Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and system for providing cryptographic services in a virtualized environment

A password service and password technology, which is applied in the field of computer security, can solve the problems of increasing costs and difficulty in knowing the detailed information of the caller, and achieves the effect of high reliability

Active Publication Date: 2017-11-24
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But additional hardware drives up the cost
Although the hardware cryptographic device can protect key data well, the hardware cryptographic device can only passively receive requests, calculate, and return results, and it is difficult to know the detailed information of the caller

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for providing cryptographic services in a virtualized environment
  • A method and system for providing cryptographic services in a virtualized environment
  • A method and system for providing cryptographic services in a virtualized environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] In order to make the above objects, features and advantages of the present invention more obvious and understandable, the present invention will be further described below through specific embodiments and accompanying drawings.

[0038] This embodiment is an example of a virtual key device that uses software to implement cryptographic calculations.

[0039] figure 1 It is a schematic diagram of providing cryptographic services in a virtualized environment using the method of the present invention. Design a virtual cryptographic device virtio-ct. The main goal of virtio-ct is that all keys and sensitive intermediate states in the calculation process cannot be accessed by guest virtual machines. The key is stored in the disk of the host machine in the form of a file. When distributing the key entity to the guest virtual machine, you need to specify the path of the key file. During calculation, according to the message sent by the client virtual machine, the cryptographi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method and system for providing cryptographic services in a virtualized environment. Manage cryptographic computing resources available on the host machine through the virtual cryptographic device manager, and provide virtual cryptographic computing devices for client virtual machines to access; client virtual machines request cryptographic services to the virtual cryptographic computing devices, and the virtual cryptographic device manager uses them The virtual machine introspection method actively checks whether the password service request made by the client virtual machine is valid. If the check is passed, the cryptographic operation will be completed in the virtual password device manager and the operation result will be returned to the client virtual machine; if the check fails, it will not be completed. Cryptographic operation service. The present invention provides a scheme for providing cryptographic operation services for client virtual machines in a virtualized environment, and can allocate virtual cryptographic devices of each client virtual machine on demand on the virtual cryptographic device manager, and at the same time assign virtual cryptographic services to client virtual machines. Access to cryptographic devices is audited and proactively checked.

Description

technical field [0001] The invention belongs to the technical field of computer security, and in particular relates to a method and system for providing cryptographic services in a virtualized environment. Background technique [0002] In computer and communication systems, data confidentiality is usually achieved by encrypting data, that is, using public cryptographic algorithms and keys known only to authorized access objects to transform and calculate data, and its effectiveness depends on the secrecy of keys sex. In the application of public key cryptography, the sender uses the public key of the designated recipient to encrypt emails or other data, which can ensure that only users who have the corresponding private key can decrypt it. Moreover, users who have a private key can also use the private key to digitally sign data, and any recipient can use the public key to verify the correctness of the digital signature, ensuring the identity of the document sender and the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F9/455G06F21/31
Inventor 林璟锵荆继武管乐汪婧李冰雨王跃武潘无穷
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI