CN114598757B - Cloud-primary national secret key management method - Google Patents
Cloud-primary national secret key management method Download PDFInfo
- Publication number
- CN114598757B CN114598757B CN202210262147.2A CN202210262147A CN114598757B CN 114598757 B CN114598757 B CN 114598757B CN 202210262147 A CN202210262147 A CN 202210262147A CN 114598757 B CN114598757 B CN 114598757B
- Authority
- CN
- China
- Prior art keywords
- key
- service
- cloud
- barbican
- kms
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title claims abstract description 76
- 238000012545 processing Methods 0.000 claims abstract description 25
- 238000012546 transfer Methods 0.000 claims abstract description 10
- 238000000034 method Methods 0.000 claims description 22
- 238000013506 data mapping Methods 0.000 claims description 14
- 238000004458 analytical method Methods 0.000 claims description 4
- 239000003818 cinder Substances 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 230000006978 adaptation Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000003032 molecular docking Methods 0.000 description 4
- 238000011156 evaluation Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000008676 import Effects 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 239000002071 nanotube Substances 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a cloud primary national secret key management method, which relates to the field of information security and comprises a key for managing a cloud platform and a key for managing products on the cloud, wherein the key for managing the cloud platform calls a back-end service transferring bottom node according to a service request of a user, a Barbican component is called through the bottom node, a plug-in transferring KMS service is expanded through a Barbican component by using Barbican, and different hardware devices adapted by a cryptographic facility are transferred through the KMS service to acquire appointed key information to encrypt service storage data; and the key of the product on the management cloud is analyzed according to the service request of the user, service logic processing is carried out through the integrated SDK package, KMS service is transferred, and the designated key information is acquired through different hardware devices adapted by the KMS service transfer password facility to carry out encryption operation on service application data.
Description
Technical Field
The invention discloses a method, relates to the field of information security, and in particular relates to a cloud-native national secret key management method.
Background
Along with popularization and implementation of data security, data security requirements of cloud manufacturers on a cloud platform are higher and higher, and under the background, all service products of the cloud platform are required to meet requirements of password evaluation, so that the requirements of data security are met. For a cloud platform based on OpenStack as a base, key use requirements of products on the cloud are met while component encryption requirements such as nova, cinder, glance are supported. The current OpenStack cloud platform does not realize the unification of the technology and the centralized management of the keys.
Disclosure of Invention
Aiming at the problems of the prior art, the invention provides a cloud native national secret key management method, which realizes centralized nano-tube protection of an upper-layer service system key based on a bottom-layer password infrastructure, and opens up data interaction of a bottom-layer platform, service products and KMS service by development of an application access SDK package and development of Barbican expansion plug-ins, thereby finally realizing unified key centralized management.
The specific scheme provided by the invention is as follows:
a cloud-native national secret key management method, which comprises the steps of managing a secret key of a cloud platform and managing a secret key of a product on the cloud,
The managing the key of the cloud platform includes: according to the service request of the user, calling a back-end service transferring bottom node, calling Barbican a component through the bottom node, expanding plug-in transferring KMS service through Barbican component by Barbican, finishing data mapping and other internal processing with bottom hardware equipment through the KMS service, transferring different hardware equipment matched with a password facility, acquiring appointed key information through the different hardware equipment matched with the password facility, and encrypting service storage data;
The managing keys of products on the cloud includes: according to the service request of the user, the message analysis of the service request is carried out, the service logic processing is carried out through the integrated SDK packet, the KMS service is transferred, the data mapping and other internal processing with the bottom hardware equipment are completed through the KMS service, the different hardware equipment matched with the password facility is transferred, the designated key information is obtained through the different hardware equipment matched with the password facility, and the encryption operation is carried out on the service application data.
Further, before the Barbican component is called by the bottom node in the cloud-native state secret key management method, the method includes:
Logic is performed to determine whether to encrypt the data, and if so, the Barbican component is invoked.
Further, in the cloud native national secret key management method, the expanding plug-in modulation KMS service by Barbican component using Barbican includes:
And receiving an encryption request called by the bottom node through the Barbican component, judging whether to call the KMS service according to the parameter transmission, if so, calling Barbican extension plug-in, analyzing the parameter transmission and then transferring the KMS service according to the key ID after the parameter transmission through Barbican extension plug-in.
Further, in the cloud native state secret key management method, a certain key is selected from the key list according to a service request of a user, and a key ID is obtained.
Further, in the cloud-native national secret key management method, the key of the management cloud platform and the key of the product on the management cloud support RSA, AES or SHA series algorithms, and SM2, SM3, SM4 or HMACSM national secret algorithms manage the key life cycle.
The invention also provides a cloud-native national secret key management device, which comprises a key management module of a cloud platform and a key management module of a product on the cloud,
The key management module of the cloud platform calls a back-end service transferring bottom node according to a service request of a user, invokes Barbican components through the bottom node, expands plug-in transferring KMS service through Barbican components by Barbican, completes data mapping and other internal processing with bottom hardware equipment through the KMS service, transfers different hardware equipment matched with a password facility, acquires appointed key information through the different hardware equipment matched with the password facility, and encrypts service storage data;
And the key management module of the cloud product analyzes a message of the service request according to the service request of the user, performs service logic processing through an integrated SDK packet, transfers KMS service, completes data mapping and other internal processing with bottom hardware equipment through the KMS service, transfers different hardware equipment matched with a password facility, acquires appointed key information through the different hardware equipment matched with the password facility, and performs encryption operation on service application data.
Further, before the key management module of the cloud platform in the cloud native national secret key management device invokes Barbican the component through the bottom node, the method includes:
Logic is performed to determine whether to encrypt the data, and if so, the Barbican component is invoked.
Further, in the cloud-native national secret key management device, a key management module of the cloud platform uses Barbican expansion plug-in modulation KMS service through Barbican components, including:
And receiving an encryption request called by the bottom node through the Barbican component, judging whether to call the KMS service according to the parameter transmission, if so, calling Barbican extension plug-in, analyzing the parameter transmission and then transferring the KMS service according to the key ID after the parameter transmission through Barbican extension plug-in.
Further, in the cloud-native national secret key management device, the key management module of the cloud platform and the key management module of the product on the cloud both select a certain key from the key list according to the service request of the user, and acquire the key ID.
Furthermore, in the cloud-native national secret key management device, the key management module of the cloud platform and the key management module of the product on the cloud support RSA, AES or SHA series algorithms, and SM2, SM3, SM4 or HMACSM national secret algorithms manage the key life cycle.
The invention has the advantages that:
The invention provides a cloud-native national secret key management method,
(1) The potential safety hazard of the cloud platform self secret key management is solved. Through the expansion of the bottom layer platform and the centralized management and control of the key module, various keys are reasonably brought into the centralized solution for execution, the unified maintenance of the whole subsequent platform is facilitated, and the difficulty of the subsequent excessive secret evaluation is reduced.
(2) The cloud product management system provides unified key management capability for cloud products, can realize life cycle management of the keys, and integrally improves security of the keys, so that security protection of user data is realized.
(3) The unified encryption and decryption capability is provided, and the support of various national and international algorithms is provided for the cloud platform and the products on the cloud, so that the pre-research on the algorithm aspect is reduced, and the capability of the products is enriched and improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of the overall architecture of the application of the method of the present invention.
FIG. 2 is a schematic diagram of the interaction of the system modules of the present invention.
FIG. 3 is a schematic diagram of a component invocation framework in an application of the present invention.
Fig. 4 is a schematic diagram of a cloud platform key centralized management execution flow in the method of the present invention.
Fig. 5 is a schematic diagram of a centralized management execution flow of product keys on a cloud in the method of the present invention.
Detailed Description
The present invention will be further described with reference to the accompanying drawings and specific examples, which are not intended to be limiting, so that those skilled in the art will better understand the invention and practice it.
The invention provides a cloud-native national secret key management method, which comprises the steps of managing a secret key of a cloud platform and managing a secret key of a product on the cloud,
The managing the key of the cloud platform includes: according to the service request of the user, calling a back-end service transferring bottom node, calling Barbican a component through the bottom node, expanding plug-in transferring KMS service through Barbican component by Barbican, finishing data mapping and other internal processing with bottom hardware equipment through the KMS service, transferring different hardware equipment matched with a password facility, acquiring appointed key information through the different hardware equipment matched with the password facility, and encrypting service storage data;
The managing keys of products on the cloud includes: according to the service request of the user, the message analysis of the service request is carried out, the service logic processing is carried out through the integrated SDK packet, the KMS service is transferred, the data mapping and other internal processing with the bottom hardware equipment are completed through the KMS service, the different hardware equipment matched with the password facility is transferred, the designated key information is obtained through the different hardware equipment matched with the password facility, and the encryption operation is carried out on the service application data.
In specific applications, in some embodiments of the method of the present invention, the method includes centralized key management of the cloud platform, and centralized key management of the product on the cloud.
When the cloud platform secret key is managed in a centralized way, according to the service request initiated by the user, the user can select a certain secret key in the secret key list, initiate the encryption action of service storage data after obtaining the secret key ID,
Entering a logic analysis and internal component calling flow, after receiving a service request instruction, the cloud platform service product calls back-end service, internally transferring nodes such as a bottom cinder and the like,
After the request flow goes to the bottom layer cinder and other nodes, logic judgment is performed to determine whether data encryption is performed or not, determine the next encryption action,
The method comprises the steps of receiving an encryption request called by cinder through a node calling Barbican component such as a bottom layer cinder, judging whether a KMS service needs to be called according to the parameters through Barbican, calling Barbican an expansion plug-in if the KMS service needs to be called, analyzing the parameters through Barbican the expansion plug-in, and calling the KMS service according to the incoming key ID, wherein when a data encryption service is executed, if related modules such as a bottom layer storage are involved, the related modules can be used for obtaining keys through cinder, glance or nova and the like after the related modules are logically processed, obtaining the keys and carrying out encryption execution, dynamic expansion of the Barbican is realized through developing the expansion plug-in of the Barbican component, the ID of the keys and the like are transmitted when the service is requested, the Barbican expansion plug-in is used for carrying out operations such as encrypting and decrypting the data based on built-in logic and expansion calling logic, increasing the integration of the KMS service access, increasing the logic such as generating and deleting the keys, and the capabilities such as encrypting, decrypting, signing and signing the data, so as to realize the butt joint with the KMS service, reducing the function points of the components such as cinder, glance, nova and the like, and finally realizing the support algorithm on the side of a national platform,
Entering a KMS service logic process, finishing data mapping and other internal processes with the bottom hardware device by the KMS based on the input key ID, converting a password facility adaptation layer, adapting different hardware devices through the password facility adaptation layer process, and finishing the call to the bottom password infrastructure. The KMS service is a key management service, covers the whole life cycle management of the key, and includes functional logic such as key rotation, envelope encryption, key import, data encryption and decryption, key start and stop, and the like, provides standard SDK package and API interface call upwards, and interfaces hardware cipher equipment (with national bureau authentication model) downwards, and realizes the integration of upper layer application and lower layer resource pool through unified service layer adaptation. Currently KMS services support a variety of international algorithms (RSA, AES, SHA series) and national cryptographic algorithms (SM 2, SM3, SM4, HMACSM 3), provide software and hardware level key security protection capabilities, and support a variety of flexible key usage modes.
The encryption execution is completed. After receiving the request, the bottom hardware device acquires the appointed key information based on the input key ID equivalent information, and performs encryption operation on the input data.
And (5) responding. After encryption is completed, the encrypted ciphertext information is responded. Reference is made to fig. 3 and 4.
When the key of the product on the cloud is managed in a centralized way, according to the service request initiated by the user, the user inquires the key list through the key management service, then selects a certain key, initiates the encryption request of the service application,
Entering a logic processing flow of a service application server, after receiving an application request, firstly analyzing a request message, carrying out service logic processing through an integrated SDK package, after finishing the service logic processing, finishing the encryption processing of data through the integrated SDK package, transferring KMS service, wherein the integrated SDK package encapsulates the call of a key related interface into a class method, the call of the back-end key management service capability is realized through the class method, the integrated SDK package also provides a part of national encryption and decryption realization method, provides basic encryption and decryption and signature verification capability for cloud products, integrates SDK tool packages into respective projects of each cloud product, realizes seamless docking of KMS service, greatly reduces the complexity of docking, and the current integrated SDK package supports multiple language access modes such as Java, C++ and the like, reduces the limited dependence of service application docking,
Based on the key ID, the KMS completes data mapping and other internal processing with the bottom hardware device, and transfers the cryptographic facility adaptation layer, and completes the call to the bottom cryptographic infrastructure through the scheduling management of the cryptographic facility adaptation layer.
The encryption execution is completed. After receiving the request, the bottom hardware device acquires the appointed key information based on the input key ID equivalent information, and performs encryption operation on the input data.
And (5) responding. After encryption is completed, the encrypted ciphertext information is responded, and business processing is completed.
The Barbican applied in the method is an open source component integrated by OpenStack, provides support for an international algorithm, can develop a corresponding expansion plug-in integrated SDK package to realize docking with KMS service, finish support for national encryption and international algorithm and the like, can realize centralized and unified management of keys, provides full life cycle management of the keys through KMS service, provides a series of operation capabilities of import and export of the keys (only exporting public keys), key rotation, envelope encryption, key start-stop and the like, performs unified nano-tube (ciphertext storage for data keys) on a platform and the data keys of the service, realizes the security of the data keys, realizes chip-level protection of the keys by bottom hardware equipment, and effectively blocks the leakage risk of the data keys through encryption calculation protection of root keys. By providing the four parts of capabilities, a whole set of cloud platform secure key centralized management method is formed, so that the data encryption security is improved, and the data storage security capability is improved.
The invention also provides a cloud-native national secret key management device, which comprises a key management module of a cloud platform and a key management module of a product on the cloud,
The key management module of the cloud platform calls a back-end service transferring bottom node according to a service request of a user, invokes Barbican components through the bottom node, expands plug-in transferring KMS service through Barbican components by Barbican, completes data mapping and other internal processing with bottom hardware equipment through the KMS service, transfers different hardware equipment matched with a password facility, acquires appointed key information through the different hardware equipment matched with the password facility, and encrypts service storage data;
And the key management module of the cloud product analyzes a message of the service request according to the service request of the user, performs service logic processing through an integrated SDK packet, transfers KMS service, completes data mapping and other internal processing with bottom hardware equipment through the KMS service, transfers different hardware equipment matched with a password facility, acquires appointed key information through the different hardware equipment matched with the password facility, and performs encryption operation on service application data.
The content of information interaction and execution process between the modules in the device is based on the same conception as the embodiment of the method of the present invention, and specific content can be referred to the description in the embodiment of the method of the present invention, which is not repeated here.
Likewise, the device solves the potential safety hazard of the self-secret key management of the cloud platform. By expanding the bottom layer platform and intensively controlling the key modules, various key use scenes are reasonably brought into the centralized solution for execution, the unified maintenance of the whole subsequent platform is convenient, and the difficulty of subsequent excessive secret evaluation is reduced;
The unified key management capability is provided for the cloud product, the life cycle management of the key can be realized, and the security and confidentiality of the key are integrally improved, so that the security protection of user data is realized;
The unified encryption and decryption capability is provided, and the support of various national and international algorithms is provided for the cloud platform and the products on the cloud, so that the pre-research on the algorithm aspect is reduced, and the capability of the products is enriched and improved.
It should be noted that not all the steps and modules in the above processes and the structure diagrams of the devices are necessary, and some steps or modules may be omitted according to actual needs. The execution sequence of the steps is not fixed and can be adjusted as required. The system structure described in the above embodiments may be a physical structure or a logical structure, that is, some modules may be implemented by the same physical entity, or some modules may be implemented by multiple physical entities, or may be implemented jointly by some components in multiple independent devices.
The above-described embodiments are merely preferred embodiments for fully explaining the present invention, and the scope of the present invention is not limited thereto. Equivalent substitutions and modifications will occur to those skilled in the art based on the present invention, and are intended to be within the scope of the present invention. The protection scope of the invention is subject to the claims.
Claims (6)
1. A cloud-native national secret key management method is characterized by comprising a key of a management cloud platform and a key of a product on the management cloud, wherein the key of the management cloud platform and the key of the product on the management cloud support RSA, AES and SHA series algorithms, and SM2, SM3, SM4 and HMACSM national secret algorithms manage the key life cycle,
The managing the key of the cloud platform includes: according to the service request of the user, calling the back-end service transferring bottom node, calling Barbican the component through the bottom node, and expanding the plug-in transferring KMS service through Barbican the component by Barbican, comprising: receiving the encryption request called by the bottom node through Barbican component, judging whether to call KMS service according to the parameter, if yes, calling Barbican extension plug-in, analyzing the parameter, transferring KMS service according to the key ID after entering through Barbican extension plug-in,
The method comprises the steps that data mapping and other internal processing of bottom hardware equipment are completed through KMS, different hardware equipment matched with a password facility is converted, designated key information is obtained through the different hardware equipment matched with the password facility, and encryption operation is carried out on service storage data;
The managing keys of products on the cloud includes: according to the service request of the user, the message analysis of the service request is carried out, the service logic processing is carried out through the integrated SDK packet, the KMS service is transferred, the data mapping and other internal processing with the bottom hardware equipment are completed through the KMS service, the different hardware equipment matched with the password facility is transferred, the designated key information is obtained through the different hardware equipment matched with the password facility, and the encryption operation is carried out on the service application data.
2. The cloud-native national encryption key management method according to claim 1, wherein before said invoking Barbican component by the underlying node, comprising:
Logic is performed to determine whether to encrypt the data, and if so, the Barbican component is invoked.
3. The cloud-native national encryption key management method according to claim 1, wherein a key ID is obtained by selecting a key from a key list according to a service request of a user.
4. The cloud primary national secret key management device is characterized by comprising a key management module of a cloud platform and a key management module of a product on the cloud, wherein the key management module of the cloud platform and the key management module of the product on the cloud support RSA, AES and SHA series algorithms, and SM2, SM3, SM4 and HMACSM national secret algorithms manage the key life cycle,
The key management module of the cloud platform calls a back-end service transferring bottom node according to a service request of a user, calls Barbican a component through the bottom node, and extends a plug-in transferring KMS service through Barbican the component by Barbican, and comprises: receiving the encryption request called by the bottom node through Barbican component, judging whether to call KMS service according to the parameter, if yes, calling Barbican extension plug-in, analyzing the parameter, transferring KMS service according to the key ID after entering through Barbican extension plug-in,
The method comprises the steps that data mapping and other internal processing of bottom hardware equipment are completed through KMS, different hardware equipment matched with a password facility is converted, designated key information is obtained through the different hardware equipment matched with the password facility, and encryption operation is carried out on service storage data;
And the key management module of the cloud product analyzes a message of the service request according to the service request of the user, performs service logic processing through an integrated SDK packet, transfers KMS service, completes data mapping and other internal processing with bottom hardware equipment through the KMS service, transfers different hardware equipment matched with a password facility, acquires appointed key information through the different hardware equipment matched with the password facility, and performs encryption operation on service application data.
5. The cloud-native national key management device of claim 4, wherein before the key management module of the cloud platform invokes Barbican the component through the underlying node, comprising:
Logic is performed to determine whether to encrypt the data, and if so, the Barbican component is invoked.
6. The cloud-originated national secret key management apparatus according to claim 4, wherein the key management module of the cloud platform and the key management module of the product on the cloud each select a certain key from the key list according to a service request of a user, and acquire a key ID.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210262147.2A CN114598757B (en) | 2022-03-17 | 2022-03-17 | Cloud-primary national secret key management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210262147.2A CN114598757B (en) | 2022-03-17 | 2022-03-17 | Cloud-primary national secret key management method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114598757A CN114598757A (en) | 2022-06-07 |
| CN114598757B true CN114598757B (en) | 2024-06-18 |
Family
ID=81817098
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210262147.2A Active CN114598757B (en) | 2022-03-17 | 2022-03-17 | Cloud-primary national secret key management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114598757B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114003927A (en) * | 2021-10-21 | 2022-02-01 | 浪潮云信息技术股份公司 | System and method for realizing cloud platform key management |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9756022B2 (en) * | 2014-08-29 | 2017-09-05 | Box, Inc. | Enhanced remote key management for an enterprise in a cloud-based environment |
| US9363243B2 (en) * | 2014-03-26 | 2016-06-07 | Cisco Technology, Inc. | External indexing and search for a secure cloud collaboration system |
| US10848468B1 (en) * | 2018-03-05 | 2020-11-24 | Commvault Systems, Inc. | In-flight data encryption/decryption for a distributed storage platform |
| CN110602132A (en) * | 2019-09-24 | 2019-12-20 | 苏州浪潮智能科技有限公司 | Data encryption and decryption processing method |
| CN112532387B (en) * | 2020-11-27 | 2022-12-30 | 上海爱数信息技术股份有限公司 | Key service operation system and method thereof |
| CN114154185B (en) * | 2021-12-06 | 2025-03-21 | 浪潮云信息技术股份公司 | A data encryption storage method based on national secret algorithm |
-
2022
- 2022-03-17 CN CN202210262147.2A patent/CN114598757B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114003927A (en) * | 2021-10-21 | 2022-02-01 | 浪潮云信息技术股份公司 | System and method for realizing cloud platform key management |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114598757A (en) | 2022-06-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Kumar et al. | A new approach for security in cloud data storage for IOT applications using hybrid cryptography technique | |
| US10601801B2 (en) | Identity authentication method and apparatus | |
| JPWO2019220531A1 (en) | Secret search device and secret search method | |
| WO2022247790A1 (en) | Data management method and apparatus, device and storage medium | |
| WO2020073712A1 (en) | Method for sharing secure application in mobile terminal, and mobile terminal | |
| CN110417756A (en) | Cross-network data transmission method and device | |
| CN111416816A (en) | Access method and device of joint debugging interface, computer equipment and storage medium | |
| CN116996210A (en) | A scalable post-quantum encryption system for TLS protocol | |
| WO2021088659A1 (en) | Electronic signature loading method and device | |
| CN103425939B (en) | A kind of SM3 algorithm realization method and system in JAVA environment | |
| CN114598757B (en) | Cloud-primary national secret key management method | |
| CN114422588B (en) | Methods for terminal access authentication by secure autonomy implementation system and edge IoT agent | |
| CN114553418B (en) | Business method, device, system and terminal | |
| CN114884655B (en) | Data processing method, device, electronic equipment and readable storage medium | |
| CN114817957B (en) | Encrypted partition access control method, system and computing device based on domain management platform | |
| CN113014387B (en) | Method for improving multidimensional encryption interface based on hardware encryption machine and encryption device | |
| CN120582782A (en) | Gateway topology networking method, device, equipment and medium based on quantum key | |
| CN114036215A (en) | Encrypted database access method, computing device and storage medium | |
| CN112751664A (en) | Internet of things networking method and device and computer readable storage medium | |
| CN116137566A (en) | Information transmission method, device, network equipment, communication equipment and platform equipment | |
| CN119583148B (en) | Key synchronization method and cryptographic service platform based on SDF standard interface | |
| CN114282235A (en) | System and server for butting hardware security modules | |
| CN116723502A (en) | Privacy protection enhancement method and related device | |
| CN109657449A (en) | A kind of method and apparatus for realizing the intercommunication of password resource based on cipher card | |
| US20240348422A1 (en) | Privacy calculation unit, acceleration unit, system on chip, and privacy calculation method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |