政务云密码服务基础保障体系及关键技术研究  

作　　者：掌晓愚 孟茹 钱程 ZHANG Xiaoyu;MENG Ru;QIAN Cheng(Ge′er Software Co.,Ltd.,Shanghai 200436,China;School of Cyberspace Security,Jinan University,Guangzhou,Guangdong 510632,China)

机构地区：[1]格尔软件股份有限公司,上海200436 [2]暨南大学网络空间安全学院,广东广州510632

出　　处：《信息记录材料》2024年第6期35-38,共4页Information Recording Materials

摘　　要：云计算技术的不断发展和成熟促进了各行业数字信息上云的趋势,赋予了传统密码技术崭新的增长机遇,云原生技术重构了密码体系技术路线和体系框架。本文首先分析了传统密码技术上云的局限性,针对云计算技术与密码技术深入融合研究其关键技术,对比了密码资源专用、租用、共享融合三种模式;其次构建基于云原生的密码服务基础设施,其技术路线特点是基于“分层解耦”的设计思想,将密码服务软件和密码运算模块作为不同的密码资源进行管理,实现了云内生的密码服务保障能力和密码管理权责机制,为云租户提供安全合规、集约高效、简单易用的密码资源与密码服务;最后从业务功能性、安全性及性能等方面对政务云密码服务基础保障体系进行了全面评估,并对其未来研究可能面临的挑战进行了展望。With the constant development and maturation of cloud computing technology,there has been a growing trend across industries to transfer digital information to cloud spaces,which has provided traditional encryption technologies with new opportunities for growth,as well as allowed cloud-native technology to emerge and reconstruct the technical roadmap and framework of encryption systems.Against such a backdrop,this study analyzed the limitations of traditional encryption technology in cloud environments and researched key technologies that feature the integration of cloud computing and encryption technology in depth.After comparing three different modes,i.e.,dedicated resource mode,leasing mode,and shared integration mode,a cloud-native infrastructure for encryption services predicated on a design philosophy of"layered decoupling"was then constructed,where encryption service software and encryption calculation modules were managed as separate encryption resources.This approach was found to possess an inherent capability for encryption services and a responsibility mechanism for encryption management within the cloud,which in turn provides cloud tenants with encryption resources and services that are secure,compliant,efficient,and user-friendly.Last but not least,the foundational security system for governmental cloud encryption services was thoroughly evaluated from the perspectives of business functionality,security,and performance,offering insights into the potential challenges that future research in this field may encounter.

关 键 词：云计算技术 云原生密码服务 密钥隔离 密码资源虚拟化 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]