CN108429733A - A kind of system of data processing - Google Patents

A kind of system of data processing Download PDF

Info

Publication number
CN108429733A
CN108429733A CN201810113588.XA CN201810113588A CN108429733A CN 108429733 A CN108429733 A CN 108429733A CN 201810113588 A CN201810113588 A CN 201810113588A CN 108429733 A CN108429733 A CN 108429733A
Authority
CN
China
Prior art keywords
key
sent
target
data
active user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810113588.XA
Other languages
Chinese (zh)
Inventor
聂林川
姜凯
王子彤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan Inspur Hi Tech Investment and Development Co Ltd
Original Assignee
Jinan Inspur Hi Tech Investment and Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan Inspur Hi Tech Investment and Development Co Ltd filed Critical Jinan Inspur Hi Tech Investment and Development Co Ltd
Priority to CN201810113588.XA priority Critical patent/CN108429733A/en
Publication of CN108429733A publication Critical patent/CN108429733A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The present invention provides a kind of systems of data processing, including:Client, encrypting and decrypting device, Key Management server, management node server and data node server;Client, the user information for exporting be-encrypted data and active user;Key Management server determines the encryption key of active user for the user information according to active user, whenever receiving the replacement instruction that management node server is sent, according to the user information of active user, replaces the encryption key of active user;Management node server, the data volume for detecting current encryption keys in real time are more than or equal to data-quantity threshold, instruction are replaced if it is, being sent to Key Management server;Encrypting and decrypting device carries out block encryption for utilizing current encryption key to be-encrypted data;Back end server, for preserving encrypted be-encrypted data.The present invention provides a kind of systems of data processing, can improve the safety of data.

Description

A kind of system of data processing
Technical field
The present invention relates to field of information security technology, more particularly to a kind of system of data processing.
Background technology
With cloud computing, the arrival in big data epoch, the information content that today's society generates daily shows explosive growth. On the one hand, increase severely the difficulty brought to business service for reply information content, on the other hand, to excavate the potential valence of big data information Value, major enterprises and institutions are intended to solve both of these problems by using more efficient data storage analytical technology, be based on Distributed cloud storage framework with its scalability, to the harmony of the transparency of user, the flexibility of distribution according to need and load The features such as their best selections.Data store the safety problem for concerning data the most beyond the clouds.
In the prior art, the encryption of corresponding data is mainly realized by single encryption key, specifically, using same The data in high in the clouds are encrypted in one encryption key.If the key is cracked, all data of high in the clouds storage can all be revealed.
As can be seen from the above description, in the scheme of existing data processing, the safety of data is relatively low.
Invention content
An embodiment of the present invention provides a kind of systems of data processing, can improve the safety of data.
In a first aspect, an embodiment of the present invention provides a kind of systems of data processing, including:
Client, encrypting and decrypting device, Key Management server, management node server and data node server;
The client, the user information for exporting be-encrypted data and active user;
The Key Management server determines the active user's for the user information according to the active user Encryption key, whenever receiving the replacement instruction that the management node server is sent, according to the user of the active user Information replaces the encryption key of the active user;
The management node server, the data volume for detecting the current encryption keys in real time are more than or equal to The data-quantity threshold, if it is, sending the replacement instruction to the Key Management server;
The encrypting and decrypting device, for using the current encryption key, piecemeal to be carried out to the be-encrypted data Encryption;
The back end server, for preserving the encrypted be-encrypted data.
With reference to first aspect, in the first possible realization method of first aspect, the encrypting and decrypting device and institute Client is stated to be connected;
The client, for the be-encrypted data to be sent to the encrypting and decrypting device, by the active user User information be sent to the Key Management server, it is described current whenever receive that the Key Management server sends When the encryption key of user, the encryption key of the active user is sent to the encrypting and decrypting device, the encryption is solved The encrypted be-encrypted data that close device is sent is sent to the back end server;
The encrypting and decrypting device, for whenever the encryption key for receiving the active user that the client is sent When, the data of unencryption in be-encrypted data described in the encryption key block encryption using the active user received will The encrypted be-encrypted data is sent to the client;
The Key Management server determines the active user's for the user information according to the active user The encryption key of the active user is sent to the client by encryption key, whenever receiving the management node service When the replacement instruction that device is sent, according to the user information of the active user, the encryption key of the active user is replaced, it will more The encryption key of the active user after changing is sent to the client.
With reference to first aspect, in second of possible realization method of first aspect, the encrypting and decrypting device and institute Key Management server is stated to be connected;
The client, for the user information of the be-encrypted data and the active user to be sent to the key Management server;
The Key Management server, the be-encrypted data for sending the client are sent to the encryption Decryption device determines the encryption key of the active user according to the user information of the active user, by the active user Encryption key be sent to the encrypting and decrypting device, whenever receiving the replacement instruction that the management node server sends When, according to the user information of the active user, the encryption key of the active user is replaced, by the current use after replacement The encryption key at family is sent to the encrypting and decrypting device, the encrypting and decrypting device is sent encrypted described to be encrypted Data are sent to the back end server;
The encrypting and decrypting device, for whenever receiving the active user's that the Key Management server is sent When encryption key, unencryption in be-encrypted data described in the encryption key block encryption using the active user received The encrypted be-encrypted data is sent to the Key Management server by data.
With reference to first aspect, in the third possible realization method of first aspect, the encrypting and decrypting device and institute Back end server is stated to be connected;
The client, for the user information of the be-encrypted data and the active user to be sent to the data Node server;
The back end server, for the user information of the active user to be sent to the cipher key management services The be-encrypted data is sent to the encrypting and decrypting device by device, whenever receiving what the Key Management server was sent When the encryption key of the active user, the encryption key of the active user is sent to the encrypting and decrypting device, is preserved The encrypted be-encrypted data that the encrypting and decrypting device is sent;
The Key Management server determines the active user's for the user information according to the active user The encryption key of the active user is sent to the back end server by encryption key, whenever receiving the management When the replacement instruction that node server is sent, according to the user information of the active user, the encryption of the active user is replaced The encryption key of the active user after replacement is sent to the back end server by key;
The encrypting and decrypting device, for whenever receiving the active user's that the back end server is sent When encryption key, unencryption in be-encrypted data described in the encryption key block encryption using the active user received The encrypted be-encrypted data is sent to the back end server by data.
The possible realization method of with reference to first aspect the first, in the 4th kind of possible realization method of first aspect In,
The management node server is further used for determining the first key of each encryption key of the active user Label determines the data that each first key marks corresponding encryption key encrypted, determines the be-encrypted data pair The metadata answered returns to described first when receiving the first read data request that the client is sent to the client The corresponding target first key label of the requested first object data of read data request and the first object data correspond to First object metadata;
The client is further used for sending first read data request to the management node server, receive The target first key label and the first object metadata that the management node server returns, by the target the The user information of one key tag and the active user are sent to the Key Management server, by the first object member number According to the back end server is sent to, the first decruption key of target and the number that the Key Management server is sent The first ciphertext of target sent according to node server is sent to the encrypting and decrypting device, receives the encrypting and decrypting device and sends The first object data;
The Key Management server is further used for establishing and establishes first key label and the first solution for each user First correspondence of key determines described current according to the user information for the active user that the client is sent The first correspondence of user, the target sent according to the first correspondence of the active user and the client One key tag determines that the target first key marks corresponding the first decruption key of the target, by the target first Decruption key is sent to the client;
The back end server is further used for the first object metadata sent according to the client, The first ciphertext of target of the first object data is sent to the client;
The encrypting and decrypting device is further used for the first decruption key of the target sent using the client, The first ciphertext of the target that the client is sent is decrypted, the first object data that will be decrypted are sent to The client.
Second of possible realization method with reference to first aspect, in the 5th kind of possible realization method of first aspect In,
The management node server is further used for determining the second key of each encryption key of the active user Label determines the encrypted data of the corresponding encryption key of each second key tag, determines the be-encrypted data pair The metadata answered returns to described second when receiving the second read data request that the client is sent to the client Corresponding the second key tag of target of requested second target data of read data request and second target data correspond to The second target metadata;
The client is further used for sending second read data request to the management node server, receive The second key tag of the target and second target metadata that the management node server returns, by the target the The user information of two key tags and the active user are sent to the Key Management server, by the second target element number According to the back end server is sent to, second target data that the Key Management server is sent is received;
The Key Management server is further used for establishing and establishes the second key tag and the second solution for each user Second correspondence of key determines described current according to the user information for the active user that the client is sent The second correspondence of user, the target sent according to the second correspondence of the active user and the client Two key tags determine corresponding the second decruption key of the target of the second key tag of the target, by the target second The second ciphertext of target that decruption key and the back end server are sent, is sent to the encrypting and decrypting device, will be described Second target data that encrypting and decrypting device is sent is sent to the client;
The back end server is further used for second target metadata sent according to the client, The second ciphertext of target of second target data is sent to the Key Management server;
The encrypting and decrypting device is further used for solving using the target second that the Key Management server is sent Key is decrypted the second ciphertext of the target that the Key Management server is sent, described second will decrypted Target data is sent to the Key Management server.
The third possible realization method with reference to first aspect, in the 6th kind of possible realization method of first aspect In,
The management node server is further used for determining the third key of each encryption key of the active user Label determines the encrypted data of the corresponding encryption key of each third key tag, determines the be-encrypted data pair The metadata answered returns to the third when receiving the third read data request that the client is sent to the client The corresponding target third key tag of the requested third target data of read data request and the third target data correspond to Third target metadata;
The client is further used for sending the third read data request to the management node server, receive The target third key tag and the third target metadata that the management node server returns, by the target the Three key tags, the user information of the active user and the third target metadata are sent to the back end service Device receives the third target data that the back end server is sent;
The Key Management server is further used for establishing and establishes third key tag and third solution for each user The third correspondence of key is determined according to the user information for the active user that the back end server is sent The third correspondence of the active user, according to the third correspondence of the active user and the back end server The target third key tag sent determines that the corresponding target third decryption of the target third key tag is close The target third decruption key is sent to the back end server by key;
The back end server, be further used for the target third key tag for sending the client and The user information of the active user is sent to the Key Management server, the third mesh sent according to the client Metadata is marked, the target third ciphertext of the third target data is determined, by the target third ciphertext and the key management The target third decruption key that server is sent is sent to the encrypting and decrypting device, and the encrypting and decrypting device is sent The third target data be sent to the client;
The encrypting and decrypting device is further used for the target third solution sent using the back end server Key is decrypted the target third ciphertext that the back end server is sent, the third that will be decrypted Target data is sent to the back end server.
With reference to first aspect, in the 7th kind of possible realization method of first aspect,
The client, for the be-encrypted data to be split, the be-encrypted data after output segmentation.
With reference to first aspect, in the 8th kind of possible realization method of first aspect,
The encrypting and decrypting device, including:Isomery accelerator card.
With reference to first aspect, appoint in the first possible realization method of first aspect to the 8th kind of possible realization method Meaning is a kind of, in the 9th kind of possible realization method of first aspect,
The system further comprises:
Express network interchanger, for being the Key Management server, the management node server and the data Node server provides high-speed data interactive service.
In embodiments of the present invention, Key Management server determines active user's according to the user information of active user Encryption key, for different users, encryption key is also different.Whenever management node server detects current encryption key When encrypted data volume reaches data-quantity threshold, the encryption key that Key Management server more renews is notified that, after replacement Encryption key be encrypted, if some encryption key is cracked, also only can reveal the encrypted data of the encryption key, no Other data can be revealed, the safety of data is greatly improved.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention Some embodiments for those of ordinary skill in the art without creative efforts, can also basis These attached drawings obtain other attached drawings.
Fig. 1 is a kind of schematic diagram of the system for data processing that one embodiment of the invention provides;
Fig. 2 is the schematic diagram of the system for another data processing that one embodiment of the invention provides;
Fig. 3 is the schematic diagram of the system for another data processing that one embodiment of the invention provides;
Fig. 4 is the schematic diagram of the system for another data processing that one embodiment of the invention provides.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments, based on the embodiments of the present invention, those of ordinary skill in the art The every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
As shown in Figure 1, an embodiment of the present invention provides a kind of systems of data processing, including:
Client 101, encrypting and decrypting device 102, Key Management server 103, management node server 104 and data section Point server 105;
The client 101, the user information for exporting be-encrypted data and active user;
The Key Management server 103 determines the active user for the user information according to the active user Encryption key, whenever receiving the replacement instruction that the management node server sends, according to the use of the active user Family information replaces the encryption key of the active user;
The management node server 104, the data volume for detecting the current encryption keys in real time are more than Equal to the data-quantity threshold, if it is, sending the replacement instruction to the Key Management server;
The encrypting and decrypting device 102, for using the current encryption key, dividing the be-encrypted data Block encryption;
The back end server 105, for preserving the encrypted be-encrypted data.
In embodiments of the present invention, Key Management server determines active user's according to the user information of active user Encryption key, for different users, encryption key is also different.Whenever management node server detects current encryption key When encrypted data volume reaches data-quantity threshold, the encryption key that Key Management server more renews is notified that, after replacement Encryption key be encrypted, if some encryption key is cracked, also only can reveal the encrypted data of the encryption key, no Other data can be revealed, the safety of data is greatly improved.
According to the deployed position of encrypting and decrypting device, the system of data processing provided in an embodiment of the present invention may include with Lower three kinds of realization methods:
In the first realization method, the encrypting and decrypting device is connected with the client.
In the first realization method, the storage of data is accomplished by the following way:
The client, for the be-encrypted data to be sent to the encrypting and decrypting device, by the active user User information be sent to the Key Management server, it is described current whenever receive that the Key Management server sends When the encryption key of user, the encryption key of the active user is sent to the encrypting and decrypting device, the encryption is solved The encrypted be-encrypted data that close device is sent is sent to the back end server;
The encrypting and decrypting device, for whenever the encryption key for receiving the active user that the client is sent When, the data of unencryption in be-encrypted data described in the encryption key block encryption using the active user received will The encrypted be-encrypted data is sent to the client;
The Key Management server determines the active user's for the user information according to the active user The encryption key of the active user is sent to the client by encryption key, whenever receiving the management node service When the replacement instruction that device is sent, according to the user information of the active user, the encryption key of the active user is replaced, it will more The encryption key of the active user after changing is sent to the client.
Specifically, in the first realization method, the storing process of data is as follows:
The data volume that management node server detects current encryption keys in real time is more than or equal to data-quantity threshold, such as Fruit is then to be sent to Key Management server and replace instruction;
Be-encrypted data is sent to encrypting and decrypting device by client, and the user information of active user is sent to key pipe Manage server;
Key Management server determines the encryption key of active user according to the user information of active user, will currently use The encryption key at family is sent to client, whenever receiving the replacement instruction that management node server is sent, is used according to current The user information at family replaces the encryption key of active user, and the encryption key of the active user after replacement is sent to client;
Client is whenever receiving the encryption key for the active user that Key Management server is sent, by active user's Encryption key is sent to encrypting and decrypting device;
Encrypting and decrypting device is worked as whenever receiving the encryption key for the active user that client is sent using what is received The data of unencryption, visitor is sent to by encrypted be-encrypted data in the encryption key block encryption be-encrypted data of preceding user Family end;
The encrypted be-encrypted data that encrypting and decrypting device is sent is sent to back end server by client;
Back end server preserves encrypted be-encrypted data.
In the first realization method, the reading of data is accomplished by the following way:
The management node server is further used for determining the first key of each encryption key of the active user Label determines the data that each first key marks corresponding encryption key encrypted, determines the be-encrypted data pair The metadata answered returns to described first when receiving the first read data request that the client is sent to the client The corresponding target first key label of the requested first object data of read data request and the first object data correspond to First object metadata;
The client is further used for sending first read data request to the management node server, receive The target first key label and the first object metadata that the management node server returns, by the target the The user information of one key tag and the active user are sent to the Key Management server, by the first object member number According to the back end server is sent to, the first decruption key of target and the number that the Key Management server is sent The first ciphertext of target sent according to node server is sent to the encrypting and decrypting device, receives the encrypting and decrypting device and sends The first object data;
The Key Management server is further used for establishing and establishes first key label and the first solution for each user First correspondence of key determines described current according to the user information for the active user that the client is sent The first correspondence of user, the target sent according to the first correspondence of the active user and the client One key tag determines that the target first key marks corresponding the first decruption key of the target, by the target first Decruption key is sent to the client;
The back end server is further used for the first object metadata sent according to the client, The first ciphertext of target of the first object data is sent to the client;
The encrypting and decrypting device is further used for the first decruption key of the target sent using the client, The first ciphertext of the target that the client is sent is decrypted, the first object data that will be decrypted are sent to The client.
Specifically, in the first realization method, the reading process of data is as follows:
Key Management server establishes the first couple that first key label and the first decruption key is established for each user It should be related to;
Management node server determines the first key label of each encryption key of active user, determines that each first is close The data that key marks corresponding encryption key encrypted determine the corresponding metadata of be-encrypted data;
Client sends the first read data request to management node server;
Management node server returns to the corresponding mesh of the requested first object data of the first read data request to client Mark first key label and the corresponding first object metadata of first object data;
Client receives the target first key label and first object metadata that management node server returns, by target First key marks and the user information of active user is sent to Key Management server, and first object metadata is sent to number According to node server;
The user information for the active user that Key Management server is sent according to client, determines the first couple of active user It should be related to, be marked according to the target first key that the first correspondence and client of active user are sent, determine target first Corresponding the first decruption key of target of key tag, client is sent to by the first decruption key of target;
The first object metadata that back end server is sent according to client sends first object data to client The first ciphertext of target;
Client is by the first decruption key of target that Key Management server is sent and mesh that data node server is sent It marks the first ciphertext and is sent to encrypting and decrypting device;
The first decruption key of target that encrypting and decrypting device is sent using client, the target first sent to client are close Text is decrypted, and the first object data that will be decrypted are sent to client;
Client receives the first object data that encrypting and decrypting device is sent.
Specifically, encrypting and decrypting device can be isomery accelerator card.Encrypting and decrypting device can be inserted in by PCIE interfaces In the mainboard expansion slot of client.Data are to be transferred to back end server after encryption, therefore, the transimission and storage of data The close states of Shi Juncheng, safety higher.
In Key Management server, each user corresponds to first correspondence, and first in each user corresponds to In relationship, each user can correspond to multiple first decruption keys.Key Management server can be with management node server about The first key label of fixed each first decruption key.Such as:As soon as Key Management server often determines an encryption key, really The first key label of the fixed encryption key, and first key label is sent to management node server.
As shown in Fig. 2, a kind of system of data processing of the first realization method provided in an embodiment of the present invention, including: Client 201, encrypting and decrypting device 202, Key Management server 203, management node server 204 and data node server 205。
Client 201 respectively with encrypting and decrypting device 202, Key Management server 203, management node server 204 and Back end server 205 is connected;
Key Management server 203 is connected with management node server 204.
In second of realization method, the encrypting and decrypting device is connected with the Key Management server.
In second of realization method, the storage of data is accomplished by the following way:
The client, for the user information of the be-encrypted data and the active user to be sent to the key Management server;
The Key Management server, the be-encrypted data for sending the client are sent to the encryption Decryption device determines the encryption key of the active user according to the user information of the active user, by the active user Encryption key be sent to the encrypting and decrypting device, whenever receiving the replacement instruction that the management node server sends When, according to the user information of the active user, the encryption key of the active user is replaced, by the current use after replacement The encryption key at family is sent to the encrypting and decrypting device, the encrypting and decrypting device is sent encrypted described to be encrypted Data are sent to the back end server;
The encrypting and decrypting device, for whenever receiving the active user's that the Key Management server is sent When encryption key, unencryption in be-encrypted data described in the encryption key block encryption using the active user received The encrypted be-encrypted data is sent to the Key Management server by data.
Specifically, in second of realization method, the storing process of data is as follows:
The data volume that management node server detects current encryption keys in real time is more than or equal to data-quantity threshold, such as Fruit is then to be sent to Key Management server and replace instruction;
The user information of be-encrypted data and active user are sent to Key Management server by client;
The be-encrypted data that client is sent is sent to encrypting and decrypting device by Key Management server, according to active user User information, determine the encryption key of active user, the encryption key of active user be sent to encrypting and decrypting device, whenever When receiving the replacement instruction that management node server is sent, according to the user information of active user, adding for active user is replaced The encryption key of active user after replacement is sent to encrypting and decrypting device by key
Encrypting and decrypting device is whenever receiving the encryption key for the active user that Key Management server is sent, using connecing The data of unencryption in the encryption key block encryption be-encrypted data of the active user received, by encrypted be-encrypted data It is sent to Key Management server.
The encrypted be-encrypted data that encrypting and decrypting device is sent is sent to back end clothes by Key Management server Business device.
Back end server preserves encrypted be-encrypted data.
In second of realization method, the reading of data is accomplished by the following way:
The management node server is further used for determining the second key of each encryption key of the active user Label determines the encrypted data of the corresponding encryption key of each second key tag, determines the be-encrypted data pair The metadata answered returns to described second when receiving the second read data request that the client is sent to the client Corresponding the second key tag of target of requested second target data of read data request and second target data correspond to The second target metadata;
The client is further used for sending second read data request to the management node server, receive The second key tag of the target and second target metadata that the management node server returns, by the target the The user information of two key tags and the active user are sent to the Key Management server, by the second target element number According to the back end server is sent to, second target data that the Key Management server is sent is received;
The Key Management server is further used for establishing and establishes the second key tag and the second solution for each user Second correspondence of key determines described current according to the user information for the active user that the client is sent The second correspondence of user, the target sent according to the second correspondence of the active user and the client Two key tags determine corresponding the second decruption key of the target of the second key tag of the target, by the target second The second ciphertext of target that decruption key and the back end server are sent, is sent to the encrypting and decrypting device, will be described Second target data that encrypting and decrypting device is sent is sent to the client;
The back end server is further used for second target metadata sent according to the client, The second ciphertext of target of second target data is sent to the Key Management server;
The encrypting and decrypting device is further used for solving using the target second that the Key Management server is sent Key is decrypted the second ciphertext of the target that the Key Management server is sent, described second will decrypted Target data is sent to the Key Management server.
Specifically, in second of realization method, the reading process of data is as follows:
Key Management server establishes the second couple that the second key tag and the second decruption key are established for each user It should be related to;
Management node server determines the second key tag of each encryption key of active user, determines that each second is close The data that key marks corresponding encryption key encrypted determine the corresponding metadata of be-encrypted data;
Client sends the second read data request to management node server;
Management node server returns to second when receiving the second read data request that client is sent, to client and reads Corresponding the second key tag of target of requested second target data of request of data and the second target data corresponding second Target metadata;
Client receives the second key tag of target and the second target metadata that management node server returns, by target The user information of second key tag and active user are sent to Key Management server, and the second target metadata is sent to number According to node server;
The second target metadata that back end server is sent according to client sends second to Key Management server The second ciphertext of target of target data;
The user information for the active user that Key Management server is sent according to client, determines the second couple of active user It should be related to, the second key tag of target sent according to the second correspondence and client of active user determines target second Corresponding the second decruption key of target of key tag, the target that the second decruption key of target and data node server are sent Two ciphertexts are sent to encrypting and decrypting device;
The second decruption key of target that encrypting and decrypting device is sent using Key Management server, to Key Management server The second ciphertext of target sent is decrypted, and the second target data that will be decrypted is sent to Key Management server;
The second target data that encrypting and decrypting device is sent is sent to client by Key Management server;
Client receives the second target data that Key Management server is sent.
Specifically, encrypting and decrypting device can be isomery accelerator card.Encrypting and decrypting device can be inserted in by PCIE interfaces In the mainboard expansion slot of Key Management server.
In Key Management server, each user corresponds to second correspondence, and second in each user corresponds to In relationship, each user can correspond to multiple second decruption keys.Key Management server can be with management node server about Second key tag of fixed each second decruption key.Such as:As soon as Key Management server often determines an encryption key, really Second key tag of the fixed encryption key, and the second key tag is sent to management node server.
As shown in figure 3, a kind of system of data processing of second of realization method provided in an embodiment of the present invention, including: Client 301, encrypting and decrypting device 302, Key Management server 303, management node server 304 and data node server 305。
Client 301 respectively with Key Management server 303, management node server 304 and data node server 305 It is connected;
Key Management server 303 takes with encrypting and decrypting device 302, management node server 304 and back end respectively Business device 305 is connected.
In the third realization method, the encrypting and decrypting device is connected with the back end server.
In the third realization method, the storage of data is accomplished by the following way:
The client, for the user information of the be-encrypted data and the active user to be sent to the data Node server;
The back end server, for the user information of the active user to be sent to the cipher key management services The be-encrypted data is sent to the encrypting and decrypting device by device, whenever receiving what the Key Management server was sent When the encryption key of the active user, the encryption key of the active user is sent to the encrypting and decrypting device, is preserved The encrypted be-encrypted data that the encrypting and decrypting device is sent;
The Key Management server determines the active user's for the user information according to the active user The encryption key of the active user is sent to the back end server by encryption key, whenever receiving the management When the replacement instruction that node server is sent, according to the user information of the active user, the encryption of the active user is replaced The encryption key of the active user after replacement is sent to the back end server by key;
The encrypting and decrypting device, for whenever receiving the active user's that the back end server is sent When encryption key, unencryption in be-encrypted data described in the encryption key block encryption using the active user received The encrypted be-encrypted data is sent to the back end server by data.
Specifically, in the third realization method, the storing process of data is as follows:
The data volume that management node server detects current encryption keys in real time is more than or equal to data-quantity threshold, such as Fruit is then to be sent to Key Management server and replace instruction;
The user information of be-encrypted data and active user is sent to back end server by client;
The user information of active user is sent to Key Management server by back end server, and be-encrypted data is sent out Give encrypting and decrypting device;
Key Management server determines the encryption key of active user according to the user information of active user, will currently use The encryption key at family is sent to back end server, whenever receiving the replacement instruction that management node server is sent, root According to the user information of active user, the encryption key of active user is replaced, the encryption key of the active user after replacement is sent Give back end server;
Back end server will work as whenever receiving the encryption key for the active user that Key Management server is sent The encryption key of preceding user is sent to encrypting and decrypting device;
Encrypting and decrypting device is whenever receiving the encryption key for the active user that back end server is sent, using connecing The data of unencryption in the encryption key block encryption be-encrypted data of the active user received, by encrypted be-encrypted data It is sent to back end server;
Back end server preserves the encrypted be-encrypted data that encrypting and decrypting device is sent.
In the third realization method, the reading of data is accomplished by the following way:
The management node server is further used for determining the third key of each encryption key of the active user Label determines the encrypted data of the corresponding encryption key of each third key tag, determines the be-encrypted data pair The metadata answered returns to the third when receiving the third read data request that the client is sent to the client The corresponding target third key tag of the requested third target data of read data request and the third target data correspond to Third target metadata;
The client is further used for sending the third read data request to the management node server, receive The target third key tag and the third target metadata that the management node server returns, by the target the Three key tags, the user information of the active user and the third target metadata are sent to the back end service Device receives the third target data that the back end server is sent;
The Key Management server is further used for establishing and establishes third key tag and third solution for each user The third correspondence of key is determined according to the user information for the active user that the back end server is sent The third correspondence of the active user, according to the third correspondence of the active user and the back end server The target third key tag sent determines that the corresponding target third decryption of the target third key tag is close The target third decruption key is sent to the back end server by key;
The back end server, be further used for the target third key tag for sending the client and The user information of the active user is sent to the Key Management server, the third mesh sent according to the client Metadata is marked, the target third ciphertext of the third target data is determined, by the target third ciphertext and the key management The target third decruption key that server is sent is sent to the encrypting and decrypting device, and the encrypting and decrypting device is sent The third target data be sent to the client;
The encrypting and decrypting device is further used for the target third solution sent using the back end server Key is decrypted the target third ciphertext that the back end server is sent, the third that will be decrypted Target data is sent to the back end server.
Specifically, in the third realization method, the reading process of data is as follows:
Key Management server establishes the third pair that third key tag and third decruption key are established for each user It should be related to;
Management node server determines the third key tag of each encryption key of active user, determines that each third is close The data that key marks corresponding encryption key encrypted determine the corresponding metadata of be-encrypted data;
Client sends third read data request to management node server;
Management node server returns to third when receiving the third read data request that client is sent, to client and reads The corresponding target third key tag of the requested third target data of request of data and the corresponding third of third target data Target metadata;
Client receives the target third key tag and third target metadata that management node server returns, by target Third key tag, the user information of active user and third target metadata are sent to back end server;
The user information for the target third key tag and active user that back end server sends client is sent To Key Management server, the third target metadata sent according to client determines that the target third of third target data is close Text;
The user information for the active user that Key Management server is sent according to back end server, determines active user Third correspondence, the target third key mark sent according to the third correspondence of active user and data node server Note, determines the corresponding target third decruption key of target third key tag, target third decruption key is sent to data section Point server;
The target third decruption key that back end server sends target third ciphertext and Key Management server is sent out Give encrypting and decrypting device;
The target third decruption key that encrypting and decrypting device is sent using back end server, to data node server The target third ciphertext sent is decrypted, and the third target data that will be decrypted is sent to back end server;
The third target data that encrypting and decrypting device is sent is sent to client by back end server;
Client receives the third target data that back end server is sent.
Specifically, encrypting and decrypting device can be isomery accelerator card.Encrypting and decrypting device can be inserted in by PCIE interfaces In the mainboard expansion slot of Key Management server.
In Key Management server, each user corresponds to second correspondence, and second in each user corresponds to In relationship, each user can correspond to multiple second decruption keys.Key Management server can be with management node server about Second key tag of fixed each second decruption key.Such as:As soon as Key Management server often determines an encryption key, really Second key tag of the fixed encryption key, and the second key tag is sent to management node server.
As shown in figure 4, a kind of system of data processing of the third realization method provided in an embodiment of the present invention, including: Client 401, encrypting and decrypting device 402, Key Management server 403, management node server 404 and data node server 405。
Client 401 is connected with management node server 404 and data node server 405 respectively;
Back end server 405 is connected with encrypting and decrypting device 402, Key Management server 403 respectively;
Key Management server 403 is connected with management node server 404.
Wherein, the corresponding metadata of be-encrypted data is the index of be-encrypted data, can be determined by metadata to be added The position that ciphertext data stores in back end server.
In an embodiment of the present invention, the client, for the be-encrypted data to be split, after output segmentation The be-encrypted data.
Specifically, for encrypting and decrypting device after the be-encrypted data after getting segmentation, block-by-block carries out be-encrypted data Encryption.
In an embodiment of the present invention, the encrypting and decrypting device, including:Isomery accelerator card.
Specifically, encrypting and decrypting device can be realized by the isomery accelerator card based on FPGA.It can realize quickly simultaneously Row operation substantially increases the rate of data encryption, decryption.
In an embodiment of the present invention, which further comprises:
Express network interchanger, for being the Key Management server, the management node server and the data Node server provides high-speed data interactive service.
In an embodiment of the present invention, management node server can be worked as by what is stored in detection data node server The data of preceding encryption keys, to judge that the data volume of current encryption keys is more than or equal to data-quantity threshold.
In embodiments of the present invention, the data isolation storage encryption based on user is realized, effective guarantee user data is deposited The safety of storage, the embodiment of the present invention are suitable for distributed storage architecture, it then follows distributed storage rule presses user after deblocking It is stored in each back end server.The embodiment of the present invention supports storage resource elasticity dilatation, supports single user storage data super The key for crossing threshold value rolls, and then increases the safety of data storage.
Wherein, client is used to connect user and rear end cluster, management node server and data as front end Web system Composition of the node server as rear end distributed storage cluster, front end Web system and rear end group system have collectively constituted cloud The typical architecture of storage, express network interchanger then provide high-speed data for each server node and exchange, cipher key management services Device mainly provides key for user's accessing storage resources according to user's self information and supports, encrypting and decrypting device is used for rapid data Encryption and decryption operation.
Different user data effectively can be carried out separation storage by the embodiment of the present invention by block, without on physical resource It is isolated, is highly suitable for being disposed on distributed storage architecture.
It should be noted that:Data-quantity threshold can be with manual configuration.User information can refer to distinguish the letter of different user Breath, can be specifically digital certificate or token information.
Encryption key in Key Management server can import in advance, can also be according to user information according to one Determine algorithm generation.
Client can access the window of storage system as user, specifically, can be used as and access back end service The window of the data stored in device.Management node server can be used for the management and scheduling of storage system, specifically, can be right The data stored in back end server are managed and dispatch.
In embodiments of the present invention, may exist at least two clients.There may be at least two back end services Device.
In the first realization method, each client can configure an encrypting and decrypting device.
In the third realization method, each back end server can configure an encrypting and decrypting device.
The present invention is mainly under cloud storage environment, to ensure secure user data, the data isolation based on user of proposition Encryption technology is stored, the technology first is suitable for the cloud storage structure of distributed structure/architecture,
The each embodiment of the present invention at least has the advantages that:
1, in embodiments of the present invention, Key Management server determines active user according to the user information of active user Encryption key, for different users, encryption key is also different.Whenever management node server detects that current encryption is close When the encrypted data volume of key reaches data-quantity threshold, it is notified that the encryption key that Key Management server more renews, utilizes replacement Encryption key afterwards is encrypted, if some encryption key is cracked, also only can reveal the encrypted data of the encryption key, Other data will not be revealed, the safety of data is greatly improved.
2, in embodiments of the present invention, the data isolation storage encryption based on user, effective guarantee user data are realized The safety of storage, the embodiment of the present invention are suitable for distributed storage architecture, it then follows distributed storage rule, by using after deblocking Family is stored in each back end server.The embodiment of the present invention supports storage resource elasticity dilatation, and single user is supported to store data Key more than threshold value rolls, and then increases the safety of data storage.
It should be noted that herein, such as first and second etc relational terms are used merely to an entity Or operation is distinguished with another entity or operation, is existed without necessarily requiring or implying between these entities or operation Any actual relationship or order.Moreover, the terms "include", "comprise" or its any other variant be intended to it is non- It is exclusive to include, so that the process, method, article or equipment including a series of elements includes not only those elements, But also include other elements that are not explicitly listed, or further include solid by this process, method, article or equipment Some elements.In the absence of more restrictions, the element limited by sentence " including one ", is not arranged Except there is also other identical factors in the process, method, article or apparatus that includes the element.
One of ordinary skill in the art will appreciate that:Realize that all or part of step of above method embodiment can pass through The relevant hardware of program instruction is completed, and program above-mentioned can be stored in computer-readable storage medium, the program When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes:ROM, RAM, magnetic disc or light In the various media that can store program code such as disk.
Finally, it should be noted that:The foregoing is merely presently preferred embodiments of the present invention, is merely to illustrate the skill of the present invention Art scheme, is not intended to limit the scope of the present invention.Any modification for being made all within the spirits and principles of the present invention, Equivalent replacement, improvement etc., are included within the scope of protection of the present invention.

Claims (10)

1. a kind of system of data processing, which is characterized in that including:
Client, encrypting and decrypting device, Key Management server, management node server and data node server;
The client, the user information for exporting be-encrypted data and active user;
The Key Management server determines the encryption of the active user for the user information according to the active user Key, whenever receiving the replacement instruction that the management node server sends, according to the user information of the active user, Replace the encryption key of the active user;
The management node server, the data volume for detecting the current encryption keys in real time are more than or equal to described Data-quantity threshold, if it is, sending the replacement instruction to the Key Management server;
The encrypting and decrypting device, for using the current encryption key, block encryption to be carried out to the be-encrypted data;
The back end server, for preserving the encrypted be-encrypted data.
2. system according to claim 1, which is characterized in that
The encrypting and decrypting device is connected with the client;
The client, for the be-encrypted data to be sent to the encrypting and decrypting device, by the use of the active user Family information is sent to the Key Management server, whenever the active user for receiving the Key Management server and sending Encryption key when, the encryption key of the active user is sent to the encrypting and decrypting device, the encrypting and decrypting is filled It sets the encrypted be-encrypted data sent and is sent to the back end server;
The encrypting and decrypting device, for whenever receiving the encryption key for the active user that the client is sent, The data of unencryption, will encrypt in be-encrypted data described in encryption key block encryption using the active user received The be-encrypted data afterwards is sent to the client;
The Key Management server determines the encryption of the active user for the user information according to the active user The encryption key of the active user is sent to the client by key, is sent out whenever receiving the management node server When the replacement instruction come, according to the user information of the active user, the encryption key of the active user is replaced, after replacement The encryption key of the active user be sent to the client.
3. system according to claim 1, which is characterized in that
The encrypting and decrypting device is connected with the Key Management server;
The client, for the user information of the be-encrypted data and the active user to be sent to the key management Server;
The Key Management server, the be-encrypted data for sending the client are sent to the encrypting and decrypting Device determines the encryption key of the active user according to the user information of the active user, by adding for the active user Key is sent to the encrypting and decrypting device, whenever receiving the replacement instruction that the management node server is sent, root According to the user information of the active user, the encryption key of the active user is replaced, by the active user's after replacement Encryption key is sent to the encrypting and decrypting device, the encrypted be-encrypted data that the encrypting and decrypting device is sent It is sent to the back end server;
The encrypting and decrypting device, for whenever the encryption for receiving the active user that the Key Management server is sent When key, the number of unencryption in be-encrypted data described in the encryption key block encryption using the active user received According to the encrypted be-encrypted data is sent to the Key Management server.
4. system according to claim 1, which is characterized in that
The encrypting and decrypting device is connected with the back end server;
The client, for the user information of the be-encrypted data and the active user to be sent to the back end Server;
The back end server, for the user information of the active user to be sent to the Key Management server, The be-encrypted data is sent to the encrypting and decrypting device, whenever receiving described in the Key Management server sends When the encryption key of active user, the encryption key of the active user is sent to the encrypting and decrypting device, described in preservation The encrypted be-encrypted data that encrypting and decrypting device is sent;
The Key Management server determines the encryption of the active user for the user information according to the active user The encryption key of the active user is sent to the back end server by key, whenever receiving the management node When the replacement instruction that server is sent, according to the user information of the active user, the encryption key of the active user is replaced, The encryption key of the active user after replacement is sent to the back end server;
The encrypting and decrypting device, for whenever the encryption for receiving the active user that the back end server is sent When key, the number of unencryption in be-encrypted data described in the encryption key block encryption using the active user received According to the encrypted be-encrypted data is sent to the back end server.
5. system according to claim 2, which is characterized in that
The management node server is further used for determining the first key mark of each encryption key of the active user Note determines the data that each first key marks corresponding encryption key encrypted, determines that the be-encrypted data corresponds to Metadata, when receiving the first read data request that the client is sent, to the client return it is described first read The corresponding target first key label of the requested first object data of request of data and the first object data are corresponding First object metadata;
The client is further used for sending first read data request to the management node server, described in reception The target first key label and the first object metadata that management node server returns, the target first is close Key marks and the user information of the active user is sent to the Key Management server, and the first object metadata is sent out The back end server is given, the first decruption key of target that the Key Management server is sent and the data section The first ciphertext of target that point server is sent is sent to the encrypting and decrypting device, receives the institute that the encrypting and decrypting device is sent State first object data;
The Key Management server, be further used for establish for each user establish first key label and first decrypt it is close First correspondence of key determines the active user according to the user information for the active user that the client is sent The first correspondence, the target first sent according to the first correspondence of the active user and the client is close Key marks, and determines that the target first key marks corresponding the first decruption key of the target, the target first is decrypted Key is sent to the client;
The back end server is further used for the first object metadata sent according to the client, to institute State the first ciphertext of target that client sends the first object data;
The encrypting and decrypting device is further used for the first decruption key of the target sent using the client, to institute It states the first ciphertext of the target that client is sent to be decrypted, the first object data that will be decrypted, be sent to described Client.
6. system according to claim 3, which is characterized in that
The management node server is further used for determining the second key mark of each encryption key of the active user Note determines the encrypted data of the corresponding encryption key of each second key tag, determines that the be-encrypted data corresponds to Metadata, when receiving the second read data request that the client is sent, to the client return it is described second read Corresponding the second key tag of target of requested second target data of request of data and second target data are corresponding Second target metadata;
The client is further used for sending second read data request to the management node server, described in reception The second key tag of the target and second target metadata that management node server returns, the target second is close Key marks and the user information of the active user is sent to the Key Management server, and second target metadata is sent out The back end server is given, second target data that the Key Management server is sent is received;
The Key Management server, be further used for establish for each user establish the second key tag and second decrypt it is close Second correspondence of key determines the active user according to the user information for the active user that the client is sent The second correspondence, the target second sent according to the second correspondence of the active user and the client is close Key marks, and determines corresponding the second decruption key of the target of the second key tag of the target, the target second is decrypted The second ciphertext of target that key and the back end server are sent, is sent to the encrypting and decrypting device, by the encryption Second target data that decryption device is sent is sent to the client;
The back end server is further used for second target metadata sent according to the client, to institute State the second ciphertext of target that Key Management server sends second target data;
The encrypting and decrypting device, be further used for the target sent using the Key Management server second decrypt it is close The second ciphertext of the target that the Key Management server is sent is decrypted in key, second target that will be decrypted Data are sent to the Key Management server.
7. system according to claim 4, which is characterized in that
The management node server is further used for determining the third key mark of each encryption key of the active user Note determines the encrypted data of the corresponding encryption key of each third key tag, determines that the be-encrypted data corresponds to Metadata return to the third when receiving the third read data request that the client is sent to the client and read The corresponding target third key tag of the requested third target data of request of data and the third target data are corresponding Third target metadata;
The client is further used for sending the third read data request to the management node server, described in reception The target third key tag and the third target metadata that management node server returns, the target third is close Key label, the user information of the active user and the third target metadata are sent to the back end server, connect Receive the third target data that the back end server is sent;
The Key Management server, be further used for establish for each user establish third key tag and third decryption it is close The third correspondence of key, according to the user information for the active user that the back end server is sent, determine described in The third correspondence of active user is sent according to the third correspondence of the active user and the back end server The target third key tag, determine the corresponding target third decruption key of the target third key tag, will The target third decruption key is sent to the back end server;
The back end server is further used for the target third key tag for sending the client and described The user information of active user is sent to the Key Management server, the third target element sent according to the client Data determine the target third ciphertext of the third target data, by the target third ciphertext and the cipher key management services The target third decruption key that device is sent is sent to the encrypting and decrypting device, the institute that the encrypting and decrypting device is sent It states third target data and is sent to the client;
The encrypting and decrypting device is further used for decrypting using the target third that the back end server is sent close The target third ciphertext that the back end server is sent is decrypted in key, the third target that will be decrypted Data are sent to the back end server.
8. system according to claim 1, which is characterized in that
The client, for the be-encrypted data to be split, the be-encrypted data after output segmentation.
9. system according to claim 1, which is characterized in that
The encrypting and decrypting device, including:Isomery accelerator card.
10. according to any system in claim 1-9, which is characterized in that
Further comprise:
Express network interchanger, for being the Key Management server, the management node server and the back end Server provides high-speed data interactive service.
CN201810113588.XA 2018-02-05 2018-02-05 A kind of system of data processing Pending CN108429733A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810113588.XA CN108429733A (en) 2018-02-05 2018-02-05 A kind of system of data processing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810113588.XA CN108429733A (en) 2018-02-05 2018-02-05 A kind of system of data processing

Publications (1)

Publication Number Publication Date
CN108429733A true CN108429733A (en) 2018-08-21

Family

ID=63156552

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810113588.XA Pending CN108429733A (en) 2018-02-05 2018-02-05 A kind of system of data processing

Country Status (1)

Country Link
CN (1) CN108429733A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110099064A (en) * 2019-05-08 2019-08-06 广州创想云科技有限公司 A kind of document handling method based on Internet of Things, device, equipment and storage medium
CN110401689A (en) * 2018-11-23 2019-11-01 腾讯科技(深圳)有限公司 File management method, device and storage medium
CN115174136A (en) * 2022-05-23 2022-10-11 北京旷视科技有限公司 Data acquisition and data transmission method, terminal, server and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488110A (en) * 2008-12-30 2009-07-22 成都市华为赛门铁克科技有限公司 Memory encryption method, apparatus and system
CN103107995A (en) * 2013-02-06 2013-05-15 中电长城网际系统应用有限公司 Cloud computing environmental data secure storage system and method
CN103209202A (en) * 2012-01-16 2013-07-17 联想(北京)有限公司 Method and device for transmitting data
US20170104592A1 (en) * 2015-10-07 2017-04-13 Go Daddy Operating Company, LLC Intermediary organization account asset protection via an encoded physical mechanism
CN107566374A (en) * 2017-09-07 2018-01-09 山东超越数控电子有限公司 A kind of cloud storage data guard method and system based on user isolation storage

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488110A (en) * 2008-12-30 2009-07-22 成都市华为赛门铁克科技有限公司 Memory encryption method, apparatus and system
CN103209202A (en) * 2012-01-16 2013-07-17 联想(北京)有限公司 Method and device for transmitting data
CN103107995A (en) * 2013-02-06 2013-05-15 中电长城网际系统应用有限公司 Cloud computing environmental data secure storage system and method
US20170104592A1 (en) * 2015-10-07 2017-04-13 Go Daddy Operating Company, LLC Intermediary organization account asset protection via an encoded physical mechanism
CN107566374A (en) * 2017-09-07 2018-01-09 山东超越数控电子有限公司 A kind of cloud storage data guard method and system based on user isolation storage

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110401689A (en) * 2018-11-23 2019-11-01 腾讯科技(深圳)有限公司 File management method, device and storage medium
CN110401689B (en) * 2018-11-23 2021-12-10 腾讯科技(深圳)有限公司 File management method, device and storage medium
CN110099064A (en) * 2019-05-08 2019-08-06 广州创想云科技有限公司 A kind of document handling method based on Internet of Things, device, equipment and storage medium
CN110099064B (en) * 2019-05-08 2021-07-09 广州创想云科技有限公司 File processing method, device, equipment and storage medium based on Internet of things
CN115174136A (en) * 2022-05-23 2022-10-11 北京旷视科技有限公司 Data acquisition and data transmission method, terminal, server and storage medium
CN115174136B (en) * 2022-05-23 2024-02-02 北京旷视科技有限公司 Data acquisition and data transmission method, terminal, server and storage medium

Similar Documents

Publication Publication Date Title
US9158925B2 (en) Server-aided private set intersection (PSI) with data transfer
CA3191453A1 (en) Transferring cryptocurrency from a remote limited access wallet
US20070195960A1 (en) Apparatus and method for encrypting data
US20120136960A1 (en) Cloud Storage Data Access Method, Apparatus and System
WO2020224489A1 (en) Blockchain-based bank data sharing method and related apparatus
CN108429733A (en) A kind of system of data processing
CN111052685B (en) Method and apparatus for multi-agent messaging
CN112287379B (en) Service data using method, device, equipment, storage medium and program product
CN104954234A (en) Microblog data acquisition method, microblog data acquisition device and public opinion analysis method
US20180115535A1 (en) Blind En/decryption for Multiple Clients Using a Single Key Pair
CN103475474B (en) Method for providing and acquiring shared enciphered data and identity authentication equipment
CN107204997A (en) The method and apparatus for managing cloud storage data
CN107463848A (en) A kind of application oriented cipher text searching method, apparatus, proxy server and system
CN114282692A (en) Model training method and system for longitudinal federal learning
CN106888213A (en) Cloud ciphertext access control method and system
Li et al. Cloudshare: towards a cost-efficient and privacy-preserving alliance cloud using permissioned blockchains
JP2017174000A (en) Dispersion storage system, dispersion storage program and dispersion storage method
CN109218009A (en) It is a kind of to improve the method for device id safety, client and server
Hossain et al. An extension of vigenere technique to enhance the security of communication
Zhang Research on the security mechanism of cloud computing service model
CN114615090B (en) Data processing method, system, device and medium based on cross-domain label propagation
CN101957895A (en) External rights control management system of electronic record and method thereof
Djamba Cloud-Based Centralizing system for academic history, plagiarism prevention management in Higher Education Institution IN DRC: Benefit, Challenges
Guo et al. RSAE: Ranked keyword search over asymmetric encrypted cloud data
Mohan et al. Enhanced Information Security Over Cloud Computing Environment using Modified Data Cipher Policies

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180821

RJ01 Rejection of invention patent application after publication