Advantages of encryption service products
Secure key storage uses hardware cryptography machine to protect customer keys, and the cryptography machine complies with the requirements of the National Cryptography Administration (GM/T 0029-2014) and the People’s Bank of China (PBOC1.0/2.0/3.0).
Secure key management Device management and key management permission separation. Ali Cloud can only manage password machine hardware devices, mainly including monitoring device availability indicators, opening, stopping services, etc. The key is completely managed by the customer and Ali Cloud does not have any method to obtain the customer key. The key management system has passed the security detection and authentication of the State Cryptography Administration.
Convenient Use on the cloud The encryption service instance is deployed on a customer’s private VPC network and can be managed and invoked using the customer’s specified private NETWORK IP address. The instance can be used with services on the cloud server instance conveniently.
Elastic expansion You can flexibly adjust the number of rented encryption service instances based on actual conditions and use load balancing to meet different encryption and decryption requirements.
Encryption services use cryptographic machines that have been detected and authenticated by the National Cryptography Administration to allow customers to securely generate, store and manage encryption keys used for data encryption, meeting strict key management requirements without sacrificing application performance.
Application Scenarios Encryption serves all customers on Aliyun, mainly for the protection of sensitive data such as financial business system, government system, and enterprise financial system. The encryption service of financial business system mainly includes the storage of bank card number, ID card, PIN code and other sensitive information. The usage scenario of encryption service in government system mainly includes the storage of sensitive information of secret-related services. The use of encryption services in enterprise financial systems mainly includes the storage of sensitive information such as contracts and finance.
Noun explanation
Encryption service instance A resource instance created by hardware cryptography machine virtualization. It implements all functions of the hardware cryptography machine and has certain encryption and decryption computing capabilities.
Identity card USB Key, which uniquely identifies the encryption service instance and manages the Key in the encryption service instance with the management client software of the encryption service instance.
The proxy connection, together with the service proxy software used by the encryption service instance, provides SSL encryption for communication content and implements load balancing among multiple encryption service instances.
AliCloud Data Encryption Service (AliCloud Data Encryption Service) is a Data security Encryption solution on the cloud. At the bottom of the service layer, hardware cryptography machines that have been detected and certified by the National Cryptography Administration are used to help users meet regulatory compliance requirements on data security and protect the privacy and confidentiality of service data on the cloud through virtualization technology. With the help of encryption services, users can manage keys safely and reliably, and can use various encryption algorithms to encrypt and decrypt data reliably.
Official website of Ali Yun University (Official website of Ali Yun University, Innovative Talent Workshop under cloud Ecology)