Search

CN-115544530-B - Key management system, method for realizing key management and computing node

CN115544530BCN 115544530 BCN115544530 BCN 115544530BCN-115544530-B

Abstract

The application discloses a key management system, a method for realizing key management and a computing node thereof, which are used for carrying out encryption and decryption on a user key, wherein the security domain key redundancy storage is distributed in each computing node of a computing node cluster, any computing node is scheduled to carry out encryption and decryption operation on the user key through the security domain key, the computing node and the user key can be infinitely expanded, moreover, the ciphertext of the user key can only be decrypted in the computing node through the security domain key, and the high reliability of key management is ensured. The key management system provided by the embodiment of the application can meet the requirements of high availability, high reliability, elastic scheduling and infinite capacity in a cloud computing scene. The key management system provided by the embodiment of the application provides a safe, reliable and elastically-expanded key management system, and meets the complex computing requirements of cloud computing scenes.

Inventors

  • CHEN JUNPU
  • LI HAIBIN
  • PENG ZHONGHONG

Assignees

  • 阿里巴巴新加坡控股有限公司

Dates

Publication Date
20260512
Application Date
20210630

Claims (11)

  1. 1. A key management system comprises at least one available area for realizing data redundancy, a scheduling node, wherein, The system comprises a dispatching node, a decryption node, a user key and a scheduling node, wherein the dispatching node is used for distributing an encryption request to the computing node; The available area comprises at least one computing node, wherein the same security domain key is redundantly stored in each computing node, and the computing node is used for encrypting the user key by using the security domain key and storing the encrypted ciphertext of the user key into a database; And the alternate updating nodes are used for meeting triggering conditions, and updating the security domain keys in all the computing nodes in the security domain where the available area is located, so that the computing nodes re-encrypt the user keys protected by the security domain keys, wherein the triggering conditions at least comprise one of meeting a preset updating period, receiving an external updating instruction and meeting a preset using frequency threshold of the same key.
  2. 2. The key management system of claim 1, further comprising a security management node for securely managing the key management system.
  3. 3. The key management system of claim 1 or 2, wherein the at least one available region is divided into different regions, each region comprising one or more available regions therein; Wherein the areas are safely isolated from each other.
  4. 4. The key management system of claim 1 or 2, wherein the computing node is cryptographic hardware conforming to security level requirements; the password hardware meeting the security level requirement comprises a hardware security module HSM.
  5. 5. The key management system of claim 1, wherein the rotation update node is further configured to notify the scheduling node after updating the security domain key in each computing node in the security domain; The dispatching node is also used for receiving a notification of updating the security domain key and loading ciphertext of the user key to the computing node so as to perform re-encryption processing; the computing node is also used for decrypting the ciphertext of the user key needing to be re-encrypted by using the original security domain key, encrypting by using the current updated security domain key to obtain the ciphertext of the new user key, and storing the ciphertext of the new user key after re-encryption into the database.
  6. 6. The key management system according to claim 1 or 5, wherein the rotation update node is provided with a distributed security domain key synchronization protocol, and the updating the security domain keys in each computing node in the security domain in the rotation update node comprises: And synchronizing the generated security domain key to all other computing nodes in the security domain where the computing node is located according to a distributed key synchronization protocol.
  7. 7. A method of implementing key management, comprising: According to the distributed encryption and decryption request, the user key is encrypted by utilizing the security domain key, the encrypted ciphertext of the user key is stored in a database, or the ciphertext of the user key is decrypted by utilizing the security domain key, so that the user data is operated by utilizing the user key; the security domain key is the same key of the security domain where the computing node stored in the computing node redundantly is located; the method further comprises the steps of updating the security domain key in the computing node and enabling the computing node to re-encrypt the user key protected by the security domain key when a triggering condition is met, wherein the triggering condition at least comprises one of meeting a preset updating period, receiving an external updating instruction and meeting a preset using frequency threshold of the same key.
  8. 8. The method of claim 7, further comprising: The triggering condition is met, and the security domain key in each computing node in the security domain is updated; And re-encrypting the user key protected by the security domain key by using the updated security domain key.
  9. 9. The method of claim 7 or 8, wherein the updating the security domain key in each computing node within the security domain comprises: According to the distributed key synchronization protocol, a security domain key generated in a certain computing node is synchronized to all other computing nodes within the security domain.
  10. 10. A computer-readable storage medium storing computer-executable instructions for performing the method of implementing key management of any one of claims 7-9.
  11. 11. A computing node comprising a memory and a processor, wherein the memory has stored therein instructions executable by the processor for performing the steps of the method for implementing key management of any one of claims 7-9.

Description

Key management system, method for realizing key management and computing node Technical Field The present application relates to, but not limited to, information security technology, and in particular, to a key management system, a method for implementing key management, and a computing node. Background A key management service (KMS, key Management Service) for a system or service that provides hosting and management of keys, and provides cryptographic computing capabilities for the hosted keys. Ensuring the security and compliance of encryption keys is the core capability of KMSs, and both countries and industries specify corresponding laws and regulations that require the use of cryptographic hardware (e.g., hardware security modules (HSM, hardware Security Module)) that meets security level requirements for the protection and storage of keys. The traditional key management system stores the encryption key in the HSM equipment, and under the cloud computing scene, the requirements of high availability, high reliability, flexible scheduling and infinite capacity enable the mode to have high design complexity, realization complexity and maintenance complexity. If each encryption key is stored and scheduled to a single HSM, then there is an availability problem, if each key needs to be stored and scheduled to one HSM cluster, the HSM cluster needs to have redundancy, while guaranteeing high availability, the capacity of each cluster is limited, the number of clusters needs to be increased under the requirement of infinite capacity, and the relationship between the encryption key and the clusters needs to be managed, and further, there is a dual requirement of intra-cluster and extra-cluster capacity expansion, and the unpredictability (such as short-term hot key) on scheduling can make the intra-cluster capacity expansion impossible to plan and predict. In summary, it is difficult for conventional key management systems to meet the complex computing requirements of cloud computing scenarios. Disclosure of Invention The application provides a key management system, a method for realizing the key management and a computing node thereof, which are safe, reliable and elastically expanded and meet the complex computing requirements of cloud computing scenes. The embodiment of the invention provides a key management system, which comprises at least one available area for realizing data redundancy and a scheduling node, wherein, The dispatching node is used for distributing the encryption request to the computing node, loading the user key to the computing node for encryption processing, distributing the decryption request to the computing node, loading the ciphertext of the user key to the computing node for decryption processing; The available area comprises at least one computing node, wherein the same security domain key is redundantly stored in each computing node, and the computing nodes are used for encrypting the user key by using the security domain key and storing the encrypted ciphertext of the user key into a database, or decrypting the ciphertext of the user key by using the security domain key so as to operate user data by using the user key. In an exemplary embodiment, the method further includes: And the alternate updating nodes are used for meeting the triggering condition and updating the security domain keys in all the computing nodes in the security domain where the available area is located so that the computing nodes re-encrypt the user keys protected by the security domain keys. In one exemplary embodiment, the system further comprises a security management node for performing security management on the key management system. In one illustrative example, the at least one available region is divided into different regions, each region including one or more available regions therein; Wherein the areas are safely isolated from each other. In an exemplary embodiment, the scheduling node is a node dedicated to performing encryption and decryption request allocation, or is any one of the computing nodes. In one illustrative example, the computing node is cryptographic hardware that meets security level requirements. In one illustrative example, the cryptographic hardware meeting security level requirements includes a hardware security module HSM. In an exemplary embodiment, the rotation updating node is further configured to notify the scheduling node after updating the security domain key in each computing node in the security domain; The dispatching node is also used for receiving a notification of updating the security domain key and loading ciphertext of the user key to the computing node so as to perform re-encryption processing; the computing node is also used for decrypting the ciphertext of the user key needing to be re-encrypted by using the original security domain key, encrypting by using the current updated security domain key to obtain the ciphertext of the new user key, and storing th