Group key server based key management method in sharing encryption file system

An encrypted file system and key management technology, applied in transmission systems, digital transmission systems, electrical components, etc., can solve problems such as threats to system security, lack of key operations, etc.

Inactive Publication Date: 2011-01-26
TSINGHUA UNIV
View PDF0 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the traditional key management method, there is still a lack of control over key operations, making this a hidden danger that threatens system security

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Group key server based key management method in sharing encryption file system
  • Group key server based key management method in sharing encryption file system
  • Group key server based key management method in sharing encryption file system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051] The shared encrypted file system based on group key server is mainly composed of front-end host, group key server, metadata server and data server. Its hardware structure is shown in Fig. 1.

[0052] The file system client running on the front-end host provides various file services to users. The group key server is responsible for performing all key management operations in the system, and implements strict user identity authentication and file access control to ensure the legitimacy of key operations. The metadata server maintains the metadata of all files in the system, including file keys, and provides various metadata services for the front-end host. The encrypted file data is stored on the data server. The various components of the system are connected using Ethernet and communicate via TCP / IP.

[0053] The software structure of the shared encrypted file system based on the group key server is shown in Figure 2. The file system client on the front-end host pro...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a key server-based key management method in an encrypting file system and belongs to the filed of storage safety. The invention is characterized in that a group key server processes each key management request in the system and performs strict check for user identification and access authority; a user terminal sends a key operation request to the group key server; the organized key information, based on extended access control list, comprises a file key, a user ID and an access authority; the group key server protects the confidentiality and integrity thereof by using the privacy key itself; the user terminal realizes the key cache function and reduces the frequency of communication with the group key server; the system can cancel the key by using the delay encryption technique, postpone the time of file re-encryption until the file content is updated, and minimize the influence of key cancel operation on the system performance.

Description

technical field [0001] The key management method in the shared encryption file system based on the group key server belongs to the field of storage security, and particularly relates to the technical field of key management therein. Background technique [0002] The shared encrypted file system is a method to realize network storage security at the file system layer. It provides end-to-end security, that is, file data is encrypted and stored on the file server, and all operations involving file encryption and decryption in the system are completed on the client side. . The ciphertext data is stored on the file server, which can prevent information leakage caused by system intrusion or unauthorized operation by administrators. At the same time, the server does not participate in computationally heavy encryption and decryption operations, and its workload will not be affected. The main problem faced by shared encrypted file systems is key management, including key creation, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/32H04L29/06H04L12/56
Inventor 舒继武薛巍刘志材肖达
Owner TSINGHUA UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap