CN109474429A - A kind of cipher key configuration strategy process towards FC storage encryption gateway - Google Patents
A kind of cipher key configuration strategy process towards FC storage encryption gateway Download PDFInfo
- Publication number
- CN109474429A CN109474429A CN201811585322.1A CN201811585322A CN109474429A CN 109474429 A CN109474429 A CN 109474429A CN 201811585322 A CN201811585322 A CN 201811585322A CN 109474429 A CN109474429 A CN 109474429A
- Authority
- CN
- China
- Prior art keywords
- key
- encryption gateway
- storage
- disk array
- lun
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of cipher key configuration strategy process towards FC storage encryption gateway, comprising the following steps: S1, is loaded into bright state working key table on FC storage encryption gateway;S2, FC store encryption gateway and pass through WWPN the and LUN information in the parsing extraction FC data frame to FC agreement;S3, key group number is obtained, key can only be extracted from corresponding key group to different storage disk arrays;S4, FC store encryption gateway by LUN information extraction Key Sequence Number, extract working key from corresponding key group.The present invention carries out data encrypting and deciphering using different encryption keys to the different storage volume of the same storage disk array; enhance the flexibility of FC storage encryption gateway cipher key configuration; the safety that will not influence other storage disk array key groups after one of storage disk array key group is given away secrets improves the safety of FC storage disk array data encryption and decryption protection.
Description
Technical field
The invention belongs to computer information safety technique fields, and in particular to a kind of key towards FC storage encryption gateway
Configuration strategy method.
Background technique
With the universal of computer application, the development of internet and movable storage device, the raising of terminal intelligent degree is deposited
The increase of capacity is stored up, people increasingly like saving some private datas in the terminal in the form of a file.In order to protect use
The privacy at family, i.e., the safety of file stored in guarantee terminal, the processing such as being encrypted, decrypted to file seems increasingly important.
How to effectively realize file and carry out unified security storage, centralized management and use, is just faced at present at electronic document tight
High challenge.
Data in existing network transmission add/DecryptDecryption method be using plus/DecryptDecryption algorithm and plus/DecryptDecryption key pair
Target data carries out plus/DecryptDecryption, data receiver receive this add/DecryptDecryption data after by plus/the algorithm of DecryptDecryption and plus/DecryptDecryption
The key pair data be decrypted or encrypt, to achieve the purpose that transmitting network data, the characteristics of such way be as
Fruit is that identical clear data just has identical ciphertext data, and the configuration of key is very single, and safety is low.
Summary of the invention
In order to solve the above-mentioned technical problems, the present invention provides a kind of cipher key configuration strategies towards FC storage encryption gateway
Method.
In order to achieve the above object, technical scheme is as follows:
The present invention provides a kind of cipher key configuration strategy process towards FC storage encryption gateway, comprising the following steps:
S1, bright state working key table is loaded on FC storage encryption gateway;
S2, FC store encryption gateway and pass through WWPN the and LUN information in the parsing extraction FC data frame to FC agreement;
S3, key group number is obtained, key can only be extracted from corresponding key group to different storage disk arrays;
S4, FC store encryption gateway by LUN information extraction Key Sequence Number, extract working key from corresponding key group.
As a preferred option, in step S1 user first according to oneself needing to generate bright state working key table, bright state work
Making key list is 32*2048 byte, and every 32 byte of working key, 2048 keys, correspond to 11 key list serial numbers altogether, and
It is spare to import FC storage encryption gateway.
As a preferred option, the generating process of bright state working key table specifically includes in step S1:
S11, pass through the tactful mapping table set up between disk array and key group number;
S12, disk array and the mapping table of WWPN, LUN are set up by strategy;
S13, pass through the tactful mapping table set up between LUN and Key Sequence Number.
As a preferred option, the course of work for the WWPN and LUN information in FC data frame being extracted in step S2 is specifically wrapped
It includes: obtaining WWPN, LUN from FC data frame to obtain corresponding disk array information.
As a preferred option, the course of work that key group number is obtained in step S3 specifically includes: from disk array and close
Key group number is obtained in the mapping table of key group number.
As a preferred option, the Key Sequence Number course of work is extracted in step S4 to specifically include: according to LUN in Policy Table and
The corresponding relationship of Key Sequence Number, index generate Key Sequence Number;
The working key course of work is extracted in step S4 to specifically include: bright state working key table is sequentially divided as unit of 32 bytes
2048 are segmented into, is indexed from cipher key store according to key list serial number and obtains 32 byte working keys, wherein high 16 byte is Key1,
Low 16 byte is Key2.
Wherein, 2048 keys of user's arbitrary disposition, and be any storage disk array configuration key group, it is any storage
A working key in volume configuration counterpart keys group.
The invention has the following advantages: user can add to FC storage encryption gateway setting as needed in the present invention
Decruption key carries out data using different encryption key sets to the different storage disk arrays of FC storage encryption gateway connection and adds
Decryption;Data encrypting and deciphering is carried out using different encryption keys to the different storage volume of the same storage disk array, is enhanced
FC stores the flexibility of encryption gateway cipher key configuration, will not influence after one of storage disk array key group is given away secrets other
The safety of storage disk array key group improves the safety of FC storage disk array data encryption and decryption protection.
Detailed description of the invention
Fig. 1 is a kind of process chart for the cipher key configuration strategy process that encryption gateway is stored towards FC of the present invention.
Specific embodiment
The preferred embodiment that the invention will now be described in detail with reference to the accompanying drawings.
In order to reach the purpose of the present invention, as shown in Figure 1, providing a kind of face in one of embodiment of the invention
To the cipher key configuration strategy process of FC storage encryption gateway, comprising the following steps:
S1, bright state working key table is loaded on FC storage encryption gateway;
S2, FC store encryption gateway and pass through WWPN the and LUN information in the parsing extraction FC data frame to FC agreement;
S3, key group number is obtained, key can only be extracted from corresponding key group to different storage disk arrays;
S4, FC store encryption gateway by LUN information extraction Key Sequence Number, extract working key from corresponding key group.
Specifically, in step S1 user first according to oneself needing to generate bright state working key table, bright state working key table
For 32*2048 byte, every 32 byte of working key, 2048 keys, correspond to 11 key list serial numbers, and import FC and deposit altogether
It is spare to store up encryption gateway.
Specifically, the generating process of bright state working key table specifically includes in step S1:
S11, pass through the tactful mapping table set up between disk array and key group number;
S12, disk array and the mapping table of WWPN, LUN are set up by strategy;
S13, pass through the tactful mapping table set up between LUN and Key Sequence Number.
Specifically, the course of work that the WWPN and LUN information in FC data frame is extracted in step S2 specifically includes: from FC number
According to acquisition WWPN, LUN in frame to obtain corresponding disk array information.
Specifically, the course of work that key group number is obtained in step S3 specifically includes: from disk array and key group number
Key group number is obtained in mapping table.
Specifically, the Key Sequence Number course of work is extracted in step S4 to specifically include: according to LUN in Policy Table and Key Sequence Number
Corresponding relationship, index generate Key Sequence Number;
The working key course of work is extracted in step S4 to specifically include: bright state working key table is sequentially divided as unit of 32 bytes
2048 are segmented into, is indexed from cipher key store according to key list serial number and obtains 32 byte working keys, wherein high 16 byte is Key1,
Low 16 byte is Key2.
Wherein, 2048 keys of user's arbitrary disposition, and be any storage disk array configuration key group, it is any storage
A working key in volume configuration counterpart keys group.
By above step, user neatly can store encryption gateway configuring cipher key strategy for FC, and store magnetic for FC
Disk array provides safe and reliable data encrypting and deciphering protection.
By upper it will be seen that the present invention has the cipher key configuration of high efficient and flexible:
The present invention obtains WWPN, LUN from FC data frame to obtain corresponding storage disk array information, then from storage disk
Key group number is obtained in array and the mapping table of key group number, can distribute 8 key groups in total.The present invention is according to LUN
With the corresponding relationship of Key Sequence Number, index generates close 256 Key Sequence Numbers.Key list is divided into 2048, user can be with
2048 keys of arbitrary disposition, and be any storage disk array configuration key group, counterpart keys group is configured for any storage volume
In a working key, thus improve FC storage encryption gateway cipher key configuration flexibility, when one of storage disk
Array key group will not influence the safety of other storage disk array key groups after giving away secrets, improve FC storage disk number of arrays
The safety protected according to encryption and decryption.
What has been described above is only a preferred embodiment of the present invention, it is noted that for those of ordinary skill in the art
For, without departing from the concept of the premise of the invention, various modifications and improvements can be made, these belong to the present invention
Protection scope.
Claims (7)
1. a kind of cipher key configuration strategy process towards FC storage encryption gateway, which comprises the following steps:
S1, bright state working key table is loaded on FC storage encryption gateway;
S2, FC store encryption gateway and pass through WWPN the and LUN information in the parsing extraction FC data frame to FC agreement;
S3, key group number is obtained, key can only be extracted from corresponding key group to different storage disk arrays;
S4, FC store encryption gateway by LUN information extraction Key Sequence Number, extract working key from corresponding key group.
2. the cipher key configuration strategy process according to claim 1 towards FC storage encryption gateway, which is characterized in that step
For user first according to oneself needing to generate bright state working key table, bright state working key table is 32*2048 byte, every work in S1
Make 32 byte of key, altogether 2048 keys, corresponding 11 key list serial numbers, and it is spare to import FC storage encryption gateway.
3. the cipher key configuration strategy process according to claim 2 towards FC storage encryption gateway, which is characterized in that step
The generating process of bright state working key table specifically includes in S1:
S11, pass through the tactful mapping table set up between disk array and key group number;
S12, disk array and the mapping table of WWPN, LUN are set up by strategy;
S13, pass through the tactful mapping table set up between LUN and Key Sequence Number.
4. the cipher key configuration strategy process according to claim 1 towards FC storage encryption gateway, which is characterized in that step
The course of work that the WWPN and LUN information in FC data frame is extracted in S2 specifically includes: WWPN, LUN are obtained from FC data frame
To obtain corresponding disk array information.
5. the cipher key configuration strategy process according to claim 1 towards FC storage encryption gateway, which is characterized in that step
The course of work that key group number is obtained in S3 specifically includes: obtaining key from disk array and the mapping table of key group number
Group number.
6. the cipher key configuration strategy process according to claim 1 towards FC storage encryption gateway, which is characterized in that step
Extract the Key Sequence Number course of work in S4 to specifically include: according to the corresponding relationship of LUN in Policy Table and Key Sequence Number, index is generated
Key Sequence Number;
The working key course of work is extracted in step S4 to specifically include: bright state working key table is sequentially divided as unit of 32 bytes
2048 are segmented into, is indexed from cipher key store according to key list serial number and obtains 32 byte working keys, wherein high 16 byte is Key1,
Low 16 byte is Key2.
7. the cipher key configuration strategy process according to claim 6 towards FC storage encryption gateway, which is characterized in that user
2048 keys of arbitrary disposition, and be any storage disk array configuration key group, counterpart keys group is configured for any storage volume
In a working key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811585322.1A CN109474429B (en) | 2018-12-24 | 2018-12-24 | Key configuration strategy method facing FC storage encryption gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811585322.1A CN109474429B (en) | 2018-12-24 | 2018-12-24 | Key configuration strategy method facing FC storage encryption gateway |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109474429A true CN109474429A (en) | 2019-03-15 |
| CN109474429B CN109474429B (en) | 2022-02-15 |
Family
ID=65677687
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811585322.1A Active CN109474429B (en) | 2018-12-24 | 2018-12-24 | Key configuration strategy method facing FC storage encryption gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109474429B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111556071A (en) * | 2020-05-12 | 2020-08-18 | 深圳市汇智通咨询有限公司 | Data encryption algorithm and system for computer |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090274300A1 (en) * | 2008-05-05 | 2009-11-05 | Crossroads Systems, Inc. | Method for configuring the encryption policy for a fibre channel device |
| CN102521072A (en) * | 2011-11-25 | 2012-06-27 | 成都市华为赛门铁克科技有限公司 | Virtual tape library equipment and data recovery method |
| CN104363091A (en) * | 2014-12-01 | 2015-02-18 | 国家计算机网络与信息安全管理中心 | Encryption and decryption method capable of automatically retrieving keys and selecting algorithms |
| CN104580181A (en) * | 2014-12-29 | 2015-04-29 | 华为技术有限公司 | Device and method for data encryption and encryption accelerator engine |
| CN104699419A (en) * | 2013-12-09 | 2015-06-10 | 陈勋元 | Operation method of distributed memory disk cluster storage system |
| CN104769555A (en) * | 2012-06-18 | 2015-07-08 | 艾克特菲欧有限公司 | Enhanced data management virtualization system |
| US20150288664A1 (en) * | 2014-04-04 | 2015-10-08 | Zettaset, Inc. | Method of securing files under the semi-trusted user threat model using symmetric keys and per-block key encryption |
| CN105337750A (en) * | 2014-07-22 | 2016-02-17 | 华为技术有限公司 | Fiber channel storage area network configuration method and apparatus |
| CN106130721A (en) * | 2016-08-14 | 2016-11-16 | 北京数盾信息科技有限公司 | A kind of express network storage encryption equipment |
| CN106254061A (en) * | 2016-08-14 | 2016-12-21 | 北京数盾信息科技有限公司 | A kind of express network storage encipher-decipher method |
| CN106330868A (en) * | 2016-08-14 | 2017-01-11 | 北京数盾信息科技有限公司 | Encrypted storage key management system and method of high-speed network |
| CN206759484U (en) * | 2017-05-18 | 2017-12-15 | 无锡市同威科技有限公司 | FC stores security gateway |
| CN109033849A (en) * | 2018-06-29 | 2018-12-18 | 无锡艾立德智能科技有限公司 | The encryption method and device encrypted to deposit data of magnetic disk array |
-
2018
- 2018-12-24 CN CN201811585322.1A patent/CN109474429B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090274300A1 (en) * | 2008-05-05 | 2009-11-05 | Crossroads Systems, Inc. | Method for configuring the encryption policy for a fibre channel device |
| CN102521072A (en) * | 2011-11-25 | 2012-06-27 | 成都市华为赛门铁克科技有限公司 | Virtual tape library equipment and data recovery method |
| CN104769555A (en) * | 2012-06-18 | 2015-07-08 | 艾克特菲欧有限公司 | Enhanced data management virtualization system |
| CN104699419A (en) * | 2013-12-09 | 2015-06-10 | 陈勋元 | Operation method of distributed memory disk cluster storage system |
| US20150288664A1 (en) * | 2014-04-04 | 2015-10-08 | Zettaset, Inc. | Method of securing files under the semi-trusted user threat model using symmetric keys and per-block key encryption |
| CN105337750A (en) * | 2014-07-22 | 2016-02-17 | 华为技术有限公司 | Fiber channel storage area network configuration method and apparatus |
| CN104363091A (en) * | 2014-12-01 | 2015-02-18 | 国家计算机网络与信息安全管理中心 | Encryption and decryption method capable of automatically retrieving keys and selecting algorithms |
| CN104580181A (en) * | 2014-12-29 | 2015-04-29 | 华为技术有限公司 | Device and method for data encryption and encryption accelerator engine |
| CN106130721A (en) * | 2016-08-14 | 2016-11-16 | 北京数盾信息科技有限公司 | A kind of express network storage encryption equipment |
| CN106254061A (en) * | 2016-08-14 | 2016-12-21 | 北京数盾信息科技有限公司 | A kind of express network storage encipher-decipher method |
| CN106330868A (en) * | 2016-08-14 | 2017-01-11 | 北京数盾信息科技有限公司 | Encrypted storage key management system and method of high-speed network |
| CN206759484U (en) * | 2017-05-18 | 2017-12-15 | 无锡市同威科技有限公司 | FC stores security gateway |
| CN109033849A (en) * | 2018-06-29 | 2018-12-18 | 无锡艾立德智能科技有限公司 | The encryption method and device encrypted to deposit data of magnetic disk array |
Non-Patent Citations (2)
| Title |
|---|
| YI WANG, YAJUN HA: "FPGA BASED REKEYING FOR CRYPTOGRAPHIC KEY MANAGEMENT IN STORAGE AREA NETWORK", 《2013 23RD INTERNATIONAL CONFERENCE ON FIELD PROGRAMMABLE LOGIC AND APPLICATIONS》 * |
| 刘青龙,谢军,季乔龙: "FC加密卡密钥管理系统设计与实现", 《电子技术应用》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111556071A (en) * | 2020-05-12 | 2020-08-18 | 深圳市汇智通咨询有限公司 | Data encryption algorithm and system for computer |
| CN111556071B (en) * | 2020-05-12 | 2020-12-04 | 深圳市汇智通咨询有限公司 | Data encryption algorithm and system for computer |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109474429B (en) | 2022-02-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109525386B (en) | Paillier homomorphic encryption private aggregation and method based on Paillier | |
| CN105610793B (en) | A kind of outsourcing data encryption storage and cryptogram search system and its application process | |
| CN103763319B (en) | Method for safely sharing mobile cloud storage light-level data | |
| CN104363215B (en) | A kind of encryption method and system based on attribute | |
| CN104158880B (en) | User-end cloud data sharing solution | |
| CN106254324A (en) | A kind of encryption method storing file and device | |
| CN105812126A (en) | Lightweight back-up and efficient restoration method of health block chain data encryption keys | |
| CN109951513B (en) | Quantum-resistant computing smart home quantum cloud storage method and system based on quantum key card | |
| US11444761B2 (en) | Data protection and recovery systems and methods | |
| CN106452770A (en) | Data encryption method and apparatus, data decryption method and apparatus, and system | |
| CN107465665A (en) | A kind of file encryption-decryption method based on fingerprint identification technology | |
| CN110519052B (en) | Data interaction method and device based on Internet of things operating system | |
| Shen et al. | Toward data privacy preservation with ciphertext update and key rotation for IoT | |
| Mo et al. | Two-party fine-grained assured deletion of outsourced data in cloud systems | |
| CN111224974A (en) | Method, system, electronic device and storage medium for network communication content encryption | |
| CN104144174B (en) | Protect method, user equipment and the server of privacy of user data | |
| CN108900540A (en) | Service data processing method of power distribution terminal based on double encryption | |
| Gowtham et al. | Privacy enhanced data communication protocol for wireless body area network | |
| CN108390755B (en) | Safety input method of SIM (subscriber identity Module) film-pasting card based on built-in safety chip | |
| CN104601820A (en) | Mobile terminal information protection method based on TF password card | |
| CN109474429A (en) | A kind of cipher key configuration strategy process towards FC storage encryption gateway | |
| Wanpeng et al. | Adaptive and dynamic mobile phone data encryption method | |
| CN103269301A (en) | Desktop type IPSecVPN cryptographic machine and networking method | |
| KR101760376B1 (en) | Terminal and method for providing secure messenger service | |
| CN101834852B (en) | Realization method of credible OpenSSH for protecting platform information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |