CN112737700B - Data encryption and decryption method and device, encryption equipment and storage medium - Google Patents

Data encryption and decryption method and device, encryption equipment and storage medium Download PDF

Info

Publication number
CN112737700B
CN112737700B CN202011519807.8A CN202011519807A CN112737700B CN 112737700 B CN112737700 B CN 112737700B CN 202011519807 A CN202011519807 A CN 202011519807A CN 112737700 B CN112737700 B CN 112737700B
Authority
CN
China
Prior art keywords
identifier
port number
server
disk array
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011519807.8A
Other languages
Chinese (zh)
Other versions
CN112737700A (en
Inventor
周愚
叶耀文
杨勇
吴怡
马晓莹
李元汉
张科威
汪海涛
徐鹏飞
杜振业
於卫兵
黄灿
邓松
汤灵
李三
陈昊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
722th Research Institute of CSIC
Original Assignee
722th Research Institute of CSIC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 722th Research Institute of CSIC filed Critical 722th Research Institute of CSIC
Priority to CN202011519807.8A priority Critical patent/CN112737700B/en
Publication of CN112737700A publication Critical patent/CN112737700A/en
Application granted granted Critical
Publication of CN112737700B publication Critical patent/CN112737700B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/80Optical aspects relating to the use of optical transmission for specific applications, not provided for in groups H04B10/03 - H04B10/70, e.g. optical power feeding or optical transmission through water
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5046Resolving address allocation conflicts; Testing of addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/663Transport layer addresses, e.g. aspects of transmission control protocol [TCP] or user datagram protocol [UDP] ports

Abstract

The disclosure provides a data encryption and decryption method and device, encryption equipment and a storage medium. The method comprises the following steps: obtaining a server identifier, a disk array identifier and a corresponding port number based on the source device identifier and the destination device identifier; splicing the server identifier, the disk array identifier and the corresponding port number into a write address, and writing the logic unit number and the logic block address in the fiber channel protocol instruction frame into a memory corresponding to the write address; obtaining a server identifier, a disk array identifier and a corresponding port number based on the source device identifier and the destination device identifier; splicing the server identification, the disk array identification and the corresponding port number into a read address for inquiring, and reading a logic unit number and a logic block address; and splicing the server identifier, the disk array identifier, the logic unit number and the logic block address into a key to encrypt or decrypt the data frame of the fiber channel protocol.

Description

Data encryption and decryption method and device, encryption equipment and storage medium
Technical Field
The present disclosure relates to the field of data storage, and in particular, to a data encryption and decryption method and apparatus, an encryption device, and a storage medium.
Background
A Fibre Channel-Storage Area Network (FC-SAN) has high Network performance and short delay, and is currently used by large data centers in various industries. The FC-SAN is generally composed of servers, switches, disk arrays, and encryption devices, and the encryption devices are mainly used to encrypt or decrypt stored data to ensure data security of a large data center with the FC-SAN as a framework.
In the related art, when receiving an FC instruction frame, an encryption device performs HASH (HASH) compression on Data composed of Source device IDentifier (S _ ID)/Destination device IDentifier (D _ ID) and origin eXchange IDentifier (OX _ ID) links in the FC instruction frame as an address of a Double Data Rate Synchronous Dynamic Random Access Memory (DDR), creates a session, and stores a Logical Unit Number (LUN) and a Logical Block Address (LBA). When receiving the FC data frame, the encryption device performs HASH compression in a normal manner to obtain a DDR address, obtains a LUN and an LBA by querying the session, and completes encryption of the FC data frame by using a disk array identifier (RAID _ ID), the LUN, the LBA, and the like.
However, the HASH compression inevitably generates a conflict, which may result in querying of incorrect LUN and LBA data, and thus encrypted data cannot be decrypted, and only the current FCP data frame can be discarded, resulting in FC-SAN performance loss; when a large number of collisions occur, losing a large number of FCP data frames, it may even cause the FC link to break. In addition, in the encryption process, the RAID _ ID is mainly used for encryption, and the problem of security isolation of a data source server side is not considered.
Disclosure of Invention
The embodiment of the disclosure provides a data encryption and decryption method and device, encryption equipment and a storage medium, which can solve the problem of HASH collision and can realize security isolation. The technical scheme is as follows:
at least one embodiment of the present disclosure provides a data encryption and decryption method, where the method includes:
responding to a received optical fiber channel protocol instruction frame, and obtaining a server identifier and a port number thereof, a disk array identifier and a port number thereof based on a source device identifier and a destination device identifier in the optical fiber channel protocol instruction frame;
splicing the exchange identification of the starting station, the identification of the server and the port number thereof, and the identification of the disk array and the port number thereof in the optical fiber channel protocol instruction frame to be used as a write address, and writing the logical unit number and the logical block address in the optical fiber channel protocol instruction frame as data into a memory corresponding to the write address;
responding to a received optical fiber channel protocol data frame, obtaining a server identifier and a port number thereof based on a source device identifier in the optical fiber channel protocol data frame, and obtaining a disk array identifier and a port number thereof based on a destination device identifier in the optical fiber channel protocol data frame;
splicing the exchange identification of the starting station, the identification of the server and the port number thereof, and the identification of the disk array and the port number thereof in the optical fiber channel protocol instruction frame to be used as a read address for inquiring, and reading the inquired logical unit number and the logical block address in the memory;
and splicing the server identifier, the disk array identifier, the logic unit number and the logic block address into a key to encrypt or decrypt the data frame of the fiber channel protocol.
In an implementation manner of the embodiment of the present disclosure, the obtaining a server identifier and a port number thereof, a disk array identifier and a port number thereof based on a source device identifier and a destination device identifier in the fibre channel protocol instruction frame includes:
searching a server identifier and a port number thereof corresponding to the source device identifier or the destination device identifier in a first set formed by a plurality of first static random access memories;
and searching a disk array identifier and a port number thereof corresponding to the destination device identifier or the source device identifier in a second set formed by a plurality of second static random access memories, wherein the first static random access memory and the second static random access memory are different static random access memories.
In an implementation manner of the embodiment of the present disclosure, in the first set, each first data is formed by splicing a plurality of source device identifiers or a plurality of destination device identifiers, and an address corresponding to each first data is formed by splicing the server identifier and a port number thereof;
in the second set, each second data is formed by splicing a plurality of destination device identifiers or a plurality of source device identifiers, and the corresponding address of each second data is formed by splicing the disk array identifier and the port number thereof.
In an implementation manner of the embodiment of the present disclosure, searching a server identifier and a port number thereof corresponding to a source device identifier or a destination device identifier in a first set formed by a plurality of first static random access memories, and searching a disk array identifier and a port number thereof corresponding to the destination device identifier or the source device identifier in a second set formed by a plurality of second static random access memories includes:
searching a server identifier and a port number thereof corresponding to the source device identifier or the destination device identifier in the plurality of first static random access memories in parallel;
and searching the disk array identifier and the port number thereof corresponding to the destination equipment identifier or the source equipment identifier in the plurality of second static random access memories in parallel.
In an implementation manner of the embodiment of the present disclosure, the bit width of the memory is not less than a sum of the server identifier and a port number thereof and a length of the disk array identifier and a port number thereof.
At least one embodiment of the present disclosure provides a data encryption and decryption apparatus, including:
the session table management module is used for responding to the received optical fiber channel protocol instruction frame and obtaining a server identifier and a port number thereof, a disk array identifier and a port number thereof based on a source device identifier and a destination device identifier in the optical fiber channel protocol instruction frame; splicing the exchange identification of the starting station, the identification of the server and the port number thereof, and the identification of the disk array and the port number thereof in the optical fiber channel protocol instruction frame to be used as a write address, and writing the logical unit number and the logical block address in the optical fiber channel protocol instruction frame as data into a memory corresponding to the write address; responding to a received optical fiber channel protocol data frame, obtaining a server identifier and a port number thereof based on a source device identifier in the optical fiber channel protocol data frame, and obtaining a disk array identifier and a port number thereof based on a destination device identifier in the optical fiber channel protocol data frame; splicing the exchange identification of the starting station, the identification of the server and the port number thereof, and the identification of the disk array and the port number thereof in the optical fiber channel protocol instruction frame to be used as a read address for inquiring, and reading the inquired logical unit number and the logical block address in the memory;
and the encryption and decryption module is used for splicing the server identifier, the disk array identifier, the logic unit number and the logic block address into a key to encrypt or decrypt the data frame of the fiber channel protocol.
In an implementation manner of the embodiment of the present disclosure, the session table management module includes:
a first query unit, configured to search, in a first set formed by multiple first static random access memories, a server identifier and a port number thereof corresponding to the source device identifier or the destination device identifier;
and the second query unit is used for searching the disk array identifier and the port number thereof corresponding to the destination device identifier or the source device identifier in a second set formed by a plurality of second static random access memories, wherein the first static random access memory and the second static random access memory are different static random access memories.
In an implementation manner of the embodiment of the present disclosure, in the first set, each first data is formed by splicing a plurality of source device identifiers or a plurality of destination device identifiers, and an address corresponding to each first data is formed by splicing the server identifier and a port number thereof;
in the second set, each second data is formed by splicing a plurality of destination device identifiers or a plurality of source device identifiers, and the corresponding address of each second data is formed by splicing the disk array identifier and the port number thereof.
In an implementation manner of the embodiment of the present disclosure, the first query unit is configured to search, in the multiple first static random access memories, a server identifier and a port number thereof corresponding to the source device identifier or the destination device identifier in parallel;
and the second query unit is configured to search, in the plurality of second static random access memories, a disk array identifier and a port number thereof corresponding to the destination device identifier or the source device identifier in parallel.
In an implementation manner of the embodiment of the present disclosure, the bit width of the memory is not less than a sum of the server identifier and a port number thereof and a length of the disk array identifier and a port number thereof.
At least one embodiment of the present disclosure provides an encryption device comprising a processor and a memory, the memory storing at least one program code, the program code being loaded and executed by the processor to implement the data encryption and decryption method according to any one of the preceding claims.
At least one embodiment of the present disclosure provides a computer-readable storage medium having at least one program code stored therein, the program code being loaded and executed by a processor to implement the data encryption and decryption method according to any one of the preceding claims.
The technical scheme provided by the embodiment of the disclosure has the following beneficial effects:
when receiving an FCP instruction frame, firstly obtaining a server identifier and a port number thereof, and a disk array identifier and a port number thereof based on a source device identifier and a destination device identifier; and splicing the exchange identifier of the starting station, the identifier of the server and the port number thereof, and the identifier of the disk array and the port number thereof in the optical fiber channel protocol instruction frame to form a write address, writing the logical unit number and the logical block address in the optical fiber channel protocol instruction frame into a memory corresponding to the write address as data, namely splicing the identifier of the server and the port number thereof, the identifier of the disk array and the port number thereof to complete the creation of a session. In the scheme, the memory address is spliced by the server identifier and the port number thereof, the disk array identifier and the port number thereof, and a HASH mode is not adopted, so that HASH collision of the address is avoided, the establishment and query of one session can be completed through one-time write/read access, and the session query performance is greatly improved. The problem that data frames are discarded due to the fact that data cannot be decoded caused by Hash collision is solved, and the performance of the FC-SAN is improved. In addition, by introducing the concept of server identification, in a cloud environment, different server identifications represent different cloud users and belong to different security domains, and the different security domains use different keys for encryption and decryption, so that the user security isolation of the data source server is completed, and the system security is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present disclosure, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
FIG. 1 provides a schematic topology of an FC-SAN;
fig. 2 is a schematic structural diagram of an encryption device provided in an embodiment of the present disclosure;
fig. 3 is a flowchart of a data encryption and decryption method provided by an embodiment of the present disclosure;
fig. 4 is a flowchart of a data encryption and decryption method provided by an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a session table management module according to an embodiment of the present disclosure;
FIG. 6 is a schematic diagram of the structure of the query unit in FIG. 5;
FIG. 7 is a diagram of a data structure provided by an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a data encryption and decryption apparatus according to an embodiment of the present disclosure;
fig. 9 shows a block diagram of an encryption device according to an exemplary embodiment of the present invention.
Detailed Description
To make the objects, technical solutions and advantages of the present disclosure more apparent, embodiments of the present disclosure will be described in detail with reference to the accompanying drawings.
The system architecture applied by the method provided by the embodiment of the present disclosure is described below with reference to fig. 1:
FIG. 1 provides a topology diagram of an FC-SAN. Referring to FIG. 1, the FC-SAN comprises:
the system comprises a server 10, a switch 20, a disk array 30 and an encryption device (or called as an encryptor) 40, wherein the server 10 is connected with the disk array 30 through the switch 20, and the server 10 can write data into the disk array 30 or read data from the disk array 30 through the switch 20. The encryption device 40 is connected between the switch 20 and the disk array 30, and performs an encryption operation on data when the server 10 writes data to the disk array 30, and performs a decryption operation on data when the server 10 reads data from the disk array 30.
Fig. 2 is a schematic structural diagram of an encryption device provided in an embodiment of the present disclosure. The figure omits the FC switch, and referring to fig. 2, the encryption device may include: the device comprises an FCP frame analyzing/recombining module, an encrypting module, a decrypting module, a session table management module and a DDR controller module.
The FCP frame parsing/reassembling module may parse the FCP frame (including the data frame and the command frame) transmitted between the server 10 and the disk array 30 to obtain parameters therein. As shown in fig. 2, the FCP frame parsing/reassembly module may be arranged in 2.
The encryption module can encrypt the FCP data frame (plaintext) sent by the server to the disk array, and the decryption module can decrypt the FCP data frame (ciphertext) sent by the disk array to the server.
The session table management module may create a session based on the parameters analyzed by the FCP frame analyzing/reassembling module, that is, write data such as LUNs and LBAs into the DDR controller module.
The DDR controller module can write data such as LUNs and LBAs to the DDR memory 50, thereby completing the session creation.
In the embodiment of the present disclosure, the encryption device may be implemented by a Field Programmable Gate Array (FPGA), that is, the FCP frame parsing/recombining module, the encryption module, the decryption module, the session table management module, and the DDR controller module are integrated on the same FPGA.
Fig. 3 is a flowchart of a data encryption and decryption method according to an embodiment of the present disclosure. The method is performed by the encryption device in fig. 1, see fig. 3, and comprises:
step 101: and responding to the received fiber channel protocol command frame, and obtaining a server identifier and a port number thereof, a disk array identifier and a port number thereof based on the source device identifier and the destination device identifier in the fiber channel protocol command frame.
The FCP command frame in the fibre channel protocol may be an FCP write command frame sent by the server to the disk array for the server to write data to the disk array, or an FCP read command frame sent by the disk array to the server for the server to read data from the disk array.
Step 102: splicing the exchange identification of the starting station, the identification of the server and the port number thereof, and the identification of the disk array and the port number thereof in the optical fiber channel protocol instruction frame to be used as a write address, and writing the logical unit number and the logical block address in the optical fiber channel protocol instruction frame as data into a memory corresponding to the write address.
Steps 101 and 102 complete the session creation process.
When the encryption device receives the FCP instruction frame, in addition to completing the creation of the session, the encryption device needs to send the FCP instruction frame to the disk array, and the disk array sends a transmission preparation frame to the server according to the FCP instruction frame, which indicates that read or write transmission is ready. And then performs a read or write operation on the data frame.
Illustratively, after receiving the FCP write (or read) command frame, the FCP frame parsing/reassembly module in the encryption device passes the FCP write (or read) command frame through to the encryption module, and after passing the FCP write (or read) command frame through to another FCP frame parsing/reassembly module, the encryption module sends the FCP write (or read) command frame through to the disk array by another FCP frame parsing/reassembly module. Meanwhile, the FCP frame parsing/reassembly module parses the FCP write (or read) command frame to obtain the source device identifier, the destination device identifier, the logical unit number, and the logical block address, and transmits them to the session table management module. The session table management module obtains a server identifier and a port number thereof, a disk array identifier and a port number thereof according to a source device identifier and a destination device identifier, then splices the exchange identifier of an originating station, the server identifier and the port number thereof, the disk array identifier and the port number thereof as addresses, writes a logic unit number and a logic block address into the DDR controller module, and the DDR controller module maintains the state of the DDR memory and writes the logic unit number and the logic block address into the DDR memory, thereby completing the session establishment of the FCP write (or read) instruction.
Step 103: and responding to the received optical fiber channel protocol data frame, obtaining a server identifier and a port number thereof based on a source device identifier in the optical fiber channel protocol data frame, and obtaining a disk array identifier and a port number thereof based on a destination device identifier in the optical fiber channel protocol data frame.
When the FCP command frame in step 101 is an FCP write command, the FCP data frame in step 103 is an FCP write data frame sent to the disk array by the server; when the FCP command frame in step 101 is an FCP read command, the FCP data frame in step 103 is an FCP read data frame sent by the server to the disk array.
Step 104: and splicing the exchange identifier of the starting station, the identifier of the server and the port number thereof, and the identifier of the disk array and the port number thereof in the optical fiber channel protocol instruction frame to be used as a read address for inquiring, and reading the inquired logical unit number and the logical block address in the memory.
Step 103 and step 104 complete the query process of the session.
In step 102 and step 104, since there is no HASH collision problem, the latency of creating a session or querying a session is approximately equal to 1 DDR burst read or write latency, which is efficient.
Step 105: and splicing the server identifier, the disk array identifier, the logic unit number and the logic block address into a key to encrypt or decrypt the data frame of the fiber channel protocol.
In step 105, the server identifier, the disk array identifier, the logical unit number, and the logical block address are used for splicing and encrypting the FCP data frame, so as to ensure that different logical unit numbers and different logical block addresses of different disk arrays have different key data, thereby improving the system security.
When the encryption device receives the FCP write data frame in step 103, step 105 encrypts the data frame; when the encryption device receives a FCP read data frame in step 103, step 105 decrypts the data frame.
Illustratively, after receiving the FCP write data frame, the FCP frame parsing/reassembly module in the encryption device transparently transmits the FCP write data frame to the encryption module, and at the same time, the FCP frame parsing/reassembly module parses the FCP write data frame to obtain the source device identifier and the destination device identifier, and transmits the source device identifier and the destination device identifier to the session table management module. The session table management module firstly queries a server identifier, a port number of the server identifier, a disk array identifier and a port number of the disk array identifier according to a source device identifier and a destination device identifier, then splices the exchange identifier of the originating station, the server identifier, the port number of the server identifier, the disk array identifier and the port number of the disk array identifier as an address, and reads corresponding address data of a DDR memory through the DDR controller module, so that a logical unit number and a logical block address are obtained. Then, the session table management module transmits the server identifier and the port number thereof, the disk array identifier and the port number thereof, the logic unit number and the logic block address thereof to the encryption module, the encryption module splices the server identifier, the disk array identifier, the logic unit number and the logic block address into a key to complete encryption of the FCP write data frame, then transmits the encrypted FCP write data frame to another FCP frame analysis/recombination module, and sends the FCP write data frame to the disk array after the FCP frame recombination is carried out by the other FCP frame analysis/recombination module, so that the server writes data to the disk array.
After another FCP frame analyzing/restructuring module in the encryption device receives the FCP read data frame, the FCP read data frame is transmitted to the decryption module, and meanwhile, the other FCP frame analyzing/restructuring module analyzes the FCP read data frame to obtain a source device identifier and a destination device identifier, and transmits the source device identifier and the destination device identifier to the session table management module. The session table management module firstly queries a server identifier, a port number of the server identifier, a disk array identifier and a port number of the disk array identifier according to a source device identifier and a destination device identifier, then splices the exchange identifier of the originating station, the server identifier, the port number of the server identifier, the disk array identifier and the port number of the disk array identifier as an address, and reads corresponding address data of a DDR memory through the DDR controller module, so that a logical unit number and a logical block address are obtained. Then, the session table management module transmits the server identifier and the port number thereof, the disk array identifier and the port number thereof, the logic unit number and the logic block address thereof to the decryption module, the decryption module splices the server identifier, the disk array identifier, the logic unit number and the logic block address into a key to complete decryption of the FCP read data frame, then transmits the decrypted FCP read data frame to the FCP frame analysis/recombination module, and sends the FCP read data frame to the server after the FCP frame analysis/recombination module performs FCP frame recombination to complete reading data from the disk array by the server.
After the read-write operation is completed, the disk array responds to the server, and the server is indicated to complete the write/read operation. When the disk array sends the FCP response frame to the server, another FCP frame analyzing/recombining module receives the FCP response frame, the FCP response frame is transmitted to the decrypting module, and the FCP frame analyzing/recombining module sends the FCP response frame to the server after the decrypting module transmits the FCP response frame to the FCP frame analyzing/recombining module. Meanwhile, another FCP frame analyzing/recombining module analyzes the FCP response frame to obtain source equipment identification and destination equipment identification information, and transmits the source equipment identification and the destination equipment identification information to the session table management module, the session table management module firstly inquires a server identification and a port number thereof, a disk array identification and a port number thereof according to the source equipment identification and the destination equipment identification, then the server identification and the port number thereof, the disk array identification and the port number thereof are spliced to be used as addresses, and session data in the DDR memory is deleted through the DDR controller module, so that the release of session resources is completed.
When receiving an FCP instruction frame, firstly obtaining a server identifier and a port number thereof, and a disk array identifier and a port number thereof based on a source device identifier and a destination device identifier; and splicing the exchange identifier of the starting station, the identifier of the server and the port number thereof, and the identifier of the disk array and the port number thereof in the optical fiber channel protocol instruction frame to form a write address, writing the logical unit number and the logical block address in the optical fiber channel protocol instruction frame into a memory corresponding to the write address as data, namely splicing the identifier of the server and the port number thereof, the identifier of the disk array and the port number thereof to complete the creation of a session. In the scheme, the memory address is spliced by the server identifier and the port number thereof, the disk array identifier and the port number thereof, and a HASH mode is not adopted, so that HASH collision of the address is avoided, the establishment and query of one session can be completed through one-time write/read access, and the session query performance is greatly improved. The problem that data frames are discarded due to the fact that data cannot be decoded caused by Hash collision is solved, and the performance of the FC-SAN is improved. In addition, by introducing the concept of server identification, in a cloud environment, different server identifications represent different cloud users and belong to different security domains, and the different security domains use different keys for encryption and decryption, so that the user security isolation of the data source server is completed, and the system security is improved.
Fig. 4 is a flowchart of a data encryption and decryption method provided by an embodiment of the present disclosure. The method is performed by the encryption device in fig. 1, and referring to fig. 4, the method includes:
step 201: and responding to the received fibre channel protocol instruction frame, and searching a server identifier and a port number thereof corresponding to the source equipment identifier or the destination equipment identifier in a first set formed by a plurality of first static random access memories.
The FCP command frame in the fibre channel protocol may be an FCP write command frame sent by the server to the disk array for the server to write data to the disk array, or an FCP read command frame sent by the disk array to the server for the server to read data from the disk array.
In the first set, each first data is formed by splicing a plurality of source equipment identifiers or a plurality of destination equipment identifiers, and the address corresponding to each first data is formed by splicing the server identifier and the port number thereof.
Illustratively, step 201 includes: and concurrently searching the server identifier and the port number thereof corresponding to the source device identifier or the destination device identifier in the plurality of first static random access memories, that is, traversing the plurality of first static random access memories in parallel to obtain the corresponding server identifier and the port number thereof.
Step 202: and searching a disk array identifier and a port number thereof corresponding to the destination device identifier or the source device identifier in a second set formed by a plurality of second static random access memories, wherein the first static random access memory and the second static random access memory are different static random access memories.
In the step, the parallel search of the server identifier and the port number thereof, the disk array identifier and the port number thereof is realized by dividing the server identifier and the port number thereof into two sets, so that the time can be saved on one hand. On the other hand, the SRAM can be implemented by a Block random access memory (Block RAM, BRAM) on a Field Programmable Gate Array (FPGA), so that the number of BRAMs can be saved by the design.
In the second set, each second data is formed by splicing a plurality of destination device identifiers or a plurality of source device identifiers, and the corresponding address of each second data is formed by splicing the disk array identifier and the port number thereof.
Illustratively, step 202 includes: and concurrently searching the disk array identifier and the port number thereof corresponding to the destination device identifier or the source device identifier in the plurality of second static random access memories, that is, traversing the plurality of first static random access memories in parallel to obtain the corresponding disk array identifier and the port number thereof.
In step 201 and step 202, the SERVER ID and its PORT number may be expressed as { SERVER _ ID, S _ PORT _ NUM }, where SERVER _ ID represents the number of the SERVER and the bit width is S; s _ PORT _ NUM represents the FC PORT number of the server, and the bit width is S _ N. The disk array identifier and the PORT number thereof can be expressed as { RAID _ ID, R _ PORT _ NUM }, where RAID _ ID represents the number of the disk array, and the bit width is R; r _ PORT _ NUM represents the FC PORT number of the disk array, and the bit width is R _ N. In view of the DDR memory capacity limitation, the sum of S, S _ N, R, R _ N bit widths will also be limited, and for example, assuming that the DDR memory capacity is 16GB, the LUN and LBA data bit widths are not greater than 128 bits, and then the sum of S, S _ N, R, R _ N bit widths is not greater than 14.
Each server and disk array has several FC ports, each FC port has one FC _ ID, which is the source device identifier D _ ID or the destination device identifier S _ ID. For example, when an FCP frame is transmitted from a server to a disk array, the ID of a port on the server is D _ ID, and the ID of a port on the disk array is S _ ID; conversely, when the FCP frame is transmitted from the disk array to the server, the ID of the port on the server is S _ ID, and the ID of the port on the disk array is D _ ID.
All SRAM addresses in the first set are associated with { SERVER _ ID, S _ PORT _ NUM } and all SRAM addresses in the second set are associated with { RAID _ ID, R _ PORT _ NUM }.
For the first set, where the address of each SRAM is SERVER _ ID [ s:0]And S _ PORT _ NUM [ S _ p:0]Splicing of 2<=s<=3,1>=s_p>The data of the SRAM is the concatenation of a plurality of S _ IDs or D _ IDs, and the data bit width is 2(S _N-s_p-1)X 24. Accordingly, the number of SRAMs in the first set is 2(S-s-1)Number Snum of SRAM from 0 to 2(S-s-1)-1, denoted Snum [ (S-S-1):0]. The total capacity of the SRAMs in the first set may be 2(S+1+S_N+1)*24bit。
For the second set, where the address of each SRAM is RAID _ ID [ r:0]And R _ PORT _ NUM [ R _ p: 0)]Splicing of 2<=r<=3,1>=r_p>The data of the SRAM is the concatenation of a plurality of S _ IDs or D _ IDs, and the data bit width is 2(R_N-r_p-1)X 24. Accordingly, the number of SRAMs in the second set is 2(R-r-1)Number Rnum of each SRAM is from 0 to 2(R-r-1)-1, denoted as Rnum [ (R-R-1):0]. The total capacity of the SRAMs in the second set may be 2(R+1+R_N+1)*24bit。
The sum of the storage capacities of the SRAM in the first set and the second set is not more than 2(S+1+S_N+1)*24+2(R+1+R_N+1)24 bits, i.e. not more than 384 Kbits.
Step 201 is to traverse 2 in parallel(S-s-1)SRAM, when number Snum [ k ]]Address SERVER _ ID [ a ] of SRAM],S_PORT_NUM[b]When the c-th 24-bit data in the sequence is consistent with the S _ ID/D _ ID, the SERVER _ ID corresponding to the S _ ID/D _ ID is the Snam[k]*2(s+1)+SERVER_ID[a]S _ PORT _ NUM is S _ PORT _ NUM [ b ]]*2(s_p+1)+S_PORT_NUM[b]。
Step 202 is to traverse 2 in parallel(R-r-1)SRAM, when number Rnum [ k ]]Address RAID _ ID of SRAM of [ a ]],R_PORT_NUM[b]When the c-th 24-bit data in the data block is consistent with the S _ ID/D _ ID, the RAID _ ID corresponding to the S _ ID/D _ ID is Rnum [ k ]]*2(r+1)+RAID_ID[a]R _ PORT _ NUM is R _ PORT _ NUM [ b ]]*2(r_p+1)+R_PORT_NUM[b]。
In step 201, the time of one query is not more than 2(s+s_p)Clk is the read clock cycle of SRAM, if s + s _ p<And 3, the query time is not more than 8 SRAM read cycles.
In step 202, the time of one query is not more than 2(r+r_p)Clk, if r + r _ p<And 3, the query time is not more than 8 SRAM read cycles.
By using a plurality of SRAMs to store S _ ID/D _ ID data and comparing the data after reading the content of the SRAMs in parallel, finding out { SERVER _ ID, S _ PORT _ NUM }/{ RAID _ ID, R _ PORT _ NUM } corresponding to the S _ ID/D _ ID, and improving the query speed of { SERVER _ ID, S _ PORT _ NUM }/{ RAID _ ID, R _ PORT _ NUM }; due to the use of multiple SRAM storages, the bit width of the S _ ID/D _ ID data in each SRAM can be reduced, for example, from 64 bits to 30 bits in the related scheme, and no conflict is guaranteed, so that the design reduces the required storage space.
Step 203: splicing the exchange identification of the starting station, the identification of the server and the port number thereof, and the identification of the disk array and the port number thereof in the optical fiber channel protocol instruction frame to be used as a write address, and writing the logical unit number and the logical block address in the optical fiber channel protocol instruction frame as data into a memory corresponding to the write address.
The exchange identifier of the originating station is a field in the frame header of the fibre channel protocol instruction frame, the length of the exchange identifier is 16 bits, and the exchange identifier is equivalent to a session identifier. The originator exchange ID and the sid, diid together identify a unique fibre channel protocol frame (command frame or data frame).
Illustratively, the bit width of the memory is not less than the server id and the port number thereofAnd the sum of the lengths of the disk array identification and the port number thereof. That is, the address bit width of the DDR memory is not less than the sum of { SERVER _ ID, S _ PORT _ NUM }/{ RAID _ ID, R _ PORT _ NUM } and OX _ ID bit width, so that the FC PORT number of the SERVER and disk array that can be accommodated by one session table is related to the capacity of the DDR memory, and when the sum of the numbers of the SERVER and memory array is less than 2(log2 (storage/128)-16)When the DDR memory is used, the design of the DDR memory meets the requirement, and data loss cannot be caused, wherein storage is the storage capacity of the DDR memory and the unit is bit.
Fig. 5 is a schematic structural diagram of a session table management module according to an embodiment of the present disclosure. Referring to fig. 5, the session table management module may include a query unit, configured to perform query on the server identifier and the port number thereof, and the disk array identifier and the port number thereof. The session table management module can also comprise a session establishment unit, a session deletion unit, a session query unit, a task management unit and the like. Fig. 6 is a schematic diagram of the structure of the query unit in fig. 5. Referring to fig. 6, the query unit includes an input subunit, a plurality of Static Random-Access Memory (SRAM) query subunits, and a comparison output subunit, and parallel query can be implemented by the plurality of query subunits.
As mentioned above, the FCP write/read command, the FCP write/read data, and the FCP response frame all complete the query of { SERVER _ ID, S _ PORT _ NUM }/{ RAID _ ID, R _ PORT _ NUM } through the query unit first.
Taking the RAID _ ID query process as an example, a data structure diagram of one SRAM in the second set is shown in fig. 7, where it is assumed that one storage array has 8 FC ports, one address space of one SRAM stores 4 FC _ ID data, and one SRAM stores 8 RAID _ IDs.
In the initialization process, the query unit records the relationship between the RAID _ ID and the World Wide Port Number (WWPN) of the storage array. And in the FC login process, finding the FC _ ID according to the WWPN to obtain the relationship between the RAID _ ID and the FC _ ID. Storing all FC _ IDs corresponding to RAID _ IDs [2:0] for SRAM (0), e.g., address 0x000 and address 0x001 store all FC _ IDs with RAID _ ID 0, address 0x002 and address 0x003 store all FC _ IDs with RAID _ ID 1, …, address 0x01E and address 0x01F store all FC _ IDs with RAID _ ID 7; …, respectively; sram (n) stores all FC _ IDs corresponding to 8 × n + RAID _ ID [2:0], for example, address 0x000 and address 0x001 store all FC _ IDs with RAID _ ID of 8 × n, address 0x002 and address 0x003 store all FC _ IDs with RAID _ ID of 8 × n +1, …, address 0x01E and address 0x01F store all FC _ IDs with RAID _ ID of 8 × n + 7.
When an FCP write/read command frame and an FCP write data frame arrive, the query unit queries all the SRAMs simultaneously and in parallel according to the D _ ID, and when an FCP read data frame and an FCP response frame arrive, queries all the SRAMs simultaneously and in parallel according to the S _ ID. For example, when it is found that the 3 rd FC _ ID stored in the address a of the nth SRAM is the same as the S _ ID or the D _ ID, the RAID _ ID corresponding to the S _ ID or the D _ ID is 8 × n + a/2, and the R _ PORT _ NUM is numbered 2.
Step 201-step 203 complete the creation process of the session.
Step 204: and in response to receiving the data frame of the fiber channel protocol, searching a server identifier and a port number thereof corresponding to the source device identifier or the destination device identifier in a first set formed by a plurality of first static random access memories.
When the FCP command frame in step 201 is an FCP write command, the FCP data frame in step 204 is an FCP write data frame sent by the server to the disk array; when the FCP command frame in step 201 is an FCP read command, the FCP data frame in step 204 is an FCP read data frame sent by the server to the disk array.
Step 205: and searching the disk array identifier and the port number thereof corresponding to the destination equipment identifier or the source equipment identifier in a second set formed by a plurality of second static random access memories.
Step 206: and splicing the exchange identifier of the starting station, the identifier of the server and the port number thereof, and the identifier of the disk array and the port number thereof in the optical fiber channel protocol instruction frame to be used as a read address for inquiring, and reading the inquired logical unit number and the logical block address in the memory.
Step 204-step 206 complete the query process for the session.
Step 207: and splicing the server identifier, the disk array identifier, the logic unit number and the logic block address into a key to encrypt or decrypt the data frame of the fiber channel protocol.
When the encryption device receives the FCP write data frame in step 204, step 207 encrypts the data frame; when the encryption device receives a FCP read data frame in step 204, step 207 decrypts the data frame.
Fig. 8 is a schematic structural diagram of a data encryption and decryption apparatus according to an embodiment of the present disclosure. Referring to fig. 8, the apparatus includes: a session table management module 301 and an encryption and decryption module 302.
The session table management module 301 is configured to, in response to a received fibre channel protocol instruction frame, obtain a server identifier and a port number thereof, and a disk array identifier and a port number thereof based on a source device identifier and a destination device identifier in the fibre channel protocol instruction frame; splicing the exchange identification of the starting station, the identification of the server and the port number thereof, and the identification of the disk array and the port number thereof in the optical fiber channel protocol instruction frame to be used as a write address, and writing the logical unit number and the logical block address in the optical fiber channel protocol instruction frame as data into a memory corresponding to the write address; responding to a received optical fiber channel protocol data frame, obtaining a server identifier and a port number thereof based on a source device identifier in the optical fiber channel protocol data frame, and obtaining a disk array identifier and a port number thereof based on a destination device identifier in the optical fiber channel protocol data frame; splicing the exchange identification of the starting station, the identification of the server and the port number thereof, and the identification of the disk array and the port number thereof in the optical fiber channel protocol instruction frame to be used as a read address for inquiring, and reading the inquired logical unit number and the logical block address in the memory;
and the encryption and decryption module 302 is configured to encrypt or decrypt the fibre channel protocol data frame by using the server identifier, the disk array identifier, the logical unit number, and the logical block address to form a key in a splicing manner.
The encryption/decryption module 302 is composed of the decryption module and the decryption module shown in fig. 2.
Illustratively, the session table management module 301 includes:
a first query unit 3011, configured to search, in a first set formed by multiple first static random access memories, a server identifier and a port number thereof corresponding to the source device identifier or the destination device identifier;
a second query unit 3012, configured to search, in a second set formed by multiple second static random access memories, a disk array identifier and a port number thereof corresponding to the destination device identifier or the source device identifier, where the first static random access memory and the second static random access memory are different static random access memories.
In the embodiment of the present disclosure, in the first set, each first data is formed by splicing a plurality of source device identifiers or a plurality of destination device identifiers, and an address corresponding to each first data is formed by splicing the server identifier and a port number thereof;
in the second set, each second data is formed by splicing a plurality of destination device identifiers or a plurality of source device identifiers, and the corresponding address of each second data is formed by splicing the disk array identifier and the port number thereof.
Exemplarily, the first querying unit 3011 is configured to search, in the multiple first static random access memories, a server identifier corresponding to the source device identifier or the destination device identifier and a port number thereof;
the second query unit 3012 is configured to search, in the multiple second srams, a disk array identifier and a port number thereof corresponding to the destination device identifier or the source device identifier in parallel.
Illustratively, the bit width of the memory is not less than the sum of the server identifier and the port number thereof and the length of the disk array identifier and the port number thereof.
It should be noted that: the data encryption and decryption apparatus provided in the foregoing embodiment is only illustrated by the division of the functional modules in data encryption, and in practical applications, the functions may be distributed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above. In addition, the data encryption and decryption apparatus provided in the above embodiments and the data encryption and decryption method embodiments belong to the same concept, and specific implementation processes thereof are detailed in the method embodiments and are not described herein again.
Fig. 9 shows a block diagram of an encryption device according to an exemplary embodiment of the present invention. Generally, the encryption device includes: a processor 401 and a memory 402.
Processor 401 may include one or more processing cores, such as a 4-core processor, an 8-core processor, or the like. The processor 401 may be implemented in at least one hardware form of a DSP (Digital Signal Processing), an FPGA (Field-Programmable Gate Array), and a PLA (Programmable Logic Array). The processor 401 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state.
Memory 402 may include one or more computer-readable storage media, which may be non-transitory. Memory 402 may also include high speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In some embodiments, a non-transitory computer readable storage medium in memory 402 is used to store at least one instruction for execution by processor 401 to implement the data encryption and decryption methods provided by the method embodiments of the present application.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is intended to be exemplary only and not to limit the present disclosure, and any modification, equivalent replacement, or improvement made without departing from the spirit and scope of the present disclosure is to be considered as the same as the present disclosure.

Claims (10)

1. A method for encrypting and decrypting data, the method comprising:
responding to a received optical fiber channel protocol instruction frame, and obtaining a server identifier and a port number thereof, a disk array identifier and a port number thereof based on a source device identifier and a destination device identifier in the optical fiber channel protocol instruction frame;
splicing the exchange identification of the starting station, the identification of the server and the port number thereof, and the identification of the disk array and the port number thereof in the optical fiber channel protocol instruction frame to be used as a write address, and writing the logical unit number and the logical block address in the optical fiber channel protocol instruction frame as data into a memory corresponding to the write address;
responding to a received optical fiber channel protocol data frame, obtaining a server identifier and a port number thereof based on a source device identifier in the optical fiber channel protocol data frame, and obtaining a disk array identifier and a port number thereof based on a destination device identifier in the optical fiber channel protocol data frame;
splicing the exchange identification of the starting station, the identification of the server and the port number thereof, and the identification of the disk array and the port number thereof in the optical fiber channel protocol instruction frame to be used as a read address for inquiring, and reading the inquired logical unit number and the logical block address in the memory;
and splicing the server identifier, the disk array identifier, the logic unit number and the logic block address into a key to encrypt or decrypt the data frame of the fiber channel protocol.
2. The method according to claim 1, wherein obtaining the server identifier and its port number, and the raid identifier and its port number based on the source device identifier and the destination device identifier in the fibre channel protocol command frame comprises:
searching a server identifier and a port number thereof corresponding to the source device identifier or the destination device identifier in a first set formed by a plurality of first static random access memories;
and searching a disk array identifier and a port number thereof corresponding to the destination device identifier or the source device identifier in a second set formed by a plurality of second static random access memories, wherein the first static random access memory and the second static random access memory are different static random access memories.
3. The method according to claim 2, wherein in the first set, each first data is spliced by a plurality of source device identifiers or spliced by a plurality of destination device identifiers, and the corresponding address of each first data is spliced by the server identifier and the port number thereof;
in the second set, each second data is formed by splicing a plurality of destination device identifiers or a plurality of source device identifiers, and the corresponding address of each second data is formed by splicing the disk array identifier and the port number thereof.
4. The method according to claim 3, wherein searching for the server id and its port number corresponding to the source device id or the destination device id in a first set of multiple first srams, and searching for the disk array id and its port number corresponding to the destination device id or the source device id in a second set of multiple second srams, comprises:
searching a server identifier and a port number thereof corresponding to the source device identifier or the destination device identifier in the plurality of first static random access memories in parallel;
and searching the disk array identifier and the port number thereof corresponding to the destination equipment identifier or the source equipment identifier in the plurality of second static random access memories in parallel.
5. The method according to any one of claims 1 to 4, wherein the bit width of the memory is not less than the sum of the lengths of the server identifier and the port number thereof and the disk array identifier and the port number thereof.
6. An apparatus for encrypting and decrypting data, the apparatus comprising:
the session table management module is used for responding to the received optical fiber channel protocol instruction frame and obtaining a server identifier and a port number thereof, a disk array identifier and a port number thereof based on a source device identifier and a destination device identifier in the optical fiber channel protocol instruction frame; splicing the exchange identification of the starting station, the identification of the server and the port number thereof, and the identification of the disk array and the port number thereof in the optical fiber channel protocol instruction frame to be used as a write address, and writing the logical unit number and the logical block address in the optical fiber channel protocol instruction frame as data into a memory corresponding to the write address; responding to a received optical fiber channel protocol data frame, obtaining a server identifier and a port number thereof based on a source device identifier in the optical fiber channel protocol data frame, and obtaining a disk array identifier and a port number thereof based on a destination device identifier in the optical fiber channel protocol data frame; splicing the exchange identification of the starting station, the identification of the server and the port number thereof, and the identification of the disk array and the port number thereof in the optical fiber channel protocol instruction frame to be used as a read address for inquiring, and reading the inquired logical unit number and the logical block address in the memory;
and the encryption and decryption module is used for splicing the server identifier, the disk array identifier, the logic unit number and the logic block address into a key to encrypt or decrypt the data frame of the fiber channel protocol.
7. The apparatus of claim 6, wherein the session table management module comprises:
a first query unit, configured to search, in a first set formed by multiple first static random access memories, a server identifier and a port number thereof corresponding to the source device identifier or the destination device identifier;
and the second query unit is used for searching the disk array identifier and the port number thereof corresponding to the destination device identifier or the source device identifier in a second set formed by a plurality of second static random access memories, wherein the first static random access memory and the second static random access memory are different static random access memories.
8. The apparatus according to claim 7, wherein in the first set, each first data is spliced by a plurality of source device identifiers or spliced by a plurality of destination device identifiers, and an address corresponding to each first data is spliced by the server identifier and a port number thereof;
in the second set, each second data is formed by splicing a plurality of destination device identifiers or a plurality of source device identifiers, and the corresponding address of each second data is formed by splicing the disk array identifier and the port number thereof.
9. An encryption device comprising a processor and a memory, the memory storing at least one program code, the program code being loaded and executed by the processor to implement a data encryption and decryption method according to any one of claims 1 to 5.
10. A computer-readable storage medium having at least one program code stored therein, the program code being loaded and executed by a processor to implement the data encryption and decryption method according to any one of claims 1 to 5.
CN202011519807.8A 2020-12-21 2020-12-21 Data encryption and decryption method and device, encryption equipment and storage medium Active CN112737700B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011519807.8A CN112737700B (en) 2020-12-21 2020-12-21 Data encryption and decryption method and device, encryption equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011519807.8A CN112737700B (en) 2020-12-21 2020-12-21 Data encryption and decryption method and device, encryption equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112737700A CN112737700A (en) 2021-04-30
CN112737700B true CN112737700B (en) 2021-11-16

Family

ID=75604116

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011519807.8A Active CN112737700B (en) 2020-12-21 2020-12-21 Data encryption and decryption method and device, encryption equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112737700B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7561571B1 (en) * 2004-02-13 2009-07-14 Habanero Holdings, Inc. Fabric address and sub-address resolution in fabric-backplane enterprise servers
US7664110B1 (en) * 2004-02-07 2010-02-16 Habanero Holdings, Inc. Input/output controller for coupling the processor-memory complex to the fabric in fabric-backplane interprise servers
CN202059436U (en) * 2011-01-04 2011-11-30 深圳市新超亮特种显示设备有限公司 Information security protection system for advertising kiosk
CN102291418A (en) * 2011-09-23 2011-12-21 胡祥义 Method for realizing cloud computing security architecture
CN102567230A (en) * 2010-12-23 2012-07-11 普天信息技术研究院有限公司 Smart card and method for safely managing same
CN105871857A (en) * 2016-04-13 2016-08-17 北京怡和嘉业医疗科技有限公司 Authentication method, authentication device, authentication system and treatment equipment
CN106130721A (en) * 2016-08-14 2016-11-16 北京数盾信息科技有限公司 A kind of express network storage encryption equipment
CN108616519A (en) * 2018-04-11 2018-10-02 无锡艾立德智能科技有限公司 A kind of data safety encryption method and system
CN110289949A (en) * 2019-05-23 2019-09-27 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Key management method and device
CN110785985A (en) * 2017-04-25 2020-02-11 Sky1科技有限公司 Establishing secure communications over an internet of things (IOT) network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200193011A1 (en) * 2018-12-18 2020-06-18 Seagate Technology Llc 2-way dual authentication of self encrypted storage drives

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7664110B1 (en) * 2004-02-07 2010-02-16 Habanero Holdings, Inc. Input/output controller for coupling the processor-memory complex to the fabric in fabric-backplane interprise servers
US7561571B1 (en) * 2004-02-13 2009-07-14 Habanero Holdings, Inc. Fabric address and sub-address resolution in fabric-backplane enterprise servers
CN102567230A (en) * 2010-12-23 2012-07-11 普天信息技术研究院有限公司 Smart card and method for safely managing same
CN202059436U (en) * 2011-01-04 2011-11-30 深圳市新超亮特种显示设备有限公司 Information security protection system for advertising kiosk
CN102291418A (en) * 2011-09-23 2011-12-21 胡祥义 Method for realizing cloud computing security architecture
CN105871857A (en) * 2016-04-13 2016-08-17 北京怡和嘉业医疗科技有限公司 Authentication method, authentication device, authentication system and treatment equipment
CN106130721A (en) * 2016-08-14 2016-11-16 北京数盾信息科技有限公司 A kind of express network storage encryption equipment
CN110785985A (en) * 2017-04-25 2020-02-11 Sky1科技有限公司 Establishing secure communications over an internet of things (IOT) network
CN108616519A (en) * 2018-04-11 2018-10-02 无锡艾立德智能科技有限公司 A kind of data safety encryption method and system
CN110289949A (en) * 2019-05-23 2019-09-27 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Key management method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
An analysis of three gigabit networking protocols for storage area networks;K. Voruganti;《Conference Proceedings of the 2001 IEEE International Performance, Computing, and Communications Conference》;20020807;全文 *
光纤通道加密交换机的研究与设计;杨金龙;《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑》;20111215;全文 *

Also Published As

Publication number Publication date
CN112737700A (en) 2021-04-30

Similar Documents

Publication Publication Date Title
CN112636908B (en) Key query method and device, encryption equipment and storage medium
US9917884B2 (en) File transmission method, apparatus, and distributed cluster file system
WO2020119523A1 (en) Network channel switching method and apparatus, device, and storage medium
EP3211852A1 (en) Ssh protocol-based session parsing method and system
US20090252330A1 (en) Distribution of storage area network encryption keys across data centers
US10831612B2 (en) Primary node-standby node data transmission method, control node, and database system
US11803507B2 (en) Data stream protocol field decoding by a systolic array
WO2014101218A1 (en) Computing and storage integrated cluster system
US11783339B2 (en) Methods and apparatuses for transferring transaction based on blockchain integrated station
US11336660B2 (en) Methods and apparatuses for identifying replay transaction based on blockchain integrated station
WO2022218160A1 (en) Data access system and method, and device and network card
CN106231346B (en) Distributed encryption method for offline video
TWI680404B (en) Method and device of data virtualization storage
JP2019531563A (en) Data processing method, storage system, and switching device
CN107622207B (en) Encrypted system-level data structure
US8387127B1 (en) Storage security appliance with out-of-band management capabilities
CN115270033A (en) Data access system, method, equipment and network card
US20150208210A1 (en) Communication control device, communication device, and computer program product
CN112737700B (en) Data encryption and decryption method and device, encryption equipment and storage medium
CN113014510B (en) Data caching method and device in distributed test of inertial navigation system
CN112035900A (en) High-performance password card and communication method thereof
CN108737553B (en) Virtual data terminal for LAN ad hoc network and system thereof
US11283768B1 (en) Systems and methods for managing connections
CN112035866B (en) Data encryption method, device, equipment and computer readable storage medium
CN115129779A (en) Database synchronization method, device and readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant