application may be used for encrypting data in a data transmission process, and may also be used for encrypting data when the data is stored, which is not specifically limited.
The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic flowchart of a data encryption method according to an embodiment of the present application. The method is as follows. The straightforward main body in the embodiment of the present application may be a server (hereinafter referred to as a cloud server) corresponding to the distributed cloud storage platform.
Step 101: and determining the data to be encrypted containing the key identification.
And the key corresponding to the key identification is used for encrypting the data to be encrypted, and the key identification is obtained by dynamic distribution of a server.
In step 101, when a user stores data in a distributed cloud storage platform, the data to be stored may be sent to a cloud server, the cloud server may receive the data to be stored sent by the user, and when receiving the data to be stored, the cloud server may encrypt the data to be stored, and at this time, the data to be stored may be regarded as the data to be encrypted.
It should be noted that, in this embodiment of the present application, the data to be encrypted may include a key identifier corresponding to a key used for encrypting the data to be encrypted. The cloud server determining the data to be encrypted containing the key identifier specifically includes:
receiving data to be encrypted sent by a user;
distributing the key identification to the data to be encrypted according to the use condition of the thread;
and storing the key identification into the data to be encrypted.
In the embodiment of the application, after the user establishes connection with the cloud server, the user data of the user may correspond to one thread in the cloud server or correspond to a plurality of threads in the cloud server, and after receiving the data to be encrypted sent by the user, the cloud server may randomly allocate a key identifier for the data to be encrypted of the user according to the use condition of the thread. The key identifier may be an identity identifier of the key, and is used to distinguish different keys.
In the embodiment of the application, the key identifier can be stored in an independent dynamic cache space, and when the cloud server allocates the key to the data to be encrypted, the cloud server can randomly select the key identifier from the independent cache space and allocate the randomly selected key identifier to the data to be encrypted.
Wherein the independent dynamic cache space may allow and support highly concurrent key identification assignment operations. The number of the specific allowed key identifier allocation operations can be determined according to the space size of the independent dynamic cache space. For example, the capacity of the independent buffer space is 8G, then the length of the key identifier is 32 bits (can mark 2)32Keys), then 8 x 1024 x 1024/32=268435456(2.6 billion) operations may be allowed to concurrently distribute the identification of keys.
In this way, the cloud server can distribute an independent key for each thread, realize that one user corresponds to one key, and can distribute an algorithm, an algorithm execution component and the like at the same time, so that an effective key distribution system can be realized, and not only can the security of data storage be ensured, but also the encryption performance can be ensured not to be influenced.
In practical application, a storage space included in a distributed cloud storage platform may be divided into a plurality of storage areas, each storage area may be used for storing data of one user and may also be used for storing data of a plurality of users, then, when a cloud server allocates a key for data to be encrypted, the cloud server may first determine the number of users corresponding to the storage area where the user stores the data to be encrypted, and if the number of users corresponding to the storage area is one, the cloud server may directly allocate a key identifier for the data to be encrypted according to a thread; if the number of the users corresponding to the storage area is multiple, the cloud server may allocate a key identifier to the data to be encrypted according to the key identifier corresponding to the storage area (the number of the key identifiers corresponding to the storage area is also multiple).
After distributing a key identifier for the data to be stored, the cloud server may store the key identifier in the data to be stored, and determine to obtain the data to be encrypted, where a key corresponding to the key identifier is used to encrypt the data to be encrypted.
For example, if the data to be stored is a file, the identifier of the key may be saved in a file node, and if the data to be stored is a virtual block device, the identifier of the key may be saved as an attribute of the virtual block device.
In step 101, after determining that the data to be encrypted is obtained, the cloud server may further determine that a key identifier in the data to be encrypted is obtained, and at this time, step 102 may be executed.
Step 102: and determining a key corresponding to the key identifier according to the key identifier.
In step 102, after determining the key identifier included in the data to be encrypted, the cloud server may search, according to the key identifier, a key corresponding to the key identifier from a key repository, so as to encrypt the data to be encrypted by using the key.
In the embodiment of the application, the key library may pre-store keys corresponding to different key identifiers, so that after the key identifier is determined, the cloud server may search for the key corresponding to the key identifier from the key library.
Step 103: and encrypting the data to be encrypted according to the secret key to obtain encrypted data.
In step 103, after finding the key corresponding to the identifier, the cloud server may encrypt the data to be encrypted by using the key, and obtain encrypted data.
Specifically, the encrypting the data to be encrypted by the cloud server according to the key includes:
determining an encryption algorithm for encrypting the data to be encrypted, wherein the encryption algorithm is obtained by pre-distributing the data to be encrypted by the server;
and encrypting the data to be encrypted by using the encryption algorithm according to the key.
After determining a plurality of storage areas for storing user data of different users, the cloud server may pre-allocate an encryption algorithm to each storage area, and after allocating the encryption algorithm to the storage areas, when encrypting the data to be encrypted, the cloud server may determine the storage areas pre-allocated to the user for storing the data to be encrypted, and determine the encryption algorithm pre-allocated to the storage areas, so that the cloud server may encrypt the data to be encrypted by using the encryption algorithm according to the key, and obtain the encrypted data.
It should be noted that, based on the above-mentioned description, when the cloud server allocates the identifier of the key, the cloud server may allocate the identifier of the key based on the thread, so that when encrypting data to be encrypted, on one hand, it may support a highly concurrent key request, and improve the efficiency of data encryption, and on the other hand, it may be implemented that data to be encrypted of one user corresponds to one key.
In another embodiment provided by the present application, after the cloud server encrypts the data to be encrypted according to the key, the method further includes:
carrying out encryption operation on the secret key to obtain an encrypted secret key;
and storing the encrypted key.
That is to say, after the cloud server encrypts the data to be encrypted by using the key, in order to ensure the security of the key, the key may be encrypted and stored, where the storage location may be in the key repository, and the storage manner may be storing the correspondence between the identifier of the key and the encrypted key. After the key is encrypted, the identifier of the key may not be changed, that is, the identifier of the encrypted key may be the same as the identifier of the key when the key is not encrypted.
In another embodiment provided by the present application, after the encrypted data is obtained by encryption, the encrypted data may be stored in a storage array.
Specifically, in the embodiment of the present application, security domains may be isolated by taking Pool (storage Pool) as a unit of a storage space of the storage array, and the security domains may be regarded as the storage regions for storing the user data described above. Therefore, isolation is carried out by taking the Pool as a unit, and data cannot be exchanged because different pools are logically isolated, so that the safety of data storage can be ensured.
Fig. 2 is a schematic view of a scene of data encryption storage according to an embodiment of the present application.
As shown in fig. 2, a cloud service network (i.e., a distributed cloud storage platform) may be used to store user data, and when a user accesses data in the cloud service network, the user may access the data through a terminal such as a computer or a mobile phone.
Data in the cloud service Network can be stored by adopting a unified Storage architecture, so that a Storage Area Network (SAN) (English name: Storage Area Network, Chinese name: Storage Area Network) Storage service based on blocks can be provided, and a Network Attached Storage (NAS) (English full name: Network Attached Storage, Chinese name: Network Attached Storage) Storage service based on files can also be provided.
Data in the cloud service network in fig. 2 may be stored in three storage manners, which are respectively: the storage service of NAS, the storage service of SAN, the unified storage service of NAS and SAN. In practical applications, the user data in the cloud service network may be stored in any one or two of the three storage manners described above.
In fig. 2, when receiving user data sent by a user, a cloud server may determine a storage area of the user data, and allocate an identifier of a corresponding key to the storage area. The storage areas of the distributed cloud storage platform may include a plurality of storage areas, and the cloud server may allocate identifiers of a plurality of keys to each storage area, that is, for one storage area, the keys corresponding to the plurality of identifiers included in the storage area may partition the storage area, and each partition may be used to store user data.
When the cloud service network stores the user data, in order to ensure the security of the stored user data, the security domain of the storage area can be isolated in the form of Pool. For the SAN storage service, the user data may be encrypted in units of LUNs (Logical Unit numbers, chinese names: Logical units), and for the NAS service, the user data may be encrypted in units of files.
As shown in fig. 2, the high-speed secure solid-state disk array may be used to store user data, wherein for NAS storage service, after security domain isolation is performed on a storage area in the form of Pool, the user data may be stored in a RAID (Redundant Arrays of Independent Disks, chinese name: disk array) group in the form of a file; for SAN storage service, after a storage area is isolated in a security domain in a Pool form, user data can be stored in a RAID (Redundant Arrays of Independent Disks, Chinese name: disk array) group in an LUN form.
In this way, on the one hand, the security of the stored user data can be improved, and on the other hand, the system performance can also be improved.
According to the technical scheme, before the data to be encrypted is encrypted, the key identification corresponding to the key used for encrypting the data to be encrypted is randomly distributed to the data to be encrypted, so that when the data to be encrypted is encrypted, the key corresponding to the key identification in the data to be encrypted can be determined according to the key identification in the data to be encrypted, and then the data to be encrypted is encrypted according to the determined key.
In addition, because the identifier corresponding to the key is stored in the data to be encrypted, the data to be encrypted and the key can be stored separately, so that even if the key identifier and the encrypted data are obtained, the key cannot be obtained to decrypt the encrypted data, and the security of data encryption can be further improved.
Fig. 3 is a schematic flowchart of a data decryption method according to an embodiment of the present application. The method is as follows. The execution subject of the embodiment of the present application may be the cloud server in the embodiment described in fig. 1.
Step 301: and determining the data to be decrypted containing the key identification.
And the key corresponding to the key identification is used for decrypting the data to be decrypted, and the key identification is obtained by dynamic distribution of the server.
In step 301, when a user needs to access encrypted data stored in the distributed cloud storage platform, the cloud server needs to decrypt the stored encrypted data, and at this time, the cloud server may use the encrypted data that the user needs to access as data to be decrypted.
In this embodiment of the application, the encryption method for the encrypted data stored in the distributed cloud storage platform may be the encryption method described in the embodiment shown in fig. 1.
The data to be decrypted determined by the cloud server may include a key identifier corresponding to a key used for decrypting the data to be decrypted, where the key identifier may be randomly and dynamically allocated by the cloud server when the data to be decrypted is encrypted, and stored in the data to be decrypted. The specific method can be referred to the content recorded in the embodiment shown in fig. 1, and the description is not repeated here.
Step 302: and determining a key corresponding to the key identifier according to the key identifier.
In step 302, the cloud server may search, according to the key identifier, a key corresponding to the key identifier in a key repository, where the key repository may store keys corresponding to different key identifiers, and the key is used to decrypt to-be-decrypted.
It should be noted that, in order to improve the security of the data in the decryption process, the key stored in the keystore may be an encrypted key. Specifically, when the data to be decrypted is encrypted, after the encryption is successful, the key used in the encryption may be encrypted and stored in the key store. The keystore may be the same as the keystore described in the embodiment shown in fig. 1, or may be a different keystore, which is not particularly limited.
Step 303: and decrypting the data to be decrypted according to the secret key to obtain decrypted data.
In step 303, after determining the key corresponding to the identifier, the cloud server may decrypt the data to be decrypted according to the key.
In another embodiment provided by the present application, the key in the key store may be an encrypted key, and therefore, when decrypting the data to be decrypted according to the key, the cloud server specifically includes:
decrypting the key to obtain a decrypted key, wherein the key contained in the key library is an encrypted key;
and decrypting the data to be decrypted according to the decrypted key.
In this way, when the cloud server decrypts the data to be decrypted by using the key, the cloud server may perform decryption operation on the key, decrypt the data to be decrypted by using the decrypted key, and obtain the decrypted data.
After obtaining the decrypted data, the cloud server can provide the decrypted data to the user, so that the user can access the data conveniently.
According to the technical scheme provided by the embodiment of the application, when the encrypted data is decrypted, the key identification contained in the data to be decrypted is determined, the key identification is obtained by the cloud server through random dynamic allocation in advance, the key used for decrypting the data to be decrypted is searched according to the key identification contained in the data to be decrypted, and the data to be decrypted is decrypted according to the key. In this way, the key identifier corresponding to the key for decryption is randomly allocated and stored in the data to be decrypted, and the key for decrypting the data to be decrypted is randomly allocated, so that the security of encrypting the data can be improved compared with the prior art.
Fig. 4 is a schematic structural diagram of a data encryption device according to an embodiment of the present application. The data encryption device includes: a determination unit 41, a key determination unit 42, and an encryption unit 43, wherein:
a determining unit 41, configured to determine to-be-encrypted data including a key identifier, where a key corresponding to the key identifier is used to encrypt the to-be-encrypted data, and the key identifier is obtained by dynamic allocation of a server;
a key determining unit 42, which determines a key corresponding to the key identifier according to the key identifier;
and the encryption unit 43 encrypts the data to be encrypted according to the key to obtain encrypted data.
The determining unit 41 includes data to be encrypted with key identification, and includes:
receiving data to be encrypted sent by a user;
distributing the key identification to the data to be encrypted according to the use condition of the thread;
and storing the key identification into the data to be encrypted.
In the embodiment of the present application, the key identifier is stored in an independent dynamic cache space, and the independent dynamic cache space allows highly concurrent key identifier allocation operation.
The encrypting unit 43, according to the key, encrypts the data to be encrypted, including:
determining an encryption algorithm for encrypting the data to be encrypted, wherein the encryption algorithm is obtained by pre-distributing the data to be encrypted by the server;
and encrypting the data to be encrypted by using the encryption algorithm according to the key.
The encryption unit 43 encrypts the data to be encrypted according to the secret key, and then performs an encryption operation on the secret key to obtain an encrypted secret key; and storing the encrypted key.
In another embodiment provided by the present application, the data encryption device further includes: a storage unit, wherein:
and the storage unit stores the encrypted data into a storage array which is isolated from a security domain in advance.
Fig. 5 is a schematic structural diagram of another data encryption device according to an embodiment of the present application.
Another data encryption device provided in this embodiment of the present application may be a cryptographic module shown in fig. 5.
As shown in fig. 5, the cryptographic module has a built-in high-capacity memory for storing connection information for encryption and decryption currently processed by the cryptographic module.
The cryptographic module shown in fig. 5 may be configured to establish a sending queue, and specifically, may establish a data sending queue according to the number of Cores of the CPU, where an initial key value of the queue is set in a configuration file.
The cipher module is also used for sending and receiving data, specifically, a sending thread is responsible for reading out data of a sending queue, an engine sending thread firstly reads operation packet data from a downlink message queue and sends the data to a service board through a socket; and the receiving thread is responsible for receiving the data returned by the service board through the socket and sending the data to a receiving queue corresponding to the user.
The cipher service engine is a daemon deployed on the application server, is logically positioned at the lower layer of the application interface, and is responsible for communication with the cipher machine service board and service distribution. And establishing Socket connection with a cipher machine service board and communicating, and supporting encryption and decryption operations with thread-level granularity.
Taking the encryption of the file and the virtual block device as an example:
each file in the file system is assigned its own key. When a file is created, reading the security domain of the pool (storage pool) where the created file is located, applying the encryption/decryption key identification of the security domain to the encryption card/high-performance encryption machine through the cryptographic module, and storing the applied key identification in the node of the file. When the file is encrypted and decrypted, the encryption key identification of the file is used for sending an encryption and decryption request to the cryptographic module, and the cryptographic module selects the encryption card/the high-performance encryption machine to complete the encryption and decryption work.
When the virtual block device is created, reading the security domain of the pool (storage pool) where the virtual block device is located, applying an encryption key identifier of the security domain to the encryption card/high-performance encryption machine through the cryptographic module, storing the applied key identifier as the attribute of the virtual block device, and not modifying the virtual block device after the virtual block device is created. When the virtual block device is encrypted and decrypted, all the encryption and decryption of the virtual block device use the stored key identification to send an encryption and decryption request to the cryptographic module, and the cryptographic module selects the encryption card/the high-performance encryption machine to complete the encryption and decryption work.
Fig. 6 is a schematic structural diagram of a data decryption device according to an embodiment of the present application. The data decryption apparatus includes: a determination unit 61, a key determination unit 62, and a decryption unit 63, wherein:
the determining unit 61 is configured to determine to-be-decrypted data including a key identifier, where a key corresponding to the key identifier is used to decrypt the to-be-decrypted data, and the key identifier is obtained by dynamic allocation of a server;
a key determining unit 62, which determines a key corresponding to the key identifier according to the key identifier;
and the decryption unit 63 decrypts the data to be decrypted according to the secret key to obtain decrypted data.
In another embodiment provided by the present application, the key is an encrypted key; the decryption unit 63 decrypts the data to be decrypted according to the key, and includes:
decrypting the key to obtain a decrypted key;
and decrypting the data to be decrypted according to the decrypted key.
Fig. 7 is a schematic structural diagram of a data storage according to an embodiment of the present application.
The data storage structure shown in fig. 7 may be used to store encrypted data, which may be obtained by encrypting the data by the encryption method described in the embodiment shown in fig. 1.
As shown in fig. 7, the data storage structure may be divided into a user side and an operating system side.
For the user side, the data storage structure may include: file system users (file systems Consumers), Device users (Device Consumers), and hypervisors. Wherein:
the File System user can interact with ZFS (named as dynamic File System) independently through POSIX (named as Portable Operating System Interface) File System API. In fact, each application can be classified into this category. The system call is passed to zpl (zfs POSIX layer) through the OpenSolaris (open source operating system) VFS layer.
The device user, ZFS, provides a way to create "emulated volumes" that can be backed up by storage in the storage pool, but appear as a generic device under the device node. There are a small number of applications that interact directly with these devices, but the most used for the devices are kernel file systems or object drivers that are located above the device layer.
The hypervisor, these applications are the one that manages the ZFS file system or storage pool (including checking the attributes and dataset hierarchies).
For the operating system side, the data storage structure may include three basic layers: an Interface Layer (Interface Layer), a transaction Object Layer (transaction Object Layer), and a Storage pool Layer (Storage pool Layer).
The Interface Layer may correspond to the ZPL and is configured to provide a storage access Interface and a management Interface, including three modules, i.e., ZPL, a virtual volume device driver, and a device node "/dev/zfs". Wherein, ZPL provides file access interface to NFS storage request and CIFS storage request; the virtual volume device driver provides a data block access interface to the SAN storage request; the device node/dev/zfs provides a storage management interface to the management subsystem through a management dynamic library of the user layer.
The Transactional Object Layer may correspond to a DMU, and includes ZIL (log), ZAP (data mapper), DMU (data management), DSL (snapshot/copy management), and Transactional (Object traverser) five modules.
The Storage porous Layer can correspond to the SPA component and comprises three sub-modules of ARC (cache management), ZIO (Storage scheduling management) and VDEL (virtual device management). The cache management module uses the memory of the system as the read-write cache of the storage subsystem, so that the read-write performance of the system can be improved; the storage scheduling management module is responsible for the conversion, checksum, compression, encryption and other work between the virtual address and the logical address of the equipment; the virtual device management module is responsible for providing a unified method for accessing the solid state disk for the storage subsystem, organizing a plurality of solid state disks together in an RAID mode, and is responsible for management of available space and block format distribution on the solid state disks.
The ZIO (storage scheduling management) is connected to the cryptographic module (the cryptographic module may be the cryptographic module shown in fig. 5), and may send a request for applying a key and encrypting and decrypting to the cryptographic module, and the cryptographic module transmits a processed result to the ZIO. And calling the cryptographic module through the ZIO, namely processing encryption and decryption in the ZOL, wherein the position is just the position where the file node disappears and is converted into an actual virtual address, so that when the ZOL is reached, the position where the file node is located can be accurately read, and further the identifier of the secret key is read.
Storage Pooled Layer organizes a plurality of solid state disks into a RAID in a Storage Layer, and organizes a plurality of RAIDs into a pool. Creating a plurality of file systems on the pool, wherein the created file systems provide the bottommost file storage service for the NFS storage service subsystem and the CIFS storage service subsystem; and creating a plurality of virtual block devices on the pool as the block devices corresponding to the logical units of the SAN storage service subsystem.
The storage subsystem can create a plurality of pools, the security domain management takes the pools as basic units for management, and the storage layer can specify the security domain to which the pools belong when creating the pools.
The cryptographic module can be used for encrypting data to be encrypted and decrypting the data to be decrypted, and after encrypting the secret key, the encrypted secret key can be stored in a Flash chip of the cryptographic module.
The cryptographic module can also use an independent cache space (dynamic RAM) as a key pool, when the key is needed, the encrypted key in the Flash chip is decrypted and enters the key pool, only an FPGA (Field-Programmable Gate Array) chip is used for cryptographic operation, and other chips except the FPGA chip of the cryptographic module cannot access the key pool.
The dynamic RAM of the password module and the dynamic RAM of the operating system are physically separated, so that other modules except the FPGA password chip cannot obtain data in the password operation dynamic RAM from the operating system, and the storage isolation is guaranteed.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (7)

1. A data encryption method applied to a data encryption device, the method comprising:
determining data to be encrypted containing a key identifier, wherein a key corresponding to the key identifier is used for encrypting the data to be encrypted, the key identifier is obtained by dynamic allocation of a server, the key identifier is stored in an independent dynamic cache space, and the independent dynamic cache space allows high-concurrency key identifier allocation operation;
determining a key corresponding to the key identifier according to the key identifier;
encrypting the data to be encrypted according to the secret key to obtain encrypted data;
wherein, the determining the data to be encrypted containing the key identifier comprises:
receiving data to be encrypted sent by a user;
distributing the key identification to the data to be encrypted according to the use condition of the thread;
storing the key identification into the data to be encrypted;
the encrypting the data to be encrypted according to the secret key to obtain encrypted data includes:
determining a storage area pre-allocated to the data to be encrypted, determining an encryption algorithm pre-allocated to the storage area, and encrypting the data to be encrypted by using the encryption algorithm according to the secret key to obtain encrypted data;
after obtaining the encrypted data, the method further comprises:
and storing the encrypted data into a storage array, wherein a storage space of the storage array is isolated by taking a storage pool as a unit to form a security domain, the security domain is a storage area used for storing user data, and different storage pools are logically isolated.
2. The data encryption method of claim 1, wherein encrypting the data to be encrypted according to the key comprises:
determining an encryption algorithm for encrypting the data to be encrypted, wherein the encryption algorithm is obtained by pre-distributing the data to be encrypted by the server;
and encrypting the data to be encrypted by using the encryption algorithm according to the key.
3. The data encryption method of claim 2, wherein after encrypting the data to be encrypted according to the key, the method further comprises:
carrying out encryption operation on the secret key to obtain an encrypted secret key;
and storing the encrypted key.
4. A data decryption method, applied to a data decryption device, the method comprising:
determining data to be decrypted containing a key identifier, wherein a key corresponding to the key identifier is used for decrypting the data to be decrypted, the key identifier is obtained by dynamic allocation of a server, the key identifier is stored in an independent dynamic cache space, and the independent dynamic cache space allows high-concurrency key identifier allocation operation;
determining a key corresponding to the key identifier according to the key identifier;
decrypting the data to be decrypted according to the secret key to obtain decrypted data;
wherein, the data to be decrypted containing the key identification is obtained by the following processes:
the data encryption equipment receives data to be encrypted sent by a user;
the data encryption equipment distributes the key identification to the data to be encrypted according to the use condition of the thread;
the data encryption equipment encrypts the data to be encrypted to obtain encrypted data, and stores the key identification into the encrypted data;
the encrypted data containing the key identification is to-be-decrypted data containing the key identification; the data encryption equipment encrypts the data to be encrypted to obtain encrypted data, and the data encryption equipment comprises:
determining a storage area pre-allocated to the data to be encrypted, determining an encryption algorithm pre-allocated to the storage area, and encrypting the data to be encrypted by using the encryption algorithm according to the secret key to obtain encrypted data;
after obtaining the encrypted data, the data encryption device stores the encrypted data into a storage array, wherein a storage space of the storage array is isolated by taking a storage pool as a unit, the security domain is a storage area for storing user data, and different storage pools are logically isolated.
5. The data decryption method of claim 4,
the secret key is an encrypted secret key;
decrypting the data to be decrypted according to the key, comprising:
decrypting the key to obtain a decrypted key;
and decrypting the data to be decrypted according to the decrypted key.
6. A data encryption device, comprising:
the device comprises a determining unit, a data processing unit and a data processing unit, wherein the determining unit determines to-be-encrypted data containing a key identifier, the key corresponding to the key identifier is used for encrypting the to-be-encrypted data, the key identifier is obtained by dynamic distribution of a server, the key identifier is stored in an independent dynamic cache space, and the independent dynamic cache space allows high-concurrency key identifier distribution operation;
the key determining unit is used for determining a key corresponding to the key identifier according to the key identifier;
the encryption unit encrypts the data to be encrypted according to the secret key to obtain encrypted data;
wherein, the determining unit determines the data to be encrypted containing the key identification, and comprises:
receiving data to be encrypted sent by a user;
distributing the key identification to the data to be encrypted according to the use condition of the thread;
storing the key identification into the data to be encrypted;
the encrypting the data to be encrypted according to the secret key to obtain encrypted data includes:
determining a storage area pre-allocated to the data to be encrypted, determining an encryption algorithm pre-allocated to the storage area, and encrypting the data to be encrypted by using the encryption algorithm according to the secret key to obtain encrypted data;
the storage unit is used for storing the encrypted data into a storage array after obtaining the encrypted data, wherein a storage space of the storage array is isolated by taking a storage pool as a unit, the security domain is a storage area used for storing user data, and different storage pools are logically isolated.
7. A data decryption device, characterized by comprising:
the device comprises a determining unit, a decrypting unit and a processing unit, wherein the determining unit determines to-be-decrypted data containing key identification, a key corresponding to the key identification is used for decrypting the to-be-decrypted data, the key identification is obtained by dynamic distribution of a server, the key identification is stored in an independent dynamic cache space, and the independent dynamic cache space allows high-concurrency key identification distribution operation;
the key determining unit is used for determining a key corresponding to the key identifier according to the key identifier;
the decryption unit is used for decrypting the data to be decrypted according to the secret key to obtain decrypted data;
wherein, the data to be decrypted containing the key identification is obtained by the following processes:
the data encryption equipment receives data to be encrypted sent by a user;
the data encryption equipment distributes the key identification to the data to be encrypted according to the use condition of the thread;
the data encryption equipment encrypts the data to be encrypted to obtain encrypted data, and stores the key identification into the encrypted data;
the encrypted data containing the key identification is to-be-decrypted data containing the key identification; the data encryption equipment encrypts the data to be encrypted to obtain encrypted data, and the data encryption equipment comprises:
determining a storage area pre-allocated to the data to be encrypted, determining an encryption algorithm pre-allocated to the storage area, and encrypting the data to be encrypted by using the encryption algorithm according to the secret key to obtain encrypted data;
after obtaining the encrypted data, the data encryption device stores the encrypted data into a storage array, wherein a storage space of the storage array is isolated by taking a storage pool as a unit, the security domain is a storage area for storing user data, and different storage pools are logically isolated.
CN201710295504.4A 2017-04-28 2017-04-28 Data encryption and decryption method and equipment Active CN107124271B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710295504.4A CN107124271B (en) 2017-04-28 2017-04-28 Data encryption and decryption method and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710295504.4A CN107124271B (en) 2017-04-28 2017-04-28 Data encryption and decryption method and equipment

Publications (2)

Publication Number Publication Date
CN107124271A CN107124271A (en) 2017-09-01
CN107124271B true CN107124271B (en) 2020-12-04

Family

ID=59724997

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710295504.4A Active CN107124271B (en) 2017-04-28 2017-04-28 Data encryption and decryption method and equipment

Country Status (1)

Country Link
CN (1) CN107124271B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108063756B (en) 2017-11-21 2020-07-03 阿里巴巴集团控股有限公司 Key management method, device and equipment
CN108183899B (en) * 2017-12-28 2019-02-22 北京明朝万达科技股份有限公司 A kind of data safety management system and method
CN108737365A (en) * 2018-03-26 2018-11-02 刘喆 A kind of network data information guard method and device
CN108900464B (en) * 2018-04-26 2021-07-23 平安科技(深圳)有限公司 Electronic device, block chain-based data processing method, and computer storage medium
CN108833535A (en) * 2018-06-14 2018-11-16 浙江远算云计算有限公司 User data storage method based on the storage of cloud platform distributed block
CN109033849A (en) * 2018-06-29 2018-12-18 无锡艾立德智能科技有限公司 The encryption method and device encrypted to deposit data of magnetic disk array
CN110099048B (en) * 2019-04-19 2021-08-24 中共中央办公厅电子科技学院(北京电子科技学院) Cloud storage method and equipment
CN111818032B (en) * 2020-06-30 2021-09-07 腾讯科技(深圳)有限公司 Data processing method and device based on cloud platform and computer program
CN112651034A (en) * 2020-12-21 2021-04-13 山东山大鸥玛软件股份有限公司 One-time pad replaceable encryption algorithm, assembly and equipment based on codebook
CN117439658B (en) * 2023-12-21 2024-03-12 长光卫星技术股份有限公司 Satellite telemetry data analysis authority management method based on key store
CN117439657B (en) * 2023-12-21 2024-03-26 长光卫星技术股份有限公司 Satellite remote control instruction use authority management method based on key library

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103279715A (en) * 2013-05-22 2013-09-04 李凤华 Database data encryption and decryption method and device
CN105706058A (en) * 2013-11-05 2016-06-22 甲骨文国际公司 System and method for supporting efficient packet processing model and optimized buffer utilization for packet processing in a network environment

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7313239B2 (en) * 2003-04-15 2007-12-25 Broadcom Corporation Method and system for data encryption/decryption key generation and distribution
US7594236B2 (en) * 2004-06-28 2009-09-22 Intel Corporation Thread to thread communication
CN102158757A (en) * 2010-02-11 2011-08-17 中兴通讯股份有限公司 Terminal and method for playing television service thereof
CN101917403B (en) * 2010-07-23 2013-06-05 华中科技大学 Distributed key management method for ciphertext storage
CN103107889B (en) * 2013-02-06 2016-08-03 中电长城网际系统应用有限公司 A kind of cloud computing environment data encryption storage system and method that can search for
CN103107995B (en) * 2013-02-06 2015-11-25 中电长城网际系统应用有限公司 A kind of cloud computing environment date safety storing system and method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103279715A (en) * 2013-05-22 2013-09-04 李凤华 Database data encryption and decryption method and device
CN105706058A (en) * 2013-11-05 2016-06-22 甲骨文国际公司 System and method for supporting efficient packet processing model and optimized buffer utilization for packet processing in a network environment

Also Published As

Publication number Publication date
CN107124271A (en) 2017-09-01

Similar Documents

Publication Publication Date Title
CN107124271B (en) Data encryption and decryption method and equipment
US10606763B2 (en) Methods and systems for selective encryption and secured extent quota management for storage servers in cloud computing
US11270006B2 (en) Intelligent storage devices with cryptographic functionality
US20220214967A1 (en) Management of Storage Resources Allocated from Non-volatile Memory Devices to Users
US11789614B2 (en) Performance allocation among users for accessing non-volatile memory devices
US20180082077A1 (en) Creating distinct user spaces through user identifiers
US10446174B2 (en) File system for shingled magnetic recording (SMR)
US10212153B2 (en) Providing data security with a token device
US20120042162A1 (en) Cloud Data Management
US10503917B2 (en) Performing operations on intelligent storage with hardened interfaces
CN108427677B (en) Object access method and device and electronic equipment
US20150220709A1 (en) Security-enhanced device based on virtualization and the method thereof
WO2019000949A1 (en) Metadata storage method and system in distributed storage system, and storage medium
CN114281252A (en) Virtualization method and device for NVMe (network video recorder) device of nonvolatile high-speed transmission bus
US9152505B1 (en) Verified hardware-based erasure of data on distributed systems
KR20220134762A (en) Virtual Machine Full Forward Secrecy
US11146556B2 (en) Methods and systems for contiguous utilization of individual end-user-based cloud-storage subscriptions
WO2016183906A1 (en) Storage space allocation method and apparatus
CN111079159B (en) Encrypted communication method and system for Hypervisor multi-domain architecture
KR101508273B1 (en) Method for assigning resource using cloud application programming interface key and apparatus therefor
KR102484065B1 (en) Memory controller and storage system comprising the same
US11475171B2 (en) Authentication using pairwise secrets constructed from partial secrets
Ma et al. Implementing efficient management and security of removable storage by FVM
EP2930607A1 (en) Method and apparatus for increasing available portable memory storage space
TW200521799A (en) A security USB digital data process card

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: No.101 and 102, 1st floor, building 7, no.219, Tianhua 2nd Road, hi tech Zone, Chengdu, Sichuan 610094

Applicant after: Chengdu Bangbang Information Technology Consulting Service Co.,Ltd.

Address before: 610000, No. 5, No. 6, No. 599, No. 501 South City Road, Chengdu hi tech Development Zone, Sichuan

Applicant before: CHENGDU BANGBANG INFORMATION TECHNOLOGY Co.,Ltd.

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20201117

Address after: No.101 and 102, 1st floor, building 7, no.219, Tianhua 2nd Road, hi tech Zone, Chengdu, Sichuan 610094

Applicant after: Chengdu Bangbang Information Technology Consulting Service Co.,Ltd.

Applicant after: BEIJING BANGCLE TECHNOLOGY Co.,Ltd.

Address before: No.101 and 102, 1st floor, building 7, no.219, Tianhua 2nd Road, hi tech Zone, Chengdu, Sichuan 610094

Applicant before: Chengdu Bangbang Information Technology Consulting Service Co.,Ltd.

GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20211214

Address after: 100083 rooms 1-3, 20 / F, block a, Tiangong building, No.30 Xueyuan Road, Haidian District, Beijing

Patentee after: BEIJING BANGCLE TECHNOLOGY Co.,Ltd.

Address before: Room 101 and 102, 1st floor, building 7, 219 Tianhua 2nd Road, high tech Zone, Chengdu, Sichuan 610094

Patentee before: Chengdu Bangbang Information Technology Consulting Service Co.,Ltd.

Patentee before: BEIJING BANGCLE TECHNOLOGY Co.,Ltd.