Alibaba Cloud Data Encryption Service is an Encryption solution on the Cloud. At the bottom of the service layer, the hardware cryptography machine that has been detected and certified by the National Cryptography Administration is used to help users meet regulatory compliance requirements on data security and protect the privacy of service data on the cloud through virtualization technology. With the help of encryption services, users can manage keys safely and reliably, and can use various encryption algorithms to encrypt and decrypt data reliably.

Functional description

Data encryption

Data is the core asset of an enterprise, and every enterprise has its own core sensitive data. It includes the sensitive data of the enterprise itself, such as contracts, transactions, flow, etc., and the sensitive data of enterprise users, such as ID cards, bank cards, etc. Encryption services are needed to protect the data from being accessed by others.

Encryption Algorithm Support

It fully supports domestic algorithms and some international common cryptography algorithms to meet the needs of users for various encryption algorithms.

Symmetric password algorithm: supports SM1, SM4, DES, 3DES, and AES

Asymmetric password algorithms: SM2 and RSA (1024-2048)

Algorithm: support SM3, SHA1, SHA256, SHA384

Financial industry support

The customized encryption needs of the financial industry conform to the standards and specifications of the People’s Bank of China, and fully support the encryption and decryption needs of the financial payment field

PIN code generation, encryption, transfer to encryption, authentication, etc

ARQC generation/validation, script encryption, script MAC, etc

MAC1 calculation and verification, MAC2 calculation and verification, TAC verification, etc

External authentication, key update, and internal authentication

Sensitive data encryption, transfer encryption, packet MAC calculation and verification

CVV/CVN generation and verification, PVV/PVN generation and verification

Product Features 1. Renting an encryption service instance Select an unrented encryption service instance from the encryption service resource pool and assign it to the customer.

2. Mapping the encryption service instance

Map the encryption service instance to the VPC network specified by the customer and assign the VPC private IP address specified by the customer.

3. Manage encryption service instances

The customer accesses the VPC through a VPN or private line, initializes the encryption service instance with a USB Key, and manages the Key.

4. Encryption and decryption invocation

The business application invokes the encrypted service instance through the proxy connector. The proxy connector provides SSL encrypted communication and load balancing.

Details about Ali Cloud encryption service:

Ali cloud encryption service use tutorial

AliCloud Data Encryption Service (AliCloud Data Encryption Service) is a secure Data Encryption solution for the cloud. At the bottom of the service layer, hardware cryptography machines that have been detected and certified by the National Cryptography Administration are used to help users meet regulatory compliance requirements on data security and protect the privacy and confidentiality of service data on the cloud through virtualization technology. With the help of encryption services, users can manage keys safely and reliably, and can use various encryption algorithms to encrypt and decrypt data reliably.

Official website of Ali Yun University (Official website of Ali Yun University, Innovative Talent Workshop under cloud Ecology)