CN110650191A - Data read-write method of distributed storage system - Google Patents
Data read-write method of distributed storage system Download PDFInfo
- Publication number
- CN110650191A CN110650191A CN201910894142.XA CN201910894142A CN110650191A CN 110650191 A CN110650191 A CN 110650191A CN 201910894142 A CN201910894142 A CN 201910894142A CN 110650191 A CN110650191 A CN 110650191A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- key
- reading
- plaintext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Abstract
The scheme adopts a mode of combining two encryption algorithms, namely encrypting the data and protecting the secret key again, so that the data security is improved. In addition, data writing and reading operations of any volume in the distributed storage system are processed by the RBD layer, so that the data is uniformly encrypted and decrypted in the RBD layer, and safe off-disk storage and user imperceptible access of the data can be realized. Therefore, the scheme does not affect the normal operation of the original service while applying a mature standard algorithm to protect data, the user layer has no visual perception in the encryption and decryption process, the use mode of the user is not changed, and the data protection can be completed with less code modification.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a data reading and writing method and apparatus for a distributed storage system, a server, and a readable storage medium.
Background
In the big data era, the safe storage of mass data becomes the focus of social attention, and a data leakage event of a certain social platform which appears recently puts higher requirements on data safety and storage related industries.
The data encryption storage mainly has two implementation forms, one is the control of data access authority, namely, the data can be accessed by limited personnel with specific authority, and the data is stored in a plaintext; the other is data information encryption storage, namely, the personnel accessing the data is not limited, but the data is encrypted during storage and stored in the storage equipment in a ciphertext mode, so that the personnel who can contact the storage equipment can acquire the data, but only the personnel who master the key and the decryption method can correctly analyze the data and acquire the information. The two implementation forms are suitable for different application scenarios, and for the distributed storage system, the second manner is often adopted, however, the encryption scheme cannot meet the data security requirement of the distributed storage system.
Therefore, how to improve the data security of the distributed storage system is a problem to be solved by those skilled in the art.
Disclosure of Invention
The application aims to provide a data reading and writing method, a data reading and writing device, a server and a readable storage medium of a distributed storage system, and is used for solving the problem that the current data encryption scheme cannot meet the security requirement of the distributed storage system. The specific scheme is as follows:
in a first aspect, the present application provides a data reading and writing method for a distributed storage system, including:
when a client sends data to an RBD layer, reading a target field of the data, and determining an encryption key according to a reading result;
decrypting the encryption key by using a first encryption and decryption algorithm to obtain a plaintext key;
encrypting the data by using a second encryption and decryption algorithm according to the plaintext secret key to obtain ciphertext data;
and sending the ciphertext data to a bottom-layer storage device.
Preferably, before the reading of the target field of the data and the determination of the encryption key according to the reading result, the method further includes:
generating a plaintext secret key according to a random algorithm when a logical volume is created; encrypting the plaintext secret key by using the first encryption and decryption algorithm to obtain an encrypted secret key; storing the encryption key in the destination field.
Preferably, the determining an encryption key according to the reading result includes:
if the reading result is empty, determining that the current volume is an unencrypted volume; and if the reading result is not null, determining that the current volume is the encrypted volume, and determining the encryption key according to the reading result.
Preferably, the decrypting the encrypted key by using the first encryption and decryption algorithm to obtain a plaintext key includes:
and decrypting the encryption key by using a 3DES algorithm to obtain a plaintext key.
Preferably, the encrypting the data by using the second encryption and decryption algorithm to obtain ciphertext data includes:
and carrying out byte-level encryption on the data by using an AES algorithm to obtain ciphertext data.
Preferably, after the sending the ciphertext data to the underlying storage device, the method further includes:
after the RBD layer acquires ciphertext data from the bottom storage device, reading a target field of the ciphertext data, and determining an encryption key according to a reading result;
decrypting the encryption key by using a first encryption and decryption algorithm to obtain a plaintext key;
decrypting the ciphertext data by using a second encryption and decryption algorithm according to the plaintext secret key to obtain original data;
and sending the data to a client.
In a second aspect, the present application provides a data reading and writing apparatus for a distributed storage system, including:
a field reading module: the system comprises a data storage layer, a client side and an RBD layer, wherein the data storage layer is used for storing data, the client side is used for sending the data to the RBD layer, reading a target field of the data and determining an encryption key according to a reading result;
a key decryption module: the encryption key is used for decrypting the encryption key by utilizing a first encryption and decryption algorithm to obtain a plaintext key;
a data encryption module: the encryption device is used for encrypting the data by utilizing a second encryption and decryption algorithm according to the plaintext secret key to obtain ciphertext data;
a data sending module: and the cryptograph data is sent to the bottom storage device.
Preferably, the method further comprises the following steps:
a volume creation module: the method comprises the steps of generating a plaintext secret key according to a random algorithm when a logical volume is created; encrypting the plaintext secret key by using the first encryption and decryption algorithm to obtain an encrypted secret key; storing the encryption key in the destination field.
In a third aspect, the present application further provides a server of a distributed storage system, including:
a memory: for storing a computer program;
a processor: for executing the computer program to implement the steps of the data reading and writing method of a distributed storage system as described above.
In a fourth aspect, the present application provides a readable storage medium, on which a computer program is stored, which, when being executed by a processor, is configured to implement the steps of the data reading and writing method of the distributed storage system as described above.
The scheme of the data read-write method, the data read-write device, the server and the readable storage medium of the distributed storage system provided by the application comprises the following steps: when a client sends data to an RBD layer, reading a target field of the data, and determining an encryption key according to a reading result; decrypting the encryption key by using a first encryption and decryption algorithm to obtain a plaintext key; encrypting the data by using a second encryption and decryption algorithm according to the plaintext key to obtain ciphertext data; and sending the ciphertext data to the bottom-layer storage device.
Therefore, the scheme adopts a mode of combining two encryption algorithms, on one hand, the data are encrypted, on the other hand, the secret key is encrypted again, and the data security is improved. In addition, in the distributed storage system, the user realizes the read-write access of data by mounting the volume, and the data write-in and read-out operation of any volume is processed by the RBD layer, so that the data is uniformly encrypted and decrypted in the RBD layer, and the safe off-disk storage of the data and the user-unaware access can be realized. Therefore, the scheme does not affect the normal operation of the original service while applying a mature standard algorithm to protect data, the user layer has no visual perception on the encryption and decryption process, the use mode of the user does not need to be changed, and the data protection is completed by less code modification.
Drawings
For a clearer explanation of the embodiments or technical solutions of the prior art of the present application, the drawings needed for the description of the embodiments or prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart illustrating a first implementation of a data reading and writing method of a distributed storage system according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram of a symmetric encryption algorithm implementation process provided in the present application;
FIG. 3 is a schematic diagram of an architecture of a distributed storage system provided herein;
fig. 4 is a schematic diagram of a data read-write process of a second embodiment of a data read-write method of a distributed storage system according to the present application;
fig. 5 is a flowchart illustrating an implementation of a data writing process according to a second embodiment of a data reading and writing method for a distributed storage system provided by the present application;
fig. 6 is a flowchart illustrating an implementation of a data reading process according to a second embodiment of a data reading and writing method for a distributed storage system provided in the present application;
fig. 7 is a functional block diagram of an embodiment of a data reading and writing apparatus of a distributed storage system provided in the present application.
Detailed Description
The core of the application is to provide a data reading and writing method, a device, a server and a readable storage medium of a distributed storage system, the data is protected by adopting a mode of combining two encryption algorithms, the normal operation of the original service is not influenced, and a user layer has no visual perception on the encryption and decryption process.
In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, a first embodiment of a data reading and writing method of a distributed storage system provided in the present application is described below, where the first embodiment includes:
s101, when a client sends data to an RBD layer, reading a target field of the data, and determining an encryption key according to a reading result;
s102, decrypting the encryption key by using a first encryption and decryption algorithm to obtain a plaintext key;
s103, encrypting the data by using a second encryption and decryption algorithm according to the plaintext secret key to obtain ciphertext data;
and S104, sending the ciphertext data to the bottom-layer storage device.
In the embodiment, the mixed development of two languages, namely C and C + +, is adopted, the implementation is realized on a RBD layer (Rados block device) of the distributed storage system, two encryption and decryption algorithms are flexibly applied, and encryption and decryption of common IO data and protection of key data are respectively completed, so that the secure storage of the data is realized. Specifically, the present embodiment adopts a combination of two encryption algorithms, on one hand, to encrypt the data itself, and on the other hand, to encrypt and protect the key used for encrypting the data again.
The first encryption and decryption algorithm and the second encryption and decryption algorithm are only used for describing two different encryption and decryption algorithms, and in practical application, appropriate mature standard algorithms can be adopted. The basic flow of the second Encryption and decryption algorithm is shown in fig. 2, and the method is characterized in that the same key is used for both Encryption and decryption, and has the advantages of algorithm disclosure, small calculation amount, high Encryption efficiency, and suitability for encrypting a large amount of data, and common symmetric Encryption algorithms include des (dataencryption standard), RC4, aes (advanced Encryption standard), and the like. The embodiment does not limit what kind of the first encryption and decryption algorithm and the second encryption and decryption algorithm is specifically determined according to actual requirements.
As shown in fig. 3, in the distributed storage system, a user realizes read-write access of data by mounting a volume, and since data write-in and read-out operations of any volume are processed by the RBD layer, the data is uniformly encrypted and decrypted in the RBD layer, and secure disk-dropping storage of the data and user-unaware access can be realized. Therefore, the embodiment does not affect the normal operation of the original service while protecting data by using a mature standard algorithm, the user layer has no visual perception on the encryption and decryption process, the use mode of the user does not need to be changed, and the data protection can be completed by using less code modification.
In this embodiment, in addition to the above-described implementation of encryption of data, protection and storage of keys also needs to be considered. Specifically, in the volume creation process, the volume plaintext key is generated according to the random algorithm, the plaintext key is encrypted by using the first encryption and decryption algorithm to obtain the encryption key, and the encryption key is stored in the target field of the data of the volume.
Therefore, when the client writes data to the distributed storage system, the encryption key is read from the target field of the data, the encryption key is decrypted by using the first encryption and decryption algorithm to obtain a plaintext key, the data is encrypted by using the second encryption and decryption algorithm according to the plaintext key, and encrypted ciphertext data obtained by encryption is sent to the bottom-layer storage device. The target field is a certain field in the data of the pre-specified volume, specifically, a newly added field, and this embodiment sets the field for the data that needs to be encrypted, and does not set the field for the data that does not need to be encrypted.
The data read-write method for the distributed storage system provided by the embodiment adopts a mode of combining two encryption algorithms, on one hand, data are encrypted, and on the other hand, a secret key is encrypted again, so that the data security is improved. In addition, the data is uniformly encrypted and decrypted in the RBD layer, so that the safe disk-falling storage of the data and the user-unaware access can be realized. Therefore, the scheme does not affect the normal operation of the original service while applying a mature standard algorithm to protect data, the user layer has no visual perception on the encryption and decryption process, the use mode of the user does not need to be changed, and the data protection is completed by less code modification.
The second embodiment of the data reading and writing method for the distributed storage system provided by the present application is described in detail below, and the second embodiment is implemented based on the first embodiment and is expanded to a certain extent on the basis of the first embodiment.
After comparison and investigation, the data encryption of this embodiment is confirmed by using AES algorithm, i.e. advanced encryption standard. The AES has better safety, efficiency and flexibility, can quickly encrypt and decrypt in software and hardware, is not cracked at present, is relatively easy to realize, and only needs a little memory. For the protection of special data such as a key, a 3DES algorithm is selected for encryption, and the 3DES is equivalent to applying a three-time DES encryption algorithm to each data block. In summary, the second embodiment selects 3DES as the first encryption/decryption algorithm, and selects AES as the second encryption/decryption algorithm.
The present embodiment describes processes of data writing and data reading, respectively, fig. 4 is a schematic diagram of the processes of data writing and data reading in the embodiment, fig. 5 is an implementation flowchart of the data writing process, and fig. 6 is an implementation flowchart of the data reading process.
Referring to fig. 4 and 5, the data writing process specifically includes:
s501, generating a plaintext secret key according to a random algorithm when a logical volume is created;
s502, encrypting the plaintext key by using the 3DES to obtain an encryption key; and storing the encryption key in the target field;
that is, during volume creation, a volume plaintext key K is generated according to a random algorithm, and the key is processed by a 3DES algorithm to form a ciphertext key K', and the ciphertext key is stored in a volume attribute target field.
S503, reading a target field of the data when the client sends the data to the RBD layer;
s504, if the reading result is empty, determining that the current volume is an unencrypted volume, and directly writing the data into the bottom-layer storage device;
s505, if the reading result is not empty, determining that the current volume is an encrypted volume, and determining an encryption key according to the reading result;
s506, decrypting the encryption key by using 3DES to obtain a plaintext key;
s507, performing byte-level encryption on the data by using AES according to the plaintext key to obtain ciphertext data;
and S508, sending the ciphertext data to the bottom-layer storage device.
In summary, the data writing process in the second embodiment includes: when data is issued to an RBD layer, whether a target field in the volume attribute has information or not is read, and if the target field has the information, the volume is an encrypted volume; acquiring specific content K' of the target field, and decrypting by using a 3DES algorithm to generate a plaintext key K; expanding the key K, and performing byte-level encryption on the written data by using an AES algorithm to generate ciphertext data; and sending the ciphertext data to a bottom layer for storage, wherein the data stored in the volume object are all the ciphertext data.
Referring to fig. 4 and 6, the data reading process specifically includes:
s601, after the RBD layer acquires ciphertext data from the bottom storage device, reading a target field of the ciphertext data, and determining an encryption key according to a reading result;
s602, decrypting the encryption key by using 3DES to obtain a plaintext key;
s603, decrypting the ciphertext data by using AES according to the plaintext key to obtain original data;
and S604, sending the data to a client.
To sum up, the data reading process in the second embodiment includes: after ciphertext data is obtained from a bottom layer, whether a target field in a volume attribute has information or not is read in an RBD layer, and if the target field has the information, the volume is an encrypted volume; acquiring specific content K' of the target field, and decrypting by using a 3DES algorithm to generate a plaintext key K; expanding the key K, and performing byte-level decryption on the written data by using an AES algorithm to generate plaintext data; and uploading the plaintext data to the client for application by the user.
Therefore, according to the data read-write method of the distributed storage system provided by the embodiment, the AES and the 3DES which are high in maturity, high in safety and high in execution efficiency are matched with each other, so that the influence on the operation of the existing system is minimized while data secret storage and secret key re-secret protection are completed. The mature standard encryption algorithms AES and 3DES are reasonably applied, the read-write data and the secret key are protected by less code modification and perfect compatibility of the existing process, and the use habit of a user does not need to be changed.
In the following, a data read/write apparatus of a distributed storage system provided in an embodiment of the present application is introduced, and a data read/write apparatus of a distributed storage system described below and a data read/write method of a distributed storage system described above may be referred to correspondingly.
Referring to fig. 7, the apparatus includes:
the field reading module 701: the system comprises a data storage layer, a client side and an RBD layer, wherein the data storage layer is used for storing data, the client side is used for sending the data to the RBD layer, reading a target field of the data and determining an encryption key according to a reading result;
the key decryption module 702: the encryption key is used for decrypting the encryption key by utilizing a first encryption and decryption algorithm to obtain a plaintext key;
the data encryption module 703: the encryption device is used for encrypting the data by utilizing a second encryption and decryption algorithm according to the plaintext secret key to obtain ciphertext data;
the data sending module 704: and the cryptograph data is sent to the bottom storage device.
In some specific embodiments, the method further comprises:
a volume creation module: the method comprises the steps of generating a plaintext secret key according to a random algorithm when a logical volume is created; encrypting the plaintext secret key by using the first encryption and decryption algorithm to obtain an encrypted secret key; storing the encryption key in the destination field.
Therefore, specific embodiments of the apparatus can be seen in the foregoing embodiments of the data reading and writing method of the distributed storage system, for example, the field reading module 701, the key decryption module 702, the data encryption module 703, and the data sending module 704 are respectively used for implementing steps S101, S102, S103, and S104 in the data reading and writing method of the distributed storage system. Therefore, specific embodiments thereof may be referred to in the description of the corresponding respective partial embodiments, and will not be described herein.
In addition, since the data reading and writing device of the distributed storage system of this embodiment is used to implement the data reading and writing method of the distributed storage system, the role of the data reading and writing device corresponds to the role of the method, and details are not described here.
In addition, the present application also provides a server of a distributed storage system, including:
a memory: for storing a computer program;
a processor: for executing the computer program to implement the steps of a data reading and writing method of a distributed storage system as described above.
Finally, the present application provides a readable storage medium having stored thereon a computer program for implementing the steps of a method for reading and writing data of a distributed storage system as described above when executed by a processor.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The above detailed descriptions of the solutions provided in the present application, and the specific examples applied herein are set forth to explain the principles and implementations of the present application, and the above descriptions of the examples are only used to help understand the method and its core ideas of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A data read-write method of a distributed storage system is characterized by comprising the following steps:
when a client sends data to an RBD layer, reading a target field of the data, and determining an encryption key according to a reading result;
decrypting the encryption key by using a first encryption and decryption algorithm to obtain a plaintext key;
encrypting the data by using a second encryption and decryption algorithm according to the plaintext secret key to obtain ciphertext data;
and sending the ciphertext data to a bottom-layer storage device.
2. The method of claim 1, wherein before said reading the target field of the data and determining an encryption key based on the read result, further comprising:
generating a plaintext secret key according to a random algorithm when a logical volume is created; encrypting the plaintext secret key by using the first encryption and decryption algorithm to obtain an encrypted secret key; storing the encryption key in the destination field.
3. The method of claim 2, wherein determining an encryption key based on the read result comprises:
if the reading result is empty, determining that the current volume is an unencrypted volume; and if the reading result is not null, determining that the current volume is the encrypted volume, and determining the encryption key according to the reading result.
4. The method of claim 1, wherein decrypting the encrypted key using a first encryption/decryption algorithm to obtain a plaintext key comprises:
and decrypting the encryption key by using a 3DES algorithm to obtain a plaintext key.
5. The method of claim 4, wherein said encrypting the data using the second encryption/decryption algorithm to obtain ciphertext data comprises:
and carrying out byte-level encryption on the data by using an AES algorithm to obtain ciphertext data.
6. The method of any of claims 1-5, further comprising, after the sending the ciphertext data to an underlying storage device:
after the RBD layer acquires ciphertext data from the bottom storage device, reading a target field of the ciphertext data, and determining an encryption key according to a reading result;
decrypting the encryption key by using a first encryption and decryption algorithm to obtain a plaintext key;
decrypting the ciphertext data by using a second encryption and decryption algorithm according to the plaintext secret key to obtain original data;
and sending the data to a client.
7. A data read/write apparatus for a distributed storage system, comprising:
a field reading module: the system comprises a data storage layer, a client side and an RBD layer, wherein the data storage layer is used for storing data, the client side is used for sending the data to the RBD layer, reading a target field of the data and determining an encryption key according to a reading result;
a key decryption module: the encryption key is used for decrypting the encryption key by utilizing a first encryption and decryption algorithm to obtain a plaintext key;
a data encryption module: the encryption device is used for encrypting the data by utilizing a second encryption and decryption algorithm according to the plaintext secret key to obtain ciphertext data;
a data sending module: and the cryptograph data is sent to the bottom storage device.
8. The apparatus of claim 7, further comprising:
a volume creation module: the method comprises the steps of generating a plaintext secret key according to a random algorithm when a logical volume is created; encrypting the plaintext secret key by using the first encryption and decryption algorithm to obtain an encrypted secret key; storing the encryption key in the destination field.
9. A server of a distributed storage system, comprising:
a memory: for storing a computer program;
a processor: steps for executing the computer program to implement a method of reading and writing data of a distributed storage system as claimed in any one of claims 1 to 6.
10. A readable storage medium, having stored thereon a computer program for implementing the steps of a method for reading and writing data of a distributed storage system according to any one of claims 1 to 6 when executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910894142.XA CN110650191A (en) | 2019-09-20 | 2019-09-20 | Data read-write method of distributed storage system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910894142.XA CN110650191A (en) | 2019-09-20 | 2019-09-20 | Data read-write method of distributed storage system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110650191A true CN110650191A (en) | 2020-01-03 |
Family
ID=69010965
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910894142.XA Pending CN110650191A (en) | 2019-09-20 | 2019-09-20 | Data read-write method of distributed storage system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110650191A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111010408A (en) * | 2020-01-06 | 2020-04-14 | 中国银联股份有限公司 | Distributed encryption and decryption method and system |
| CN112311529A (en) * | 2020-10-27 | 2021-02-02 | 银清科技有限公司 | Data encryption method, data decryption method and data processing method of database |
| CN113836553A (en) * | 2021-09-22 | 2021-12-24 | 北京计算机技术及应用研究所 | Distributed storage data protection method for dynamic reconstruction of cryptographic algorithm |
| CN113987557A (en) * | 2021-12-24 | 2022-01-28 | 亿次网联(杭州)科技有限公司 | File encryption processing method and system, electronic equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102831080A (en) * | 2012-08-28 | 2012-12-19 | 广东欧珀移动通信有限公司 | Data security protection method for mobile storage equipment |
| CN105653973A (en) * | 2015-12-16 | 2016-06-08 | 金蝶软件(中国)有限公司 | Data encryption method and apparatus based on business platform |
| CN107451483A (en) * | 2017-07-28 | 2017-12-08 | 佛山市南方数据科学研究院 | A kind of safe encryption method of data platform |
| CN108133144A (en) * | 2017-12-22 | 2018-06-08 | 浪潮(北京)电子信息产业有限公司 | A kind of virtual disk files guard method, device, equipment and readable storage medium storing program for executing |
| CN108900464A (en) * | 2018-04-26 | 2018-11-27 | 平安科技(深圳)有限公司 | Electronic device, data processing method and computer storage medium based on block chain |
| CN109583217A (en) * | 2018-11-21 | 2019-04-05 | 深圳市易讯天空网络技术有限公司 | A kind of encryption of internet electric business platform user private data and decryption method |
-
2019
- 2019-09-20 CN CN201910894142.XA patent/CN110650191A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102831080A (en) * | 2012-08-28 | 2012-12-19 | 广东欧珀移动通信有限公司 | Data security protection method for mobile storage equipment |
| CN105653973A (en) * | 2015-12-16 | 2016-06-08 | 金蝶软件(中国)有限公司 | Data encryption method and apparatus based on business platform |
| CN107451483A (en) * | 2017-07-28 | 2017-12-08 | 佛山市南方数据科学研究院 | A kind of safe encryption method of data platform |
| CN108133144A (en) * | 2017-12-22 | 2018-06-08 | 浪潮(北京)电子信息产业有限公司 | A kind of virtual disk files guard method, device, equipment and readable storage medium storing program for executing |
| CN108900464A (en) * | 2018-04-26 | 2018-11-27 | 平安科技(深圳)有限公司 | Electronic device, data processing method and computer storage medium based on block chain |
| CN109583217A (en) * | 2018-11-21 | 2019-04-05 | 深圳市易讯天空网络技术有限公司 | A kind of encryption of internet electric business platform user private data and decryption method |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111010408A (en) * | 2020-01-06 | 2020-04-14 | 中国银联股份有限公司 | Distributed encryption and decryption method and system |
| CN111010408B (en) * | 2020-01-06 | 2022-02-11 | 中国银联股份有限公司 | Distributed encryption and decryption method and system |
| CN112311529A (en) * | 2020-10-27 | 2021-02-02 | 银清科技有限公司 | Data encryption method, data decryption method and data processing method of database |
| CN113836553A (en) * | 2021-09-22 | 2021-12-24 | 北京计算机技术及应用研究所 | Distributed storage data protection method for dynamic reconstruction of cryptographic algorithm |
| CN113836553B (en) * | 2021-09-22 | 2023-10-20 | 北京计算机技术及应用研究所 | Distributed storage data protection method for dynamic reconstruction of cryptographic algorithm |
| CN113987557A (en) * | 2021-12-24 | 2022-01-28 | 亿次网联(杭州)科技有限公司 | File encryption processing method and system, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110650191A (en) | Data read-write method of distributed storage system | |
| US7792300B1 (en) | Method and apparatus for re-encrypting data in a transaction-based secure storage system | |
| US8826037B2 (en) | Method for decrypting an encrypted instruction and system thereof | |
| KR101405720B1 (en) | Accelerated cryptography with an encryption attribute | |
| US20080247540A1 (en) | Method and apparatus for protecting digital contents stored in usb mass storage device | |
| US20030133574A1 (en) | Secure CPU and memory management unit with cryptographic extensions | |
| CN103294961A (en) | Method and device for file encrypting/decrypting | |
| EP2528004A1 (en) | Secure removable media and method for managing the same | |
| JP2003198534A (en) | Apparatus for encrypting data and method thereof | |
| EP2722787A1 (en) | Method and apparatus for writing and reading encrypted hard disk data | |
| US20210117805A1 (en) | Inference apparatus, and inference method | |
| CN113221171A (en) | Encrypted file reading and writing method and device, electronic equipment and storage medium | |
| CN104967591A (en) | Cloud storage data read-write method and device, and read-write control method and device | |
| CN106682521B (en) | File transparent encryption and decryption system and method based on driver layer | |
| JP2007108833A (en) | Device for storing a plurality of passwords and password management method | |
| CN106100829B (en) | Method and device for encrypted storage | |
| US9979541B2 (en) | Content management system, host device and content key access method | |
| CN112651038B (en) | VR resource safety protection method and terminal capable of reducing space and time | |
| JPH0997175A (en) | Software use control method | |
| CN108985109A (en) | A kind of date storage method and device | |
| US9537842B2 (en) | Secondary communications channel facilitating document security | |
| US20160357470A1 (en) | Computer readable medium, information processing apparatus, and method | |
| KR20200045820A (en) | Apparatus and method for encryption and decryption | |
| CN117371029A (en) | Sensitive data storage method, apparatus, device, storage medium and program product | |
| CN101763319A (en) | Disk FDE (Full Disk Encryption) system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200103 |