System and method for providing cryptographic operation service in virtualization environment

Assignee

• DATA ASSURANCE & COMMUNICATION SECURITY CENTER, CHINESE ACADEMY OF SCIENCES · CN

Inventors

• Jingqiang Lin · Beijing, CN
• Kaijie Zhu · Beijing, CN
• Lingchen Zhang · Beijing, CN
• Bo Luo · Beijing, CN
• Quanwei Cai · Beijing, CN
• Congwu Li · Beijing, CN
• Jiwu Jing · Beijing, CN
• Wuqiong Pan · Beijing, CN

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2009/45591
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A system and method for providing cryptographic operation service in a virtualization environment. In the system, a configuration subsystem provides an interface for an administrator and a common user to input information about a virtual cryptographic device. A key file storage subsystem stores a key file and protects it with the protection password. A virtual machine operating subsystem obtains a corresponding key file from the storage subsystem according to the input of the configuration subsystem, creates a virtual device for a guest virtual machine, and finally operates the guest virtual machine to provide cryptographic computing service for the guest virtual machine. Thus the administrator/the common user can specify a key file and input a protection password for a guest virtual machine via the corresponding interface to facilitate the creation of a virtual cryptographic device, and can manage the virtual cryptographic device in a user-friendly and centralized manner. The guest virtual machine on a virtualization management platform can request for a secure cryptographic operation service, thereby alleviating the key security problem in virtualization environment.