| 摘要 |
<p>The system and method of the present invention manages storage encryption over network-based or cloud based Elastic Block Store (EBS) Volume so as to provide flexibility and transparency on the encryption algorithm that can be universally acceptable to any provider and user. The system (100) of the present invention manages storage encryption over network based Elastic-Block Store (EBS) Volume (118) with a user mode (102) and a kernel mode (104); said user mode (102) comprising of an application (106) and a block device (108); said kernel mode (104) comprising of at an I/O Manager (110) for receiving mounting instruction and presenting decrypted data to requester; a crypto kernel module (112) for retrieving encryption key from key file; a file system (116) an EBS Volume (118). The methodology of the present invention is being initiated by initializing and configuring EBS Volume (202). Thereafter, encrypted EBS Volume (204) is mounted on the system and data is written on EBS Volume and said data is further encrypted (206). The encrypted data is read from EBS Volume and said encrypted data will be decrypted to obtain decrypted data (208). The encrypted EBS Volume (210) can be unmounted from the system when the volumes are not required. The present invention is transparent to user in which the data that is written to the EBS disk are encrypted transparently with the random generation of encryption key and stored in the disk. Confidentiality is allowed and reinforced in the EBS Volume by encryption of the data being stored in the data storage and decryption of the encrypted data using correct symmetric key provided by the authorized user during retrieval process.</p> |
