[go: up one dir, main page]

CN103699855A - Data processing method and data processing device - Google Patents

Data processing method and data processing device Download PDF

Info

Publication number
CN103699855A
CN103699855A CN201310654603.9A CN201310654603A CN103699855A CN 103699855 A CN103699855 A CN 103699855A CN 201310654603 A CN201310654603 A CN 201310654603A CN 103699855 A CN103699855 A CN 103699855A
Authority
CN
China
Prior art keywords
metadata
storage unit
unit
logic storage
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201310654603.9A
Other languages
Chinese (zh)
Other versions
CN103699855B (en
Inventor
曾煜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201310654603.9A priority Critical patent/CN103699855B/en
Publication of CN103699855A publication Critical patent/CN103699855A/en
Application granted granted Critical
Publication of CN103699855B publication Critical patent/CN103699855B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a data processing method and a data processing device. The method comprises the steps of confirming at least one target logic storage unit from a plurality of logic storage units in a storage array; reading metadata stored in the target logic storage unit; encrypting the metadata; storing the encrypted metadata into the target logic storage unit. Before the storage array is moved, the metadata in the logic storage units in the storage array can be encrypted by the data processing method, so that the data leakage in the moving process of the storage array can be reduced, and the safety of the data can be improved.

Description

一种数据处理方法和装置A data processing method and device

技术领域technical field

本发明涉及数据处理技术领域,更具体的说是涉及一种数据处理方法和装置。The present invention relates to the technical field of data processing, and more specifically relates to a data processing method and device.

背景技术Background technique

存储阵列也称为磁盘阵列,它是把多个磁盘组成在一起,当作单一磁盘使用,它将数据以分段的方式存储在不同的磁盘中,在存取数据时,该磁盘阵列中的相关磁盘会一起动作,从而大幅度减少了数据存取时间。A storage array is also called a disk array. It combines multiple disks together and uses them as a single disk. It stores data in different disks in a segmented manner. When accessing data, the disk array Related disks will act together, thus greatly reducing data access time.

在实际应用中,经常需要移动存储阵列的位置,例如,由于机房老化或扩建,而将该机房内设置有存储阵列的物理设备移动到其他地方,然而在移动存储阵列的过程中,如果未授权的用户恶意拷贝磁盘中的数据,则会导致磁盘中的数据被泄露,影响数据的安全性。In practical applications, it is often necessary to move the location of the storage array. For example, due to the aging or expansion of the computer room, the physical equipment with the storage array in the computer room is moved to other places. However, during the process of moving the storage array, if unauthorized If the user maliciously copies the data in the disk, the data in the disk will be leaked, affecting the security of the data.

发明内容Contents of the invention

有鉴于此,本发明提供了一种数据处理方法和装置,以减少存储阵列搬移过程中,磁盘中数据泄露的情况,提高数据的安全性。In view of this, the present invention provides a data processing method and device, so as to reduce the data leakage in the disk during the moving process of the storage array and improve the security of the data.

为实现以上目的,本发明的第一方面提供了一种数据处理方法,包括:To achieve the above object, a first aspect of the present invention provides a data processing method, including:

从存储阵列的多个逻辑存储单元中确定出至少一个目标逻辑存储单元;determining at least one target logical storage unit from a plurality of logical storage units of the storage array;

读取所述目标逻辑存储单元中存储的元数据;reading metadata stored in the target logical storage unit;

对所述元数据进行加密,得到加密的元数据;Encrypting the metadata to obtain encrypted metadata;

将所述目标逻辑存储单元中存储的所述元数据更新为所述加密的元数据。updating the metadata stored in the target logical storage unit to the encrypted metadata.

结合第一方面,在第一种可能的实现方式中,所述从存储阵列的多个逻辑存储单元中确定出至少一个目标逻辑存储单元,包括:With reference to the first aspect, in a first possible implementation manner, the determining at least one target logical storage unit from the multiple logical storage units of the storage array includes:

接收指定节点发送的待加密的逻辑存储单元的信息,将所述待加密的逻辑存储单元确定为所述目标逻辑存储单元。The information of the logical storage unit to be encrypted sent by the designated node is received, and the logical storage unit to be encrypted is determined as the target logical storage unit.

或者,将所述存储阵列的所有逻辑存储单元均确定为所述目标逻辑存储单元。Alternatively, all logical storage units of the storage array are determined as the target logical storage units.

结合第一方面或者第一方面的第一种可能的实现方式,在第二种可能的实现方式中,所述从存储阵列的多个逻辑存储单元中确定出至少一个目标逻辑存储单元之后,还包括:With reference to the first aspect or the first possible implementation manner of the first aspect, in a second possible implementation manner, after determining at least one target logical storage unit from the plurality of logical storage units in the storage array, further include:

查询所述目标逻辑存储单元中是否存储有所述元数据之外的数据;Querying whether data other than the metadata is stored in the target logical storage unit;

所述读取所述目标逻辑存储单元中存储的元数据,包括:The reading the metadata stored in the target logical storage unit includes:

当所述目标逻辑存储单元中存储有所述元数据之外的数据时,读取所述目标逻辑存储单元中存储的所述元数据。When data other than the metadata is stored in the target logical storage unit, the metadata stored in the target logical storage unit is read.

结合第一方面,在第三种可能的实现方式中,所述从存储阵列的多个逻辑存储单元中确定出至少一个目标逻辑存储单元,包括:With reference to the first aspect, in a third possible implementation manner, the determining at least one target logical storage unit from the plurality of logical storage units of the storage array includes:

从所述存储阵列的多个逻辑存储单元中,确定出存储有元数据之外的数据的目标逻辑存储单元。From the plurality of logical storage units of the storage array, a target logical storage unit storing data other than metadata is determined.

结合第一方面,在第四种可能的实现方式中,所述将所述目标逻辑存储单元中存储的元数据更新为所述加密的元数据之后,还包括:With reference to the first aspect, in a fourth possible implementation manner, after updating the metadata stored in the target logical storage unit to the encrypted metadata, the method further includes:

为所述目标逻辑存储单元生成标识信息,所述标识信息用于表明所述目标逻辑单元中的所述元数据被加密。Generating identification information for the target logical storage unit, where the identification information is used to indicate that the metadata in the target logical unit is encrypted.

本发明的第二方面还提供了一种数据处理装置,包括:A second aspect of the present invention also provides a data processing device, including:

目标确定单元,用于从存储阵列的多个逻辑存储单元中确定出至少一个目标逻辑存储单元;a target determining unit, configured to determine at least one target logical storage unit from a plurality of logical storage units in the storage array;

数据读取单元,用于读取所述目标确定单元确定出的所述目标逻辑存储单元中存储的元数据;a data reading unit, configured to read the metadata stored in the target logical storage unit determined by the target determining unit;

加密单元,用于对所述数据读取单元读取的所述元数据进行加密,得到加密的元数据;An encryption unit, configured to encrypt the metadata read by the data reading unit to obtain encrypted metadata;

数据更新单元,用于将所述目标逻辑存储单元中存储的所述元数据更新为所述加密单元得到的所述加密的元数据。A data update unit, configured to update the metadata stored in the target logical storage unit with the encrypted metadata obtained by the encryption unit.

结合第二方面,在第一种可能的实现方式中,所述目标确定单元,包括:With reference to the second aspect, in a first possible implementation manner, the target determination unit includes:

第一目标确定单元,用于接收指定节点发送的待加密的逻辑存储单元的信息,将所述待加密的逻辑存储单元确定为所述目标逻辑存储单元。The first target determining unit is configured to receive the information of the logical storage unit to be encrypted sent by the designated node, and determine the logical storage unit to be encrypted as the target logical storage unit.

或者,第二目标确定单元,用于将所述存储阵列的所有逻辑存储单元均确定为所述目标逻辑存储单元。Alternatively, the second target determining unit is configured to determine all logical storage units of the storage array as the target logical storage units.

结合第二方面或者第二方面的第一种可能的实现方式,在第二种可能的实现方式中,所述装置还包括:With reference to the second aspect or the first possible implementation manner of the second aspect, in a second possible implementation manner, the device further includes:

查询单元,用于查询所述目标确定单元确定出的所述目标逻辑存储单元中是否存储有所述元数据之外的数据;a query unit, configured to query whether data other than the metadata is stored in the target logical storage unit determined by the target determination unit;

所述数据读取单元,包括:The data reading unit includes:

第一数据读取单元,用于当所述查询单元确定出所述目标逻辑存储单元中存储有所述元数据之外的数据时,读取所述目标逻辑存储单元中存储的所述元数据。A first data reading unit, configured to read the metadata stored in the target logical storage unit when the query unit determines that data other than the metadata is stored in the target logical storage unit .

结合第二方面,在第三种可能的实现方式中,所述目标确定单元,包括:With reference to the second aspect, in a third possible implementation manner, the target determining unit includes:

第三目标确定单元,用于从所述存储阵列的多个逻辑存储单元中,确定出存储有元数据之外的数据的目标逻辑存储单元。The third target determining unit is configured to determine a target logical storage unit storing data other than metadata from among the plurality of logical storage units of the storage array.

结合第二方面,在第四种可能的实现方式中,所述装置还包括:With reference to the second aspect, in a fourth possible implementation manner, the device further includes:

标识单元,用于在所述数据更新单元将所述目标逻辑存储单元中的所述元数据更新为加密的元数据后,为所述目标逻辑存储单元生成标识信息,所述标识信息用于表明所述目标逻辑单元中的所述元数据被加密。an identification unit, configured to generate identification information for the target logical storage unit after the data update unit updates the metadata in the target logical storage unit to encrypted metadata, and the identification information is used to indicate The metadata in the target logical unit is encrypted.

经由上述的技术方案可知,本发明的存储阵列中的目标逻辑单元内的元数据是经过加密后的元数据,这样,在存储阵列的搬移过程中,未经授权的用户由于不能对该元数据进行解密,也就无法获取到该目标逻辑存储单元中的元数据信息,从而无法根据元数据访问该磁盘中存储的数据,进而避免了未经授权的用户恶意窃取该存储阵列中的数据,提高了数据的安全性。It can be known from the above-mentioned technical solution that the metadata in the target logic unit in the storage array of the present invention is encrypted metadata, so that during the moving process of the storage array, unauthorized users cannot access the metadata due to After decryption, the metadata information in the target logical storage unit cannot be obtained, so that the data stored in the disk cannot be accessed according to the metadata, thereby preventing unauthorized users from maliciously stealing the data in the storage array and improving data security.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present invention, and those skilled in the art can also obtain other drawings according to the provided drawings on the premise of not paying creative efforts.

图1示出了本发明一种数据处理方法一个实施例的流程示意图;Fig. 1 shows a schematic flow chart of an embodiment of a data processing method of the present invention;

图2示出了本发明一种数据处理方法另一个实施例的流程示意图Fig. 2 shows a schematic flow chart of another embodiment of a data processing method of the present invention

图3示出了本发明一种数据处理方法另一个实施例的结构示意图;FIG. 3 shows a schematic structural diagram of another embodiment of a data processing method of the present invention;

图4示出了本发明一种数据处理方法一个实施例的结构示意图;FIG. 4 shows a schematic structural diagram of an embodiment of a data processing method of the present invention;

图5示出了本发明一种数据处理方法另一个实施例的结构示意图;Fig. 5 shows a schematic structural diagram of another embodiment of a data processing method of the present invention;

图6示出了本发明一种存储阵列的结构示意图。FIG. 6 shows a schematic structural diagram of a storage array of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

本发明提供了一种数据处理方法,通过该方法可以有效减少在存储阵列被搬移过程中的数据泄露的情况,提高数据的安全性。The invention provides a data processing method, which can effectively reduce the data leakage during the moving process of the storage array and improve the security of the data.

参见图1,示出了本发明一种数据处理方法一个实施例的流程示意图,本实施例的方法可以应用于具有存储阵列的存储网络,如存储区域网络(SAN,Storage Area Network)、直连式存储网络(DAS,Direct-Attached Storage)等,本实施例的方法可以包括:Referring to FIG. 1 , it shows a schematic flow chart of an embodiment of a data processing method of the present invention. The method of this embodiment can be applied to a storage network with a storage array, such as a storage area network (SAN, Storage Area Network), direct connection storage network (DAS, Direct-Attached Storage), etc., the method of this embodiment may include:

S101,从存储阵列的多个逻辑存储单元中确定出至少一个目标逻辑存储单元。S101. Determine at least one target logical storage unit from multiple logical storage units in a storage array.

存储阵列的存储空间为该存储阵列中各个磁盘的存储空间的总和。在实际应用中,一般将存储阵列的所有磁盘的总存储空间看作是一个虚拟的逻辑磁盘空间,将该逻辑磁盘空间进行划分可以得到多个逻辑存储单元。每个逻辑存储单元的存储空间一般会跨越多个磁盘The storage space of a storage array is the sum of the storage space of each disk in the storage array. In practical applications, the total storage space of all disks in the storage array is generally regarded as a virtual logical disk space, and multiple logical storage units can be obtained by dividing the logical disk space. The storage space of each logical storage unit generally spans multiple disks

逻辑存储单元是该存储阵列中进行数据存储的一个基本单元,每个逻辑存储单元均对应有一个逻辑单元号(LUN,Logical Unit Number)。The logical storage unit is a basic unit for data storage in the storage array, and each logical storage unit corresponds to a logical unit number (LUN, Logical Unit Number).

其中,该目标逻辑存储单元是需要进行数据保护的逻辑存储单元,也就是待进行加密处理的逻辑存储单元。Wherein, the target logical storage unit is a logical storage unit requiring data protection, that is, a logical storage unit to be encrypted.

S102,读取该目标逻辑存储单元中存储的元数据。S102. Read metadata stored in the target logical storage unit.

其中,元数据是指关于数据的数据,是对数据定义和描述,是一种特殊的数据。Among them, metadata refers to data about data, which defines and describes data, and is a special kind of data.

在该逻辑存储单元中存储的数据包括:元数据,以及不属于元数据的数据,其中,该逻辑存储单元中存储的不属于元数据的数据即为俗称的用户数据。一般向逻辑存储单元中存储了用户数据后,在该逻辑存储单元中会相应生成用于描述用户数据的元数据。其中,描述该用户数据的元数据可以是用户数据的名称、存储时间等。相对于逻辑存储单元中存储的用户数据而言,该元数据的数据量很小。The data stored in the logical storage unit includes: metadata and data not belonging to the metadata, wherein the data stored in the logical storage unit not belonging to the metadata is commonly known as user data. Generally, after the user data is stored in the logical storage unit, metadata for describing the user data will be correspondingly generated in the logical storage unit. Wherein, the metadata describing the user data may be the name, storage time, etc. of the user data. Compared with the user data stored in the logical storage unit, the amount of metadata is small.

当用户通过其他设备访问该存储阵列中的某个逻辑存储单元时,必须查找该逻辑存储单元的元数据,然后才能根据元数据查询到相应的用户数据,如果元数据不准确,则影响到对该逻辑存储单元中的用户数据的读取。如,使得读取到的用户数据不正确。When a user accesses a logical storage unit in the storage array through other devices, the metadata of the logical storage unit must be searched, and then the corresponding user data can be queried based on the metadata. If the metadata is inaccurate, it will affect the Read of user data in the logical storage unit. For example, making the read user data incorrect.

在本实施例中,对于任意一个目标逻辑存储单元,该存储阵列的控制器均会读取该目标逻辑存储单元的元数据。In this embodiment, for any target logical storage unit, the controller of the storage array will read the metadata of the target logical storage unit.

S103,对该元数据进行加密,得到加密的元数据。S103. Encrypt the metadata to obtain encrypted metadata.

存储阵列的控制器从一个该目标逻辑单元中读取出元数据后,会对读取出的元数据进行加密,从而得到加密后的元数据。After the controller of the storage array reads the metadata from the target logic unit, it encrypts the read metadata, so as to obtain the encrypted metadata.

由于用户通过其他设备访问该存储阵列的目标逻辑单元时,必须先获取到该目标逻辑存储单元中的元数据后,才能够根据该元数据访问该目标逻辑存储单元中的用户数据,因此,在该目标逻辑存储单元的元数据被加密的情况下,他人通过其他设备则无法正确读取到该目标逻辑存储单元中存储的用户数据。When the user accesses the target logical unit of the storage array through other devices, the metadata in the target logical storage unit must be obtained first, and then the user data in the target logical storage unit can be accessed according to the metadata. Therefore, in When the metadata of the target logical storage unit is encrypted, others cannot correctly read the user data stored in the target logical storage unit through other devices.

对元数据加密可以是根据设定的密钥,并结合预设的加密算法进行加密,其中,加密过程可以与现有的数据加密过程相同,如,可以基于高级加密标准(AES,Advanced Encryption Standard),也可以基于其他加密算法进行加密,在此不加以限制。Encrypting metadata can be based on a set key and combined with a preset encryption algorithm. The encryption process can be the same as the existing data encryption process. For example, it can be based on the Advanced Encryption Standard (AES, Advanced Encryption Standard ), and can also be encrypted based on other encryption algorithms, which are not limited here.

S104,将该目标逻辑存储单元中存储的元数据更新为该加密的元数据。S104. Update the metadata stored in the target logical storage unit to the encrypted metadata.

存储阵列的控制器完成对读取出的元数据加密后,将加密后的元数据存储至该目标逻辑存储单元,以将该目标逻辑存储单元中存储的元数据更新为加密后的元数据。After encrypting the read metadata, the controller of the storage array stores the encrypted metadata in the target logical storage unit, so as to update the metadata stored in the target logical storage unit to the encrypted metadata.

本实施例中,该存储阵列中的目标逻辑单元中的元数据是经过加密后的元数据,如果用户无法对该加密的元数据进行解密,也就无法获取到该目标逻辑存储单元中的元数据信息,从而无法根据元数据访问该目标逻辑存储单元中存储的数据。这样,在搬迁存储阵列之前,通过本发明的方法对该存储阵列的目标逻辑存储单元中的元数据进行加密,则在搬迁该存储阵列的过程中,未经授权的用户由于不能对该元数据进行解密,也就无法根据元数据访问目标逻辑存储单元中的数据,从而保证了磁盘中存储的数据不被其他用户恶意窃取,提高了数据的安全性。In this embodiment, the metadata in the target logical unit in the storage array is encrypted metadata. If the user cannot decrypt the encrypted metadata, the metadata in the target logical storage unit cannot be obtained. Data information, so that the data stored in the target logical storage unit cannot be accessed according to the metadata. In this way, before the storage array is relocated, if the metadata in the target logical storage unit of the storage array is encrypted by the method of the present invention, then in the process of relocating the storage array, unauthorized users cannot After decryption, the data in the target logical storage unit cannot be accessed according to the metadata, thereby ensuring that the data stored in the disk is not maliciously stolen by other users and improving data security.

另外,由于目标逻辑存储单元中的元数据的数据量远小于用户数据的数据量,与将目标逻辑存储单元中的所有数据均进行加密相比,仅仅读取该目标逻辑单元中元数据并对元数据进行加密,在提高数据安全性的同时,还可以降低数据处理量,减少数据处理耗时短,进而降低资源消耗。In addition, since the amount of metadata in the target logical storage unit is much smaller than that of user data, compared with encrypting all data in the target logical storage unit, only reading the metadata in the target logical unit and encrypting Metadata encryption can not only improve data security, but also reduce the amount of data processing, reduce the time-consuming data processing, and reduce resource consumption.

在本发明实施例中,触发存储阵列确定目标逻辑存储单元的条件可以是检测到一个加密指令,也可以是到达预设的加密时刻。其中,该存储阵列检测到加密指令可以是该存储阵列接收到指定节点发送的加密指令。其中,该指定节点可以为通过物理线路或者是网络与该存储阵列相连,并控制该存储阵列的计算机或者其他控制设备。In the embodiment of the present invention, the condition for triggering the storage array to determine the target logical storage unit may be the detection of an encryption instruction, or the arrival of a preset encryption time. Wherein, the storage array detects an encryption instruction may be that the storage array receives an encryption instruction sent by a specified node. Wherein, the specified node may be a computer or other control device that is connected to the storage array through a physical line or a network and controls the storage array.

其中,该存储阵列确定的目标逻辑存储单元的方式可以有多种。There may be multiple ways of determining the target logical storage unit by the storage array.

可选的,一种确定目标逻辑存储单元的方式可以是:该存储阵列将该存储阵列中所有的逻辑存储单元均作为待进行加密处理的目标逻辑存储单元。Optionally, a manner of determining a target logical storage unit may be: the storage array uses all logical storage units in the storage array as target logical storage units to be encrypted.

另一种确定目标逻辑存储单元的方式可以是,该存储阵列接收用户通过指定节点发送的待进行加密的逻辑存储单元的信息,并将与该信息对应的逻辑存储单元确定为目标逻辑存储单元。如,在加密之前,用户可以通过指定节点访问该存储阵列,进而选取出该用户认为需要加密的逻辑存储单元,通过该指定节点将选择出的逻辑存储单元的逻辑单元号发送给该存储阵列,存储阵列将该逻辑单元号对应的逻辑存储单元确定为目标逻辑存储单元。Another manner of determining the target logical storage unit may be that the storage array receives the information of the logical storage unit to be encrypted sent by the user through the designated node, and determines the logical storage unit corresponding to the information as the target logical storage unit. For example, before encryption, the user can access the storage array through a designated node, and then select the logical storage unit that the user thinks needs to be encrypted, and send the logical unit number of the selected logical storage unit to the storage array through the designated node, The storage array determines the logical storage unit corresponding to the logical unit number as the target logical storage unit.

可以理解的是,在存储阵列的逻辑存储单元中未存储有用户数据的情况下,该逻辑存储单元也会有元数据,当向该逻辑存储单元中存入了用户数据会后,在该逻辑存储单元中还会生成该用户数据相关的元数据。因此,在逻辑存储单元中未存储有用户数据的情况下,对该逻辑存储单元中的元数据进行加密则没有任意意义,还会浪费数据处理时间,消耗资源。It can be understood that, when there is no user data stored in the logical storage unit of the storage array, the logical storage unit will also have metadata. After the user data is stored in the logical storage unit, the logical Metadata related to the user data is also generated in the storage unit. Therefore, if no user data is stored in the logical storage unit, it is meaningless to encrypt the metadata in the logical storage unit, and it will waste data processing time and consume resources.

为了减少资源消耗,参见图2,示出了本发明一种数据处理方法另一个实施例的流程示意图,本实施例的方法可以包括:In order to reduce resource consumption, refer to FIG. 2 , which shows a schematic flow chart of another embodiment of a data processing method of the present invention. The method of this embodiment may include:

S201,从存储阵列的多个逻辑存储单元中确定出至少一个目标逻辑存储单元。S201. Determine at least one target logical storage unit from multiple logical storage units in a storage array.

其中,本实施例中对确定目标逻辑存储单元的方式不限定。Wherein, the manner of determining the target logical storage unit is not limited in this embodiment.

可选的,确定该目标逻辑存储单元的方式可以为前面介绍的两种情况。Optionally, the manner of determining the target logical storage unit may be the two situations described above.

S202,查询该目标逻辑存储单元中是否存储有元数据之外的数据。S202. Query whether data other than metadata is stored in the target logical storage unit.

其中,该逻辑存储单元中存储数据中,除了元数据之外的数据,即判断该逻辑存储单元中是否有用户数据。Among the data stored in the logical storage unit, data other than metadata is determined whether there is user data in the logical storage unit.

查询该目标逻辑存储单元中是否存储有元数据之外的数据可以采用现有的任意查询方式,在此不加以限制。Any existing query method may be used to query whether data other than metadata is stored in the target logical storage unit, and no limitation is imposed here.

S203,当目标逻辑存储单元中存储有该元数据之外的数据时,读取该目标逻辑存储单元中存储的元数据。S203. When data other than the metadata is stored in the target logical storage unit, read the metadata stored in the target logical storage unit.

S204,将该目标逻辑存储单元中存储的元数据更新为加密的元数据。S204. Update the metadata stored in the target logical storage unit to encrypted metadata.

当该目标逻辑存储单元中仅有元数据而没有存储用户数据的情况下,不存在用户数据泄露或者被窃取的风险,则无需读取该目标逻辑存储单元中的元数据并进行加密操作。When there is only metadata in the target logical storage unit and no user data is stored, there is no risk of user data being leaked or stolen, and there is no need to read the metadata in the target logical storage unit and perform an encryption operation.

可见,由于目标逻辑存储单元中未存储用户数据的情况下,不存在数据泄露的风险,因此,在查询出目标逻辑存储单元中存储有用户数据时,才会读取该目标逻辑存储单元中的元数据,并对元数据进行加密,可以避免读取无用的元数据,减少了数据读取量以及处理量,从而减少了数据处理耗时。It can be seen that since no user data is stored in the target logical storage unit, there is no risk of data leakage. Therefore, only when user data is stored in the target logical storage unit is queried, the data in the target logical storage unit is read. Metadata, and encrypting metadata can avoid reading useless metadata, reduce the amount of data reading and processing, and thus reduce the time-consuming data processing.

可以理解的是,在保证数据安全性的前提下,为了减少数据处理量,在存储阵列在确定目标逻辑存储单元时,可以是将该存储阵列中存储有元数据之外的数据的逻辑存储单元确定为目标逻辑存储单元。如,在确定目标逻辑存储单元时,存储阵列的控制器可以依次查询各个逻辑存储单元中除了存储有元数据之外,是否还存储有用户数据,并存储有用户数据的逻辑存储单元确定为存储单元。例如,该存储阵列中有10个逻辑存储单元,但是其中只有6个逻辑存储单元中存储有数据,则该存储阵列查询到这6个逻辑存储单元存储有数据后,则将这6个逻辑存储单元确定为待进行加密的目标逻辑存储单元。It can be understood that, on the premise of ensuring data security, in order to reduce the amount of data processing, when the storage array determines the target logical storage unit, it may be a logical storage unit that stores data other than metadata in the storage array Determined as the target logical storage unit. For example, when determining the target logical storage unit, the controller of the storage array may sequentially query whether user data is stored in each logical storage unit in addition to metadata, and determine the logical storage unit storing user data as the storage unit. For example, there are 10 logical storage units in the storage array, but only 6 of them store data in the logical storage units. After the storage array finds that the 6 logical storage units store data, the 6 logical storage units are stored The unit is determined as a target logical storage unit to be encrypted.

通过该种方式确定出的目标逻辑存储单元均存储有用户数据,也许再进行查询操作,也不存在读取无意义的元数据的情况,也就是说不存在浪费数据读取量和处理量的情况。The target logical storage units determined in this way all store user data, and there is no need to read meaningless metadata when performing query operations, that is to say, there is no waste of data reading and processing Condition.

当然,在实际应用中,用户通过指定节点访问该存储阵列后,该用户可以看到哪些逻辑存储单元是存储有数据的,因此,用户可以从存储有用户数据的逻辑存储单元中选择需要进行加密的目标逻辑存储单元,这样,存储阵列将用户选择的逻辑单元确定为目标逻辑存储单元后,也无需再查询该目标逻辑存储单元中是否存储有元数据之外的数据。Of course, in practical applications, after a user accesses the storage array through a designated node, the user can see which logical storage units store data, so the user can select from the logical storage units that store user data to be encrypted In this way, after the storage array determines the logical unit selected by the user as the target logical storage unit, there is no need to query whether data other than metadata is stored in the target logical storage unit.

参见图3,示出了本发明一种数据处理方法另一个实施例的流程示意图,本实施例的方法可以包括:Referring to Fig. 3, it shows a schematic flow chart of another embodiment of a data processing method of the present invention, the method of this embodiment may include:

S301,从存储阵列的多个逻辑存储单元中确定出至少一个目标逻辑存储单元。S301. Determine at least one target logical storage unit from multiple logical storage units in a storage array.

S302,读取该目标逻辑存储单元中存储的元数据S302, read metadata stored in the target logical storage unit

S303,对该元数据进行加密,得到加密的元数据。S303. Encrypt the metadata to obtain encrypted metadata.

S304,将该目标逻辑存储单元中存储的元数据更新为加密的元数据。S304. Update the metadata stored in the target logical storage unit to encrypted metadata.

其中,以上步骤301至步骤304可以参照前面任意实施例的相关描述,在此不在赘述。Wherein, for the above steps 301 to 304, reference may be made to relevant descriptions in any of the foregoing embodiments, and details are not repeated here.

可选的,该实施例中在该步骤302之前,还可以包括查询该目标逻辑存储单元中是否存储有元数据之外的数据,并当确定该目标逻辑存储单元存储有元数据之外的数据时,执行该步骤302。Optionally, before step 302 in this embodiment, it may also include querying whether data other than metadata is stored in the target logical storage unit, and when it is determined that the target logical storage unit stores data other than metadata , execute step 302.

S305,为该目标逻辑存储单元生成标识信息,该标识信息用于表明所述目标逻辑单元中的元数据被加密。S305. Generate identification information for the target logical storage unit, where the identification information is used to indicate that the metadata in the target logical unit is encrypted.

由于存储阵列中有多个逻辑存储单元,为了在后续解密时,能够比较快速准确的确定出存储有加密后的元数据的目标逻辑存储单元,将目标逻辑存储单元中的元数据更新为加密后的元数据之后,,还需要为该目标逻辑存储单元生成标识信息。这样,在需要对存储阵列进行解密时,便可以将具有标识信息的目标逻辑存储单元确定为需要进行解密的逻辑存储单元。Since there are multiple logical storage units in the storage array, in order to quickly and accurately determine the target logical storage unit storing encrypted metadata during subsequent decryption, the metadata in the target logical storage unit is updated to encrypted After the metadata of the target logical storage unit, identification information needs to be generated for the target logical storage unit. In this way, when the storage array needs to be decrypted, the target logical storage unit with identification information can be determined as the logical storage unit that needs to be decrypted.

其中,该标识信息可以存储在该目标逻辑存储单元的指定位置,在该元数据加密时,该指定位置的数据仍可以被读取。Wherein, the identification information can be stored in a specified location of the target logical storage unit, and when the metadata is encrypted, the data in the specified location can still be read.

其中,该步骤204和步骤205的顺序并不限于图2所示,也可以该步骤204和步骤205的顺序可以互换,即先执行步骤205然后再执行步骤204,也可以是同时执行该步骤204和步骤205。Wherein, the order of the step 204 and the step 205 is not limited to that shown in FIG. 2 , and the order of the step 204 and the step 205 can be interchanged, that is, the step 205 is executed first and then the step 204 is executed, or the step is executed simultaneously 204 and step 205.

通过以上任意方法对目标逻辑存储单元进行加密之后,便可以移动该存储阵列至指定位置。在该存储阵列被移动到指定位置后,该存储阵列的控制器可以对目标逻辑存储单元中的元数据进行解密。如,该存储阵列可以在检测到解密指令后,对该目标逻辑存储单元中的元数据进行解密。在对目标逻辑存储单元中的元数据进行解密时,可以根据与预设的密钥,并结合特定的解密算法进行解密。After the target logical storage unit is encrypted by any of the above methods, the storage array can be moved to a designated location. After the storage array is moved to the specified location, the controller of the storage array can decrypt the metadata in the target logical storage unit. For example, the storage array may decrypt the metadata in the target logical storage unit after detecting the decryption instruction. When decrypting the metadata in the target logical storage unit, it can be decrypted according to a preset key and in combination with a specific decryption algorithm.

其中,在需要进行元数据解密时,该存储阵列的控制器可以依次判断各个逻辑存储单元是否被加密,进而确定出存储有被加密的元数据的目标逻辑存储单元,并对该目标逻辑存储单元中的元数据进行解密。Wherein, when metadata decryption needs to be performed, the controller of the storage array can sequentially determine whether each logical storage unit is encrypted, and then determine the target logical storage unit storing the encrypted metadata, and the target logical storage unit The metadata in is decrypted.

特别的,在对元数据加密后,如果存储阵列为该目标逻辑存储单元生成了标识信息,则在需要解密时,可以根据该标识信息确定出元数据被加密的目标逻辑存储单元,进而对该目标逻辑存储单元中的元数据进行解密。In particular, after the metadata is encrypted, if the storage array generates identification information for the target logical storage unit, when decryption is required, the target logical storage unit whose metadata is encrypted can be determined according to the identification information, and then the The metadata in the target logical storage unit is decrypted.

对应本发明的一种数据处理方法,本发明还提供了一种数据处理装置,该数据处理装置可以应用于存储阵列中,参见图4,示出了本发明一种数据处理装置一个实施例的结构示意图,本实施例的装置可以包括:目标确定单元401、数据读取单元402、加密单元403和数据更新单元404。Corresponding to a data processing method of the present invention, the present invention also provides a data processing device, which can be applied to a storage array, see FIG. 4, which shows an embodiment of a data processing device of the present invention As a schematic structural diagram, the device of this embodiment may include: a target determining unit 401 , a data reading unit 402 , an encrypting unit 403 and a data updating unit 404 .

其中,目标确定单元401,用于从存储阵列的多个逻辑存储单元中确定出至少一个目标逻辑存储单元。Wherein, the target determining unit 401 is configured to determine at least one target logical storage unit from a plurality of logical storage units in the storage array.

数据读取单元402,用于读取所述目标确定单元确定出的所述目标逻辑存储单元中存储的元数据。The data reading unit 402 is configured to read the metadata stored in the target logical storage unit determined by the target determining unit.

加密单元403,用于对所述数据读取单元读取的所述元数据进行加密,得到加密的元数据。The encryption unit 403 is configured to encrypt the metadata read by the data reading unit to obtain encrypted metadata.

数据更新单元404,用于将所述目标逻辑存储单元中存储的所述元数据更新为所述加密单元得到的所述加密的元数据。A data update unit 404, configured to update the metadata stored in the target logical storage unit with the encrypted metadata obtained by the encryption unit.

本实施例中由加密单元对存储阵列中的目标逻辑单元内的元数据进行加密后,再由数据更新单元将该目标存储阵列中的元数据更新为该加密后的元数据。这样,在存储阵列的搬移过程中,未经授权的用户由于不能对该元数据进行解密,也就无法获取到该目标逻辑存储单元中的元数据信息,从而无法根据元数据访问该磁盘中存储的数据,从而避免了未经授权的用户恶意窃取该存储阵列中的数据,提高了数据的安全性。In this embodiment, after the encryption unit encrypts the metadata in the target logic unit in the storage array, the data updating unit updates the metadata in the target storage array to the encrypted metadata. In this way, during the moving process of the storage array, since unauthorized users cannot decrypt the metadata, they cannot obtain the metadata information in the target logical storage unit, and thus cannot access the storage in the disk according to the metadata. data, thereby preventing unauthorized users from maliciously stealing data in the storage array and improving data security.

可选的,所述目标确定单元,包括:Optionally, the target determination unit includes:

第一目标确定单元,用于接收指定节点发送的待加密的逻辑存储单元的信息,将所述待加密的逻辑存储单元确定为所述目标逻辑存储单元。The first target determining unit is configured to receive the information of the logical storage unit to be encrypted sent by the designated node, and determine the logical storage unit to be encrypted as the target logical storage unit.

或者,第二目标确定单元,用于将所述存储阵列的所有逻辑存储单元均确定为所述目标逻辑存储单元。Alternatively, the second target determining unit is configured to determine all logical storage units of the storage array as the target logical storage units.

参见图5,示出了本发明一种数据处理装置另一个实施例,本实施例的装置,与前面装置的实施例不同之处在于:Referring to Fig. 5, another embodiment of a data processing device of the present invention is shown. The device of this embodiment is different from the embodiment of the previous device in that:

在本实施例中,还包括:查询单元405,用于查询所述目标确定单元401确定出的所述目标逻辑存储单元中是否存储有所述元数据之外的数据;In this embodiment, it further includes: a query unit 405, configured to query whether data other than the metadata is stored in the target logical storage unit determined by the target determination unit 401;

相应的,所述数据读取单元402,包括:Correspondingly, the data reading unit 402 includes:

第一数据读取单元4021,用于当所述查询单元确定出所述目标逻辑存储单元中存储有所述元数据之外的数据时,读取所述目标逻辑存储单元中存储的所述元数据。The first data reading unit 4021 is configured to read the metadata stored in the target logical storage unit when the query unit determines that data other than the metadata is stored in the target logical storage unit. data.

在目标确定单元确定出目标逻辑存储单元之后,由查询单元查询该目标逻辑存储单元中是否存储有元数据之外的数据,只有当确定该目标逻辑存储单元中存储有元数据时,该第一数据读取单元才会去读取该元数据,从而避免了在目标逻辑存储单元中没有存储用户数据的情况下,读取无意义的元数据,进而减少了数据读取量。After the target determining unit determines the target logical storage unit, the query unit inquires whether data other than metadata is stored in the target logical storage unit, and only when it is determined that metadata is stored in the target logical storage unit, the first Only the data reading unit reads the metadata, thereby avoiding reading meaningless metadata when no user data is stored in the target logical storage unit, thereby reducing the amount of data read.

可选的,在另一方面,该目标确定单元还可以是包括:Optionally, on the other hand, the target determination unit may also include:

第三目标确定单元,用于从所述存储阵列的多个逻辑存储单元中,确定出存储有元数据之外的数据的目标逻辑存储单元。The third target determining unit is configured to determine a target logical storage unit storing data other than metadata from among the plurality of logical storage units of the storage array.

通过该第三目标确定单元确定出的目标逻辑存储单元中均存储有用户数据,从而无需再查询该目标逻辑存储单元中是否存储有元数据之外的数据。The target logical storage units determined by the third target determining unit all store user data, so there is no need to inquire whether data other than metadata is stored in the target logical storage unit.

进一步的,在以上任意一个实施例中,该数据处理装置还可以包括:Further, in any one of the above embodiments, the data processing device may further include:

标识单元,用于在所述数据更新单元将所述目标逻辑存储单元中的所述元数据更新为加密的元数据后,为所述目标逻辑存储单元生成标识信息,所述标识信息用于表明所述目标逻辑单元中的所述元数据被加密。an identification unit, configured to generate identification information for the target logical storage unit after the data update unit updates the metadata in the target logical storage unit to encrypted metadata, and the identification information is used to indicate The metadata in the target logical unit is encrypted.

通过该标识单元对存储有加密后的元数据的目标逻辑存储单元进行标识,则可以在需要解密时,可以很快的确定出元数据被加密的目标逻辑存储单元。By using the identification unit to identify the target logical storage unit storing the encrypted metadata, when decryption is required, the target logical storage unit whose metadata is encrypted can be quickly determined.

另外,本发明还提供了一种存储阵列,参见图6,示出了本发明一种存储阵列的结构示意图,该存储阵列600包含有控制器601和多个磁盘602,所述多个磁盘通过磁盘框固定在一起。In addition, the present invention also provides a storage array, referring to FIG. 6 , which shows a schematic structural diagram of a storage array of the present invention, the storage array 600 includes a controller 601 and multiple disks 602, and the multiple disks pass through The disk enclosures are fastened together.

其中,所述控制器与所述多个磁盘相连。其中,这多个磁盘的存储空间被虚拟化为多个逻辑存储单元。Wherein, the controller is connected to the plurality of disks. Wherein, the storage space of the multiple disks is virtualized into multiple logical storage units.

所述控制器601,用于存储从存储阵列的多个逻辑存储单元中确定出至少一个目标逻辑存储单元;读取所述目标逻辑存储单元中存储的元数据;对所述元数据进行加密,得到加密的元数据;将所述目标逻辑存储单元中存储的所述元数据更新为所述加密单元得到的所述加密的元数据。The controller 601 is configured to store at least one target logical storage unit determined from a plurality of logical storage units of the storage array; read metadata stored in the target logical storage unit; encrypt the metadata, Obtain encrypted metadata; update the metadata stored in the target logical storage unit with the encrypted metadata obtained by the encryption unit.

所述磁盘阵列602中存储有所述控制器执行的程序的信息。Information about programs executed by the controller is stored in the disk array 602 .

该存储阵列中还设置有磁盘框,该磁盘框在图6中未画出,在该磁盘框上设置有通信总线,控制器与磁盘框上的通信总线相连,且各个磁盘与该磁盘框上的通信总线相连,进而实现该控制器与该磁盘之间的连接。The storage array is also provided with a disk frame, the disk frame is not shown in Figure 6, a communication bus is provided on the disk frame, the controller is connected to the communication bus on the disk frame, and each disk is connected to the disk frame The communication bus is connected to realize the connection between the controller and the disk.

对于装置实施例而言,由于其基本相应于方法实施例,所以相关之处参见方法实施例的部分说明即可。以上所描述的系统实施例仅仅是示意性的,可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性劳动的情况下,即可以理解并实施。As for the device embodiment, since it basically corresponds to the method embodiment, for related parts, please refer to the description of the method embodiment. The system embodiments described above are only illustrative, and some or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment. It can be understood and implemented by those skilled in the art without creative effort.

在本发明所提供的几个实施例中,应该理解到,所揭露的在装置和方法,在没有超过本申请的精神和范围内,可以通过其他的方式实现。当前的实施例只是一种示范性的例子,不应该作为限制,所给出的具体内容不应该限制本申请的目的。例如,所述单元或子单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或多个子单元结合一起。另外,多个单元可以或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。In the several embodiments provided by the present invention, it should be understood that the disclosed devices and methods can be implemented in other ways without exceeding the spirit and scope of the present application. The present embodiment is only an exemplary example and should not be taken as a limitation, and the specific content given should not limit the purpose of the present application. For example, the division of the units or subunits is only a division of logical functions. In actual implementation, there may be other division methods, such as combining multiple units or multiple subunits. Also, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not implemented.

以上所述仅是本发明的具体实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。The foregoing is only a specific embodiment of the present invention. It should be pointed out that for those of ordinary skill in the art, some improvements and modifications can also be made without departing from the principle of the present invention. It should be regarded as the protection scope of the present invention.

Claims (10)

1. a data processing method, is characterized in that, comprising:
From a plurality of logic storage units of storage array, determine at least one target logic storage unit;
Read the metadata of storing in described target logic storage unit;
Described metadata is encrypted, obtains the metadata of encrypting;
The metadata that is described encryption by the described metadata updates of storing in described target logic storage unit.
2. method according to claim 1, is characterized in that, described at least one target logic storage unit of determining from a plurality of logic storage units of storage array, comprising:
The information that receives the logic storage unit to be encrypted of specified node transmission, is defined as described target logic storage unit by described logic storage unit to be encrypted;
Or, all logic storage units of described storage array are all defined as to described target logic storage unit.
3. method according to claim 1 and 2, is characterized in that, described from a plurality of logic storage units of storage array, determine at least one target logic storage unit after, also comprise:
Inquire about in described target logic storage unit and whether store the data outside described metadata;
The described metadata of storing in described target logic storage unit that reads, comprising:
While storing the data outside described metadata in described target logic storage unit, read the described metadata of storing in described target logic storage unit.
4. method according to claim 1, is characterized in that, described at least one target logic storage unit of determining from a plurality of logic storage units of storage array, comprising:
From a plurality of logic storage units of described storage array, determine the target logic storage unit of the data that store outside metadata.
5. method according to claim 1, is characterized in that, after the described metadata that is described encryption by the metadata updates of storing in described target logic storage unit, also comprises:
For described target logic storage unit generating identification information, described identification information is for showing that the described metadata of described destination logical unit is encrypted.
6. a data processing equipment, is characterized in that, comprising:
Target determining unit, for determining at least one target logic storage unit from a plurality of logic storage units of storage array;
Data-reading unit, the metadata of storing for reading described target logic storage unit that described target determining unit determines;
Ciphering unit, is encrypted for the described metadata that described data-reading unit is read, and obtains the metadata of encrypting;
Data updating unit is the metadata of the described encryption that obtains of described ciphering unit for the described metadata updates that described target logic storage unit is stored.
7. device according to claim 6, is characterized in that, described target determining unit, comprising:
First object determining unit, for receiving the information of the logic storage unit to be encrypted of specified node transmission, is defined as described target logic storage unit by described logic storage unit to be encrypted;
Or the second target determining unit, for being all defined as described target logic storage unit by all logic storage units of described storage array.
8. according to the device described in claim 6 or 7, it is characterized in that, also comprise:
Whether query unit, store the data outside described metadata for inquiring about the described target logic storage unit that described target determining unit determines;
Described data-reading unit, comprising:
The first data-reading unit, while storing the data outside described metadata for determine described target logic storage unit when described query unit, reads the described metadata of storing in described target logic storage unit.
9. device according to claim 6, is characterized in that, described target determining unit, comprising:
The 3rd target determining unit, for a plurality of logic storage units from described storage array, determines the target logic storage unit of the data that store outside metadata.
10. device according to claim 6, is characterized in that, described device also comprises:
Identify unit, after the described metadata updates of described target logic storage unit being the metadata of encrypting in described data updating unit, for described target logic storage unit generating identification information, described identification information is for showing that the described metadata of described destination logical unit is encrypted.
CN201310654603.9A 2013-12-05 2013-12-05 A kind of data processing method and device Active CN103699855B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310654603.9A CN103699855B (en) 2013-12-05 2013-12-05 A kind of data processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310654603.9A CN103699855B (en) 2013-12-05 2013-12-05 A kind of data processing method and device

Publications (2)

Publication Number Publication Date
CN103699855A true CN103699855A (en) 2014-04-02
CN103699855B CN103699855B (en) 2018-04-27

Family

ID=50361379

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310654603.9A Active CN103699855B (en) 2013-12-05 2013-12-05 A kind of data processing method and device

Country Status (1)

Country Link
CN (1) CN103699855B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109033849A (en) * 2018-06-29 2018-12-18 无锡艾立德智能科技有限公司 The encryption method and device encrypted to deposit data of magnetic disk array
CN111181899A (en) * 2018-11-13 2020-05-19 阿里巴巴集团控股有限公司 Data processing method, device and system and electronic equipment
US11210406B2 (en) 2016-07-15 2021-12-28 Seagate Technology Llc Encrypting system level data structures

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070113084A1 (en) * 2005-08-04 2007-05-17 Sony Corporation Method, apparatus, and program for processing information
CN101055511A (en) * 2007-05-16 2007-10-17 华为技术有限公司 Memory array system and its data operation method
CN101097556A (en) * 2006-06-29 2008-01-02 国际商业机器公司 Method and system for updating metadata in a logical volume
CN101313283A (en) * 2005-12-22 2008-11-26 英特尔公司 Method for dynamically exposing backup and restore volumes
CN102024059A (en) * 2010-12-31 2011-04-20 成都市华为赛门铁克科技有限公司 Method and device for protecting redundant array of independent disk in file system
CN102656589A (en) * 2009-12-15 2012-09-05 微软公司 Verifiable trust for data through wrapper composition
CN103019894A (en) * 2012-12-25 2013-04-03 创新科存储技术(深圳)有限公司 Reconstruction method for redundant array of independent disks
CN103279694A (en) * 2013-05-31 2013-09-04 华为技术有限公司 Loading method, protecting method, loading device and protecting device for file system
CN103392178A (en) * 2011-11-11 2013-11-13 日本电气株式会社 Database encryption system, method and program

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070113084A1 (en) * 2005-08-04 2007-05-17 Sony Corporation Method, apparatus, and program for processing information
CN101313283A (en) * 2005-12-22 2008-11-26 英特尔公司 Method for dynamically exposing backup and restore volumes
CN101097556A (en) * 2006-06-29 2008-01-02 国际商业机器公司 Method and system for updating metadata in a logical volume
CN101055511A (en) * 2007-05-16 2007-10-17 华为技术有限公司 Memory array system and its data operation method
CN102656589A (en) * 2009-12-15 2012-09-05 微软公司 Verifiable trust for data through wrapper composition
CN102024059A (en) * 2010-12-31 2011-04-20 成都市华为赛门铁克科技有限公司 Method and device for protecting redundant array of independent disk in file system
CN103392178A (en) * 2011-11-11 2013-11-13 日本电气株式会社 Database encryption system, method and program
CN103019894A (en) * 2012-12-25 2013-04-03 创新科存储技术(深圳)有限公司 Reconstruction method for redundant array of independent disks
CN103279694A (en) * 2013-05-31 2013-09-04 华为技术有限公司 Loading method, protecting method, loading device and protecting device for file system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11210406B2 (en) 2016-07-15 2021-12-28 Seagate Technology Llc Encrypting system level data structures
CN109033849A (en) * 2018-06-29 2018-12-18 无锡艾立德智能科技有限公司 The encryption method and device encrypted to deposit data of magnetic disk array
CN111181899A (en) * 2018-11-13 2020-05-19 阿里巴巴集团控股有限公司 Data processing method, device and system and electronic equipment
CN111181899B (en) * 2018-11-13 2022-11-11 阿里巴巴集团控股有限公司 Data processing method, device and system and electronic equipment

Also Published As

Publication number Publication date
CN103699855B (en) 2018-04-27

Similar Documents

Publication Publication Date Title
US11088846B2 (en) Key rotating trees with split counters for efficient hardware replay protection
US10810138B2 (en) Enhanced storage encryption with total memory encryption (TME) and multi-key total memory encryption (MKTME)
EP3120291B1 (en) Rapid data protection for storage devices
US10235304B2 (en) Multi-crypto-color-group VM/enclave memory integrity method and apparatus
TWI596475B (en) Use signature address verification
CN109587106B (en) Cross-domain security in a password-partitioned cloud
US9215251B2 (en) Apparatus, systems, and methods for managing data security
TWI470469B (en) Methods, articles, and devices for protecting video content using virtualization
CN110447032A (en) Memory page translation monitoring between hypervisor and virtual machine
CN114077733A (en) Flexible Counter System for Memory Protection
US11239997B2 (en) Techniques for cipher system conversion
WO2015127461A1 (en) Securing client-specified credentials at cryptographically attested resources
TW201939337A (en) Behavior recognition, data processing method and apparatus
CN107430555B (en) Cache and data organization for memory protection
US11748493B2 (en) Secure asset management system
US20170286320A1 (en) Avoiding redundant memory encryption in a cryptographic protection system
WO2019184741A1 (en) Application program information storing method and apparatus, and application program information processing method and apparatus
JP2018511956A (en) Technology to enhance data encryption using secure enclaves
CN106709380A (en) Encryption and decryption method and system capable of aiming at disk data memory area
US20210406054A1 (en) Safe entropy source for encrypted virtual machines
CN103699855B (en) A kind of data processing method and device
CN108154042B (en) File system encryption method and device
CN114528545B (en) A data protection method, apparatus, device, and storage medium
CN102801526B (en) Encryption method and device for file system
CN105701424A (en) Method for creating memory cell, and controller

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant