CN1694415A - Method and device for safety of storaged network data - Google Patents
Method and device for safety of storaged network data Download PDFInfo
- Publication number
- CN1694415A CN1694415A CN 200510011667 CN200510011667A CN1694415A CN 1694415 A CN1694415 A CN 1694415A CN 200510011667 CN200510011667 CN 200510011667 CN 200510011667 A CN200510011667 A CN 200510011667A CN 1694415 A CN1694415 A CN 1694415A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- memory device
- hardware
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
This invention relates to a method and a device for guaranteeing the safety of storage network data, which designs a safety management device on the data channel between the server cluster and the storage device cluster of a storage network to isolate the transmitted orders and data between the two clusters and processes the data and manages them safely, which can realize the normal data process on one hand and can apply various safety measures to process all data streams and special data streams safely on the other to provide safe measures and security to multi-user shared data storage and user access.
Description
Technical field
The present invention relates to the safe practice of storage networking, particularly a kind of method that ensures safety of storaged network data and device.
Background technology
Computer security issue is one of focus of computer technology, and the major technique of employing is various encryption technologies or firewall technology.But according to the data statistics of the parties concerned, 50%~80% attack source is the attack that is positioned at fire compartment wall inside in network internal, and these attacks comprise stealing the storage data.Present most of data are to store with the mode of plain code, and these data might be brought tremendous loss to the economic interests of company as being stolen; Some critical data in addition be related to the country interests and safety.
Storage networking is an important trend of storage development.The safety of storage networking is different from the network security of ordinary meaning, and it is to be positioned under the common network security fireproof wall, is the safe practice of setting up in order to prevent inside to steal.The safety of storage networking is not equal to the safety of generic storage equipment such as single hard disk or single array yet, and storage networking is that the mode of multiple users share is stored, and memory device is a plurality of user captures simultaneously, and data are easier to be stolen; In a word, the safety problem of storage networking is a computer system security key to the issue problem.
Summary of the invention
The present invention is directed to the deficiencies in the prior art, a kind of method that ensures safety of storaged network data be provided, can multiple users share condition under, realize the safety of store network data storage and user capture.The present invention also provides the security control apparatus of the store network data under this method.
The method that the present invention ensures safety of storaged network data, be connected with server cluster and memory device cluster in the described storage networking, it is characterized in that, on order in storage networking between server cluster and the memory device cluster and the data channel security control apparatus is set, by described security control apparatus order and the data transmitted between described server cluster and the memory device cluster are isolated, and the order and the data of transmission are between the two carried out data processing and implementation data safety management by described security control apparatus.
The inventive method is owing to be provided with between server cluster and memory device cluster the security control apparatus of ordering and data are isolated, and data are between the two handled and safety management by described security control apparatus, be equivalent to the data flow between server cluster and the memory device cluster is provided with an intelligent and safe keeper, can realize normal data processing between server cluster and the memory device cluster on the one hand, on the other hand, in security control apparatus, can take safety measures, take safety measures for whole data flow or special data flow, such as carrying out encryption, carry out rights management restriction or the like, for the storage under the multiple users share memory device condition and user capture provide safety measure and guarantee.
Further, described data processing be by described security control apparatus respectively the mode of operation of analog storage equipment and server realize, to the I/O order of described server cluster, the mode of operation of described security control apparatus analog storage equipment receives and responds described order; To described memory device cluster, the mode of operation of described security control apparatus emulating server is read and write the memory device in the described memory device cluster, and sends each memory device and/or memory space that I/O orders described memory device cluster; Described data safety management is to handle and realize by in described security control apparatus the storage protocol layer of memory channel being carried out data encryption/decryption.
The mode of operation of security control apparatus difference analog storage equipment and server can utilize common server hardware or embedded hardware platform that security control apparatus is set, and it is simple and convenient that the inventive method is realized.Conduct interviews in storage protocol layer and to authorize and/or data encryption/decryption is realized data processing and safety management, can and existing storage system compatibility fully, promptly compatible any hardware, operating system and application program.
Further, described security control apparatus comprises hardware platform and software platform, described hardware platform is common server hardware or embedded hardware, and be provided with respectively that the equipment end hardware protocol that links to each other with described memory device cluster and service device cluster is handled port and service device end hardware protocol is handled port on physical layer and transport layer, be used to handle storage networking and transmit underlying protocol; Described software platform comprises respectively to be handled equipment end storage protocol module, the server end storage protocol module that ports link to each other with two hardware protocols and is connected between the two encryption handling module, also comprise one with above-mentioned three configuration databases that module links to each other, described two storage protocol modules realize the transmitting-receiving of order and the transmitting-receiving of analysis and store network data, described encryption handling module is carried out encryption/decryption process according to the type of order to data, described configuration data library storage and management various information.Described hardware platform also is provided with the key hardware interface; Described encryption handling module also is provided with hardware encryption module and/or software cryptography module; Described software platform also is provided with the password management module that is used to realize access authorization management and data encryption, authority management module, management of encryption algorithms module and the key management module that links to each other with configuration database respectively, and the information of described four modules all sends configuration database to.
Abovementioned technology can adopt the storage networking interface Connection Service device cluster and the memory device cluster of standard, can compatible most at present storage network protocol, as optical-fibre channel (Fibre Channel), iSCSI, attached net storage (NAS), object-based storage (OSD); Technique scheme is also by the key of each memory space in the single memory device and the separate configurations of encryption, promptly manage respectively by each memory device/memory space to the memory device cluster, give different key of user and algorithm, realized the data encryption under the multi-user shared environment.And the way to manage that user's entry password, encryption key and network manager's allocation space authority combine is further ensured data security.The technical scheme that the inventive method adopts key devices to separate can be damaged key fast, ensures data security.
Description of drawings
Fig. 1 is apparatus of the present invention structural representations;
Fig. 2 is the flow chart of initialization of the present invention, connection;
Fig. 3 is the flow chart of user's login of the present invention;
Fig. 4 is the flow chart of write data of the present invention;
Fig. 5 is the flow chart of read data of the present invention;
Fig. 6 is the flow chart of disconnect user of the present invention.
Mark lists as follows among the figure:
1-store network data safety device of the present invention; 2-memory device cluster; The 3-server cluster; The 4-storage networking; The hardware platform of 10-safety device; The software platform of 20-safety device; 100-equipment end protocol processes port; The 110-server-side protocol is handled port; 120-hardware encryption module; 130-key hardware interface; 200-equipment end storage protocol module; 210-server end storage protocol module; 220-encryption handling module; 230-software cryptography module; 240-password management module; The 250-authority management module; 260-management of encryption algorithms module; The 270-key management module; The 280-configuration database.
Embodiment
Describe concrete technical scheme of the present invention in detail below in conjunction with accompanying drawing.
Fig. 1 is a store network data safety device structural representation of the present invention.As described in Figure 1, store network data safety device 1 of the present invention be connected memory device cluster 2 and server cluster 3 by storage networking 4, be arranged in the order and data channel between the two, data and order are isolated.Store network data safety device 1 comprises hardware platform 10 and software platform 20, and the data of transmission between server cluster 3 and the memory device cluster 2 are carried out data processing and implementation data safety management.
Hardware platform 10 comprises that the equipment end hardware protocol is handled port 100, the server end hardware protocol is handled port 110 and hardware encryption module 120.The server end hardware protocol is handled port 110 and is connected to server cluster 3, and the equipment end hardware protocol is handled port 100 and is connected to memory device cluster 2.Described equipment end hardware protocol is handled port 100, the server end hardware protocol is handled port 110 and is made up of bottom hardware system and processing storage protocol layer segment.Port scheme shown in the present embodiment adopts hardware handles underlying protocol, software processes upper-layer protocol mode commonly used.Described equipment end hardware protocol is handled port 100, the server end hardware protocol is handled port 110 and can be adopted the most frequently used Ethernet interface and optical-fibre channel mouth, actual application can take software and hardware configuration mode flexibly to realize the function of each protocol layer, also can take the hardware port of other types.Key hardware interface 130 is responsible for reading hard key, can be that key or the IC-card card reader interface that USB interface is read in USB reads in any-modes such as IC-card.
Hardware platform 10 can be made up of the embedded hardware platform of common server hardware or research and development voluntarily.Except that described hardware protocol is handled port and key hardware interface, other parts of hardware are the same with common hardware platform architecture, comprise the external memory of internal memory, storage control program or the firmware of central processing unit, control program or firmware operation usefulness, outside expansion bus etc.
The software control platform comprises equipment end storage protocol module 200, server end storage protocol module 210, encryption handling module 220, software cryptography module 230, password management module 240, authority management module 250, management of encryption algorithms module 260, key management module 270, configuration database 280.
Equipment end storage protocol module 200 connection device end hardware protocols are handled port 100, the mode of operation of emulating server, read-write memory device cluster 2.Particularly, equipment end storage protocol module 200 sends each memory device/memory space that high-rise memory device I/O orders described memory device cluster 2, obtain its address, sign, state and capacity, and constantly scan the variation of monitoring memory device cluster state, and deposit above-mentioned information in configuration database 280.Described server end storage protocol module 210 Connection Service device end hardware protocols are handled port 110, and the mode of operation of analog storage equipment responds the read-write I/O order of server cluster 3.Particularly, server end storage protocol module 210 obtains the information of memory device cluster 2 memory devices/memory space from configuration database 280, by these message pick-ups and response from the high-rise storage device commands of server cluster 3.
This technical scheme makes server cluster 3 be isolated to order between the memory device cluster 2 and transfer of data, and comes deal with data and order by the mode of operation of emulating server of the present invention and memory device.In fact this technical scheme sets two zones: server cluster 3 and server end storage protocol module 210 zones, and in this zone, server cluster 3 can only be seen store network data safety means of the present invention; Memory device cluster 2 and equipment end storage protocol module 200 zones, in this zone, store network data safety device of the present invention can only be seen memory device cluster 2.Therefore, server cluster can only just can have access to memory device cluster 2 by store network data safety means of the present invention.
The data safety management of present embodiment is by being provided with the access authorization management and/or encrypting and realize, preferred scheme is conduct interviews simultaneously empowerment management and encryption, specific implementation process is as follows: password management module 240 is restrictions that user's (server cluster 3) logins when memory device/memory space is conducted interviews, finished alternately by user and keeper, user profile sends configuration database 280 under the situation of keeper's approval; Authority management module 250 is the control of user's (server cluster 3) to memory device/memory space access right, finished jointly by user and network manager, user profile, user place server info and user institute memory allocated equipment/storage space information etc. send configuration database 280 to by the keeper; Management of encryption algorithms module 260 can be deposited multiple encryption algorithms, and these algorithms are realized with hardware (by hardware encryption module 120) or software mode (by software cryptography module 230).The user selects cryptographic algorithm, sends configuration database 280 to; Key management module 270 management data encryption keys, key can be the soft keys that the user imports, and also can be to read in hard key from described key hardware interface 130, and key management module 270 sends key to configuration database 280.When receiving the read write command of server cluster, configuration database 280 reads above-mentioned information, carries out encryption/decryption process to reading and writing data according to user place server info, key information, cryptographic algorithm information.
Configuration database 280 is managed all stored informations, user profile, cryptographic algorithm information, key information etc.After user and keeper cooperated input one configuration set information, configuration database deposited above-mentioned four kinds of information in as an array.During afterwards each login of user, equipment end storage protocol module 200 will check whether user, entry password be effective, and take out from configuration database 280 and give user institute allocation space information, report to the user.The user is when the above-mentioned space of read-write, and equipment end storage protocol module 200 will be carried out encryption/decryption process by hardware or software mode to data according to key information and cryptographic algorithm information.
Fig. 2 is the flow chart of initialization of the present invention, connection.Shown in (a) among Fig. 2, the equipment end hardware protocol that connects memory device cluster 2 is handled port 100 and equipment end storage protocol module 200 emulating server working methods.Under this mode, store network data safety device 1 of the present invention initiatively sends high-rise storage device commands to memory device cluster 2, obtains address, sign, state and the capacity of memory device cluster 2 each memory device/memory space.Owing to can there be situations such as occurring mistake in new equipment adding, existing equipment disconnection, the read-write process in the storage networking, store network data safety device 1 of the present invention has been set the timing scan scheme, the state of each memory device/memory space in the cycle detection memory device cluster 2 upgrades configuration database 280.
Shown in (b) among Fig. 2, the server end hardware protocol of Connection Service device cluster 3 is handled port 110 and server end storage protocol processing module 210 analog storage equipment work modes, receive and response from the high-rise storage device commands of server cluster 3, as read memory attribute order, read states order, read capacity command, read write command etc.The state parameter of all memory device/memory spaces is taken from configuration database 280.
Fig. 3 is the flow chart of user's login of the present invention.As shown in Figure 3, when the user needs memory space, send application, after the network manager confirms that the user can use storage resources, deposit the storage space information of user profile, server info and distributing user in configuration database 280 to the network manager; Password, cryptographic algorithm, key are landed in user's decision, also deposit configuration database 280 in.
The user utilizes entry password to sign in to store network data safety device 1 of the present invention, and retrieve configuration data of the present invention storehouse 280 confirms that user name, password and server are effective, just allows the user to login.
Above-mentioned password and key and network manager isolate, and the network manager only knows has password and key to exist, and does not know content.Be the right that the network manager has only memory allocated equipment/memory space, and do not have the right of accessing storage device/memory space.
Fig. 4 is the flow chart of write data of the present invention.As shown in Figure 4, after the present invention receives write order, from configuration database 280, take out cryptographic algorithm and key, utilize hardware or software mode that write data is encrypted, write corresponding memory device/memory space.
Fig. 5 is the flow chart of read data of the present invention.As shown in Figure 5, after the present invention received read command, reading of data from corresponding memory device/memory space was then according to take out cryptographic algorithm and key from configuration database 60, utilize hardware or software mode that read data is decrypted, data are turned back to server.
Fig. 6 is the flow chart of disconnect user of the present invention.As shown in Figure 6, for ensureing data security conscientiously, when the user disconnected connection, the present invention deleted key from configuration database 280.As the user further demand is arranged, the password of user's login also can be removed.
More than the specific embodiment of the present invention is illustrated, but be not limited thereto, in any form the present invention is not made restriction yet.Should be pointed out that for a person skilled in the art, can also make a lot of relevant distortion and improvement according to guiding theory of the present invention, but these all will fall into protection scope of the present invention.
Claims (9)
1, a kind of method that ensures safety of storaged network data, be connected with server cluster and memory device cluster in the described storage networking, it is characterized in that, on the data channel in storage networking between server cluster and the memory device cluster security control apparatus is set, by described security control apparatus order and the data transmitted between described server cluster and the memory device cluster are isolated, and the order and the data of transmission are between the two carried out data processing and implementation data safety management by described security control apparatus.
2, the method that ensures safety of storaged network data according to claim 1, it is characterized in that described data processing be by described security control apparatus respectively the mode of operation of analog storage equipment and server realize, I/O order to described server cluster, the mode of operation of described security control apparatus analog storage equipment receives and responds described order; To described memory device cluster, the mode of operation of described security control apparatus emulating server is read and write the memory device in the described memory device cluster, and sends each memory device and/or memory space that I/O orders described memory device cluster; Described data safety management is that the storage protocol layer of the memory channel in described security control apparatus conducts interviews and authorizes and/or data encryption/decryption is handled and realized.
3, the method that ensures safety of storaged network data according to claim 1 and 2, it is characterized in that described security control apparatus comprises hardware platform and software platform, described hardware platform is common server hardware or embedded hardware, and be provided with respectively that the equipment end hardware protocol that links to each other with described memory device cluster and service device cluster is handled port and service device end hardware protocol is handled port on physical layer and transport layer, be used to handle storage networking and transmit underlying protocol; Described software platform comprises respectively to be handled equipment end storage protocol module, the server end storage protocol module that ports link to each other with two hardware protocols and is connected between the two encryption handling module, also comprise one with above-mentioned three configuration databases that module links to each other, described two storage protocol modules realize the transmitting-receiving of order and the transmitting-receiving of analysis and store network data, described encryption handling module is carried out encryption/decryption process according to the type of order to data, described configuration data library storage and management various information.
4, the method that ensures safety of storaged network data according to claim 3 is characterized in that described hardware platform also is provided with the key hardware interface; Described encryption handling module also is provided with hardware encryption module and/or software cryptography module; Described software platform also is provided with the password management module that is used to realize access authorization management and/or data encryption, authority management module, management of encryption algorithms module and the key management module that links to each other with configuration database respectively, and the information of described four modules all sends configuration database to.
5, the method that ensures safety of storaged network data according to claim 4, the mode of operation that it is characterized in that described emulating server is existing by equipment end storage protocol module and the cause for gossip of equipment end hardware protocol end for process, equipment end storage protocol module sends a command to each memory device/memory space of described memory device cluster, obtain attributes such as its address, sign, state and capacity, and constantly Data Update is carried out in the variation of scanning monitoring memory device cluster state, deposits above-mentioned information in configuration database simultaneously; The mode of operation of described analog storage equipment is existing by server end storage protocol module and the cause for gossip of server end hardware protocol end for process, described server end storage protocol module obtains the information of memory device cluster memory device/memory space from configuration database, also responded the order that comes from server cluster by these message pick-ups; For read data and the write data order in the order, then need to carry out to carry out the read and write operation to the memory device/memory space in the memory device cluster after the encryption/decryption process according to cryptographic algorithm in the configuration database and key by the encryption handling module.
6, the method that ensures safety of storaged network data according to claim 4, it is characterized in that access authorization management and data encryption/decryption are achieved in that the restriction of login when the password management module is provided with the user memory device/memory space is conducted interviews, and be arranged to finish alternately by user and keeper, the user profile that is produced sends configuration database under the situation of keeper's approval; Authority management module is provided with the control of user to memory device/memory space access right, and be arranged to be finished jointly by user and network manager, consequent user profile, user place server info and user institute memory allocated equipment/storage space information etc. send configuration database to by the keeper; The management of encryption algorithms module has been deposited multiple encryption algorithms, and these algorithms realize that by hardware encryption module or software cryptography module the user selects cryptographic algorithm, sends configuration database to; Key management module management data encryption key, key can be the soft key that the user imports, it also can be the hard key that reads in from described key hardware interface, key management module sends key to configuration database, when receiving the read write command of server cluster, configuration database reads above-mentioned information, carries out encryption/decryption process to reading and writing data according to user place server info, key information, cryptographic algorithm information.
7, a kind of store network data security control apparatus, be connected with server cluster and memory device cluster in the described storage networking, it is characterized in that, described store network data security control apparatus is arranged in the storage networking in the order and data channel between the server cluster and memory device cluster, form by hardware platform and software platform, order and the data transmitted between server cluster and the memory device cluster are carried out data processing and implementation data safety management.
8, store network data security control apparatus according to claim 7, it is characterized in that described hardware platform is common server hardware or embedded hardware, and be provided with respectively that the equipment end hardware protocol that links to each other with described memory device cluster and service device cluster is handled port and service device end hardware protocol is handled port on physical layer and transport layer, be used to handle storage networking and transmit underlying protocol; Described software platform comprises respectively to be handled equipment end storage protocol module, the server end storage protocol module that ports link to each other with two hardware protocols and is connected between the two encryption handling module, also comprise one with above-mentioned three configuration databases that module links to each other, described two storage protocol modules realize the transmitting-receiving of order and the transmitting-receiving of analysis and store network data, described encryption handling module is carried out encryption/decryption process according to the type of order to data, described configuration data library storage and management various information.
9, store network data security control apparatus according to claim 8 is characterized in that described hardware platform also is provided with the key hardware interface; Described encryption handling module also is provided with hardware encryption module and/or software cryptography module; Described software platform also is provided with the password management module that is used to realize access authorization management and data encryption/decryption, authority management module, management of encryption algorithms module and the key management module that links to each other with configuration database respectively, and the information of described four modules all sends configuration database to.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100116672A CN100385860C (en) | 2005-04-29 | 2005-04-29 | Method and device for safety of storaged network data |
| PCT/CN2006/000850 WO2006116931A1 (en) | 2005-04-29 | 2006-04-29 | A method for guaranteeing the safety of the storage network data and the system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100116672A CN100385860C (en) | 2005-04-29 | 2005-04-29 | Method and device for safety of storaged network data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1694415A true CN1694415A (en) | 2005-11-09 |
| CN100385860C CN100385860C (en) | 2008-04-30 |
Family
ID=35353226
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100116672A Active CN100385860C (en) | 2005-04-29 | 2005-04-29 | Method and device for safety of storaged network data |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN100385860C (en) |
| WO (1) | WO2006116931A1 (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102244649A (en) * | 2010-05-12 | 2011-11-16 | 杭州华三通信技术有限公司 | Data transmission method among secure networks and data processors |
| CN101877783B (en) * | 2009-11-06 | 2012-01-25 | 北京邦诺存储科技有限公司 | Network video recorder clustering video monitoring system and method |
| CN102420820A (en) * | 2011-11-28 | 2012-04-18 | 杭州华三通信技术有限公司 | Fence method in cluster system and apparatus thereof |
| CN102684984A (en) * | 2011-03-14 | 2012-09-19 | 腾讯科技(深圳)有限公司 | Method and system for achieving routing between clusters |
| CN102761538A (en) * | 2012-04-27 | 2012-10-31 | 南大傲拓科技江苏有限公司 | Design management method for communication shared field applied to various communication interface gateways |
| CN104243510A (en) * | 2013-06-07 | 2014-12-24 | 中国科学院声学研究所 | Safe network storage system and method |
| CN104579689A (en) * | 2015-01-20 | 2015-04-29 | 中城智慧科技有限公司 | Soft secret key system and implementation method |
| CN102684984B (en) * | 2011-03-14 | 2016-12-14 | 腾讯科技(深圳)有限公司 | Route implementation method and system between cluster |
| CN108667867A (en) * | 2017-03-29 | 2018-10-16 | 华为技术有限公司 | Date storage method and device |
| CN111259227A (en) * | 2020-01-16 | 2020-06-09 | 北京旷视科技有限公司 | Method and apparatus for sharing target retrieval service between multiple retrieval clusters |
| CN112348513A (en) * | 2020-09-09 | 2021-02-09 | 中诚区块链研究院(南京)有限公司 | Can provide multiple encryption mode transaction block chain |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102025503B (en) * | 2010-11-04 | 2014-04-16 | 曙光云计算技术有限公司 | Data security implementation method in cluster environment and high-security cluster |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6172988B1 (en) * | 1996-01-31 | 2001-01-09 | Tiernan Communications, Inc. | Method for universal messaging and multiplexing of video, audio, and data streams |
| US6292657B1 (en) * | 1998-07-13 | 2001-09-18 | Openwave Systems Inc. | Method and architecture for managing a fleet of mobile stations over wireless data networks |
| EP1374056B1 (en) * | 2001-03-01 | 2006-06-21 | Storeage Networking Technologies | Storage area network (san) security |
| JP3779914B2 (en) * | 2001-11-22 | 2006-05-31 | アンリツ株式会社 | Gateway apparatus and access method using the apparatus |
| US7546360B2 (en) * | 2002-06-06 | 2009-06-09 | Cadence Design Systems, Inc. | Isolated working chamber associated with a secure inter-company collaboration environment |
| US7277431B2 (en) * | 2002-10-31 | 2007-10-02 | Brocade Communications Systems, Inc. | Method and apparatus for encryption or compression devices inside a storage area network fabric |
-
2005
- 2005-04-29 CN CNB2005100116672A patent/CN100385860C/en active Active
-
2006
- 2006-04-29 WO PCT/CN2006/000850 patent/WO2006116931A1/en not_active Application Discontinuation
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101877783B (en) * | 2009-11-06 | 2012-01-25 | 北京邦诺存储科技有限公司 | Network video recorder clustering video monitoring system and method |
| CN102244649A (en) * | 2010-05-12 | 2011-11-16 | 杭州华三通信技术有限公司 | Data transmission method among secure networks and data processors |
| CN102244649B (en) * | 2010-05-12 | 2015-06-10 | 杭州华三通信技术有限公司 | Data transmission method among secure networks and data processors |
| CN102684984A (en) * | 2011-03-14 | 2012-09-19 | 腾讯科技(深圳)有限公司 | Method and system for achieving routing between clusters |
| CN102684984B (en) * | 2011-03-14 | 2016-12-14 | 腾讯科技(深圳)有限公司 | Route implementation method and system between cluster |
| US9043636B2 (en) | 2011-11-28 | 2015-05-26 | Hangzhou H3C Technologies Co., Ltd. | Method of fencing in a cluster system |
| CN102420820A (en) * | 2011-11-28 | 2012-04-18 | 杭州华三通信技术有限公司 | Fence method in cluster system and apparatus thereof |
| CN102420820B (en) * | 2011-11-28 | 2016-06-08 | 杭州华三通信技术有限公司 | Partition method in a kind of group system and device |
| CN102761538B (en) * | 2012-04-27 | 2014-10-22 | 南大傲拓科技江苏有限公司 | Design management method for communication shared field applied to various communication interface gateways |
| CN102761538A (en) * | 2012-04-27 | 2012-10-31 | 南大傲拓科技江苏有限公司 | Design management method for communication shared field applied to various communication interface gateways |
| CN104243510A (en) * | 2013-06-07 | 2014-12-24 | 中国科学院声学研究所 | Safe network storage system and method |
| CN104243510B (en) * | 2013-06-07 | 2018-08-14 | 中国科学院声学研究所 | A kind of secure network storage system and method |
| CN104579689A (en) * | 2015-01-20 | 2015-04-29 | 中城智慧科技有限公司 | Soft secret key system and implementation method |
| CN104579689B (en) * | 2015-01-20 | 2018-02-13 | 中城智慧科技有限公司 | A kind of soft cipher key system and implementation method |
| CN108667867A (en) * | 2017-03-29 | 2018-10-16 | 华为技术有限公司 | Date storage method and device |
| US10972542B2 (en) | 2017-03-29 | 2021-04-06 | Huawei Technologies Co., Ltd. | Data storage method and apparatus |
| CN108667867B (en) * | 2017-03-29 | 2021-05-18 | 华为技术有限公司 | Data storage method and device |
| US11575748B2 (en) | 2017-03-29 | 2023-02-07 | Huawei Technologies Co., Ltd. | Data storage method and apparatus for combining different data distribution policies |
| CN111259227A (en) * | 2020-01-16 | 2020-06-09 | 北京旷视科技有限公司 | Method and apparatus for sharing target retrieval service between multiple retrieval clusters |
| CN111259227B (en) * | 2020-01-16 | 2023-11-10 | 北京旷视科技有限公司 | Method and apparatus for sharing a targeted search service among multiple search clusters |
| CN112348513A (en) * | 2020-09-09 | 2021-02-09 | 中诚区块链研究院(南京)有限公司 | Can provide multiple encryption mode transaction block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100385860C (en) | 2008-04-30 |
| WO2006116931A1 (en) | 2006-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100385860C (en) | Method and device for safety of storaged network data | |
| US6971016B1 (en) | Authenticated access to storage area network | |
| JP4191927B2 (en) | Method and apparatus for identifying a network device on a storage network | |
| EP1770951B1 (en) | Management of security in storage networks | |
| US9576144B2 (en) | Secured file system management | |
| US20070136606A1 (en) | Storage system with built-in encryption function | |
| CN102945355A (en) | Sector map-based rapid data encryption policy compliance | |
| CN106575342A (en) | Kernel program including relational data base, and method and device for executing said program | |
| US20050005091A1 (en) | Method and apparatus for data integration security | |
| CN1703867A (en) | Firewall | |
| CN102855452A (en) | Method for following quick data encryption strategy based on encryption piece | |
| US9514325B2 (en) | Secured file system management | |
| CN101561855B (en) | Method and system for controlling computer to access USB device | |
| CN105027498A (en) | A method, system and device for securely storing data files at a remote location by splitting and reassembling said files | |
| CN101593252A (en) | Control method and system that a kind of computing machine conducts interviews to USB device | |
| CN1901452A (en) | Multi-level and multi-factor security credentials management for network element authentication | |
| US8261099B1 (en) | Method and system for securing network data | |
| CN109726575A (en) | A kind of data ciphering method and device | |
| CN1293483C (en) | Multistorage type physical buffer computer data safety protection method and device | |
| CN105279453B (en) | It is a kind of to support the partitions of file for separating storage management to hide system and method | |
| US9324123B2 (en) | Storage of keyID in customer data area | |
| CN110213266B (en) | Block chain cross-chain information processing method and electronic equipment | |
| CN110300289A (en) | Video security management system and method | |
| CN103679063A (en) | Multi-domain switching system and method having access to virtualized desktop | |
| CN102868748A (en) | File secure sharing system, file secure sharing server and client side |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: ZHU YAOLONG; APPLICANT Free format text: FORMER OWNER: BANGNUO MEMORY SCIENCE AND TECHNOLOGY CO., LTD., BEIJING Effective date: 20060224 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20060224 Address after: 100841, No. 19 West Third Ring Road, Beijing, 107-2-8 Applicant after: Zhu Wailong Co-applicant after: Zhang Jinkui Co-applicant after: Xiong Hui Co-applicant after: Yan Jie Address before: 100085, room 718, building 26, information road, Haidian District, Beijing Applicant before: Bangnuo Memory Science and Technology Co., Ltd., Beijing |
|
| ASS | Succession or assignment of patent right |
Owner name: BANGNUO MEMORY SCIENCE AND TECHNOLOGY CO., LTD., Free format text: FORMER OWNER: ZHU YAOLONG; APPLICANT Effective date: 20060623 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20060623 Address after: 100085, room 0116, building 26, information road, Haidian District, Beijing Applicant after: Bangnuo Memory Science and Technology Co., Ltd., Beijing Address before: 100841, No. 19 West Third Ring Road, Beijing, 107-2-8 Applicant before: Zhu Wailong Co-applicant before: Zhang Jinkui Co-applicant before: Xiong Hui Co-applicant before: Yan Jie |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: BANGNUO MEMORY SCIENCE AND TECHNOLOGY CO., LTD., B Effective date: 20120806 Owner name: HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: BANGNUO MEMORY SCIENCE AND TECHNOLOGY CO., LTD., BEIJING Effective date: 20120806 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100085 HAIDIAN, BEIJING TO: 310051 HANGZHOU, ZHEJIANG PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20120806 Address after: 310051, 700, east stream Road, Hangzhou, Zhejiang, Binjiang District Co-patentee after: Bangnuo Memory Science and Technology Co., Ltd., Beijing Patentee after: Hangzhou Hikvision Digital Technology Co., Ltd. Address before: 100085, room 0116, building 26, information road, Haidian District, Beijing Patentee before: Bangnuo Memory Science and Technology Co., Ltd., Beijing |