Approaches to protecting customer data in a multi-tenant environment

Abstract

The invention discloses a method for protecting customer data in a multi-tenant environment. The mode of cloud encrypted storage and terminal decrypted calculation is adopted. Data are stored in a server but stored in an encrypted mode. A secret key is saved by a user. Data are processed at a user terminal. Encryption and decryption are not carried out on the server either so as to prevent penetration attack. The method for protecting customer data in the multi-tenant environment has the advantages of improving safety of customer data in the multi-tenant environment, and also being capable of simultaneously meeting the requirement for secrecy of partial data and publicity of other data.

Description

technical field [0001] The invention relates to a method for protecting customer data in a multi-tenant environment. Background technique [0002] The cloud computing model that has emerged in recent years has become a hot spot in the industry and academia. For storage resources, cloud computing centralizes management of resources, and one or more customers can share storage system hardware and software. This way of sharing hardware and software can provide storage services at a price much lower than that of users purchasing software and hardware independently. Multi-tenancy means that multiple tenants share an instance, and the data of the tenants is both isolated and shared, so as to solve the problem of data storage. From the perspective of architecture, the important difference between SaaS (Software as a Service, and software as a service) and traditional technology is the Multi-Tenant model. [0003] Traditional multi-tenant architectures (such as image 3 As shown)...

AI Technical Summary

Problems solved by technology

Its disadvantage is that it increases the number of database installations, which brings about an increase in maintenance costs and purchase costs.

Its disadvantages are: if there is a failure, data recovery is more difficult, because restoring the database will involve the data of other tenants; if cross-tenant statistics are required, there are certain difficulties

Its disadvantages are: the isolation level is the lowest, the security is the lowest, and it is necessary to increase the amount of security development during design and development; data backup and recovery are the most difficult, and it needs to be backed up and restored table by table

[0007] The solutions in the prior art mainly solve the problem of transmission security in terms of security. For DB data storage, proper isolation is used to ensure the integrity and privacy of data, but the entire system still has the following shortcomings: processing, the data is stored in plain text in the DB; 2) Multiple APPs run on the same server, and there is a possibility of malicious infiltration and data theft; 3) When the username / password is cracked, not only can you view the data in the DB, You can also modify the data in the DB

[0008] In the traditional multi-tenant mode, user data is stored in the data center DB. In order to facilitate APP processing, the stored data is not encrypted. At the same time, multiple APPs run on the same server, and there is a possibility of malicious infiltration and data theft; When the username / password is cracked, the data in the DB will not only be used without authorization, but may also be modified without authorization

Images