CN108566386A - A kind of encryption device management method, device and storage medium based on cloud platform - Google Patents

A kind of encryption device management method, device and storage medium based on cloud platform Download PDF

Info

Publication number
CN108566386A
CN108566386A CN201810252264.4A CN201810252264A CN108566386A CN 108566386 A CN108566386 A CN 108566386A CN 201810252264 A CN201810252264 A CN 201810252264A CN 108566386 A CN108566386 A CN 108566386A
Authority
CN
China
Prior art keywords
space
intended application
encryption device
password
computing unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810252264.4A
Other languages
Chinese (zh)
Inventor
郭晓宇
殷秀静
宋志华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SHANDONG YUWENG INFORMATION TECHNOLOGY Co Ltd
Original Assignee
SHANDONG YUWENG INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHANDONG YUWENG INFORMATION TECHNOLOGY Co Ltd filed Critical SHANDONG YUWENG INFORMATION TECHNOLOGY Co Ltd
Priority to CN201810252264.4A priority Critical patent/CN108566386A/en
Publication of CN108566386A publication Critical patent/CN108566386A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The encryption device management method based on cloud platform that the invention discloses a kind of, by the way that the password storage space of each encryption device and cryptographic calculations space are divided into multiple storage units and computing unit, target resource distribution memory space needed for intended application and calculating space, the storage unit and computing unit used except the intended application, remaining storage unit and computing unit can be used for other application, it avoids and the entire password storage space of encryption device and cryptographic calculations space is all used for the intended application, the problem of so as to avoid being wasted to the space resources of encryption device, in addition, the invention also discloses a kind of encryption device managing device and storage medium based on cloud platform, effect is as above.

Description

A kind of encryption device management method, device and storage medium based on cloud platform
Technical field
The present invention relates to field of information security technology, more particularly to a kind of encryption device management method based on cloud platform, Device and storage medium.
Background technology
With the development of computer technology, user more and more payes attention to the safety of information, and therefore, user passes through various means Cryptoguard is carried out to various equipment and application.Wherein, various encryption devices are accessed under cloud environment, utilize encryption device Password storage space and cryptographic calculations ability provide password storage function and password setting function for various applications.
It is according to application to provide the conventional method of cryptographic service using encryption device for the various applications of access cloud environment The calculating frequency of the service condition or application of key and certificate and the enough password storage space or password of behavior pattern application Calculate space;Entirely the same application will be completely used for by encryption device;But it can not be to encryption device using this kind of method Compartment equalization utilize.For example, the password storage space of an encryption device is 100, cryptographic calculations space is 200;One application is deposited The password storage space needed when storage key, certificate is 50, and cryptographic calculations space is 100, at this point, using conventional method for application It when cryptographic service is provided, then needs entire encryption device being all used for the application, and also has 50 vacant passwords in encryption device Memory space and 100 vacant password storage spaces, to cause the space waste of encryption device, the password space of encryption device Utilization rate is relatively low, meanwhile, when two encryption devices offer password storage spaces of application needs, but at this point, using required password It calculates space and crypto-operation function can be realized by the offer of one of encryption device, at this point, another encryption device is close Code calculates space and can also be wasted.
Therefore, how to avoid the space waste of encryption device is those skilled in the art's problem to be solved.
Invention content
The purpose of the present invention is to provide a kind of encryption device management method, device and storage medium based on cloud platform, Avoid the space waste of encryption device.
To achieve the above object, an embodiment of the present invention provides following technical solutions:
First, the encryption device management method based on cloud platform that an embodiment of the present invention provides a kind of, including:
Determine password storage space and the cryptographic calculations space of encryption device;
It is split the password storage space to obtain multiple storage units by predefined rule and will be in terms of the password Space is calculated to be split to obtain multiple computing units;
It obtains intended application and carries out target resource required when password setting;
It is that the intended application distributes corresponding Destination Storage Unit and corresponding target calculates according to the target resource Unit.
Preferably, described that the password storage space is split to obtain multiple storage units and be incited somebody to action with predefined rule The cryptographic calculations space is split to obtain multiple computing units:
Determine that the first of the password storage space of the encryption device divides second point of number and the cryptographic calculations space Cut number;
Multiple storage units, basis are respectively obtained to the password storage space according to first segmentation is several Second segmentation is several respectively to be obtained multiple computing units to the cryptographic calculations space.
Preferably, required target resource includes when the acquisition intended application carries out password setting:
Obtain the resource allocation request that intended application is sent;
Target storage space and the target calculating space needed for the intended application are determined according to the resource allocation request.
Preferably, described according to the target resource is that the intended application distributes corresponding Destination Storage Unit and corresponding Target computing unit include:
Determine the storage unit being in idle condition in each storage unit and each computing unit and computing unit;
It is that the storage unit being in idle condition described in intended application distribution and calculating are single according to the target resource Member stores distribution to the storage unit and computing unit being in idle condition described in the intended application as the target Unit and target computing unit.
Preferably, described according to the target resource is that the intended application distributes corresponding Destination Storage Unit and corresponding Target computing unit after, further include:
Receive the service interface call request that the intended application is sent;
Service interface is provided so that the intended application is logical for the intended application according to the service interface call request It crosses IPSecVPN and calls the service interface, and the key and the certificate are stored in the Destination Storage Unit, make institute It states intended application and carries out data calculating using the target computing unit.
Preferably, described that the password storage space is split to obtain multiple storage units and be incited somebody to action with predefined rule The cryptographic calculations space is split after obtaining multiple computing units, further includes:
Each storage unit and each computing unit are monitored;
If there is the meter of abnormal storage unit and/or exception in each storage unit and/or each computing unit Unit is calculated, then is alarmed.
Preferably, if receiving the cryptographic service command for stopping of the intended application, further include:
The key of the intended application and certificate are deleted from storage unit corresponding with the intended application;
The operational data of the intended application is deleted from computing unit corresponding with the intended application.
Second, the encryption device managing device based on cloud platform that an embodiment of the present invention provides a kind of, including:
Password space determining module, the password storage space for determining encryption device and cryptographic calculations space;
Module is divided in password space, for being split the password storage space to obtain multiple deposit with predefined rule It storage unit and is split the cryptographic calculations space to obtain multiple computing units;
Target resource acquisition module, required target resource when for obtaining the intended application progress password setting;
Distribution module, for being that the intended application distributes corresponding Destination Storage Unit and phase according to the target resource The target computing unit answered.Third, the encryption device managing device based on cloud platform that an embodiment of the present invention provides another kinds, packet It includes:
Memory, for storing computer program;
Processor, for executing the computer program stored in the memory to realize that any one of them as above is based on The step of encryption device management method of cloud platform.
4th, the embodiment of the invention discloses a kind of computer readable storage medium, deposited on computer readable storage medium Computer program is contained, realizes that password of any one of them as above based on cloud platform is set when computer program is executed by processor The step of standby management method.
As it can be seen that a kind of encryption device management method based on cloud platform disclosed by the invention, it is first determined each encryption device Password storage space and cryptographic calculations space, then the password storage space is split to obtain with predefined rule more It a storage unit and is split the cryptographic calculations space to obtain multiple computing units and obtains intended application and carry out password Required target resource when setting is finally that the intended application distributes corresponding target storage list according to the target resource First and corresponding target computing unit.As it can be seen that in the present solution, by by the password storage space of each encryption device and cryptographic calculations Space is divided into multiple storage units and computing unit, the target resource distribution memory space needed for intended application and calculating Space, the storage unit used except the intended application and computing unit, remaining storage unit and computing unit can be used for it It is applied, and avoids the entire password storage space of encryption device and cryptographic calculations space being all used for the intended application, to The problem of avoiding the space resources waste to encryption device, in addition, the invention also discloses a kind of passwords based on cloud platform Equipment management device and storage medium, effect are as above.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with Obtain other attached drawings according to these attached drawings.
Fig. 1 is a kind of encryption device management method flow diagram based on cloud platform disclosed by the embodiments of the present invention;
Fig. 2 is another encryption device management method flow diagram based on cloud platform disclosed by the embodiments of the present invention;
Fig. 3 is the first encryption device managing device structural schematic diagram based on cloud platform disclosed by the embodiments of the present invention;
Fig. 4 is the second disclosed by the embodiments of the present invention encryption device management method flow diagram based on cloud platform;
Fig. 5 is the third encryption device managing device structural schematic diagram based on cloud platform disclosed by the embodiments of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
The embodiment of the invention discloses a kind of encryption device management method, device and storage medium based on cloud platform, keeps away The space waste of encryption device is exempted from.
Fig. 1 is referred to, Fig. 1 is a kind of encryption device management method flow signal based on cloud platform disclosed by the invention Figure, this method include:
S101, the password storage space for determining encryption device and cryptographic calculations space.
Specifically, in the present embodiment, encryption device can be cipher machine, signature sign test server, cipher card etc..This implementation Encryption device in example is all encryption devices for accessing cloud platform, and therefore, the quantity of encryption device is at least one, password Memory space is the summation in the password storage space of all encryption devices, corresponding, and cryptographic calculations space is all encryption devices Cryptographic calculations space summation.It will to be included in password storage resource pool group cost real the password storage space of each encryption device Cryptographic calculations resource pool is included in the cryptographic calculations space of each encryption device by the password storage space for applying the encryption device in example The cryptographic calculations space of encryption device in middle group of cost implementation.Wherein, the size and cryptographic calculations in password storage space are empty Between size it is true according to the quantity of encryption device and password storage corresponding with each encryption device space and cryptographic calculations space Fixed, the embodiment of the present invention herein and is not construed as limiting.
Further, password storage space is used to store key, the certificate etc. of application, and cryptographic calculations space is for answering target Data carry out operation, wherein it includes the encryption and decryption to data, signature, the sign test of password, abstract to carry out operation to data Deng.
S102, password storage space is split to obtain multiple storage units with predefined rule and by cryptographic calculations sky Between be split to obtain multiple computing units.
Specifically, in the present embodiment, predefined rule can have following several situations, with password storage sky in the present embodiment Between for illustrate, the partitioning scheme and the partitioning scheme in password storage space in cryptographic calculations space are consistent;The first: Password storage space is divided equally as a whole;Second:By password storage space according to encryption device type into The corresponding impartial segmentation of row, i.e., divide equally the password storage space of each encryption device, still, each encryption device after dividing equally Sub- password storage space can be different from the sub- password storage space of other encryption devices;For example, the password of access cloud platform There are three equipment, and the password storage space of first encryption device is 100, and the password storage space of second encryption device is 200, the password storage space in third password storage space is 300;At this point, by the password storage space of first encryption device It is 10 sub- password storage spaces, every sub- password storage space is 10, by the password storage space of second encryption device 10 sub- password storage spaces are divided into, every sub- password storage space is 20, and the password storage of third encryption device is empty Between be divided into 10 sub- password storage spaces, every sub- password storage space is 30.The third, it is whole using encryption device as one Body carries out irregular fractionated, wherein irregular fractionated can according to each sub- password storage space space size according to etc. Difference series are split, for example, password storage space, then it is close can be divided into 10 sons by password storage space generally 1000 The size of code memory space, first sub- password storage space is 10, and the size in sub- password storage space adjacent thereafter is with 20 Increase, i.e., it is 20 that the size in sub- password storage space, which constitutes tolerance, first term 10, the arithmetic progression that item number is 10.The present invention is real It applies example mainly to illustrate the three of the above partitioning scheme in predefined rule, still, it is not limited to above-mentioned three Kind of partitioning scheme, such as password storage space is carried out as a whole irregular fractionated can also in a manner of Geometric Sequence into Row segmentation etc..
Further, the quantity of multiple storage units password storage space being split and cryptographic calculations space into The quantity of multiple computing units of row segmentation can be different, it is of course also possible to identical, the embodiment of the present invention is single to storage at this Member, the quantity of computing unit are simultaneously not construed as limiting.
S103, target resource required when intended application progress password setting is obtained.
Specifically, in the present embodiment, intended application is to access all effective applications of cloud platform, and intended application is at least One, target resource is the password storage space and cryptographic calculations space needed for the intended application, and that accesses cloud platform has effect Determine the password storage space needed for itself with according to own key, certificate, intended application according to the operation of data and The calculating frequency and behavior pattern of password determine cryptographic calculations resource;Then it sends and asks to cloud platform, to be carried to intended application For needed for it password storage space and cryptographic calculations space.
Further, intended application can be application system, small routine, APP etc..Certainly, the type present invention of intended application Herein and it is not construed as limiting.
S104, it is that intended application distributes corresponding Destination Storage Unit and corresponding target calculates list according to target resource Member.
Specifically, in the present embodiment, the space size of Destination Storage Unit need to meet the password storage needed for intended application Space, target computing unit need to meet the cryptographic calculations space needed for intended application.Destination Storage Unit and target computing unit Quantity be not limited to one, the size and target computing unit group of the target password memory space of Destination Storage Unit composition At target password calculate the size in space should all be to should be greater than the required target resource of intended application.Such as:One target is answered It is 40 with the password storage space of needs, cryptographic calculations space is 50, at this point, it is 30 storage unit to have 10 memory spaces, 10 calculate the computing unit that space is 20, then need to distribute 2 storage units and 3 computing units to the intended application.
It should be noted that in addition to having distributed to the Destination Storage Unit of intended application and target computing unit, remaining Storage unit and computing unit can be used for other application.As it can be seen that a kind of password based on cloud platform disclosed by the embodiments of the present invention Device management method, it is first determined the password storage space and cryptographic calculations space of each encryption device, then with predefined rule It is split the password storage space to obtain multiple storage units and the cryptographic calculations space and is split to obtain more A computing unit simultaneously obtains required target resource when intended application carries out password setting and is according to the target resource finally The intended application distributes corresponding Destination Storage Unit and corresponding target computing unit.As it can be seen that in the present solution, by will be each The password storage space and cryptographic calculations space of encryption device are divided into multiple storage units and computing unit, according to intended application Required target resource distribution memory space and calculating space, the storage unit used except the intended application and computing unit, Remaining storage unit and computing unit can be used for other application, avoid the entire password storage space of encryption device and close Code calculates space and is all used for the intended application, avoids the problem of being wasted to the space resources of encryption device.
Based on above example, in the present embodiment, with predefined rule by the password storage space and the password Calculating space is split to obtain multiple storage units and multiple computing units include:
Determine the first segmentation number in the password storage space of encryption device and the second segmentation number in cryptographic calculations space;
According to first segmentation it is several to password storage space respectively obtained multiple storage units, according to second segmentation it is several right Cryptographic calculations space is respectively obtained multiple computing units.
Specifically, in the present embodiment, the first segmentation number is that segmentation password storage space obtains the number in sub- password storage space Amount, the second segmentation number are that segmentation cryptographic calculations space obtains the quantity in sub- cryptographic calculations space.Wherein, the first segmentation number and second It can be identical numerical value to divide number, and certainly, according to practical situations, the first segmentation number and the second segmentation number may be difference Numerical value.
Based on above example, in the present embodiment, obtains intended application and carry out target resource required when password setting Including:
Obtain the resource allocation request that intended application is sent;
The target storage space needed for the intended application is determined according to the key and the certificate resource allocation request Space is calculated with target.
Specifically, in the present embodiment, intended application needs encryption device to provide password storage space and cryptographic calculations space When, be by intended application according to the calculating frequency of the service condition and intended application itself of the key of itself and certificate etc. and It calculates space and sends resource allocation request to cloud platform, then cloud platform is according to required memory space in resource allocation request It is that intended application distributes target storage space and target calculates space with space is calculated.
It is that intended application distributes corresponding target storage according to target resource in the present embodiment based on above example Unit and corresponding target computing unit include:
Determine the storage unit being in idle condition in each storage unit and each computing unit and computing unit;
It is the storage unit and computing unit that intended application distribution is in idle condition according to target resource, by distribution to mesh The storage unit being in idle condition applied and computing unit are marked as Destination Storage Unit and target computing unit.
Specifically, in the present embodiment, the storage unit and computing unit that are in idle condition are depositing of not being applied using Storage unit and computing unit.It should be noted that when the storage unit and computing unit that are in idle condition are not sufficient to provide Password storage space needed for intended application and cryptographic calculations space, then need to wait for other storage units and computing unit release is empty Between after provide password storage space and cryptographic calculations space to intended application.Wherein, it is in idle shape for what intended application provided The storage unit and computing unit of state include following several situations:The first, the target in target resource needed for intended application Memory space and target calculate space by the storage unit being in idle condition and computing unit in the same encryption device It provides;Second, the target storage space in target resource needed for intended application by the same encryption device in sky The storage unit of not busy state provides, and target calculates space and carried by the computing unit being in idle condition in multiple encryption devices For;The third, the target storage space in target resource needed for intended application in multiple encryption devices by being in idle shape The storage unit of state provides, and the target in target resource needed for intended application calculates space by the same encryption device It is provided in the computing unit of idle state.Certainly, the above three kinds of methods of salary distribution only enumerated, for intended application distribution storage Unit and computing unit can also have an other modes, and the embodiment of the present invention herein and is not construed as limiting.
Based on above example, in the present embodiment, Fig. 2 is referred to, Fig. 2 is another base disclosed by the embodiments of the present invention In the encryption device management method flow diagram of cloud platform, this method includes:
S201, the password storage space for determining encryption device and cryptographic calculations space;
S202, password storage space is split to obtain multiple storage units with predefined rule and by cryptographic calculations sky Between be split to obtain multiple computing units;
S203, target resource required when intended application progress password setting is obtained;
S204, it is that intended application distributes corresponding Destination Storage Unit and corresponding target calculates list according to target resource Member;
S205, the service interface call request that intended application is sent is received;
S206, service interface is provided so that intended application passes through for intended application according to service interface call request IPSecVPN calls service interface, and key and certificate are stored in Destination Storage Unit, and intended application is made to be calculated using target Unit carries out data calculating.Specifically, in the present embodiment, distributes target storage space for intended application and target calculates space Afterwards, intended application initiates the connection request by IPsec VPN to platform, after platform receives the connection request, then allows target Target storage space and target of the cloud platform interface to obtain and using being distributed for intended application are called using by IPsec VPN Calculate space.Wherein, target storage space is used to store the key and certificate of intended application, and intended application is calculated single using target Member carries out operation to the data of intended application:The operations such as encryption and decryption, actual arithmetic type are carried out to intended application data It can be determined according to the type of intended application, the embodiment of the present invention herein and is not construed as limiting.
As it can be seen that a kind of encryption device management method based on cloud platform disclosed in the present embodiment, it is first determined each password is set Standby password storage space and cryptographic calculations space, the password storage space then be split to obtain with predefined rule Multiple storage units and the cryptographic calculations space and be split to obtain multiple computing units and obtain intended application carry out it is close Required target resource when code setting is finally that the intended application distributes corresponding target storage according to the target resource Unit and corresponding target computing unit.As it can be seen that in the present solution, by by the password storage space of each encryption device and password meter It calculates space and is divided into multiple storage units and computing unit, the target resource distribution memory space needed for intended application and meter Space is calculated, the storage unit used except the intended application and computing unit, remaining storage unit and computing unit can be used for Other application avoids the entire password storage space of encryption device and cryptographic calculations space being all used for the intended application, keeps away The problem of having exempted from the space resources waste to encryption device.Meanwhile intended application can call service interface by IPSecVPN, from And it realizes the memory space to encryption device and calculates the utilization in space.
Based on above example, in the present embodiment, with predefined rule to password storage space and cryptographic calculations space It is split after obtaining storage unit and computing unit, further includes:
Each storage unit and each computing unit are monitored;
If there is the computing unit of abnormal storage unit and/or exception in each storage unit and/or each computing unit, It alarms.
Specifically, in the present embodiment, to each storage unit and computing unit be monitored including:To the storage list in using Computing unit in member, use;Not used storage unit, not used computing unit are monitored.Meanwhile also comprising to close The operating status and service state of decoding apparatus are monitored.Wherein, the calculating list in the storage unit and use in use is monitored When the state of member, there are abnormal storage unit can with by whether be stored with the key of multiple applications and certificate judged, It can be to judge by whether carrying out operation to the data of multiple applications in the presence of abnormal computing unit.Certainly, abnormal storage The method of discrimination of unit and abnormal computing unit can have an other modes, and the embodiment of the present invention herein and is not construed as limiting.Exist When abnormal memory cell and/or abnormal computing unit, alarm, type of alarm can have buzzer warning, SMS alarm, The modes such as email alerts.
As it can be seen that in the embodiment of the present invention, by being monitored to each storage unit and computing unit, and there is exception When storage unit and/or computing unit, alarm.It avoids abnormal memory cell and/or computing unit remains unchanged when abnormal The problem of service being provided for intended application.
Based on above example, in the present embodiment, if receiving the cryptographic service command for stopping of intended application, also wrap It includes:
The key of intended application and certificate are deleted from storage unit corresponding with intended application;
The operational data of the key of intended application and certificate is deleted from computing unit corresponding with intended application.
Specifically, in the present embodiment, cryptographic service command for stopping no longer needs encryption device to provide password for intended application It is sent out when service, that is, is not needed encryption device and password storage space and cryptographic calculations space are provided.At this point, just target is answered It is deleted with the key and certificate that are stored in storage unit and by the operational data of intended application from corresponding with intended application It is deleted in computing unit.
As it can be seen that in the present embodiment, does not need encryption device in intended application and password storage space and cryptographic calculations sky are provided Between when, then the target key of the intended application stored in storage unit and certificate being deleted, will be stored in computing unit The operational data of application is deleted, and is avoided the occupancy to storage unit and computing unit, is improved storage resource and computing resource Utilization rate.
Fig. 3 is referred to, Fig. 3 is the first encryption device managing device knot based on cloud platform disclosed by the embodiments of the present invention Structure schematic diagram, including:
Password space determining module 301, the password storage space for determining encryption device and cryptographic calculations space;
Module 302 is divided in password space, and multiple deposit is obtained for being split password storage space with predefined rule Storage unit and cryptographic calculations space is split to obtain multiple computing units;
Target resource acquisition module 303, required target resource when for obtaining intended application progress password setting;
Distribution module 304, for being that intended application distributes corresponding Destination Storage Unit and corresponding according to target resource Target computing unit.
Remaining device is opposite with the encryption device management method mentioned above based on cloud platform in the embodiment of the present invention It answers, details are not described herein for the embodiment of the present invention.
As it can be seen that a kind of encryption device managing device based on cloud platform disclosed by the invention, it is first determined each encryption device Password storage space and cryptographic calculations space, then the password storage space is split to obtain with predefined rule more It a storage unit and is split the cryptographic calculations space to obtain multiple computing units and obtains intended application and carry out password Required target resource when setting is finally that the intended application distributes corresponding target storage list according to the target resource First and corresponding target computing unit.As it can be seen that in the present solution, by by the password storage space of each encryption device and cryptographic calculations Space is divided into multiple storage units and computing unit, the target resource distribution memory space needed for intended application and calculating Space, the storage unit used except the intended application and computing unit, remaining storage unit and computing unit can be used for it It is applied, and avoids the entire password storage space of encryption device and cryptographic calculations space being all used for the intended application, to The problem of avoiding the space resources waste to encryption device.
Fig. 4 is referred to, Fig. 4 is the second disclosed by the embodiments of the present invention encryption device managing device knot based on cloud platform Structure schematic diagram, the device include:
Password space determining module 401, the password storage space for determining encryption device and cryptographic calculations space;
Module 402 is divided in password space, and multiple deposit is obtained for being split password storage space with predefined rule Storage unit and cryptographic calculations space is split to obtain multiple computing units;
Target resource acquisition module 403, required target resource when for obtaining intended application progress password setting;
Distribution module 404, for being that intended application distributes corresponding Destination Storage Unit and corresponding according to target resource Target computing unit;
Service interface call request receiving module 405 is asked for receiving the service interface calling that the intended application is sent It asks;
Service interface distribution module 406, for providing clothes according to the service interface call request for the intended application Business interface is so that the intended application calls the service interface by IPSecVPN, and the key and the certificate are stored In the Destination Storage Unit, the intended application is made to carry out data calculating using the target computing unit.Fig. 5 is referred to, Fig. 5 is the third encryption device managing device structural schematic diagram based on cloud platform disclosed by the embodiments of the present invention, including:
Memory 501, for storing computer program;
Processor 502, for executing the computer program stored in the memory to realize that any of the above embodiment carries The step of encryption device management method based on cloud platform arrived.
Encryption device managing device of the another kind based on cloud platform provided in an embodiment of the present invention, is based on foregoing embodiments The encryption device management method of cloud platform is corresponding, therefore, the encryption device based on cloud platform that effect such as embodiment is mentioned Management method, in this not go into detail.This programme in order to better understand, a kind of computer provided in an embodiment of the present invention can Storage medium is read, computer program is stored on computer readable storage medium, is realized when computer program is executed by processor The step of encryption device management method based on cloud platform that any embodiment as above is mentioned.
Computer readable storage medium provided in an embodiment of the present invention, with encryption device of the foregoing embodiments based on cloud platform Management method is corresponding, therefore, the encryption device management method based on cloud platform that effect such as embodiment is mentioned, and herein no longer It is described in detail.
Above to a kind of encryption device management method, device and storage medium based on cloud platform provided herein into It has gone and has been discussed in detail.Specific examples are used herein to illustrate the principle and implementation manner of the present application, the above implementation The explanation of example is merely used to help understand the present processes and its core concept.It should be pointed out that for the general of the art For logical technical staff, under the premise of not departing from the application principle, can also to the application, some improvement and modification can also be carried out, this A little improvement and modification are also fallen into the application scope of the claims.
Each embodiment is described by the way of progressive in specification, the highlights of each of the examples are with other realities Apply the difference of example, just to refer each other for identical similar portion between each embodiment.For device disclosed in embodiment Speech, since it is corresponded to the methods disclosed in the examples, so description is fairly simple, related place is referring to method part illustration .
It should also be noted that, in the present specification, relational terms such as first and second and the like be used merely to by One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning Covering non-exclusive inclusion, so that the process, method, article or equipment including a series of elements includes not only that A little elements, but also include other elements that are not explicitly listed, or further include for this process, method, article or The intrinsic element of equipment.In the absence of more restrictions, the element limited by sentence "including a ...", is not arranged Except there is also other identical elements in the process, method, article or apparatus that includes the element.

Claims (10)

1. a kind of encryption device management method based on cloud platform, which is characterized in that including:
Determine password storage space and the cryptographic calculations space of encryption device;
The password storage space is split to obtain multiple storage units with predefined rule and by cryptographic calculations sky Between be split to obtain multiple computing units;
It obtains intended application and carries out target resource required when password setting;
It is that the intended application distributes corresponding Destination Storage Unit and corresponding target computing unit according to the target resource.
2. the encryption device management method according to claim 1 based on cloud platform, which is characterized in that described with predefined Rule is split the password storage space to obtain multiple storage units and is split the cryptographic calculations space Include to multiple computing units:
Determine the first segmentation number in the password storage space of the encryption device and second segmentation in the cryptographic calculations space Number;
Multiple storage units are respectively obtained, according to the password storage space according to first segmentation is several Second segmentation is several respectively to be obtained multiple computing units to the cryptographic calculations space.
3. the encryption device management method according to claim 1 based on cloud platform, which is characterized in that the acquisition target Include using target resource required when carrying out password setting:
Obtain the resource allocation request that intended application is sent;
Target storage space and the target calculating space needed for the intended application are determined according to the resource allocation request.
4. the encryption device management method according to claim 3 based on cloud platform, which is characterized in that described in the basis Target resource is that the intended application distributes corresponding Destination Storage Unit and corresponding target computing unit includes:
Determine the storage unit being in idle condition in each storage unit and each computing unit and computing unit;
It is the storage unit and computing unit that are in idle condition described in intended application distribution according to the target resource, it will Distribution is to the storage unit and computing unit being in idle condition described in the intended application as the Destination Storage Unit With the target computing unit.
5. the encryption device management method according to claim 1 based on cloud platform, which is characterized in that described in the basis Target resource is that the intended application is distributed after corresponding Destination Storage Unit and corresponding target computing unit, further includes:
Receive the service interface call request that the intended application is sent;
Service interface is provided so that the intended application passes through for the intended application according to the service interface call request IPSecVPN calls the service interface, and the key and the certificate are stored in the Destination Storage Unit, makes described Intended application carries out data calculating using the target computing unit.
6. the encryption device management method based on cloud platform according to claim 1-5 any one, which is characterized in that institute It states with predefined rule and the password storage space to be split to obtain multiple storage units and by the cryptographic calculations space It is split after obtaining multiple computing units, further includes:
Each storage unit and each computing unit are monitored;
If there is the calculating list of abnormal storage unit and/or exception in each storage unit and/or each computing unit Member is then alarmed.
7. the encryption device management method according to claim 6 based on cloud platform, which is characterized in that if receiving described The cryptographic service command for stopping of intended application further includes:
The key of the intended application and certificate are deleted from storage unit corresponding with the intended application;
The operational data of the intended application is deleted from computing unit corresponding with the intended application.
8. a kind of encryption device managing device based on cloud platform, which is characterized in that including:
Password space determining module, the password storage space for determining encryption device and cryptographic calculations space;
Module is divided in password space, and multiple storages lists are obtained for being split the password storage space with predefined rule Member and be split the cryptographic calculations space to obtain multiple computing units;
Target resource acquisition module, required target resource when for obtaining the intended application progress password setting;
Distribution module, for being that the intended application distributes corresponding Destination Storage Unit and corresponding according to the target resource Target computing unit.
9. a kind of encryption device managing device based on cloud platform, which is characterized in that including:
Memory, for storing computer program;
Processor, for executing the computer program stored in the memory to realize as described in any one of claim 1 to 7 The encryption device management method based on cloud platform the step of.
10. a kind of computer readable storage medium, computer program, feature are stored on the computer readable storage medium It is, the computer program is executed by processor as described in any one of claim 1 to 7 a kind of based on cloud platform to realize Encryption device management method the step of.
CN201810252264.4A 2018-03-26 2018-03-26 A kind of encryption device management method, device and storage medium based on cloud platform Pending CN108566386A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810252264.4A CN108566386A (en) 2018-03-26 2018-03-26 A kind of encryption device management method, device and storage medium based on cloud platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810252264.4A CN108566386A (en) 2018-03-26 2018-03-26 A kind of encryption device management method, device and storage medium based on cloud platform

Publications (1)

Publication Number Publication Date
CN108566386A true CN108566386A (en) 2018-09-21

Family

ID=63533156

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810252264.4A Pending CN108566386A (en) 2018-03-26 2018-03-26 A kind of encryption device management method, device and storage medium based on cloud platform

Country Status (1)

Country Link
CN (1) CN108566386A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109756334A (en) * 2018-11-26 2019-05-14 西安得安信息技术有限公司 O&M monitoring system towards key management
CN109936580A (en) * 2018-11-26 2019-06-25 西安得安信息技术有限公司 Password management services platform towards intelligent terminal and application system
CN110008760A (en) * 2019-03-22 2019-07-12 合肥联宝信息技术有限公司 Code data storage method, device, electronic equipment and computer-readable medium
CN110866264A (en) * 2019-11-15 2020-03-06 成都卫士通信息产业股份有限公司 Multi-chip and multi-board cooperative operation method, device and equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103942637A (en) * 2014-02-27 2014-07-23 李志敏 Electric-micro-grid power distribution method based on cloud computation
CN106357700A (en) * 2016-11-24 2017-01-25 济南浪潮高新科技投资发展有限公司 Cipher equipment virtualization method in cloud environment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103942637A (en) * 2014-02-27 2014-07-23 李志敏 Electric-micro-grid power distribution method based on cloud computation
CN106357700A (en) * 2016-11-24 2017-01-25 济南浪潮高新科技投资发展有限公司 Cipher equipment virtualization method in cloud environment

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109756334A (en) * 2018-11-26 2019-05-14 西安得安信息技术有限公司 O&M monitoring system towards key management
CN109936580A (en) * 2018-11-26 2019-06-25 西安得安信息技术有限公司 Password management services platform towards intelligent terminal and application system
CN110008760A (en) * 2019-03-22 2019-07-12 合肥联宝信息技术有限公司 Code data storage method, device, electronic equipment and computer-readable medium
CN110008760B (en) * 2019-03-22 2022-04-29 合肥联宝信息技术有限公司 Password data storage method and device, electronic equipment and computer readable medium
CN110866264A (en) * 2019-11-15 2020-03-06 成都卫士通信息产业股份有限公司 Multi-chip and multi-board cooperative operation method, device and equipment

Similar Documents

Publication Publication Date Title
CN108566386A (en) A kind of encryption device management method, device and storage medium based on cloud platform
CN106708622A (en) Cluster resource processing method and system, and resource processing cluster
US10193977B2 (en) System, device and process for dynamic tenant structure adjustment in a distributed resource management system
CN106547612B (en) Multitasking method and device
US9483288B2 (en) Method and system for running a virtual appliance
CN102609309B (en) A kind of strategy scheduling system and method for cloud computing
CN103399781B (en) Cloud Server and virtual machine management method thereof
CN109815007A (en) Thread control method, device, electronic equipment and storage medium based on cloud monitoring
CN106663035A (en) System and method for resource isolation and consumption in a multitenant application server environment
CN112671772B (en) Network security service system and method based on cloud security capability platform
CN111796908A (en) System and method for automatic elastic expansion and contraction of resources and cloud platform
CN101599048A (en) A kind of method and apparatus of internal memory monitoring
EP2294759A1 (en) Method and apparatus for managing computing resources of management systems
EP3531264A1 (en) Data storage, reading, and cleansing method and device, and cloud storage system
CN110865881A (en) Resource scheduling method and device
US11310116B2 (en) Scaling of remote network directory management resources
US11500663B1 (en) Predictive virtual machine launch-based capacity management
CN113010265A (en) Pod scheduling method, scheduler, memory plug-in and system
US11777991B2 (en) Forecast-based permissions recommendations
CN115185697A (en) Cluster resource scheduling method, system, equipment and storage medium based on kubernets
CN101827120A (en) Cluster storage method and system
CN116401024A (en) Cluster capacity expansion and contraction method, device, equipment and medium based on cloud computing
CN111464331A (en) Control method and system for thread creation and terminal equipment
CN109634524A (en) A kind of data partitioned allocation method, device and the equipment of data processing finger daemon
US9942083B1 (en) Capacity pool management

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180921