CN104092772A - High-speed and high-pass data security storage and transmission method - Google Patents
High-speed and high-pass data security storage and transmission method Download PDFInfo
- Publication number
- CN104092772A CN104092772A CN201410351884.5A CN201410351884A CN104092772A CN 104092772 A CN104092772 A CN 104092772A CN 201410351884 A CN201410351884 A CN 201410351884A CN 104092772 A CN104092772 A CN 104092772A
- Authority
- CN
- China
- Prior art keywords
- data
- user
- decryption
- transparent encryption
- hardware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 34
- 238000000034 method Methods 0.000 title claims abstract description 22
- 239000013307 optical fiber Substances 0.000 claims abstract description 14
- 239000000835 fiber Substances 0.000 claims description 5
- 238000006243 chemical reaction Methods 0.000 claims description 2
- 230000003287 optical effect Effects 0.000 abstract 2
- 230000003068 static effect Effects 0.000 description 4
- 238000013500 data storage Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Landscapes
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a high-speed and high-pass data security storage and transmission method. An improved iSCSI storage technology is utilized, data transmitted through a high-speed network card are directly guided to a hardware transparent encryption and decryption board card from a PCI-E port through a PCI-E bus, user plaintext data are encrypted to form user ciphertext data through the hardware transparent encryption and decryption board card, the user ciphertext data are decrypted to form user plaintext data through the hardware transparent encryption and decryption board card, the improved iSCSI storage technology is utilized to enable the user plaintext data to be guided to an optical fiber Ethernet card through the PCI-E bus, the user plaintext data are converted into optical signals through the optical fiber Ethernet card and an SFP port, and the optical signals are transmitted to users through optical fibers. User data are encrypted and decrypted by means of the hardware transparent encryption and decryption board card, so that safety of the user data in storage and transmission is guaranteed in the cloud security technology. Meanwhile, the user data are encrypted for protection, the network rate is not reduced drastically like a usual software implementation scheme.
Description
Technical field
The present invention relates to data security storage and transmission, relate in particular to a kind of data security storage and transmission method of high speed high pass, belong to computer information safety technique field.
Background technology
Memory device common on market all adopts " expressly " mode store data mostly, and this makes data is wide-open for system manager, cloud storage service provider.What is more, once storage server is broken, all data all will be kept without close.In extensive High Performance Cache and Memory System demand for security, especially cloud storage application, can expand and high performance storage security technology, be the most basic guarantee of cloud storage application that promotes net environment.Therefore, safe data storage has become the study hotspot of current network field of storage.Allow enterprise and organize large-scale application cloud computing technology and platform, relievedly its data are paid to the management in cloud service provider, just must analyze all sidedly and address the various safety problems that cloud computing faces.
Summary of the invention
The invention discloses a kind of data security storage and transmission method of high speed high pass, solved safety and speed issue that data storage and transmission face.
For achieving the above object, the technical scheme that the present invention takes is: a kind of method of data security storage of high speed high pass and transmission, comprises the following steps:
A: use improved iSCSI memory technology that the data of High_speed NIC transmission are directly passed through to the transparent encryption and decryption board of PCI-E bus guiding hardware from PCI-E interface, by the transparent encryption and decryption board of hardware, user's clear data is encrypted to user's encrypt data;
B: use improved iSCSI memory technology that user's encrypt data is saved in iSCSI memory device;
C: use improved iSCSI memory technology that user's encrypt data is taken out from memory device;
D: user's encrypt data is passed through to the transparent encryption and decryption board of PCI-E bus guiding hardware;
E: user's encrypt data is decrypted into user's clear data by the transparent encryption and decryption board of hardware;
F: use improved iSCSI memory technology by user's clear data process PCI-E bus guiding fiber Ethernet card.
Further, the encryption/decryption algorithm using in above-mentioned steps A and step e is symmetric encipherment algorithm.
Preferably, the data of described steps A high speed network interface card transmission are the signal of telecommunication that is loaded with user's clear data, and described in be loaded with user's clear data the signal of telecommunication by user's clear data is converted by light signal by SFP interface.
Further preferably, described light signal is loaded with user's clear data and passes through Optical Fiber Transmission.
Preferably, follows step F, described fiber optic Ethernet card becomes light signal by user's clear data by SFP interface conversion, and by Optical Fiber Transmission to user.
The inventive method is used the transparent encryption and decryption board of hardware that user data is encrypted and is deciphered, and has ensured the safety of user data in storage and transmission in cloud security technology.Meanwhile, in by ciphering user data protection, network rate does not have significantly decline as common software implement scheme.
Brief description of the drawings
Fig. 1 is the system architecture schematic diagram of realizing the inventive method.
Fig. 2 is the system architecture schematic diagram of realizing the inventive method.
Fig. 3 is the inventive method schematic flow sheet.
In Fig. 3,1 to 2 dotted line represents user data transmission path, and 2 to 3 dotted line represents that user's encrypt data reads or be kept at memory device from memory device, and 2 to 4 dotted line represents that encrypt data reads or preserves from optical fiber.
Embodiment
Further describe the present invention below in conjunction with accompanying drawing.Should be appreciated that specific detail of the present invention described below, only for explanation use of the present invention, is not construed as limiting the invention.Any amendment of making according to described instruction of the present invention and modification are also within the scope of the invention.
The inventive method can be divided into network, storage, three parts of transparent encryption and decryption.Wherein network portion can comprise: optical fiber, SPF interface, fiber optic Ethernet card; Storage area can comprise: memory device (memory device can be conventional hard, hybrid hard disk, solid state hard disc or high speed hard-disk), iSCSI memory technology; Transparent encryption and decryption part can comprise: the transparent encryption and decryption board of hardware, wherein preferably adopts symmetric encipherment algorithm.As depicted in figs. 1 and 2.
In Fig. 1, in the network based on optical fiber, there is Data Access Server 1, Data Access Server 2, Data Access Server 3, the transparent encryption and decryption server of the transparent encryption and decryption board of hardware has been installed, fire compartment wall, the transparent encryption and decryption board of hardware has two SPF interfaces, be connected with the optical fiber interface in network respectively, transparent encryption and decryption server uses improved iSCSI memory technology to create iSCSI destination using self high speed hard-disk as storage resources, Data Access Server 1, Data Access Server 2, the iSCSI destination that Data Access Server 3 uses iSCSI originating end to access on transparent encryption and decryption server has realized the present invention.Wherein, improved iSCSI memory technology is improved by common iSCSI memory technology.Compare common iSCSI memory technology, improved iSCSI memory technology has been improved the flow direction of iSCSI data.Before not improving, iSCSI originating end sends data to iSCSI service end, and service end directly transfers to data on logic magnetic disc and preserves; After improvement, iSCSI originating end sends data to iSCSI service end, and service end will send data to the transparent encryption and decryption board of hardware by PCI-E agreement, after the transparent encryption and decryption board of hardware is processed, fetch data, continue to carry out original logic, send data on logic magnetic disc and preserve.Wherein, the function of the transparent encryption and decryption board of hardware has two: one, load key; Two, receive ciphertext/clear data and use the key loading, use block encryption algorithm that ciphertext/clear data is become to plain/cipher text data.The transparent encryption and decryption board of hardware can be by realization that field programmable gate array is programmed.
In Fig. 2, the right is storage server cluster, cluster is made up of the network based on optical fiber, fire compartment wall and some storage servers, iSCSI destination stores service is provided, in Fig. 2, the left side is made up of the network based on optical fiber, fire compartment wall, Data Access Server 1, Data Access Server 2, Data Access Server 3, transparent encryption and decryption server that the transparent encryption and decryption board of hardware has been installed, the transparent encryption and decryption board of hardware has two SPF interfaces, is connected respectively with the optical fiber interface in network.Transparent encryption and decryption server uses iSCSI destination to initiate access to the iSCSI destination on the right, the storage resources on the right is mapped as to the storage resources of self, transparent encryption and decryption server uses improved iSCSI memory technology to create iSCSI destination using mapping to local storage resources as storage resources, and the iSCSI destination that Data Access Server 1, Data Access Server 2, Data Access Server 3 use iSCSI originating end to access on transparent encryption and decryption server has realized the present invention.
The inventive method also can be divided into " storage that expressly storage of static data becomes ciphertext static data " and " expressly the transmission of dynamic data becomes the transmission of ciphertext dynamic data " two large divisions.Be described in detail respectively below.
(1) storage of plaintext static data becomes the storage of ciphertext static data:
In the time of user's save data, data by the iSCSI protocol transmission by based on Ethernet to transparent encryption and decryption server, after the encryption of the transparent encryption and decryption board of hardware on transparent encryption and decryption server, be stored on the high speed hard-disk of transparent encryption and decryption server, the data of now storing on the hard disk of transparent encryption and decryption server are the encrypt datas of encrypting through symmetric encipherment algorithm, unlawfully can not obtain normal readable data by directly reading hard disc data, appearance will be unrecognizable ciphertext.
In the time of user's reading out data, Data Access Server finds corresponding encrypt data by the iSCSI agreement by based on Ethernet from the high speed hard-disk of transparent encryption and decryption server, by the transparent encryption and decryption board of the hardware on transparent encryption and decryption server, the encrypt data of encrypting through symmetric encipherment algorithm is decrypted into clear data, finally by Internet Transmission is by plaintext transmission to Data Access Server excessively, at this moment Data Access Server can normally read identification data.
(2) transmission of plaintext dynamic data becomes the transmission of ciphertext dynamic data:
In the time of user's save data, data by the iSCSI protocol transmission by based on Ethernet to transparent encryption and decryption server, after the encryption of the transparent encryption and decryption board of hardware on transparent encryption and decryption server, continue by the iSCSI protocol transmission based on Ethernet to storage server, the data of now storing on the hard disk of storage server will be the encrypt data of encrypting through symmetric encipherment algorithm, unlawfully can not obtain normal readable data by the hard disc data that directly reads storage server, appearance will be unrecognizable ciphertext.
In the time of user's reading out data, Data Access Server finds corresponding encrypt data by the iSCSI agreement by based on Ethernet from storage server, transparent encryption and decryption server first reads to transparent encryption and decryption server by encrypt data from storage server, by the transparent encryption and decryption board of the hardware on transparent encryption and decryption server, the encrypt data of encrypting through symmetric encipherment algorithm is decrypted into clear data again, finally by Internet Transmission is by plaintext transmission to Data Access Server excessively, at this moment Data Access Server can normally read identification data.
By describing respectively the enforcement scene case of each process, describe the present invention in detail above, those skilled in the art will be understood that.Not departing from the scope of essence of the present invention, can make an amendment and be out of shape, such as peeling off of part of module use and by system embedment in other application systems.
Claims (5)
1. data security storage and the transmission method of high speed high pass, is characterized in that comprising the following steps:
A. user's clear data High_speed NIC being transmitted directly, from the transparent encryption and decryption board of PCI-E interface process PCI-E bus guiding hardware, is encrypted to user's encrypt data by the transparent encryption and decryption board of hardware by user's clear data;
B. user's encrypt data is saved in iSCSI memory device;
C. user's encrypt data is taken out from memory device;
D. user's encrypt data is passed through to the transparent encryption and decryption board of PCI-E bus guiding hardware;
E. by the transparent encryption and decryption board of hardware, user's encrypt data is decrypted into user's clear data;
F. by user's clear data process PCI-E bus guiding fiber Ethernet card.
2. data security storage and the transmission method of high speed high pass according to claim 1, is characterized in that: described encryption/decryption algorithm is symmetric encipherment algorithm.
3. data security storage and the transmission method of high speed high pass according to claim 2, it is characterized in that: the data of described steps A high speed network interface card transmission are the signal of telecommunication that is loaded with user's clear data, and described in be loaded with user's clear data the signal of telecommunication by user's clear data is converted by light signal by SFP interface.
4. data security storage and the transmission method of high speed high pass according to claim 3, is characterized in that: described light signal is loaded with user's clear data and passes through Optical Fiber Transmission.
5. data security storage and the transmission method of high speed high pass according to claim 1, is characterized in that: follows step F, described fiber optic Ethernet card becomes light signal by user's clear data by SFP interface conversion, and by Optical Fiber Transmission to user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410351884.5A CN104092772A (en) | 2014-07-23 | 2014-07-23 | High-speed and high-pass data security storage and transmission method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410351884.5A CN104092772A (en) | 2014-07-23 | 2014-07-23 | High-speed and high-pass data security storage and transmission method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104092772A true CN104092772A (en) | 2014-10-08 |
Family
ID=51640452
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410351884.5A Pending CN104092772A (en) | 2014-07-23 | 2014-07-23 | High-speed and high-pass data security storage and transmission method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104092772A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110430014A (en) * | 2019-07-19 | 2019-11-08 | 河海大学 | A kind of fieldbus single channel encryption method in water resources fund control system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110295967A1 (en) * | 2010-05-28 | 2011-12-01 | Drc Computer Corporation | Accelerator System For Remote Data Storage |
| CN202218256U (en) * | 2011-07-18 | 2012-05-09 | 北京赛博兴安科技有限公司 | Centralized storage security control gateway system |
-
2014
- 2014-07-23 CN CN201410351884.5A patent/CN104092772A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110295967A1 (en) * | 2010-05-28 | 2011-12-01 | Drc Computer Corporation | Accelerator System For Remote Data Storage |
| CN202218256U (en) * | 2011-07-18 | 2012-05-09 | 北京赛博兴安科技有限公司 | Centralized storage security control gateway system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110430014A (en) * | 2019-07-19 | 2019-11-08 | 河海大学 | A kind of fieldbus single channel encryption method in water resources fund control system |
| CN110430014B (en) * | 2019-07-19 | 2022-02-01 | 河海大学 | Hardware encryption gateway and encryption method for field bus channel encryption |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11088846B2 (en) | Key rotating trees with split counters for efficient hardware replay protection | |
| US20230080528A1 (en) | Smart data protection | |
| CN111460453B (en) | Machine learning training method, controller, device, server, terminal and medium | |
| US11397820B2 (en) | Method and apparatus for processing data, computer device and storage medium | |
| US9020149B1 (en) | Protected storage for cryptographic materials | |
| US11204881B2 (en) | Computer system software/firmware and a processor unit with a security module | |
| US10019409B2 (en) | Extending remote direct memory access operations for storage class memory access | |
| US20170163413A1 (en) | System and Method for Content Encryption in a Key/Value Store | |
| CN205901794U (en) | System for it encrypts to carry out selectivity to big data content | |
| US20230032363A1 (en) | Sensitive data encryption | |
| US20250124176A1 (en) | Key management method, data protection method, system, chip, and computer device | |
| CA3054213A1 (en) | Information management method and device | |
| CN107609428A (en) | Date safety storing system and method | |
| CN104092672A (en) | Method for encrypting and decrypting information by means of ciphertext storage gateway | |
| US10491387B2 (en) | End-to-end encryption of a block storage device with protected key | |
| Zhao et al. | A data lake-based security transmission and storage scheme for streaming big data | |
| CN105162595B (en) | The encryption and decryption method of safe transmission uncompressed file | |
| US20240348622A1 (en) | Telemetry restriction mechanism | |
| CN104092772A (en) | High-speed and high-pass data security storage and transmission method | |
| US11126734B2 (en) | Method, device and computer program product for data processing | |
| CN117195326A (en) | Big data encryption storage method | |
| US10277565B2 (en) | Enterprise service bus logging | |
| CN108509812A (en) | The storage system and storage method of archives | |
| US9633209B1 (en) | Chaining of use case-specific entity identifiers | |
| US12255980B2 (en) | Homomorphic encryption key management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20141008 |