CN113568568B - Hardware encryption method, system and device based on distributed storage - Google Patents
Hardware encryption method, system and device based on distributed storage Download PDFInfo
- Publication number
- CN113568568B CN113568568B CN202110670841.3A CN202110670841A CN113568568B CN 113568568 B CN113568568 B CN 113568568B CN 202110670841 A CN202110670841 A CN 202110670841A CN 113568568 B CN113568568 B CN 113568568B
- Authority
- CN
- China
- Prior art keywords
- key
- storage
- encryption
- user
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000012795 verification Methods 0.000 claims description 7
- 239000012634 fragment Substances 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 3
- 238000002955 isolation Methods 0.000 abstract description 3
- 230000009286 beneficial effect Effects 0.000 abstract 1
- 238000007726 management method Methods 0.000 description 34
- 238000013500 data storage Methods 0.000 description 3
- 230000001010 compromised effect Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000013467 fragmentation Methods 0.000 description 1
- 238000006062 fragmentation reaction Methods 0.000 description 1
- 230000003862 health status Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G06F3/0622—Securing storage systems in relation to access
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/067—Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0683—Plurality of storage devices
- G06F3/0689—Disk arrays, e.g. RAID, JBOD
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Human Computer Interaction (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a hardware encryption method, a system and a device based on distributed storage, which belong to the field of data security. By adopting the technical scheme of the invention, the cipher text data on the disk can avoid data disclosure caused by hard disk theft, and meanwhile, different strategies of different user passwords are adopted to provide logic isolation and encryption isolation of the user data, thereby being beneficial to establishing a safer encryption mechanism.
Description
Technical Field
The invention relates to a hardware encryption method, system and device based on distributed storage, and belongs to the technical field of data security.
Background
With the rapid construction and development of various information systems and data centers, the generated sensitive business data volume is more and more, the distributed storage system solves the problems of storage concentration, capacity, throughput and the like, but the storage is more and more concentrated, the value is more and more important, the security threat factors from the inside and the outside are more and more, the security risk is higher, the data leakage event is layered endlessly, and the security problem of data storage is more and more prominent.
The security of the storage system comprises confidentiality and integrity, and the root of the threat to the security of the stored data is that the data in the storage medium is stored in a plaintext manner, so that an intruder can easily and illegally acquire or modify the data.
Disclosure of Invention
The invention aims to: aiming at the problems and the defects existing in the prior art, the invention provides a hardware encryption method, a system and a device based on distributed storage.
The technical scheme is as follows: a hardware encryption method based on distributed storage comprises a password registration flow, a file writing to disk flow and a data reading flow from disk.
The password registration process comprises the following steps:
setting a password for a user, and calling an encryption card API to generate a key;
three storage nodes are selected by using a distributed algorithm, and the secret key is stored in the form of three copies to an encryption card on the node; after the three key copies are successfully stored, a registration success message is returned; storing the position of the encryption card of the user; the three copies include a master copy and two slave copies.
The file writing to disk procedure includes:
reading and acquiring a user key through an encryption card API according to the encryption card position of the user;
slicing the user data, calling an encryption card API according to the user key, and encrypting the data slice;
the distributed storage system writes the encrypted data slice into a master copy and then synchronizes to two slave copies; and landing the data ciphertext on the magnetic disk.
The data flow of reading from the disk comprises the following steps:
reading and acquiring a user key through an encryption card API according to the encryption card position of the user; and reading the ciphertext data from the corresponding physical disk through the distributed file system, and decrypting the ciphertext data by utilizing the corresponding key.
In the password registration flow, an encryption card API and an encryption key are stored in an encryption card, which belongs to hardware encryption, and are encrypted and stored by an FPGA chip, so that the encryption is difficult to crack by software.
In the key preservation process, three servers in the distributed cluster are selected by adopting a distributed algorithm to serve as three storage nodes, and encryption cards on the servers are used as mediums for storing three keys, so that the keys can be uniformly distributed, and the reliability of the keys can be ensured.
A hardware encryption system based on distributed storage comprises a password registration module, a file writing-in disk module and a data reading-out module from a disk.
The password registration module creates a user through an interface of the management platform and sets a password for the user; calling an encryption card API to generate a secret key; three storage nodes are selected by using a distributed algorithm, keys are respectively stored in the encryption cards on the nodes in the form of three copies, each copy comprises a master copy and two slave copies, one key is stored on one node as the master copy, and the other two identical keys are respectively stored on the other two nodes as the slave copies; the key is successfully stored in the master copy, and a successful message is sent back to the management platform; the key will automatically be stored to the encryption card from both copies; all three key copies are successfully stored, and a registration success message is returned to the management platform; writing the position of the encryption card where the user is in into a management platform database.
The file writing module reads and acquires a user key through an encryption card API according to the position of the encryption card where the user is located; slicing the user data, locally calculating the storage positions of the three copies, and then directly communicating with the Primary OSD; calling an encryption card API to encrypt the data slice according to the user key; the encrypted data slice is sent to a client, and the client writes a master copy first and then synchronizes to two slave copies; the master copy waits for ack messages and apply messages of the slave copies; when the master copy receives the ack message, the writing operation is finished in the memory, and when the master copy receives the apply message, the writing operation is finished in the disk; the result is landing the data ciphertext onto the disk.
The data reading module reads and acquires a user key through an encryption card API according to the position of the encryption card where the user is; reading the fragment data from the appointed OSD through a distributed file system; and reading the ciphertext data from the corresponding physical disk, and decrypting the ciphertext data by using the corresponding key.
The user key is stored on the encryption card after being encrypted by the encryption card. The user password is not compromised. And the password has three copies, so that the reliability of the password is ensured.
The data is dropped on the disk through the encryption card, namely, the ciphertext is stored on the disk. Under the condition of ensuring that the hard disk physical medium is stolen, the data of the hard disk physical medium can be ensured not to be stolen.
One user corresponds to one key, and the user key is used when data is encrypted, so that one user is encrypted, and the logical isolation between users is ensured to exist in an encrypted form.
A hardware encryption device based on distributed storage, comprising a memory, at least one processor and a computer program stored on the memory and executable on the processor, the processor executing a hardware encryption method based on distributed storage when the program is executed.
In the invention, the file stored on the hard disk is ciphertext rather than plaintext, and the loss of the storage medium can ensure that the key data is not cracked, so that the loss is reduced to the minimum.
In the invention, the encryption card key backup is provided, and the unavailability of user data caused by encryption and decryption problems can not be generated when the encryption card is damaged.
In the invention, each storage node adopts 2 or more encryption cards, the same data are respectively encrypted by two or more encryption cards, then the encrypted ciphertexts are compared, if the ciphertexts are the same, the ciphertexts pass through, and if the ciphertexts are different, the ciphertexts fail to check by using multiple cards, so that the integrity and the reliability of the stored data can be ensured; and the encryption and decryption speed can be improved by utilizing multi-card parallel operation.
In the invention, the distributed algorithm adopts the distributed algorithm of the distributed storage, the difficulty of the algorithm is not increased, the stability of the original distributed system is not destroyed, and the algorithm can be used on most of the distributed storage systems, thereby ensuring the universality of the distributed storage systems.
Drawings
FIG. 1 is a registration flow diagram of an embodiment of the present invention;
FIG. 2 is a flow chart of writing files to disk in accordance with an embodiment of the present invention;
FIG. 3 is a flow chart of reading a file according to an embodiment of the present invention.
Detailed Description
The present invention is further illustrated below in conjunction with specific embodiments, it being understood that these embodiments are meant to be illustrative of the invention only and not limiting the scope of the invention, and that modifications of the invention, which are equivalent to those skilled in the art to which the invention pertains, will fall within the scope of the invention as defined in the claims appended hereto.
As shown in fig. 1-3, the hardware encryption method and system based on distributed storage, which are provided by the embodiment, relate to a client, a management node and a storage cluster (including a master storage node and a slave storage node).
The client accesses the hardware of the distributed storage through the interface.
The management node is responsible for monitoring the distributed cluster, maintaining the health status of the cluster, and maintaining various Map graphs in the cluster.
The storage cluster comprises all storage nodes for data storage, the hard disk is used as a separate storage space, and the raid card only serves as a data channel.
Each storage node has 2 or more encryption cards for storing user keys, data encryption and decryption, and dual card authentication.
The master storage node and the two slave storage nodes are respectively used as data three-copy storage spaces.
The hardware encryption method based on the distributed storage specifically comprises the following steps:
registration:
(1) The management node sets a user password;
(2) The management node calls an encryption card API to encrypt the user name password to form a key pair;
(3) The management node selects encryption card storage key pairs on three storage nodes through a distributed algorithm, wherein the three storage nodes are respectively a master storage node and two slave storage nodes;
(4) Storing the key pair on an encryption card of the primary storage node;
(5) The encryption card on the main storage node performs double-card verification on the secret key (the same data is encrypted by two encryption cards respectively, then the encrypted ciphertext is compared, if the encrypted ciphertext is the same, the encrypted ciphertext passes through, and if the encrypted ciphertext is different, the encrypted ciphertext fails);
(6) Returning a result of whether the key storage is successful or not to the management node;
(7) Synchronizing the key pair to the encryption card of the slave storage node;
(8) Performing double-card verification on the storage from an encryption card on the storage node;
(9) Returning a result of whether the key storage of the slave storage node is successful or not to the master storage node;
(10) Returning a storage key pair storage result to the management node;
(11) The management node updates the key location database by writing the user's encryption card location into the management node's key location database.
Writing files to disk stage:
(1) The client sends a request for taking a user key to the management node;
(2) The management node queries a storage node where the user key is located through the key position database;
(3) The management node sends a key pair reading instruction on the encryption card to the storage node;
(4) The storage node returns the key pair to the management node;
(5) The management node returns the key pair to the client;
(6) The client slices the data according to a fixed size (defaulting to 4MB, or can be modified in the system);
(7) The client side puts forward a data writing application to the management node;
(8) The management node calls the original distributed algorithm of the system to calculate the storage position;
(9) Encrypting the user fragment data by using the user key to realize one-user one-password, and storing the ciphertext to a disk of a main storage node;
(10) Performing double-card verification on the encrypted data on the main storage node;
(11) The result of whether the main storage node is successfully stored is fed back to the management node;
(12) Synchronizing master storage node data to (two) slave storage nodes;
(13) Performing double-card verification on the encrypted data from the storage node (the same data is encrypted by two encryption cards respectively, and then the encrypted ciphertext is compared, if the encrypted ciphertext is the same, the encrypted ciphertext passes through, and if the encrypted ciphertext is different, the encrypted ciphertext fails);
(14) The result of whether the slave storage node successfully stores is fed back to the master storage node;
(15) Feeding back a result whether the storage node is successful or not to the management node;
(16) And feeding back the stored result to the client.
A file reading stage:
(1) The client sends a request for taking a user key to the management node;
(2) The management node inquires the key position of the user through a key position database;
(3) Sending a key pair reading instruction on the encryption card to a storage node in the storage cluster according to the user key position management node;
(4) The storage node returns the key pair to the management node;
(5) The management node returns the key pair to the client;
(6) The client sends a file reading request to the management node;
(7) The management node obtains (fragmentation) data storage positions through a distributed algorithm;
(8) Reading the fragment data (ciphertext) from the primary storage node disk;
(9) Decrypting the user fragment data by using the user key;
(10) Returning a reading result to the management node;
(11) Returning (slicing) plaintext data to the client;
(12) The fragmented data is synthesized into data required by the user.
The hardware encryption system based on the distributed storage comprises a password registration module, a file writing-in disk module and a data reading-out module from a disk.
The password registration module is used for creating a user through an interface of the management platform and setting a password for the user; simultaneously supporting binding USBkey; calling an encryption card API to generate a secret key; three storage nodes are selected by using a distributed algorithm, secret keys are respectively stored in the encryption cards on the nodes in the form of three copies, the three copies comprise a master copy and two slave copies, one secret key is stored on one node as the master copy, and the other two identical secret keys are respectively stored on the other two nodes as the slave copies; the key is successfully stored in the master copy, and a successful message is sent back to the management platform; the key will automatically be stored to the encryption card from both copies; all three key copies are successfully stored, and a registration success message is returned to the management platform; writing the position of the encryption card where the user is in into a management platform database.
Writing a file to a disk module, and reading and acquiring a user key through an encryption card API according to the position of an encryption card where a user is located; slicing the user data, locally calculating the storage positions of the three copies, and then directly communicating with the Primary OSD; calling an encryption card API to encrypt the data slice according to the user key; the encrypted data slice is sent to a client, and the client writes a master copy first and then synchronizes to two slave copies; the master copy waits for ack messages and apply messages of the slave copies; when the master copy receives the ack message, indicating that the writing operation is completed in the memory; an apply message is received indicating that it has been written to disk; as a result, the data ciphertext is landed on the disk.
The data reading module reads and acquires a user key through an encryption card API according to the position of the encryption card where the user is located; reading the fragment data from the appointed OSD through a distributed file system; and reading the ciphertext data from the corresponding physical disk, and decrypting the ciphertext data by using the corresponding key.
The user key is stored on the encryption card after being encrypted by the encryption card. The user password is not compromised. And the password has three copies, so that the reliability of the password is ensured.
The data is dropped on the disk through the encryption card, namely, the ciphertext is stored on the disk. Under the condition of ensuring that the hard disk physical medium is stolen, the data of the hard disk physical medium can be ensured not to be stolen.
The hardware encryption device based on the distributed storage comprises a memory, at least one processor and a computer program which is stored in the memory and can run on the processor, wherein the processor executes the hardware encryption method based on the distributed storage when executing the program.
Claims (9)
1. The hardware encryption method based on the distributed storage is characterized by comprising a password registration flow, a file writing to disk flow and a data reading flow from disk;
the password registration process comprises the following steps:
the management node sets a password for a user, calls an encryption card API to encrypt a user name, and forms a key pair;
three storage nodes are selected, and the secret key is stored in the encryption card on the nodes in a three-copy mode; after the three key copies are successfully stored, a registration success message is returned; storing the position of the encryption card of the user; the three copies comprise a master copy and two slave copies;
selecting encryption card storage key pairs on three storage nodes by a distributed algorithm, wherein the three storage nodes are a master storage node and two slave storage nodes respectively; storing the key pair on an encryption card of the primary storage node; the encryption card on the main storage node performs double-card verification on the secret key, the same data are encrypted by two encryption cards respectively, then the encrypted ciphertext is compared, if the encrypted ciphertext is the same, the encrypted ciphertext passes through, and if the encrypted ciphertext is different, the encrypted ciphertext fails; returning a result of whether the key storage is successful or not to the management node; synchronizing the key pair to the encryption card of the slave storage node; performing double-card verification on the storage from an encryption card on the storage node; returning a result of whether the key storage of the slave storage node is successful or not to the master storage node; returning a storage key pair storage result to the management node; the management node updates a key position database, namely, the position of the encryption card of the user is written into the key position database of the management node;
the file writing to disk procedure includes:
reading and acquiring a user key through an encryption card API according to the encryption card position of the user;
slicing the user data, calling an encryption card API according to the user key, and encrypting the data slice;
writing the encrypted data slice into a master copy, and then synchronizing to two slave copies; finally, landing the data ciphertext on a magnetic disk;
the data flow of reading from the disk comprises the following steps:
reading and acquiring a user key through an encryption card API according to the encryption card position of the user; reading ciphertext data from the corresponding physical disk, and decrypting the ciphertext data by using the corresponding key;
the file is written into a disk flow, user data is sliced, and after the storage positions of three copies are calculated locally, the user data is directly communicated with Primary OSD; calling an encryption card API to encrypt the data slice according to the user key; the distributed storage system writes the master copy first and then synchronizes to the two slave copies; the master copy waits for ack messages and apply messages of the slave copies; when the master copy receives the ack message, indicating that the write operation has been completed in memory, and receives the apply message, indicating that the write operation has been completed to disk.
2. The hardware encryption method based on distributed storage according to claim 1, wherein in the password registration process, a user is created through an interface of a management platform, and a password is set for the user; and selecting three storage nodes from the distributed cluster by using a distributed algorithm.
3. The hardware encryption method based on distributed storage according to claim 1, wherein in the password registration process, both an encryption card API and a key are stored in an encryption card, and the user key is stored on the encryption card after being encrypted by the encryption card.
4. The hardware encryption system based on the distributed storage is characterized by comprising a password registration module, a file writing-in disk module and a data reading-out module from a disk;
the password registration module is used for setting a password for a user; calling an encryption card API to generate a secret key; three storage nodes are selected by using a distributed algorithm, keys are respectively stored in the encryption cards on the nodes in the form of three copies, each copy comprises a master copy and two slave copies, one key is stored on one node as the master copy, and the other two identical keys are respectively stored on the other two nodes as the slave copies; the key is successfully stored in the master copy, and a successful message is sent back to the management platform; the key will automatically be stored to the encryption card from both copies; all three key copies are successfully stored, and a registration success message is returned to the management platform; writing the position of the encryption card where the user is in into a management platform database;
the file writing module reads and acquires a user key through an encryption card API according to the position of the user encryption card; slicing the user data, locally calculating the storage positions of the three copies, and calling an encryption card API to encrypt the data slice according to the user key; the encrypted data slice is sent to a client, and the client writes a master copy first and then synchronizes to two slave copies;
the data reading module reads and acquires a user key through an encryption card API according to the position of the user encryption card; reading the fragment data from the appointed OSD through a distributed file system; and reading the ciphertext data from the corresponding physical disk, and decrypting the ciphertext data by using the corresponding key.
5. The distributed storage-based hardware encryption system according to claim 4, wherein the encryption card a PI and the encryption key are stored in an encryption card, and are encrypted and stored by an FPGA chip.
6. The distributed storage based hardware encryption system of claim 4 wherein a user corresponds to a key and the data is encrypted using the user key to achieve a one-user-to-one encryption.
7. The distributed storage-based hardware encryption system of claim 4, wherein the system comprises a client, a management node, a storage cluster; the storage cluster includes a master storage node and a slave storage node.
8. The distributed storage-based hardware encryption system of claim 4, wherein each storage node uses 2 or more encryption cards and uses multi-card verification.
9. A hardware encryption device based on distributed storage, comprising a memory, at least one processor and a computer program stored on the memory and executable on the processor, characterized in that the processor executes the hardware encryption method according to any one of claims 1-3 when executing the program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110670841.3A CN113568568B (en) | 2021-06-15 | 2021-06-15 | Hardware encryption method, system and device based on distributed storage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110670841.3A CN113568568B (en) | 2021-06-15 | 2021-06-15 | Hardware encryption method, system and device based on distributed storage |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113568568A CN113568568A (en) | 2021-10-29 |
| CN113568568B true CN113568568B (en) | 2024-03-22 |
Family
ID=78162174
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110670841.3A Active CN113568568B (en) | 2021-06-15 | 2021-06-15 | Hardware encryption method, system and device based on distributed storage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113568568B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115987513B (en) * | 2023-03-17 | 2023-06-20 | 山东浪潮科学研究院有限公司 | Distributed database fragment encryption and decryption methods, devices, equipment and media |
| CN117319092B (en) * | 2023-11-29 | 2024-02-09 | 杭州海康威视数字技术股份有限公司 | Distributed key management method, device, password card and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101917403A (en) * | 2010-07-23 | 2010-12-15 | 华中科技大学 | Distributed key management method for ciphertext storage |
| CN106775459A (en) * | 2016-11-28 | 2017-05-31 | 深圳市中博睿存科技有限公司 | A kind of safe distribution file system framework based on FT 1500A processors |
| CN108964911A (en) * | 2018-09-18 | 2018-12-07 | 苏州米特希赛尔人工智能有限公司 | A kind of stream media service system based on block chain and quantum flow data block technology |
| CN112487445A (en) * | 2020-11-25 | 2021-03-12 | 湖南麒麟信安科技股份有限公司 | Hadoop system with file type entrance guard type storage encryption function and application method thereof |
-
2021
- 2021-06-15 CN CN202110670841.3A patent/CN113568568B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101917403A (en) * | 2010-07-23 | 2010-12-15 | 华中科技大学 | Distributed key management method for ciphertext storage |
| CN106775459A (en) * | 2016-11-28 | 2017-05-31 | 深圳市中博睿存科技有限公司 | A kind of safe distribution file system framework based on FT 1500A processors |
| CN108964911A (en) * | 2018-09-18 | 2018-12-07 | 苏州米特希赛尔人工智能有限公司 | A kind of stream media service system based on block chain and quantum flow data block technology |
| CN112487445A (en) * | 2020-11-25 | 2021-03-12 | 湖南麒麟信安科技股份有限公司 | Hadoop system with file type entrance guard type storage encryption function and application method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113568568A (en) | 2021-10-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9785785B2 (en) | Systems and methods for secure data sharing | |
| AU2011289239B2 (en) | Systems and methods for secure remote storage of data | |
| US8392682B2 (en) | Storage security using cryptographic splitting | |
| AU2016203740B2 (en) | Simultaneous state-based cryptographic splitting in a secure storage appliance | |
| US20100150341A1 (en) | Storage security using cryptographic splitting | |
| US10007807B2 (en) | Simultaneous state-based cryptographic splitting in a secure storage appliance | |
| US20100154053A1 (en) | Storage security using cryptographic splitting | |
| CN107025409A (en) | A kind of data safety storaging platform | |
| US20100153703A1 (en) | Storage security using cryptographic splitting | |
| US20140164790A1 (en) | Storage security using cryptographic splitting | |
| CN101854392A (en) | Personal data management method based on cloud computing environment | |
| CN113568568B (en) | Hardware encryption method, system and device based on distributed storage | |
| US9053130B2 (en) | Binary data store | |
| US11329817B2 (en) | Protecting data using controlled corruption in computer networks | |
| CN103413100A (en) | File security protection system | |
| AU2018236853A1 (en) | Storage security using cryptographic splitting | |
| AU2015203172A1 (en) | Systems and methods for secure data sharing | |
| CN106649744B (en) | Log recording method and device | |
| AU2021105507A4 (en) | Platform independent backup and restore for mobile devices using blockchain technology | |
| CN101470643B (en) | Fixed hardware security unit backup and recovery method and system | |
| CN117785557A (en) | Data synchronous backup method and related equipment | |
| RU2481632C1 (en) | System and method of recovering password and encrypted data on mobile devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |