语音识别服务静态数据的加密Speech service encryption of data at rest

语音识别服务在将数据保存到云时会自动加密数据。Speech Service automatically encrypts your data when it is persisted it to the cloud. 语音识别服务加密可以保护数据,并帮助组织履行在安全性与合规性方面做出的承诺。Speech service encryption protects your data and to help you to meet your organizational security and compliance commitments.

关于认知服务加密About Cognitive Services encryption

数据将使用符合 FIPS 140-2 的 256 位 AES 加密法进行加密和解密。Data is encrypted and decrypted using FIPS 140-2 compliant 256-bit AES encryption. 加密和解密都是透明的,这意味着将替你管理加密和访问。Encryption and decryption are transparent, meaning encryption and access are managed for you. 你的数据默认情况下就是安全的,你无需修改代码或应用程序,即可利用加密。Your data is secure by default and you don't need to modify your code or applications to take advantage of encryption.

关于加密密钥管理About encryption key management

使用自定义语音识别和语音识别服务可能会将以下数据存储在云中:When you use Custom Speech, Speech service may store following data in the cloud:

  • 语音识别跟踪数据 - 仅当你为自定义终结点启用了跟踪时才存储Speech trace data - only if your turn the trace on for your custom endpoint
  • 已上传的训练和测试数据Uploaded training and test data

默认情况下,你的数据存储在 Microsoft 的存储中,你的订阅使用 Microsoft 托管的加密密钥。By default, your data are stored in Microsoft's storage and your subscription uses Microsoft-managed encryption keys. 你还可以选择准备你自己的存储帐户。You also have an option to prepare your own storage account. 对应用商店的访问是由托管标识管理的,语音识别服务无法直接访问你自己的数据,例如语音识别跟踪数据、自定义训练数据和自定义模型。Access to the store is managed by the Managed Identity, and Speech service cannot directly access to your own data, such as speech trace data, customization training data and custom models.

有关托管标识的详细信息,请参阅什么是托管标识For more information about Managed Identity, see What are managed identities.

后续步骤Next steps