CN105208044A - Key management method suitable for cloud computing - Google Patents
Key management method suitable for cloud computing Download PDFInfo
- Publication number
- CN105208044A CN105208044A CN201510724741.9A CN201510724741A CN105208044A CN 105208044 A CN105208044 A CN 105208044A CN 201510724741 A CN201510724741 A CN 201510724741A CN 105208044 A CN105208044 A CN 105208044A
- Authority
- CN
- China
- Prior art keywords
- cloud computing
- key
- key management
- server
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 51
- 238000011084 recovery Methods 0.000 claims description 5
- 238000012423 maintenance Methods 0.000 abstract description 4
- 230000007246 mechanism Effects 0.000 abstract description 3
- 238000000034 method Methods 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a key management method suitable for cloud computing. A cloud computing key client side and a cloud computing key management server are provided; the cloud computing key client side is the password service client side reserved in a cloud computing server, is in charge of providing key service for cloud computing applications in the cloud computing server, and is used for applying key management service from the cloud computing key management server by using united and standard key management protocols; the cloud computing key management server is used for acquiring corresponding business operations from a password management server or a digital certificate center, and then returning business operation results to the cloud computing key client side. Based on a united management framework and mechanism, the comprehensive, effective and expandable cloud computing key management service is provided, centralized and united management and maintenance of keys in the cloud computing environment are facilitated, the key maintenance and management cost are reduced, and the potential risks of key leakage and the like are reduced.
Description
Technical field
The invention belongs to information safety key administrative skill field, be specifically related to a kind of be applicable under cloud computing environment key management method.
Background technology
Cloud computing stems from business computation model, and calculation task is distributed to the resource pool be made up of a large amount of computer by it, thus enables user obtain computing capability, memory space and application service as required." cloud computing is counted as the technology application driving Next Generation Internet." cloud " is that some can the virtual computing resource of self and management.Normally service cluster, comprises calculation server, storage server and Internet resources etc.Computational resource puts together by cloud computing, and realizes management automatically by specific software.User dynamically can apply for that part resource is to support the running of various application program.So not only enable user more be absorbed in the business of oneself, be also conducive to raising the efficiency, reducing costs.Although cloud computing industry has great market increase prospect, for the enterprise customer using this service, there is potential security risk in cloud computing service.
When enterprise or personal user use cloud computing service, they also do not know which station server is oneself data be placed on, even do not understand this station server and which place is placed on.In cloud computing service platform, under the data of a large amount of enterprise customer are in shared environment, consider for data security, enterprise or personal user, before choice for use cloud computing service, need to guarantee data security storage.
Analyzed as can be seen from above, the subject matter of cloud security is all relevant with the fail safe of data, data security is the Basic Problems of cloud security, and analyzing on the basis that cloud data security needs to deal with problems herein, proposition is applicable to the key management method of cloud computing data security.
Summary of the invention
In order to overcome the above-mentioned shortcoming of prior art, the invention provides a kind of key management method being applicable to cloud computing.
The technical solution adopted for the present invention to solve the technical problems is: a kind of key management method being applicable to cloud computing, comprise cloud computing key client and cloud computing key management server, described cloud computing key client is the cryptographic service client resided in cloud computing server, and being responsible for provides cipher key service to the cloud computing application in cloud computing server; The IKMP of described cloud computing key client use unification, standard is to cloud computing key management server application cipher key management services; Cloud computing key management server obtains corresponding business operation according to business applying type to password management services or digital certificate center, then returns business operation result to cloud computing key client.
Compared with prior art, good effect of the present invention is: the data security demand in facing cloud computing environment, cryptographic service demand, cert services demand, comprehensive, effective, extendible cloud computing key management service can be provided based on unified management framework and mechanism, be convenient to key centralized and unified management and maintenance in cloud computing environment, reduce key maintenance and management cost, reduce the potential risks such as Key Exposure.
Accompanying drawing explanation
Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:
Fig. 1 is cloud computing key Governance framework structural representation of the present invention;
Fig. 2 is the flow chart of application encryption key.
Embodiment
In cloud computing applied environment, the object of key management has following characteristics:
1, key kind is many
Because the application in cloud varies. the demand of cipher application is also varied.Therefore, need to support the multiple cryptographic system such as symmetric cryptography, asymmetric cryptography and different cryptographic algorithm.
2, key data amount is large
Each user computing in cloud may need multiple key to realize the several functions such as data encryption storage, encrypted transmission, and key management system needs all users in facing cloud computing environment and application.Therefore, managing keys data volume will be very huge.
3, cipher key application circumstance complication
Due to applied cryptography in cloud be encrypted and the application scenarios of certification complicated, must take into full account during design that cipher key application client has the ability of shielding applied environment, solve by IKMP the complexity that key uses and manage.
Based on the requirement of above cloud computing key management design, cloud computing key Governance framework of the present invention is by cloud computing key client (CloudComputingKeyClient, and cloud computing key management server (CloudComputingKeyManagementServer CKC), CKMS) two parts composition, as shown in Figure 1.
CKC is the cryptographic service client resided in cloud computing server, and the cloud computing application be responsible in this cloud computing server provides cipher key service.CKC uses IKMP that is unified, standard in CKMS, apply for the management services such as key generation, recovery, renewal.CKMS according to business applying type to symmetrical or the application of asymmetric cryptography management server, recovery, renewal association key, then to CKC " return " key" business operation result; Also can act on behalf of that CKC applies for digital certificate center, cancels, more new authentication.
Below the specific descriptions to the inventive method:
To apply for that the cloud computing key management method that encryption key (symmetric key) proposes invention is described (key recovery, renewal and digital certificate center are applied for, cancel, upgrade credentialing process all equally, and the action type flag bit just in application is different).Cloud computing server needs enciphered data, as shown in Figure 2, applies for that the process of key is as follows by CKC to CKMS:
1, CKC generates key request bag, sends to CKMS, and packet comprises request packet header, action type, key object and identifier; Head mainly comprises data length etc.; The business operations such as action type comprises application, cancels, recovery; Key object comprises symmetric key, unsymmetrical key, certificate etc.; The identity ID of identifier mark applicant;
2, after CKMS receives key request, according to request content, symmetric key is obtained from symmetric cryptography server;
3, CKMS generates key and replys bag, sends to CKC, and packet comprises replys packet header, key object, identifier and symmetric key;
Communication between above-mentioned CKC and CKMS depends on the security mechanisms such as TLS or HTTPS and ensures confidentiality, the integrality of cipher key management procedures and can differentiate.
Claims (5)
1. one kind is applicable to the key management method of cloud computing, it is characterized in that: comprise cloud computing key client and cloud computing key management server, described cloud computing key client is the cryptographic service client resided in cloud computing server, and being responsible for provides cipher key service to the cloud computing application in cloud computing server; The IKMP of described cloud computing key client use unification, standard is to cloud computing key management server application cipher key management services; Cloud computing key management server obtains corresponding business operation according to business applying type to password management services or digital certificate center, then returns business operation result to cloud computing key client.
2. a kind of key management method being applicable to cloud computing according to claim 1, is characterized in that: described cipher key management services comprises the generation of key, recovery or renewal, and the application of digital certificate, cancels or upgrade.
3. a kind of key management method being applicable to cloud computing according to claim 1, is characterized in that: described password management services comprises symmetry or asymmetric cryptography management server.
4. a kind of key management method being applicable to cloud computing according to claim 1, it is characterized in that: described cloud computing key client is by sending packet application cipher key management services to cloud computing key management server, and described packet comprises: head, action type, key object and identifier.
5. a kind of key management method being applicable to cloud computing according to claim 4, is characterized in that: described head comprises data length; Described action type comprises application, cancels or recovers business operation; Described key object comprises symmetric key, unsymmetrical key or digital certificate; Described identifier is for identifying the identity ID of applicant.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510724741.9A CN105208044A (en) | 2015-10-29 | 2015-10-29 | Key management method suitable for cloud computing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510724741.9A CN105208044A (en) | 2015-10-29 | 2015-10-29 | Key management method suitable for cloud computing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105208044A true CN105208044A (en) | 2015-12-30 |
Family
ID=54955477
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510724741.9A Pending CN105208044A (en) | 2015-10-29 | 2015-10-29 | Key management method suitable for cloud computing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105208044A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108667609A (en) * | 2017-04-01 | 2018-10-16 | 西安西电捷通无线网络通信股份有限公司 | A kind of digital certificate management method and equipment |
| CN111130773A (en) * | 2019-12-26 | 2020-05-08 | 北京三未信安科技发展有限公司 | Key management server, client and system based on KMIP protocol |
| CN112769805A (en) * | 2020-12-31 | 2021-05-07 | 普华诚信信息技术有限公司 | Cloud password management method, system and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103312690A (en) * | 2013-04-19 | 2013-09-18 | 无锡成电科大科技发展有限公司 | System and method for key management of cloud computing platform |
| EP2656287A2 (en) * | 2010-12-22 | 2013-10-30 | Intel Corporation | A system and method to protect user privacy in multimedia uploaded to internet sites |
| CN103516523A (en) * | 2013-10-22 | 2014-01-15 | 浪潮电子信息产业股份有限公司 | Data encryption system structure based on cloud storage |
| CN104378386A (en) * | 2014-12-09 | 2015-02-25 | 浪潮电子信息产业股份有限公司 | Method for cloud data confidentiality protection and access control |
-
2015
- 2015-10-29 CN CN201510724741.9A patent/CN105208044A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2656287A2 (en) * | 2010-12-22 | 2013-10-30 | Intel Corporation | A system and method to protect user privacy in multimedia uploaded to internet sites |
| CN103312690A (en) * | 2013-04-19 | 2013-09-18 | 无锡成电科大科技发展有限公司 | System and method for key management of cloud computing platform |
| CN103516523A (en) * | 2013-10-22 | 2014-01-15 | 浪潮电子信息产业股份有限公司 | Data encryption system structure based on cloud storage |
| CN104378386A (en) * | 2014-12-09 | 2015-02-25 | 浪潮电子信息产业股份有限公司 | Method for cloud data confidentiality protection and access control |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108667609A (en) * | 2017-04-01 | 2018-10-16 | 西安西电捷通无线网络通信股份有限公司 | A kind of digital certificate management method and equipment |
| CN108667609B (en) * | 2017-04-01 | 2021-07-20 | 西安西电捷通无线网络通信股份有限公司 | Digital certificate management method and equipment |
| US11363010B2 (en) | 2017-04-01 | 2022-06-14 | China Iwncomm Co., Ltd. | Method and device for managing digital certificate |
| CN111130773A (en) * | 2019-12-26 | 2020-05-08 | 北京三未信安科技发展有限公司 | Key management server, client and system based on KMIP protocol |
| CN112769805A (en) * | 2020-12-31 | 2021-05-07 | 普华诚信信息技术有限公司 | Cloud password management method, system and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Tysowski et al. | Hybrid attribute-and re-encryption-based key management for secure and scalable mobile applications in clouds | |
| US9917818B2 (en) | Multi-tenant secure separation of data in a cloud-based application | |
| CN104079574B (en) | User privacy protection method based on attribute and homomorphism mixed encryption under cloud environment | |
| Pradeep et al. | An efficient framework for sharing a file in a secure manner using asymmetric key distribution management in cloud environment | |
| Patil et al. | Data security over cloud | |
| CN108154038B (en) | Data processing method and device | |
| JP2016511610A (en) | Key management method, apparatus, computer program product, and cloud computing infrastructure in a multi-tenant computing infrastructure (key management in a multi-tenant environment) | |
| US11531777B2 (en) | Methods and systems for restricting data access based on properties of at least one of a process and a machine executing the process | |
| TW201926943A (en) | Data transmission method and system | |
| CN104601571A (en) | Data encryption system and method for interaction between tenants and cloud server memory | |
| CN107169364B (en) | A kind of data security method and related system | |
| CN107204997A (en) | The method and apparatus for managing cloud storage data | |
| Al-Aqrabi et al. | Dynamic multiparty authentication of data analytics services within cloud environments | |
| CN105208044A (en) | Key management method suitable for cloud computing | |
| Brindha et al. | A survey on the architectures of data security in cloud storage infrastructure | |
| Bhardwaj et al. | Dynamic Data Storage Auditing Services in Cloud Computing | |
| Jia et al. | A novel security private cloud solution based on eCryptfs | |
| Akilandeswari et al. | A review of literature on cloud brokerage services | |
| Pardeshi et al. | Enhancing information security in cloud computing environment using cryptographic techniques | |
| Silva et al. | Performance evaluation of cryptography on middleware-based computational offloading | |
| Reddemma et al. | A secure model for cloud computing based storage and retrieval | |
| Sheela et al. | ROBUST KEY REVELATION OF PUBLIC AUDITING PROTOTYPE FOR SECURE CLOUD STORAGE | |
| Shrivastava et al. | Data encoding and cost optimised distribution for efficient and secure storage in cloud federation | |
| Brindha et al. | An Efficient Framework for Providing Secured Transaction of Data in Cloud Environment | |
| PREETHI et al. | IDENTITY-BASED AUDITING FOR SHARED CLOUD DATA WITH EFFICIENT AND SECURE SENSITIVE INFORMATION HIDING |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20151230 |