摘要
针对系统业务数据安全存储问题,采用加解密引擎服务对应用端发送数据进行加密,根据用户ID来识别不同用户的传输命令,利用用户私有的KEY进行加密存储。该方案在云计算平台下具有保护用户数据存储安全、隔离数据的功能。当应用端用户查询已加密数据时,加解密引擎服务端根据用户ID读取缓存区用户密钥,解密数据返回给应用端明文数据。当加解密系统和第三方应用进行集成时,加解密引擎将载入用户定义的加密算法、加密矢量等信息,按照用户自身的密钥加密敏感数据,可保证用户敏感数据存储安全并隔离不同用户的业务数据。以某市人口库系统集成为例,验证了方案的可行性。
In order to implement the secure storage of the system transaction data, the encryption and decryption engine is used to encrypt the data that transmitted from the application terminal. The transfer commands of different users can be identified by the user ID, and the user' s private key can be used to achieve encrypted storage. The scheme can protect the storage security of user data and isolate data in cloud computing platform. When the users from application terminal query the encrypted data, the encryption and decryption engine server -side will read the user' s private key from the buffer according to the user 1D,then the server-side will decrypt the data and return clear text to application terminal. When the encryption and decryption system is integrated with a third-party application ,the user-defined en- cryption algorithm and encryption vector information will be loaded in the encryption and decryption engine, then the sensitive data will be encrypted according to the user' s own private key, which can guarantee the secure storage of sensitive data and achieve isolation for business data of different users. Finally, the integration with the population database system of a city is used as an example to verify the feasibility of the scheme.
出处
《计算机技术与发展》
2014年第1期143-146,共4页
Computer Technology and Development
基金
陕西省自然科学基金资助项目(2012JM7017)
关键词
安全存储
加密存储
密钥
云计算
secure storage
encrypted storage
encrypted key
cloud computing
