<p>Ping An Cloud Data Encryption Service is a cloud-based hardware security module that enables users to generate and use their own encryption keys on the cloud. The bottom layer is a cipher machine which is tested and certified by the State Cryptography Administration Office of Security Commercial Code Administration. Through the virtualization technology, it can help users meet regulatory compliance requirements for data security and protect the privacy and confidentiality of business data on the cloud. With encryption services, users can have secure key management and use various cryptographic algorithms for cryptographic operations.</p>


<p><strong>Safety and compliance</strong></p> <p>With cipher machines that meet the requirements of State Cryptography Administration Office of Security Commercial Code Administration. (GM / T 0029-2014) and the People&#39;s Bank of China (PBOC 1.0 / 2.0 / 3.0), users can securely generate, store and manage cryptographic keys for data encryption, fully compliant with key management requirements.</p> <p><strong>Multi-dimensional security design</strong></p> <p>End-to-end security is achieved by using technologies such as trusted host links, the key agreement, and the separation of platforms and management roles. Cloud computing service providers can only manage devices and hardware.</p> <p><strong>Easy to use</strong></p> <p>The encryption service is deployed in the user&#39;s VPC network. It is managed and called through the user&#39;s private IP address, and it can be quickly used together with the ECS server.</p> <p><strong>Elastic expansion</strong></p> <p>Password computing resources are dynamically allocated to meet different requirements for encryption and decryption operations.</p>


<p>Device management and key management are separated</p> <p>Ping An cloud platform manages and monitors the device management , with cipher machine management separated from the key management. Even the O&amp;M staff for the cloud platform have no access to users&#39; keys; sensitive instructions can be classified for authorization, effectively preventing unauthorized behaviors.</p> <p>&nbsp;</p> <p>Supporting domestic and some international general cryptographic algorithms</p> <p>Symmetric cryptographic algorithms: SM1, SM4, DES, 3DES, AES;</p> <p>Asymmetric cryptographic algorithms: SM2, RSA (1024-2048);</p> <p>Message digest algorithms: SM3, SHA1, SHA256, SHA384.</p> <p>&nbsp;</p> <p>Meeting encryption needs of the financial industry and payment</p> <p>PIN code generation / encryption / transfer encryption / verification, ARQC generation / verification, script encryption, script MAC and others have been provided to many financial institutions, with abundant application interfaces.</p> <p>&nbsp;</p> <p>High availability</p> <p>Cipher machine adopts the hardware RAID for the architecture design, forming the cluster of cipher machines with the load balancing function, which can effectively deal with various emergencies.</p>

Application Scenarios

<p>1.&nbsp;&nbsp; Encrypting sensitive data</p> <p>Encrypting users&rsquo; sensitive data with the ID number and the phone number, which addresses the following issues:</p> <p>1.1 Data leakage</p> <p>Hackers attack networks and obtain data from databases, bringing data leakage risks.</p> <p>1.2 Data tampering</p> <p>Unauthorized users illegally access, tamper with and leak data</p> <p>2.&nbsp;&nbsp; Payment encryption</p> <p>Satisfying regulatory requirements for payment, ensuring the integrity and confidentiality of payment data in the process of transmission and storage, the verification of identity, and non-repudiation in the payment process, which addresses the following issues:</p> <p>2.1 Regulatory compliance</p> <p>Meeting regulatory compliance requirements for payment</p> <p>2.2 Business security</p> <p>Ensuring safety of the payment business</p>
Did the above content solve your problem? Yes No
Please complete information!

Call us


Email us


Online customer service

Instant reply

Technical Support

cloud products