CN112242899B - NAS storage system and method for encrypting and decrypting storage file by using quantum key - Google Patents
NAS storage system and method for encrypting and decrypting storage file by using quantum key Download PDFInfo
- Publication number
- CN112242899B CN112242899B CN201910646121.6A CN201910646121A CN112242899B CN 112242899 B CN112242899 B CN 112242899B CN 201910646121 A CN201910646121 A CN 201910646121A CN 112242899 B CN112242899 B CN 112242899B
- Authority
- CN
- China
- Prior art keywords
- file
- storage
- quantum key
- management server
- nas
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Abstract
The invention discloses an NAS storage system for encrypting and decrypting a storage file by using a quantum key, which comprises a client, a file storage management server, a quantum key safety management module, a quantum key source and an NAS storage module, wherein the client and the NAS storage module are both connected with the file storage management server, the quantum key source is connected with the file storage management server through the quantum key safety management module, the NAS storage module comprises a plurality of NAS storage devices, each NAS storage device is distributed with an IP address, and the client accesses the NAS storage module through the file storage management server. The invention also provides a method for encrypting and decrypting the storage file by using the NAS storage system. Compared with the prior art, the invention has the following advantages: the quantum key source is utilized to generate the quantum key and encrypt and decrypt the storage file, and the file encrypted by the quantum key cannot be decoded even if being stolen by a hacker in the transmission and storage processes, so that the security of the file is ensured.
Description
Technical Field
The invention relates to the technical field of data Storage encryption and decryption, in particular to a file Storage encryption, reading and decryption technology of an NAS (Network Attached Storage) Storage system.
Background
In recent decades, computer science and technology have been developed continuously, network functions have become more and more powerful, and people have higher and higher requirements on file transmission and storage speed and file storage confidentiality.
The NAS storage system is a special data storage server, comprises storage equipment and embedded system software, realizes data transmission based on a standard network protocol, provides cross-platform file sharing and data backup services for computers of various operating systems such as Windows/Linux/Mac OS and the like in a network, and the storage equipment is distributed with IP addresses. The NAS storage device supports a multi-computer platform, and a user can enter the same document through a network support protocol, so that the NAS storage device can be used in a hybrid Unix/Windows NT LAN without modification. The physical positions of the NAS storage devices are very flexible, and the NAS storage devices can be placed at any position in a working group, can be close to an application server of a data center, and can also be placed at other places and connected with a network through a physical link. The NAS storage appliance allows users to access data over the network without application server intervention, which both reduces CPU overhead and significantly improves network performance. As shown in fig. 1, an existing NAS storage system generally includes a client, a traditional router, and a NAS storage module, where the client accesses the NAS storage module through the traditional router, the NAS storage module includes a plurality of NAS storage devices, and each NAS storage device is assigned with an IP address.
The patent application No. 201710221921.4, filed as 2017.04.06, provides a NAS device, a distributed processing system and a method, wherein the NAS device comprises: the router comprises a router and a plurality of storage modules connected with the router; each storage module in the plurality of storage modules is provided with a microcontroller, a wireless communication device and a magnetic disk; the wireless communication device and the magnetic disc are respectively connected with the microcontroller; the microcontroller is used for carrying out fault detection on the disk in the process of reading and writing data of the disk and sending a disk fault instruction when the disk fault is detected; and the wireless communication device is used for transmitting read-write data of the disk and a disk fault command. Compared with the connection between a router and a server in the related art, the connection method has the advantages that the storage module is directly connected with the router in the NAS device, the fault of the storage module can be identified in time when the storage module has a problem, and corresponding fault switching is carried out.
However, the NAS (network Attached storage) network Attached storage system architecture also has a drawback that it is not negligible, and connections between various CPUs and storage units do not use a dedicated high-speed bus specially for storage access requirements, but use a LAN to complete communication, so the NAS needs to consider an additional data security measure to resist data leakage risks caused by design defects, storage device security vulnerabilities, other vulnerabilities, and the like existing in NAS settings.
Patent application No. 201710181643.4, filed 2017.03.24, discloses a distributed network attached storage method and system, the system comprising: the system comprises a proxy server, a plurality of network attached storage NAS virtual machines, routing equipment and a back-end storage file system; the plurality of NAS virtual machines are connected with a client side and connected with the back-end storage file system through the routing equipment; the proxy server is connected to the plurality of NAS virtual machines and used for receiving mounting requests initiated by the clients and distributing the mounting requests of different clients to different NAS virtual machines; the NAS virtual machine is used as a file system server to provide network file system services for the corresponding client. The system is based on the sharable characteristic of the back-end storage file system, the NAS virtual machines are respectively established on different computing nodes and connected to the same back-end storage file system, the plurality of NAS virtual machines provide services for users at the same time, and only part of service ports are exposed to the outside, so that the network security is ensured. But the data transmission path is not encrypted, so the data storage still has leakage risk.
The patent application with the application number of 200610124993.9 and the application date of 2006.11.09 discloses an encryption read-write method in a kernel-state file system layer, which is positioned between a virtual file system and a physical file system, and during read operation, read ciphertext data are decrypted and then transmitted to an upper virtual file system; during writing operation, the type of the writing operation is judged firstly, if the writing operation is carried out, plaintext data to be written is encrypted firstly, then intercepted ciphertext data is transmitted to a lower-layer physical file system, and if the writing operation is carried out, the ciphertext data read into an internal memory is subjected to four steps of local decryption, covering, global encryption, local interception and the like. The method not only has the inherent high efficiency of kernel mode operation, but also improves the efficiency of data operation by adopting a local decryption and local interception mode. According to the test process and the test data, the encryption read-write method can overcome the inconvenience of an application layer encryption program and the low efficiency of a user-mode encryption file system at the same time. The method has the disadvantages that the system is only operated in a linux environment, the required file is only provided when the process calls, and the file is not directly stored.
In summary, when the NAS system is used for long-distance file transmission and storage, the files are easy to be intercepted and deciphered. In recent years, problems including a prism door event in the united states, a Windows backdoor event which can be utilized by hackers, and the like reflect that information security in the global range is challenged more and more, and more people pay more attention to the information security. The existing NAS network attached storage system does not have an effective encryption mode for encrypting and storing files to be stored, hackers and other lawless persons utilize backdoors and loopholes of software and hardware to invade the system and steal file data, and unnecessary loss is easily caused to countries, units and individuals. Stealing unencrypted files results in leakage of user sensitive content, which results in immeasurable loss.
Disclosure of Invention
The technical problem to be solved by the invention is how to solve the problem that the existing NAS storage system does not effectively encrypt the stored file to cause data leakage.
The invention solves the technical problems through the following technical scheme: the NAS storage system comprises a client, a file storage management server, a quantum key security management module, a quantum key source and an NAS storage module, wherein the client and the NAS storage module are both connected with the file storage management server, the quantum key source is connected with the file storage management server through the quantum key security management module, the NAS storage module comprises a plurality of NAS storage devices, each NAS storage device is distributed with an IP address, and the client accesses the NAS storage module through the file storage management server.
Specifically, the client is used for sending requests such as uploading storage, accessing and downloading and the like to the file storage management server;
the file storage management server is used for connecting a client, a quantum key safety management module and an NAS storage module system, and specifically comprises the following steps: (1) completing the identity verification of the client; (2) authorization of file upload and download; (3) interacting with a quantum key safety management module, and importing a file needing encryption and decryption operation into the quantum key safety management module; (4) storing the IP addresses of the NAS storage devices, and uploading and downloading encrypted files to an NAS storage module;
the quantum key safety management module is used for connecting a quantum key source and a file storage management server, and specifically comprises the following steps: (1) finishing the management of the key and the file storage address; (2) obtaining a secret key from a quantum secret key source, and carrying out safe storage and management on the secret key; (3) interacting with a file storage management server, and respectively encrypting and decrypting files applied to upload and download by a client;
the quantum key source is used for providing a key required by the quantum key security management module;
the NAS storage module is used for storing files.
As an optimized technical scheme, the quantum key security management module binds a key and a file storage address.
The invention also provides a method for encrypting and decrypting the storage file by using the NAS storage system, which comprises the following steps:
the client sends an uploading storage or accessing downloading request to the file storage management server;
the file storage management server completes authentication of the client and authorization of file uploading or downloading, interacts with the quantum key security management module and the NAS storage module, and introduces files which need to be encrypted and uploaded by the client and files to be decrypted and downloaded from the NAS storage module into the quantum key security management module;
the quantum key safety management module acquires a key from a quantum key source, interacts with the file storage management server and respectively encrypts and decrypts files applied to be uploaded and downloaded by the client;
and the file storage management server uploads the encrypted file to the NAS storage module or forwards the decrypted downloaded file to the client.
The method for encrypting and decrypting the stored file specifically comprises the following file encryption uploading process and file decryption downloading process:
the file encryption uploading process comprises the following specific steps:
step 11: the client sends an uploading storage request to the file storage management server;
step 12: the file storage management server carries out identity authentication on the client, and if the identity of the client is confirmed, the file storage management server allocates a storage address for the file to be stored, namely an IP address of NAS storage equipment to be stored;
step 13: the file storage management server issues an instruction for encrypting the file by using the quantum key to the quantum key security management module, and transmits the file to be stored and the storage address allocated to the file to be stored to the quantum key security management module to wait for encryption;
step 14: the quantum key safety management module requests a quantum key from a quantum key source;
step 15: after receiving the instruction of the quantum key security management module requesting the quantum key, the quantum key source distributes the quantum key to the quantum key security management module;
step 16: after obtaining the quantum key, the quantum key safety management module encrypts a file to be stored, and stores the key and the storage address information into the quantum key safety management module;
and step 17: the quantum key safety management module sends the encrypted file to be stored to a file storage management server;
step 18: the file storage management server puts the encrypted file into the NAS storage equipment at the corresponding position in the NAS storage module according to the allocated storage address;
secondly, a file decryption downloading process comprises the following specific steps:
step 21: the client sends a file downloading request to the file storage management server;
step 22: the file storage management server carries out identity verification on the client, and if the identity of the client is confirmed, the file storage management server searches the storage file to be downloaded in the NAS storage module and downloads the storage file;
step 23: the file storage management server transmits the downloaded storage file and the storage address of the storage file to the quantum key safety management module;
step 24: the quantum key safety management module finds the quantum key bound with the storage address through the storage address and decrypts the downloaded storage file;
step 25: the decrypted storage file is transmitted to a file storage management server;
step 26: and the file storage management server forwards the decrypted storage file to the client.
As an optimized technical scheme, the quantum key safety management module binds the key and the storage address information.
As an optimized technical solution, in step 22, the file storage management server polls and searches for the storage file to be downloaded in each NAS storage device of the NAS storage module.
As an optimized technical solution, in the step 12 and the step 22, the file storage management server performs authentication on the client, and if the authentication fails, the request is not processed.
As an optimized technical solution, in step 15, after receiving the instruction of the quantum key security management module requesting the quantum key, the quantum key source generates a random quantum key, and sends the quantum key to the quantum key security management module.
As an optimized technical scheme, the quantum key and the file are stored separately.
Compared with the prior art, the invention has the following advantages:
1. the quantum key generated by the quantum key source has randomness, the storage file is encrypted and decrypted, and the file encrypted by the quantum key cannot be decoded even if the file is stolen by a hacker in the transmission and storage processes, so that the security of the file is ensured;
2. the file and the secret key are stored separately, so that the security of the file is improved;
3. the quantum key safety management module is used for storing and managing the key, and the key and the storage address of the encrypted file are bound and then are managed in a unified manner, so that the file is convenient to access, and the encryption and decryption are more flexible and efficient;
4. the file storage management server is matched with the quantum key safety management module to complete operations such as encryption, decryption, storage, reading and the like of files, and organic combination of the quantum keys and the NAS storage system is achieved.
Drawings
FIG. 1 is a schematic diagram of a prior art NAS storage system;
FIG. 2 is a schematic diagram of an NAS storage system for encrypting and decrypting a storage file using a quantum key according to an embodiment of the invention.
Detailed Description
The following examples are given for the detailed implementation and specific operation of the present invention, but the scope of the present invention is not limited to the following examples.
In this application, unless expressly stated or limited otherwise, the terms "connected," "connected," and the like are to be construed broadly, as meaning mechanical or electrical connections or communications; they may be directly connected or indirectly connected through intervening media, or may be connected through the use of two elements or the interaction of two elements. The specific meaning of the above terms in the present application can be understood by those of ordinary skill in the art as appropriate.
Referring to fig. 2, the NAS storage system for encrypting and decrypting a storage file by using a quantum key according to the present invention includes a client, a file storage management server, a quantum key security management module, a quantum key source, and an NAS storage module, where the client and the NAS storage module are both connected to the file storage management server, the quantum key source is connected to the file storage management server through the quantum key security management module, the NAS storage module includes a plurality of NAS storage devices, and each NAS storage device is allocated with an IP address. And the client accesses the NAS storage module through the file storage management server.
The client is used for sending requests of uploading storage, downloading access and the like to the file storage management server.
The file storage management server is used for connecting a client, a quantum key safety management module and an NAS storage module system, and has the main functions of: (1) completing the identity verification of the client; (2) authorization of file upload and download; (3) interacting with a quantum key safety management module, and importing a file needing encryption and decryption operation into the quantum key safety management module; (4) and storing the IP addresses of the NAS storage devices, and uploading and downloading the encrypted files to the NAS storage module.
The quantum key safety management module is used for connecting a quantum key source and a file storage management server, and has the main functions of: (1) binding and managing the key and the file storage address; (2) obtaining a secret key from a quantum secret key source, and carrying out safe storage and management on the secret key; (3) and interacting with a file storage management server, and respectively encrypting and decrypting files applied to upload and download by the client.
The quantum key source is used for providing keys required by the quantum key security management module.
The NAS storage module is used for storing files.
The method for encrypting and decrypting the file by the NAS storage system comprises the following two processes:
firstly, a file encryption uploading process includes the following specific steps:
step 11: the client sends an uploading storage request to the file storage management server;
step 12: the file storage management server carries out identity authentication on the client, and if the identity authentication is not passed, the request is not processed; if the identity of the client is confirmed, the file storage management server allocates a storage address for the file to be stored, namely an IP address of NAS storage equipment to be stored;
step 13: the file storage management server issues an instruction for encrypting the file by using the quantum key to the quantum key safety management module, and transmits the file to be stored and the storage address distributed for the file to be stored to the quantum key safety management module to wait for encryption;
step 14: the quantum key safety management module requests a quantum key from a quantum key source;
step 15: after receiving the instruction of the quantum key security management module requesting the quantum key, the quantum key source generates a random quantum key, and directly sends the quantum key to the quantum key security management module.
Step 16: after the quantum key security management module obtains the quantum key, encrypting the file to be stored according to the existing encryption mode (such as OTP, AES and the like), and storing the key and the storage address information into the quantum key security management module, preferably, binding the key and the storage address information, and uniformly storing and managing by the quantum key security management module, so that the storage file is safely, conveniently and effectively encrypted and subsequently decrypted, and because the file storage address has uniqueness, the storage address of the file is bound with the key, the management of the quantum key security management module on the key is more convenient and efficient, the key label information such as the key number and the like does not need to be additionally distributed, and the resource overhead of key management is saved;
and step 17: the quantum key safety management module sends the encrypted file to be stored to a file storage management server;
step 18: and the file storage management server puts the encrypted file into the NAS storage equipment at the corresponding position in the NAS storage module according to the allocated storage address.
The file decryption downloading process comprises the following specific steps:
step 21: the client sends a file downloading request to the file storage management server;
step 22: the file storage management server carries out identity authentication on the client, and if the identity authentication is not passed, the request is not processed; if the identity of the client is confirmed, the file storage management server searches each NAS storage device of the NAS storage module to find a storage file to be downloaded in a round mode, and downloads the storage file;
step 23: the file storage management server transmits the downloaded storage file and the storage address to the quantum key security management module;
and step 24: the quantum key safety management module finds the quantum key bound with the storage address through the storage address and decrypts the downloaded storage file;
step 25: the decrypted storage file is transmitted to a file storage management server;
step 26: and the file storage management server forwards the decrypted storage file to the client.
In the process, key management and file encryption and decryption operations are all performed in the quantum key security management module, the client, the file storage management server and the like do not contact the key, and the key and the file are stored separately, so that the security of the encrypted file is ensured.
The application discloses an NAS storage system and a method for encrypting and decrypting a storage file by using a quantum key. In the system, the file storage management server receives a file storage request of a client, and grants a storage authority after confirming the identity. And encrypting the file by using the key generated by the quantum key source, storing the encrypted file into the NAS storage device, and uniformly managing the used key and the storage address of the file in a quantum key safety management module after the used key is bound with the storage address of the file. When the client side initiates a request for accessing and downloading, the file storage management server grants the downloading permission after confirming the user identity, and searches the file to be downloaded from the specified NAS storage equipment. And the quantum key safety management module finds out a corresponding key according to the binding relation between the file storage address and the key to decrypt the file.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (10)
1. The NAS storage system is characterized by comprising a client, a file storage management server, a quantum key security management module, a quantum key source and an NAS storage module, wherein the client and the NAS storage module are both connected with the file storage management server;
the file storage management server is used for connecting the client, the quantum key security management module and the NAS storage module system, and specifically comprises the following steps: (1) completing the identity verification of the client; (2) authorization of file upload and download; (3) interacting with the quantum key security management module, and importing a file which needs to be encrypted and decrypted into the quantum key security management module; (4) storing the IP addresses of the NAS storage devices, and uploading and downloading encrypted files to an NAS storage module;
the quantum key safety management module is used for connecting a quantum key source and a file storage management server, and specifically comprises the following steps: (1) completing the management of the key and the file storage address; (2) obtaining a secret key from a quantum secret key source, and carrying out safe storage and management on the secret key; (3) and interacting with the file storage management server, and respectively encrypting and decrypting files applied to upload and download by the client.
2. The NAS storage system for encrypting and decrypting a storage file by using a quantum key according to claim 1, wherein the client is configured to send a request for uploading storage and accessing downloading to a file storage management server;
the quantum key source is used for providing a key required by the quantum key security management module;
the NAS storage module is used for storing files.
3. The NAS storage system for encrypting and decrypting a storage file by using a quantum key according to claim 2, wherein the quantum key security management module binds a key and a file storage address.
4. A method for encrypting and decrypting a storage file by using the NAS storage system of claim 1, wherein: the method comprises the following steps:
the client sends an uploading storage or access downloading request to the file storage management server;
the file storage management server completes authentication of the client and authorization of file uploading or downloading, interacts with the quantum key security management module and the NAS storage module, and introduces files which need to be encrypted and uploaded by the client and files to be decrypted and downloaded from the NAS storage module into the quantum key security management module;
the quantum key safety management module acquires a key from a quantum key source, interacts with the file storage management server, and respectively encrypts and decrypts files applied to be uploaded and downloaded by the client;
and the file storage management server uploads the encrypted file to the NAS storage module or forwards the decrypted downloaded file to the client.
5. The method for encrypting and decrypting the storage file according to claim 4, wherein: the method specifically comprises the following file encryption uploading process and file decryption downloading process:
firstly, a file encryption uploading process includes the following specific steps:
step 11: the client sends an uploading storage request to the file storage management server;
step 12: the file storage management server carries out identity verification on the client, and if the identity of the client is confirmed, the file storage management server allocates a storage address for the file to be stored;
step 13: the file storage management server issues an instruction for encrypting the file by using the quantum key to the quantum key security management module, and transmits the file to be stored and the storage address allocated to the file to be stored to the quantum key security management module to wait for encryption;
step 14: the quantum key safety management module requests a quantum key from a quantum key source;
step 15: after receiving the instruction of the quantum key security management module requesting the quantum key, the quantum key source sends the quantum key to the quantum key security management module;
step 16: after obtaining the quantum key, the quantum key safety management module encrypts a file to be stored, and stores the key and the storage address information into the quantum key safety management module;
and step 17: the quantum key safety management module sends the encrypted file to be stored to a file storage management server;
step 18: the file storage management server puts the encrypted file into the NAS storage equipment at the corresponding position in the NAS storage module according to the distributed storage address;
secondly, a file decryption downloading process comprises the following specific steps:
step 21: the client sends a file downloading request to the file storage management server;
step 22: the file storage management server carries out identity verification on the client, and if the identity of the client is confirmed, the file storage management server searches the storage file to be downloaded in the NAS storage module and downloads the storage file;
step 23: the file storage management server transmits the downloaded storage file and the storage address of the storage file to the quantum key security management module;
step 24: the quantum key safety management module finds the quantum key bound with the storage address through the storage address and decrypts the downloaded storage file;
step 25: the decrypted storage file is transmitted to a file storage management server;
step 26: and the file storage management server forwards the decrypted storage file to the client.
6. The method for encrypting and decrypting the storage file according to claim 5, wherein: in step 16, the quantum key security management module binds the key and the storage address information.
7. The method for encrypting and decrypting the storage file according to claim 5, wherein: in step 22, the file storage management server polls each NAS storage device of the NAS storage module to find a storage file to be downloaded.
8. The method for encrypting and decrypting the storage file according to claim 5, wherein: in the step 12 and the step 22, the file storage management server performs authentication on the client, and if the authentication is not passed, the request is not processed.
9. The method for encrypting and decrypting the storage file according to claim 5, wherein: in step 15, after receiving the instruction of requesting the quantum key from the quantum key security management module, the quantum key source generates a random quantum key, and sends the quantum key to the quantum key security management module.
10. Method for encrypting and decrypting a stored file according to any one of claims 4 to 9, characterized in that: the quantum key is stored separately from the file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910646121.6A CN112242899B (en) | 2019-07-17 | 2019-07-17 | NAS storage system and method for encrypting and decrypting storage file by using quantum key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910646121.6A CN112242899B (en) | 2019-07-17 | 2019-07-17 | NAS storage system and method for encrypting and decrypting storage file by using quantum key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112242899A CN112242899A (en) | 2021-01-19 |
| CN112242899B true CN112242899B (en) | 2022-09-09 |
Family
ID=74167578
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910646121.6A Active CN112242899B (en) | 2019-07-17 | 2019-07-17 | NAS storage system and method for encrypting and decrypting storage file by using quantum key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112242899B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116260831B (en) * | 2023-05-16 | 2023-08-04 | 上海凯翔信息科技有限公司 | Offline downloading method and storage medium based on cloud NAS |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103188105A (en) * | 2011-12-31 | 2013-07-03 | 中国航天科工集团第二研究院七〇六所 | Safety enhancing system and method thereof of NAS equipment |
| CN104980401A (en) * | 2014-04-09 | 2015-10-14 | 北京亿赛通科技发展有限责任公司 | Secure data storage system and secure data storage and reading method of NAS server |
| CN108985099A (en) * | 2018-07-31 | 2018-12-11 | 如般量子科技有限公司 | It is a kind of that cloud storage method of controlling security and system are acted on behalf of based on public keys pond |
| CN108989033A (en) * | 2018-07-31 | 2018-12-11 | 如般量子科技有限公司 | A kind of cloud storage method of controlling security and system based on public keys pond |
| CN109150835A (en) * | 2018-07-20 | 2019-01-04 | 国科量子通信网络有限公司 | Method, apparatus, equipment and the computer readable storage medium of cloud data access |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10554397B2 (en) * | 2017-09-27 | 2020-02-04 | The Boeing Company | Quantum-based data encryption |
-
2019
- 2019-07-17 CN CN201910646121.6A patent/CN112242899B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103188105A (en) * | 2011-12-31 | 2013-07-03 | 中国航天科工集团第二研究院七〇六所 | Safety enhancing system and method thereof of NAS equipment |
| CN104980401A (en) * | 2014-04-09 | 2015-10-14 | 北京亿赛通科技发展有限责任公司 | Secure data storage system and secure data storage and reading method of NAS server |
| CN109150835A (en) * | 2018-07-20 | 2019-01-04 | 国科量子通信网络有限公司 | Method, apparatus, equipment and the computer readable storage medium of cloud data access |
| CN108985099A (en) * | 2018-07-31 | 2018-12-11 | 如般量子科技有限公司 | It is a kind of that cloud storage method of controlling security and system are acted on behalf of based on public keys pond |
| CN108989033A (en) * | 2018-07-31 | 2018-12-11 | 如般量子科技有限公司 | A kind of cloud storage method of controlling security and system based on public keys pond |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112242899A (en) | 2021-01-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10462114B2 (en) | System and associated software for providing advanced data protections in a defense-in-depth system by integrating multi-factor authentication with cryptographic offloading | |
| US9135464B2 (en) | Secure storage system for distributed data | |
| US7849514B2 (en) | Transparent encryption and access control for mass-storage devices | |
| JP5860815B2 (en) | System and method for enforcing computer policy | |
| US8335915B2 (en) | Encryption based security system for network storage | |
| US8462955B2 (en) | Key protectors based on online keys | |
| US8116455B1 (en) | System and method for securely initializing and booting a security appliance | |
| US9219722B2 (en) | Unclonable ID based chip-to-chip communication | |
| US8042155B1 (en) | System and method for generating a single use password based on a challenge/response protocol | |
| US20130227286A1 (en) | Dynamic Identity Verification and Authentication, Dynamic Distributed Key Infrastructures, Dynamic Distributed Key Systems and Method for Identity Management, Authentication Servers, Data Security and Preventing Man-in-the-Middle Attacks, Side Channel Attacks, Botnet Attacks, and Credit Card and Financial Transaction Fraud, Mitigating Biometric False Positives and False Negatives, and Controlling Life of Accessible Data in the Cloud | |
| US8245050B1 (en) | System and method for initial key establishment using a split knowledge protocol | |
| US9774445B1 (en) | Host based rekeying | |
| US9961048B2 (en) | System and associated software for providing advanced data protections in a defense-in-depth system by integrating multi-factor authentication with cryptographic offloading | |
| WO2014194494A1 (en) | Method, server, host and system for protecting data security | |
| WO2007017882A1 (en) | System, method and apparatus for cryptography key management for mobile devices | |
| US20080212781A1 (en) | System, Method and Apparatus for Decrypting Data Stored on Remobable Media | |
| CN103246850A (en) | Method and device for processing file | |
| US8190905B1 (en) | Authorizing administrative operations using a split knowledge protocol | |
| US9529733B1 (en) | Systems and methods for securely accessing encrypted data stores | |
| WO2021129003A1 (en) | Password management method and related device | |
| CN111310213A (en) | Service data protection method, device, equipment and readable storage medium | |
| WO2023155696A1 (en) | Database operation method and system, and storage medium and computer terminal | |
| KR101107056B1 (en) | Method for protecting important information of virtual machine in cloud computing environment | |
| CN112242899B (en) | NAS storage system and method for encrypting and decrypting storage file by using quantum key | |
| US8607046B1 (en) | System and method for signing a message to provide one-time approval to a plurality of parties |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |