CN113079001A - Key updating method, information processing apparatus, and key updating device - Google Patents

Key updating method, information processing apparatus, and key updating device Download PDF

Info

Publication number
CN113079001A
CN113079001A CN202110252142.7A CN202110252142A CN113079001A CN 113079001 A CN113079001 A CN 113079001A CN 202110252142 A CN202110252142 A CN 202110252142A CN 113079001 A CN113079001 A CN 113079001A
Authority
CN
China
Prior art keywords
hash
key
data
trng
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110252142.7A
Other languages
Chinese (zh)
Other versions
CN113079001B (en
Inventor
季自力
黄好城
涂友钢
苏江江
高文华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Starblaze Technology Co ltd
Original Assignee
Beijing Starblaze Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Starblaze Technology Co ltd filed Critical Beijing Starblaze Technology Co ltd
Priority to CN202110252142.7A priority Critical patent/CN113079001B/en
Publication of CN113079001A publication Critical patent/CN113079001A/en
Application granted granted Critical
Publication of CN113079001B publication Critical patent/CN113079001B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/588Random number generators, i.e. based on natural stochastic processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a key updating method, an information processing apparatus, and a key updating device. Firstly, receiving a user update password; converting the user updating password and the identification code of the storage equipment by utilizing a Hash algorithm to obtain a Hash value of the user updating key; and encrypting the hash value of the user update key based on the random data corresponding to the storage equipment to obtain a user update password ciphertext. Generating true random numbers; and encrypting the true random number based on the user updating key hash value to obtain a data updating key encryption value. The invention updates the user password ciphertext and the data key encryption value in the key, is convenient and fast to update and has good encryption effect.

Description

Key updating method, information processing apparatus, and key updating device
Technical Field
The present invention relates generally to the field of information security. More particularly, the present invention relates to a key updating method, an information processing apparatus, and a key updating device.
Background
In the big data era, in order to prevent unauthorized access to information resources in a big data system, users need to authenticate before accessing the big data system. One conventional user authentication method is to encrypt a password at the time of user registration based on an Identification (ID) and the password.
There exist various methods for encrypting a password, for example, receiving a user registration request, where the user registration request carries a user ID and a password; generating a random number bound with hardware; encrypting the password according to the random number to obtain a password ciphertext; and storing the user ID, the password ciphertext and the random number in an associated manner. Accordingly, when a user logs in a server to perform user authentication, the system receives a user authentication request, wherein the user authentication request carries a user ID and a password to be authenticated; acquiring a password ciphertext and the random number corresponding to the user ID, and encrypting the password to be authenticated according to a preset encryption algorithm to obtain a password ciphertext; and if the calculated password ciphertext is consistent with the acquired password ciphertext, the authentication is passed.
With the development of big data, the storage security of user data is more and more important, and in order to ensure the information security, the secret key needs to be updated regularly, so that a secret key updating scheme with high security level and convenience is urgently needed.
Disclosure of Invention
In order to at least partially solve the technical problems mentioned in the background, an aspect of the present invention provides a key updating method, an information processing apparatus, and a key updating device.
In one aspect, the present invention discloses a key updating method for a user encryption key applied on a storage device, wherein the user encryption key comprises a user original password ciphertext (C _ Pin _ Hash) and a data original key encrypted value (C _ TRNG _ Hash). The key updating method comprises the following steps: receiving a user update password; converting the user updating password and the identification code of the storage device by using a hash algorithm to obtain a user updating key hash value (New Pin _ hash D); acquiring one-time programmable random Data (TRNG Data); encrypting the user update key Hash value (New Pin _ Hash D) based on the random Data (TRNG Data) to obtain a user update password ciphertext (New C _ Pin _ Hash) and replacing the user original password ciphertext (C _ Pin _ Hash); generating a true random number (New TRNG _ Data); and encrypting the true random number (New TRNG _ Data) based on the user update key Hash value (New Pin _ Hash D) to obtain a Data update key encrypted value (New C _ TRNG _ Hash) and replace the Data original key encrypted value (C _ TRNG _ Hash).
Optionally, the key updating method further includes: converting the user original password and the identification code by using a Hash algorithm to obtain a user original key Hash value (Pin _ Hash D); encrypting the user raw key Hash value (Pin _ Hash D) based on the random Data (TRNG Data) to obtain a user raw ciphertext reference value (C _ Pin _ Hash _ R); acquiring the user original password ciphertext (C _ Pin _ Hash); judging whether the user original password ciphertext (C _ Pin _ Hash) is the same as the user original ciphertext reference value (C _ Pin _ Hash _ R) or not; if the user update password is the same as the identification code, the user update password and the identification code are converted by using a hash algorithm.
Optionally, the step of converting the user original password and the identification code includes: selecting an original password specific digit from the user original password; selecting a specific digit of the identification code from the identification code; splicing the specific digits of the original password and the specific digits of the identification code to form a spliced digit sequence; and converting the concatenated sequence of numbers by using a Hash algorithm to obtain the user raw key Hash value (Pin _ Hash D).
Optionally, the original password specific digit is the first 128-bit element of the original password of the user, and the identification code specific digit is the first 128-bit element of the identification code.
Optionally, the concatenation number sequence is formed by connecting the specific digits of the original password and the specific digits of the identification code.
Optionally, the concatenation number sequence is formed by rearranging the specific digits of the original password and the specific digits of the identification code according to a specific rule.
Optionally, the step of encrypting the user raw key Hash value (Pin _ Hash D) includes: converting the random Data (TRNG Data) by using a Hash algorithm to obtain a random Data Hash value (Hash _ 0); and encrypting the user original key Hash value (Pin _ Hash D) based on the random data Hash value (Hash _0) to obtain the user original ciphertext reference value (C _ Pin _ Hash _ R).
Optionally, the data raw key encrypted value (C _ TRNG _ Hash) includes a first data raw key encrypted value (C _ TRNG _ Hash _1) and a second data raw key encrypted value (C _ TRNG _ Hash _2), and the key updating method further includes: selecting a key specific number of bits from the user raw key Hash value (Pin _ Hash D); acquiring the first data original key encrypted value (C _ TRNG _ Hash _1) and the second data original key encrypted value (C _ TRNG _ Hash _ 2); decrypting the first data raw key encrypted value (C _ TRNG _ Hash _1) based on the key specific bit number to obtain a first data raw key (TRNG _ Hash _ 1); and decrypting the second data raw key encrypted value (C _ TRNG _ Hash _2) based on the first data raw key (TRNG _ Hash _1) to obtain a second data raw key (TRNG _ Hash _ 2).
Optionally, the key-specific number of bits is the first 128-bit element of the user raw key Hash value (Pin _ Hash D).
Optionally, the Data update key encrypted value (New C TRNG Hash) comprises a first Data update key encrypted value (New C TRNG Hash 1), and the step of encrypting the true random number (New TRNG Data) comprises: converting the true random number (New TRNG _ Data) by using a Hash algorithm to obtain a true random number Hash value (New TRNG _ Hash); and encrypting the true random number Hash value (New TRNG _ Hash) based on the user update key Hash value (New Pin _ Hash D) to obtain the first data update key encrypted value (New C _ TRNG _ Hash _ 1).
Optionally, the Data update key encrypted value (New C TRNG Hash) comprises a second Data update key encrypted value (New C TRNG Hash 2), and the step of encrypting the true random number (New TRNG Data) further comprises: encrypting the second data primary key (TRNG _ Hash _2) based on the true random number Hash value (New TRNG _ Hash) to obtain the second data update key encrypted value (New C _ TRNG _ Hash _ 2).
Optionally, the hash algorithm is SM 3.
Optionally, the encryption is performed using the SM4 algorithm.
In another aspect, an information processing apparatus is disclosed that includes a processor and a memory. The memory stores a computer program code for key renewal, which when executed by the processor, performs the aforementioned method.
In another aspect, the present invention discloses a key updating apparatus configured in a storage device, connected to an off-chip storage unit, where the off-chip storage unit stores a user encryption key, and the user encryption key includes a user original password ciphertext (C _ Pin _ Hash) and a data original key encrypted value (C _ TRNG _ Hash). The key updating device comprises a hash module, a one-time programmable module, a true random number generation module and an encryption module. The hash module is used for converting a user update password and the identification code of the storage device to obtain a New Pin _ hash value (NEW) of a user update key; the one-time programmable module is used for storing one-time programmable random Data (TRNG Data); the true random number generation module is used for generating a true random number (New TRNG _ Data); the encryption module is used for encrypting the user updating key Hash value (New Pin _ Hash D) based on the random Data (TRNG Data) so as to obtain a user updating password ciphertext (New C _ Pin _ Hash), and encrypting the true random number (New TRNG _ Data) based on the user updating key Hash value (New Pin _ Hash D) so as to obtain a Data updating key encryption value (New C _ TRNG _ Hash).
Optionally, the Hash module converts the user raw password and the identification code to obtain a user raw key Hash value (Pin _ Hash D); the encryption module encrypts the user original key Hash value (Pin _ Hash D) based on the random Data (TRNG Data) to obtain a user original ciphertext reference value (C _ Pin _ Hash _ R); and if the user original password ciphertext (C _ Pin _ Hash) is the same as the user original ciphertext reference value (C _ Pin _ Hash _ R), the Hash module converts the user update password and the identification code.
Optionally, when the Hash module converts the user original password and the identification code, the Hash module converts a concatenated sequence to obtain the user original key Hash value (Pin _ Hash D), wherein the concatenated sequence is formed by concatenating an original password specific bit number and an identification code specific bit number, and wherein the original password specific bit number is selected from the user original password and the identification code specific bit number is selected from the identification code.
Optionally, the original password specific digit is the first 128-bit element of the original password of the user, and the identification code specific digit is the first 128-bit element of the identification code.
Optionally, the concatenation number sequence is formed by connecting the specific digits of the original password and the specific digits of the identification code.
Optionally, the concatenation number sequence is formed by rearranging the specific digits of the original password and the specific digits of the identification code according to a specific rule.
Optionally, the Hash module converts the random Data (TRNG Data) to obtain a random Data Hash value (Hash _0), and the encryption module encrypts the user raw key Hash value (Pin _ Hash D) based on the random Data Hash value (Hash _0) to obtain the user raw ciphertext reference value (C _ Pin _ Hash _ R).
Optionally, the system further comprises a decryption module, wherein the data raw key encrypted value (C _ TRNG _ Hash) comprises a first data raw key encrypted value (C _ TRNG _ Hash _1) and a second data raw key encrypted value (C _ TRNG _ Hash _ 2); the decryption module decrypts the first data original key encrypted value (C _ TRNG _ Hash _1) based on the specific bit number of the key to obtain a first data original key (TRNG _ Hash _ 1); the decryption module is also used for decrypting the encrypted value (C _ TRNG _ Hash _2) of the second data original key based on the first data original key (TRNG _ Hash _1) to obtain a second data original key (TRNG _ Hash _ 2); wherein the key-specific number of bits is selected from the user raw key Hash value (Pin _ Hash D).
Optionally, the key-specific number of bits is the first 128-bit element of the user raw key Hash value (Pin _ Hash D).
Optionally, the Data update key encrypted value (New C TRNG Hash) comprises a first Data update key encrypted value (New C TRNG Hash 1), the Hash module transforms the true random number (New TRNG Data) to obtain a true random number Hash value (New TRNG Hash), and the encryption module encrypts the true random number Hash value (New TRNG Hash) based on the user update key Hash value (New Pin Hash D) to obtain the first Data update key encrypted value (New C TRNG Hash 1).
Optionally, the encrypted value of the data update key (New C TRNG Hash) comprises an encrypted value of a second data update key (New C TRNG Hash 2), and the encryption module encrypts the second raw data key (TRNG Hash 2) based on the true random number Hash value (New TRNG Hash) to obtain the encrypted value of the second data update key (New C TRNG Hash 2).
Optionally, the hash algorithm is SM 3.
Optionally, the encryption is performed using the SM4 algorithm.
The method utilizes the one-time programmable random Data (TRNG Data) to encrypt the user updating key Hash value (New Pin _ Hash D) so as to obtain a user updating password ciphertext (New C _ Pin _ Hash), and utilizes the true random number to encrypt so as to obtain a Data updating key encryption value (New C _ TRNG _ Hash), and the key updating mode is bound with the storage device, so that the updating is convenient and fast, and the encryption effect is good.
Drawings
The above and other objects, features and advantages of exemplary embodiments of the present invention will become readily apparent from the following detailed description read in conjunction with the accompanying drawings. In the accompanying drawings, several embodiments of the present invention are illustrated by way of example and not by way of limitation, and like reference numerals designate like or corresponding parts throughout the several views, in which:
FIG. 1 is a schematic diagram illustrating an application scenario of the present invention;
fig. 2 is a schematic structural diagram showing a key updating apparatus of an embodiment of the present invention;
FIG. 3 is a flow chart showing an embodiment of the present invention in the password authentication phase;
FIG. 4 is a flow chart showing an embodiment of the present invention in the key calculation phase;
FIG. 5 is a flow diagram illustrating the generation of user update password ciphertext in a password setup phase in accordance with an embodiment of the present invention;
FIG. 6 is a flow chart showing the generation of a data update key encrypted value in the password setup phase of an embodiment of the present invention;
FIG. 7 is a flow chart illustrating encryption of user data using a key encryption value in accordance with an embodiment of the present invention;
FIG. 8 is a flow chart showing another embodiment of the present invention in the key calculation phase;
FIG. 9 is a flowchart showing another embodiment of the present invention for generating a data update key encrypted value in a password setup phase; and
fig. 10 is a flow chart illustrating another embodiment of the present invention for enabling encryption of user data.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be understood that the terms "first", "second", "third" and "fourth", etc. in the claims, the description and the drawings of the present invention are used for distinguishing different objects and are not used for describing a particular order. The terms "comprises" and "comprising," when used in the specification and claims of this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification and claims of this application, the singular form of "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should be further understood that the term "and/or" as used in the specification and claims of this specification refers to any and all possible combinations of one or more of the associated listed items and includes such combinations.
As used in this specification and claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection".
The following detailed description of embodiments of the invention refers to the accompanying drawings.
Fig. 1 is a schematic diagram illustrating an application scenario of the present invention, where the application scenario of the present invention includes a host 11 and a storage device 12, and a user stores data in the storage device 12 or reads data from the storage device 12 through the host 11.
The host 11 is an information processing apparatus, for example: personal computers, tablets, servers, laptops, network switches, routers, cellular phones, personal digital assistants, etc.; the storage device 12 is used to provide storage capabilities for the host 11. The host 11 and the storage device 12 are connected to each other by, but not limited to, SATA (Serial Advanced Technology Attachment), SCSI (Small Computer System Interface), SAS (Serial Attached SCSI), IDE (Integrated Drive Electronics), USB (Universal Serial Bus), PCIE (Peripheral Component Interconnect Express), ethernet, fiber channel, wireless communication network, and the like. Thus, the host 11 and the storage device 12 may belong to the same set of physical devices using a wired connection, or the storage device 12 may be a remote device on the same Local Area Network (LAN) or Wide Area Network (WAN) as the host 11.
The Memory device 12 includes an interface 121, a controller 122, an NVM array 123, and a DRAM (Dynamic Random Access Memory) 124.
The interface 121 is used to communicate with the host 11, and can be adapted to SATA, IDE, USB, PCIE, SAS, ethernet, fibre channel, etc. based on the aforementioned connection method.
The controller 122 is used to coordinate data transfer tasks between the interface 121, the NVM array 123, and the DRAM 124, and may be implemented in various ways, such as software, hardware, firmware, or a combination thereof. Taking hardware as an example, the controller 122 may be in the form of an FPGA (Field Programmable Gate Array), an ASIC (Application Specific Integrated Circuit), a CPU, or a combination thereof.
The NVM array 123 is a storage device in the storage device 12 for storing user data, and typically employs a non-volatile memory, which does not lose stored data even when power is turned off. NVM array 123 generally includes one, more or a plurality of NVM chips, each of which may be a NAND flash Memory, a phase change Memory, a FeRAM (Ferroelectric RAM), a MRAM (magnetoresistive Memory), a RRAM (Resistive Random Access Memory), an XPoint Memory, etc.
The DRAM 124 is used for buffering input/output commands sent from the host 11 for the controller 122 to fetch.
For user data stored in the NVM array 123, it needs to be encrypted to ensure information security. For this, the controller 122 is provided with a command processing unit 125 and a key management unit 126.
The user encryption key is used to encrypt and decrypt data stored in the storage device 12. Thus, the user encryption key needs to be reliably maintained in the off-chip storage unit of the storage device 12. Even if the storage device 12 is disassembled and the off-chip storage unit storing the user encryption key is forcibly directly accessed by an external tool, it is necessary to ensure the security of the user encryption key and the user data, i.e., to ensure that the user encryption key obtained from the off-chip storage unit cannot be used to decrypt the data encrypted by it without authentication. In a big data application scenario, a user may use multiple storage devices of the same model to store data. For ease of administration, a user may use the same user-original password for these storage devices, even in such a scenario, preventing the application of the controller 122 utilizing the disassembled authorized storage device to an unauthorized storage device from accessing the data of the unauthorized storage device. Furthermore, there is a need to satisfy that user encryption keys can be updated in use.
The user generates an IO command and a key management command through the host 11. These commands are temporarily stored in the DRAM 124 via the interface 121. The command processing unit 125 sequentially fetches commands from the DRAM 124 for processing. Taking the key management command as an example, the command processing unit 125 instructs the key management unit 126 to process the user key, which may be setting or updating the user encryption key. The user encryption key includes a user original password ciphertext (C _ Pin _ Hash) generated by encrypting a user password with an identification code of the controller 122, and a data original key encryption value (C TRNG _ Hash) generated by encrypting a user password with a true random number. The user encryption key is managed and held by the key management unit 126, and the command processing unit 125 cannot directly access the user encryption key. The controller 122 of each storage device 12 carries a corresponding identification code. The identification codes of the controllers 122 are generated and written in the controllers 122 during the manufacturing process of the controllers 122, and the generated controllers 122 each have a different identification code even though the same generation flow and process are used.
When storage device 12 receives the IO command, command processing unit 125 instructs key management unit 126 to encrypt and/or decrypt user data to be accessed. If the IO command is to read data, the key management unit 126 decrypts the user data read from the NVM array 123 based on the user original password ciphertext (C _ Pin _ Hash) and the data original key encrypted value (C _ TRNG _ Hash), and directly sends the decrypted data to the host 11 through the interface 121. If the IO command is write data, the key management unit 126 encrypts the user data transmitted to the storage device 12 based on the user original password ciphertext (C _ Pin _ Hash) and the data original key encryption value (C _ TRNG _ Hash), and writes the encrypted user data into the NVM array 123.
In summary, the key management unit 126 encrypts or decrypts the user data according to the instruction from the command processing unit 125, and in the process, the command processing unit 125 cannot obtain the information of the user original password ciphertext (C _ Pin _ Hash) and the data original key encrypted value (C _ TRNG _ Hash), so as to avoid information or data leakage.
In order to ensure the security of the key information, the system of fig. 1 initiates the key updating process under specific circumstances, such as the user actively updates (e.g., resets, modifies) the user password ciphertext and the data key encryption value, or the host 11 periodically reminds the user to update the user password ciphertext and the data key encryption value.
The first embodiment of the present invention is a key updating apparatus applied in the system of fig. 1, for updating the user original password ciphertext (C _ Pin _ Hash) and the data original key encrypted value (C _ TRNG _ Hash), that is, obtaining the user updated password ciphertext (New C _ Pin _ Hash) and the data updated key encrypted value (New C _ TRNG _ Hash). This key update means may be the key management unit 126 or another unit in the controller 122.
Fig. 2 shows a schematic structural diagram of the key updating apparatus of this embodiment.
As shown in fig. 2, the key updating apparatus 21 is connected to an off-chip storage unit 22, and the off-chip storage unit 22 may be the DRAM 124, the NVM array 123 of fig. 1 or other storage units in the storage device 12, such as a NOR Flash (NOR Flash), for storing original or updated user encryption keys. The key updating apparatus 21 includes a hash module 211, a one-time programmable module 212, a true random number generation module 213, an encryption module 214, and a decryption module 215.
The hash module 211 is configured to perform a hash operation on the input data according to a hash algorithm standard in the hash algorithm SM 3. SM3 is a cryptographic hash function standard, for example, the SM3 algorithm in the embodiment of the present invention is issued by the national crypto authority in 21/03/2012, and the related standard is "GM/T0004-. The SM3 is mainly used for digital signature and verification, message authentication code generation and verification, random number generation, etc., and its security and efficiency are comparable to SHA-256. Alternatively, a hashing algorithm such as MD5, SHA, etc. may also be applied to the hashing module 211 according to an embodiment of the present application.
One implementation of the One-Time Programmable module 212 is a One-Time Programmable (OTP) memory, which can be written (programmed) only once during the life cycle, and cannot be modified after being programmed. For example, the user writes the value of the OTP memory to 0 xffffffe by programming, and the value will always remain 0 xffffffe and cannot be rewritten to other values.
The true random number generation module 213 is a hardware random number generator (TRNG) that generates random numbers based on physical processes other than computer programs. Such devices typically generate random numbers based on microscopic phenomena that generate low-level, statistically random "noise" signals, such as thermodynamic noise, photoelectric effects, quantum phenomena, and the like. These physical phenomena are theoretically completely undetectable and uncontrollable, and thus have good randomness. The true random number generating module 213 includes a transducer for converting some of the effects of the aforementioned microscopic phenomena into an electrical signal, an amplifier for amplifying the amplitude of its electrical signal to a macroscopic level, and an analog-to-digital converter for converting its output into a binary number. By repeatedly sampling these random signals, a series of random numbers are generated.
The encryption module 214 is used to perform encryption calculations on the input data according to an encryption algorithm such as the SM4 standard. SM4 is a packet cipher standard issued by the national crypto authority on day 3/21 2012. The relevant standard is "GM/T0002-2012 SM4 block cipher Algorithm". The SM4 is mainly used for data encryption, and the packet length and the key length are both 128 bits. Alternatively, an encryption algorithm such as AES may also be applied to the encryption module 214 according to an embodiment of the present application. The input of the encryption module 214 includes a plaintext of data to be encrypted and a key, and the encryption module 214 encrypts the plaintext data by using the key and outputs an encrypted ciphertext.
Decryption module 215 is used to decrypt the input data according to a decryption algorithm such as SM 4. It divides the ciphertext into multiple equal-length modules, and decrypts each group separately using the SM4 algorithm and symmetric key. The input of the decryption module 215 includes ciphertext data to be decrypted and a key, and the decryption module 215 decrypts the ciphertext using the key and outputs decrypted plaintext data.
In the embodiment of the present invention, the hash module 211, the encryption module 214, and the decryption module 215 all process the data inputted thereto in the manner described above, and output the data processing result. The output destination module is determined by the interfaces of the modules and the coupling relation among the modules. As shown illustratively in fig. 2, the respective outputs of the one-time programmable module 212 and the true random number generation module 213 are coupled to the input of a hash module 211, and the output of the hash module 211 is coupled to the outputs of an encryption module 214 and a decryption module 215.
Those skilled in the art will appreciate that algorithms such as SM3, SM4, MD5, AES, and the like may be implemented in hardware, software, or a combination thereof. A hardware implemented SM4/AES encryption circuit is provided in, for example, chinese patent applications 201910577949.0, 202010285739.7.
In this embodiment, the key update flow is divided into 3 stages: a password authentication stage, a key calculation stage and a password setting stage. The password authentication phase is used to identify whether the user is a legitimate user and to identify whether the controller 122 is installed correctly. And entering a key calculation stage after the password is confirmed to be correct, and solving the plaintext of the user data key. And finally, entering a password setting stage, and encrypting the plaintext, the New user password, the identification code of the controller 122 and the true random number in a matching manner to obtain a user update password ciphertext (New C _ Pin _ Hash) and a data update key encryption value (New C _ TRNG _ Hash). Each stage will be described in detail below.
Fig. 3 shows a flow chart of this embodiment in the password authentication phase.
In step 301, the key updating apparatus 21 receives the user's original password input from the user through the host 11. In step 302, a particular number of digits of the original password is selected from the user's original password. In step 303, the identification code of the controller 122 is read. In step 304, a particular number of bits of the identification code is selected from the identification code of the controller 122. In step 305, the original password specific digit and the identification code specific digit are concatenated to form a concatenated digit sequence. In this embodiment, the steps 301-305 can be implemented by specific circuits of the key updating apparatus 21 or by a processing unit of the controller 122. Optionally, the key update apparatus 21 receives the concatenated sequence, for example, obtained in step 305, and the key update apparatus 21 inputs the concatenated sequence into the hash module 211.
In step 306, the Hash module 211 implements the SM3 algorithm to convert the user raw password input to the Hash module 211 with the identification code to obtain the user raw key Hash value (Pin _ Hash D). In more detail, when the Hash module 211 converts the user raw password and the identification code, the concatenation number sequence obtained in the previous step 305 is converted to obtain the user raw key Hash value (Pin _ Hash D). Alternatively, the user original password and the identification code are not limited to the concatenation number sequence, and accordingly, the hash module 211 processes the input data, which is equivalent to executing the SM3 algorithm on the input data. Further optionally, the hash module 211 can process data with a preset length, and the length of the concatenation sequence is equal to the preset length. For example, the preset length is 128 bits, 256 bits, etc., and the preset length can be configured according to the requirement, and the preset length is not limited by the present invention.
In this embodiment, the original password specific digit is the first 128 bits of the user's original password, and the ID specific digit is also the first 128 bits of the ID. Optionally, the length of the specific number of bits of the original password is not equal to the length of the specific number of bits of the identification code. For example, the specific bits of the original password are 128 bits in length, while the specific bits of the identification code are 64 bits in length. In this embodiment, the length of the specific digits of the original password and the specific digits of the identification code may be set according to the requirement, which is not limited herein. In one case, when the concatenation number sequence is formed, the specific digits of the original password and the specific digits of the identification code may be directly connected in front of and behind each other, and the specific digits of the original password or the specific digits of the identification code may be in front of each other. In another case, the original password specific digit and the identification code specific digit may be rearranged by a specific rule, such as random rearrangement, or the original password specific digit and the identification code specific digit may be arranged at intervals. Regardless of the rules employed in this embodiment to form the splice sequence, the length of the formed splice sequence is fixed.
In step 307, the otp module 212 outputs the random Data (TRNG Data) to the hash module 211, wherein the random Data (TRNG Data) is a value that was previously written into the otp module 212 and cannot be modified. For example, the key update apparatus 21 sends an indication signal to the one-time programmable module 212 when inputting the concatenated sequence into the hash module 211, thereby triggering the one-time programmable module 212 to execute step 307. In response to receiving the random Data (TRNG Data), proceeding to step 308, the Hash module 211 implements the SM3 algorithm to convert the random Data (TRNG Data) to obtain a random Data Hash value (Hash _ 0). In this embodiment, the steps 307 and 308 are not in a definite sequence, for example, the hash module 211 receives the random Data (TRNG Data) first and then executes the step 307 first. Further, the hash module 211 has the capability of performing two operations at the same time, and step 307 and step 308 can be performed at the same time.
In response to receiving the random Data (TRNG Data) and the user raw key Hash value (Pin _ Hash D), the encryption module 214 encrypts the user raw key Hash value (Pin _ Hash D) by using the SM4 algorithm based on the random Data Hash value (Hash _0) to obtain a user raw ciphertext reference value (C _ Pin _ Hash _ R), step 309 is performed. In one case, the encryption module 214 uses the SM4 algorithm to use the first 128 bits of the random data Hash value (Hash _0) as a key and the first 128 bits of the user original key Hash value (Pin _ Hash D) as a plaintext to encrypt, and the obtained user original ciphertext reference value (C _ Pin _ Hash _ R) is the ciphertext, and is also 128 bits. That is, in any encryption in the present embodiment, the length of encrypted data is not changed, and the plaintext before encryption and the ciphertext after encryption are basically the same in length. From step 307 to step 309, the encryption module 214 encrypts the user original key Hash value (Pin _ Hash D) based on the non-variable random Data (TRNG Data) in the one-time programmable module 212 to obtain the user original ciphertext reference value (C _ Pin _ Hash _ R).
In step 310, the key updating apparatus 21 fetches the user's original password ciphertext (C _ Pin _ Hash) from the off-chip storage unit 22. Step 310 may be performed after step 305. In step 311, the key updating apparatus 21 determines whether the user's original password ciphertext (C _ Pin _ Hash) stored in the off-chip storage unit 22 is the same as the user's original ciphertext reference value (C _ Pin _ Hash _ R).
Optionally, the key updating apparatus 21 further includes a judging module, and after the user original password ciphertext (C _ Pin _ Hash) and the user original ciphertext reference value (C _ Pin _ Hash _ R) are input into the judging module, the judging module executes step 311. If the determination result is the same, it indicates that the user password is correct, and the controller 122 is not installed on the other storage device 12, so that the authentication is passed. If the user original password ciphertext (C _ Pin _ Hash) is not the same as the user original password reference value (C _ Pin _ Hash _ R), it indicates that the user password is wrong, or the NVM chip is replaced by another NVM chip and the authentication is not passed, then step 313 is executed to stop updating the key. Further, when the determination results are different, the key updating apparatus 21 generates authentication failure information to notify that the user password currently input by the host 11 is incorrect or that the controller 122 is not correctly installed in the storage device 12, and the specific reason for the authentication failure is handed to the host 11 for determination.
After the authentication is successful, step 312 is executed to enter a key calculation stage, where the hash module 211 converts the user update password and the identification code of the controller 122 to generate a new key.
Further alternatively, in this embodiment, the number of times of authentication failure and re-authentication may be set, for example, to 5 times, that is, when it is determined in step 311 that the user original password ciphertext (C _ Pin _ Hash) is not the same as the user original ciphertext reference value (C _ Pin _ Hash _ R), the key updating apparatus 21 may send an error message to the host 11 to notify the user that the authentication failure occurs and request the user to re-input the user original password. When the authentication fails more than 5 times, step 313 is executed to stop the key update operation. Once step 313 is executed, the key updating apparatus 21 needs to be restarted, wait for the instruction of the host 11, or wait for a certain time (e.g., 1 hour) before updating the key again.
After the password authentication phase passes the authentication, the key calculation phase is entered. In this embodiment, for example, the key calculation is set to one stage, and the data original key can be obtained by performing the calculation only once.
Fig. 4 shows a flow chart of this embodiment in the key calculation phase.
In step 401, the data raw key encrypted value (C TRNG Hash) is read from the off-chip storage unit 22. In step 402, a key-specific number of bits is selected from the user raw key Hash value (Pin _ Hash D) generated in step 306, for example, the first 128-bit element of the user raw key Hash value (Pin _ Hash D). After inputting the selected key specific bit number of the user raw key Hash value (Pin _ Hash D) into the decryption module 215, step 403 is executed, and the decryption module 215 decrypts the data raw key encrypted value (C _ TRNG _ Hash) based on the key specific bit number to obtain the data raw key (TRNG _ Hash). In more detail, the decryption module 215 decrypts the encrypted value of the original data key (C _ TRNG _ Hash) as an input with the specific number of bits of the key as the key used by the SM4 algorithm to obtain the original data key (TRNG _ Hash) in plaintext. For example, when the key specific bit is the first 128 bits of the Hash value (Pin _ Hash D) of the original key of the user, the decryption module 215 also fetches the first 128 bits of the original key (TRNG _ Hash) for use in decryption.
In the password setting stage of the key updating, a New user password ciphertext and a data key encrypted value are generated, namely, the user updating password ciphertext (New C _ Pin _ Hash) and the data updating key encrypted value (New C _ TRNG _ Hash) are obtained.
Fig. 5 shows a flowchart of this embodiment for generating a user-updated password ciphertext (New C _ Pin _ Hash) in the password setup phase.
First, the user inputs a new user password (hereinafter, referred to as a user update password) from the host computer 11. In step 501, the key update apparatus 21 receives a user update password, which is reset by the user and is different from the user's original password, and transmits the user update password to the storage device 12 through the host 11. In step 502, an update password specific number of bits is selected from the user update password. In step 503, the identification code of the controller 122 is read. In step 504, a particular number of bits of the identification code is selected from the identification code of the controller 122. In step 505, the password-specific bit number and the identification code-specific bit number are concatenated to form a concatenated sequence, in the manner described above. Alternatively, the key update apparatus 21 may receive, in addition to the user update password, a sequence of concatenated user update passwords and the identification codes of the controllers 122, a specific number of digits of the user update password and/or the identification codes of the controllers 122, or a sequence of concatenated specific numbers of digits of the user update password and the identification codes of the controllers 122.
After the hash module 211 receives the concatenated sequence, it proceeds to step 506. The hash module 211 implements the SM3 algorithm to convert the user update password into an identification code to obtain a user update key hash value (New Pin _ hash D). In more detail, when the hash module 211 converts the user update password and the identification code, the user update password is converted based on the concatenation number sequence to obtain a user update key hash value (New Pin _ hash D). The hash module 211 outputs the user update key hash value (New Pin _ hash D) to the encryption module 214.
In response to receiving the user update password, at step 507. The one-time programmable module 212 outputs random Data (TRNG Data) to the hash module 211. Upon receiving the random Data (TRNG Data), the Hash module 211 executes step 508, and the Hash module 211 implements SM3 algorithm to convert the random Data (TRNG Data) to obtain a random Data Hash value (Hash _ 0). The Hash module 211 outputs the random data Hash value (Hash _0) to the encryption module 214.
Upon receiving the random data Hash value (Hash _0) and the user update key Hash value (New Pin _ Hash D), the encryption module 214 performs step 509. In this step, the encryption module 214 encrypts the user update key Hash value (New Pin _ Hash D) by using the SM4 algorithm based on the random data Hash value (Hash _0) to obtain a user update password ciphertext (New C _ Pin _ Hash). In one case, the encryption module 214 encrypts the first 128 bits of the random data Hash value (Hash _0) as a key and the first 128 bits of the user update key Hash value (New Pin _ Hash D) as plaintext using the SM4 algorithm to obtain the user update password ciphertext (New C _ Pin _ Hash). From step 507 to step 509, the encryption module 214 encrypts the user update key Hash value (New Pin _ Hash D) based on the random Data (TRNG Data) of the one-time programmable module 212 to obtain a user update password ciphertext (New C _ Pin _ Hash). Finally, step 510 is executed to store the user updated password ciphertext (New C _ Pin _ Hash) to the off-chip storage unit 22, and delete the user original password ciphertext (C _ Pin _ Hash). Up to this point, the user's original password ciphertext (C _ Pin _ Hash) is updated to the user's updated password ciphertext (New C _ Pin _ Hash).
Fig. 6 shows a flowchart of this embodiment for generating a data update key encrypted value (New C TRNG Hash) in the password setting stage. In this embodiment, for example, the key encryption level is set to one level, i.e., the data update key encryption value (New C TRNG Hash) can be obtained by performing encryption only once.
In step 601, a key-specific number of bits is selected from the user update key hash value (New Pin _ hash D) generated in step 506, for example, the key-specific number of bits is the first 128-bit element of the user update key hash value (New Pin _ hash D). In step 602, the true random number generation module 213 generates a true random number (New TRNG _ Data). Optionally, after receiving the user update password, the key updating apparatus 21 sends an instruction message to the true random number generating module 213 to instruct the true random number generating module 213 to execute step 602; alternatively, after step 601 is executed, the key updating apparatus 21 sends the instruction information to the true random number generation module 213 to instruct the true random number generation module 213 to execute step 602. The true random number generation module 213 outputs the true random number (New TRNG _ Data) to the hash module 211.
In response to receiving the true random number (New TRNG _ Data), the Hash module 211 performs step 603, and specifically, the Hash module 211 implements SM3 algorithm to convert the true random number (New TRNG _ Data) to obtain a true random number Hash value (New TRNG _ Hash). The Hash module 211 outputs the true random number Hash value (New TRNG _ Hash) to the encryption module 214. After receiving the true random number Hash value (New TRNG _ Hash) and the user update key Hash value (New Pin _ Hash D), the encryption module 214 proceeds to step 604, and the encryption module 214 encrypts the true random number Hash value (New TRNG _ Hash) based on the user update key Hash value (New Pin _ Hash D) to obtain a data update key encrypted value (New C _ TRNG _ Hash).
In one case, the encryption module 214 encrypts the first 128 bits of the user updated key Hash value (New Pin _ Hash D) as a key and the first 128 bits of the true random number Hash value (New TRNG _ Hash) as a plaintext using the SM4 algorithm, and the obtained data updated key encrypted value (New C _ TRNG _ Hash) is a ciphertext. In other words, the encryption module 214 theoretically encrypts the true random number (New TRNG _ Data) based on the user update key Hash value (New Pin _ Hash D) to obtain the Data update key encrypted value (New C _ TRNG _ Hash).
Finally, step 605 is executed in which the key updating apparatus 21 stores the data updating key encrypted value (New C _ TRNG _ Hash) into the off-chip storage unit 22, and deletes the data original key encrypted value (C _ TRNG _ Hash).
The key updating apparatus 21 has updated the user password ciphertext and the data key encrypted value, that is, the user updated password ciphertext (New C _ Pin _ Hash) is used to replace the user original password ciphertext (C _ Pin _ Hash), and the data updated key encrypted value (New C _ TRNG _ Hash) is used to replace the data original key encrypted value (C _ TRNG _ Hash). After the update, when the storage device 12 encrypts/decrypts the user data, the user update password ciphertext (New C _ Pin _ Hash) and the data update key encrypted value (New C _ TRNG _ Hash) are used as the encryption/decryption keys. Taking the example that the IO command received by the command processing unit 125 is write data, in this embodiment, before encrypting the received user data, the identity of the user needs to be authenticated first, and this authentication flow is similar to the flow chart of the password authentication stage in fig. 3, and is not described again here.
Fig. 7 shows a flow chart for encrypting user data using a key encryption value.
In this embodiment, the key encrypted value includes a data update key encrypted value (New C _ TRNG _ Hash) and a data raw key encrypted value (C _ TRNG _ Hash). The flow in fig. 7 will be described below by taking the data updating key encrypted value (New C _ TRNG _ Hash) as an example, and it can be understood that when the user data is encrypted by using the data original key encrypted value (C _ TRNG _ Hash), only the parameters related to the data updating key encrypted value (New C _ TRNG _ Hash) in fig. 7 need to be replaced by the data original key encrypted value (C _ TRNG _ Hash).
In step 701, the data update key encrypted value (New C TRNG Hash) is read from the off-chip storage unit 22. In step 702, the user updated key Hash value (New Pin _ Hash D) is read from the off-chip storage unit 22 and a key specific number of bits is selected from the key-specific number of bits, for example, the first 128-bit element of the user updated key Hash value (New Pin _ Hash D). In step 703, the decryption module 215 decrypts the data update key encrypted value (New C _ TRNG _ Hash) based on the key specific bit number. The plaintext obtained by decryption may be a true random number Hash value (New TRNG _ Hash) or another random number Hash value (the random data is also output by the one-time programmable module, specifically, the random data may be output by the one-time programmable module 212 or another one-time programmable module, but the value of the random data is different from the value of the random data obtained in step 307). In more detail, for example, the decryption module 215 decrypts the data update key encrypted value (New C TRNG _ Hash) as an input with the key specific bit number as the key of the SM4 algorithm to obtain the true random number Hash value (New TRNG _ Hash) of the plaintext state.
Key post-processing is then performed. In step 704, the one-time programmable module outputs random data. The value of the random data is different from the value of the random data of step 307 or the value of the further random data involved in step 703. For example, the key updating apparatus 21 may include a plurality of one-time programmable modules to generate different random data; for another example, the one-time programmable module 212 may generate more than 1 random data. Although the three random data values present in this embodiment may be set to be equal (i.e., only one random data value is set by the otp module 212), the security of data encryption is reduced when the three random data values are the same. Further optionally, at least 2 different values in the three random data in step 307, step 703 and step 704 are obtained.
In step 705, a particular number of bits of random data is selected from the further random data. In step 706, the identification code of the controller 122 is read. In step 707, an identification code specific number of bits is selected from the identification code of the controller 122. In step 708, the specific number of bits of the random data and the specific number of bits of the identification code are concatenated to form a concatenated number sequence (when the random data is different, the resulting concatenated number sequence is different from the concatenated number sequence in fig. 3), in the manner as described above. In step 709, the Hash module 211 implements the SM3 algorithm to convert the splice sequence to obtain a post-processed Hash value (Hash _ 3).
In step 710, the encryption module 214 encrypts the post-processing Hash value (Hash _3) using the SM4 algorithm based on the true random number Hash value (New TRNG _ Hash) to obtain the user data key. Optionally, another implementation of step 710 is that the encryption module 214 encrypts the post-processed Hash value (Hash _3) with the SM4 algorithm based on a further random number Hash value to obtain the user data key.
In step 711, the encryption module 214 encrypts the user data using the SM4 algorithm based on the user data key to obtain a user data ciphertext. In step 712, the key management unit 126 stores the user data ciphertext to the NVM array 123. To this end, the storage device 12 completes the process of encrypting and storing the user data based on the user update password ciphertext (New C _ Pin _ Hash) and the data update key encrypted value (New C _ TRNG _ Hash).
The second embodiment of the present invention is another key updating apparatus applied in the system of fig. 1 and 2, for obtaining a user updated password ciphertext (New C _ Pin _ Hash) and a data updated key encrypted value (New C _ TRNG _ Hash). In this embodiment, the key update process also includes a password authentication phase, a key calculation phase, and a password setting phase.
The flow in the password authentication phase in this embodiment is the same as the flow in fig. 3, and is not described again. In the key calculation stage, the difference between this embodiment and the first embodiment is that the key calculation level of this embodiment can be set to two levels or more, that is, at least two calculations are performed to obtain the original data key. Accordingly, the off-chip storage unit 22 of this embodiment stores, in addition to the user original password ciphertext (C _ Pin _ Hash), a first data original key encrypted value (C _ TRNG _ Hash _1), a second data original key encrypted value (C _ TRNG _ Hash _2), … …, and an nth data original key encrypted value (C _ TRNG _ Hash _ n), n being an integer greater than or equal to 3, and n being a preset key calculation level. For convenience of description, the key calculation level set to two levels will be exemplified below. It is to be understood that, when the key calculation level is set to a plurality of levels (three levels and more), the second level in the present embodiment corresponds to the last level in the plurality of levels, and the first level and the intermediate level in the plurality of levels are handled in the same manner as the first level in the present embodiment.
Fig. 8 shows a flow chart of the key calculation phase provided by this embodiment.
In step 801, the first data raw key encrypted value (C _ TRNG _ Hash _1) and the second data raw key encrypted value (C _ TRNG _ Hash _2) are read from the off-chip storage unit 22. In step 802, a key-specific number of bits is selected from the user raw key Hash value (Pin _ Hash D) generated in step 306, e.g., the key-specific number of bits is also the first 128-bit element of the user raw key Hash value (Pin _ Hash D).
In step 803, a first stage of key calculation is performed, and the decryption module 215 decrypts the encrypted value of the first data raw key (C _ TRNG _ Hash _1) based on the specific number of bits of the key to obtain the first data raw key (TRNG _ Hash _ 1). In more detail, the decryption module 215 decrypts the first data raw key encrypted value (C _ TRNG _ Hash _1) as an input with the key specific bit number as the key of the SM4 algorithm to obtain the first data raw key (TRNG _ Hash _1) in a plaintext state. When the key-specific bit number is the first 128-bit element of the Hash value of the original key (Pin _ Hash D), the decryption module 215 can also take the first 128-bit element of the original key (TRNG _ Hash _ 1). The length of the first data original key retained by the decryption module 215 is a preset length or determined according to the length of data processable by the next stage, and is not limited herein.
In step 804, a second level of key calculation is performed, and the decryption module 215 decrypts the second data raw key encrypted value (C _ TRNG _ Hash _2) based on the first data raw key (TRNG _ Hash _1) to obtain the second data raw key (TRNG _ Hash _ 2). In more detail, the decryption module 215 decrypts the second data raw key encrypted value (C _ TRNG _ Hash _2) as an input with the first data raw key (TRNG _ Hash _1) as a key of the SM4 algorithm to obtain the second data raw key (TRNG _ Hash _2) in plaintext. In this step, the decryption module 215 also takes the first 128 bits of the original second data key (TRNG _ Hash _2) for use in the password setup phase.
For another example, when the key calculation level is level 5, the key calculation of level 1 is the same as that of step 803, and the key calculation of level 5 is the same as that of step 804. The key calculations of stages 2-4 are similar to step 803, except that the original key of the data output from the previous stage or a specific number of bits thereof is used as the key specific number of bits in the next stage calculation (or as the key of the next stage).
In the password setting stage, a New user password ciphertext and the data key encryption value are generated, that is, a user update password ciphertext (New C _ Pin _ Hash) and a data update key encryption value (New C _ TRNG _ Hash) are obtained. In this embodiment, the data update key encrypted value (New C _ TRNG _ Hash) includes a first data update key encrypted value (New C _ TRNG _ Hash _1) and a second data update key encrypted value (New C _ TRNG _ Hash _ 2).
The process of generating the user update password ciphertext (New C _ Pin _ Hash) in this embodiment may refer to the process of fig. 5, and is not described again.
Fig. 9 shows a flowchart of the generation of the first data-updating-key encrypted value (New C _ TRNG _ Hash _1) and the second data-updating-key encrypted value (New C _ TRNG _ Hash _2) in the password setting stage of this embodiment. The difference from the first embodiment is that the key encryption of this embodiment is set to two levels, i.e. two encryptions are required to obtain the first data-updating-key encrypted value (New C _ TRNG _ Hash _1) and the second data-updating-key encrypted value (New C _ TRNG _ Hash _2), respectively.
In step 901, a key-specific number of bits is selected from the user updated key hash value (New Pin _ hash D), for example, the key-specific number of bits is the first 128-bit element of the user updated key hash value (New Pin _ hash D). In step 902, the true random number generation module 213 generates a true random number (New TRNG _ Data). In step 903, the Hash module 211 implements the SM3 algorithm to convert the true random number (New TRNG _ Data) to obtain a true random number Hash value (New TRNG _ Hash). In step 904, a first level of key encryption is performed, and the encryption module 214 encrypts the true random number Hash value (New TRNG _ Hash) based on the user upgrade key Hash value (New Pin _ Hash D) to obtain a first data upgrade key encrypted value (New C _ TRNG _ Hash _ 1).
In one case, the encryption module 214 encrypts the first 128 bits of the user updated key Hash value (New Pin _ Hash D) as a key and the first 128 bits of the true random number Hash value (New TRNG _ Hash) as a plaintext using the SM4 algorithm, and obtains the first data updated key encrypted value (New C _ TRNG _ Hash _1) as a ciphertext. In other words, the encryption module 214 theoretically encrypts the true random number (New TRNG _ Data) based on the user update key Hash value (New Pin _ Hash D) to obtain the first Data update key encrypted value (New C _ TRNG _ Hash _ 1).
In step 905, a second-level key encryption is performed, and the encryption module 214 encrypts the second data raw key (TRNG _ Hash _2) generated in step 804 based on the true random number Hash value (New TRNG _ Hash) to obtain a second data updated key encrypted value (New C _ TRNG _ Hash _ 2).
In one case, the encryption module 214 uses the SM4 algorithm to encrypt the first 128 bits of the true random number Hash value (New TRNG _ Hash) as a key and the first 128 bits of the second data original key (TRNG _ Hash _2) as plaintext, and obtains the second data update key encrypted value (New C _ TRNG _ Hash _2) as ciphertext.
Finally, step 906 is executed to store the first data-updating-key encrypted value (New C _ TRNG _ Hash _1) and the second data-updating-key encrypted value (New C _ TRNG _ Hash _2) in the off-chip storage unit 22, and delete the first data-original-key encrypted value (C _ TRNG _ Hash _1) and the second data-original-key encrypted value (C _ TRNG _ Hash _ 2).
The key updating apparatus 21 updates the user password ciphertext and the data key encrypted value, that is, replaces the user original password ciphertext (C _ Pin _ Hash) with the user updated password ciphertext (New C _ Pin _ Hash), replaces the first data original key encrypted value (C _ TRNG _ Hash _1) with the first data updated key encrypted value (New C _ TRNG _ Hash _1), and replaces the second data original key encrypted value (C _ TRNG _ Hash _2) with the second data updated key encrypted value (New C _ TRNG _ Hash _ 2). When the future storage device 12 encrypts/decrypts user data, the user update password ciphertext (New C _ Pin _ Hash), the first data update key encrypted value (New C _ TRNG _ Hash _1), and the second data update key encrypted value (New C _ TRNG _ Hash _2) are used as encryption/decryption keys.
It should be understood that the steps in the present invention, such as steps 302-.
After the user identity authentication is passed, the processes of encrypting and storing the user data may be performed, and fig. 10 shows a process of encrypting the user data according to this embodiment.
In step 1001, the first data-update-key encrypted value (New C _ TRNG _ Hash _1) and the second data-update-key encrypted value (New C _ TRNG _ Hash _2) are read from the off-chip storage unit 22. In step 1002, a key-specific number of bits is selected from the user updated key Hash value (New Pin _ Hash D) generated in step 706. For example, the key specific bit is the first 128 bits of the user updated key Hash value (New Pin _ Hash D).
In step 1003, the decryption module 215 decrypts the first data update key encrypted value (New C _ TRNG _ Hash _1) based on the key specific number of bits to obtain a true random number Hash value (New TRNG _ Hash). In more detail, the decryption module 215 decrypts the first data update key encrypted value (New C _ TRNG _ Hash _1) as an input with the key specific bit number as the key of the SM4 to obtain the true random number Hash value (New TRNG _ Hash) of the plaintext. In step 1004, the decryption module 215 further decrypts the second data update key encrypted value (New C _ TRNG _ Hash _1) based on the true random number Hash value (New TRNG _ Hash) to obtain the second data original key (TRNG _ Hash _ 2). In more detail, the decryption module 215 decrypts the second data update key encrypted value (New C _ TRNG _ Hash _2) as an input with the true random number Hash value (New TRNG _ Hash) as a key of the SM4 to obtain the plaintext second data original key (TRNG _ Hash _ 2).
Key post-processing is then performed. In step 1005, the one-time programmable module 212 outputs random Data (TRNG Data). In step 1006, a random Data specific number of bits is selected from the random Data (TRNG Data). In step 1007, the identification code of the controller 122 is read. In step 1008, a particular number of bits of the identification code is selected from the identification code of the controller 122. In step 1009, the specific bits of the random data and the specific bits of the identification code are concatenated to form a concatenated number sequence, and the concatenation manner is as described above. In step 1100, the Hash module 211 executes the SM3 algorithm to convert the sequence of splice numbers to obtain a post-processed Hash value (Hash _ 3). In step 1011, the encryption module 214 encrypts the post-processing Hash value (Hash _3) with the SM4 based on the second data raw key (TRNG _ Hash _2) to obtain the user data key. In step 1012, the encryption module 214 encrypts the user data with the SM4 based on the user data key to obtain user data ciphertext. In step 1013, the key management unit 126 stores the user data ciphertext to the NVM array 123. To this end, the storage device 12 completes the process of encrypting and storing the user data based on the user update password ciphertext (New C _ Pin _ Hash), the first data update key encrypted value (New C _ TRNG _ Hash _1), and the second data update key encrypted value (New C _ TRNG _ Hash _ 2).
This embodiment uses two levels of key calculation and key encryption, so that the security level of the key is higher than that of the first embodiment.
A third embodiment of the present invention is an information processing apparatus including a processor, a memory, and a key updating device. The key updating apparatus in the present embodiment is, for example, the key updating apparatus 21 as in fig. 2. The memory stores computer program code related to key renewal, and the key renewal apparatus performs the key renewal process as in the first embodiment or the second embodiment when the computer program code is executed by the processor.
A fourth embodiment of the present invention is an information processing apparatus including a processor and a memory, the memory storing computer program code for key update, and when the computer program code is executed by the processor, executing the flow described in the foregoing embodiments, specifically, executing the flow shown in fig. 3 to 10.
The invention utilizes the one-time programmable random data to encrypt the new user password by matching with the identification code corresponding to the storage device so as to obtain the user update password ciphertext, and utilizes the true random number to carry out at least one-stage encryption so as to obtain at least one data update key encryption value.
It is noted that for the sake of simplicity, the present invention sets forth some methods and embodiments thereof as a series of acts or combinations thereof, but those skilled in the art will appreciate that the inventive arrangements are not limited by the order of acts described. Accordingly, persons skilled in the art may appreciate that certain steps may be performed in other sequences or simultaneously, in accordance with the disclosure or teachings of the invention. Further, those skilled in the art will appreciate that the described embodiments of the invention are capable of being practiced in other alternative embodiments that may involve fewer acts or modules than are necessary to practice one or more aspects of the invention. In addition, the description of some embodiments of the present invention is also focused on different schemes. In view of this, those skilled in the art will understand that portions of the present invention that are not described in detail in one embodiment may also refer to related descriptions of other embodiments.
In particular implementations, based on the disclosure and teachings of the present invention, one of ordinary skill in the art will appreciate that the several embodiments disclosed herein can be practiced in other ways not disclosed herein. For example, as for the units in the foregoing embodiments of the electronic device or apparatus, the units are split based on the logic function, and there may be another splitting manner in the actual implementation. Also for example, multiple units or components may be combined or integrated with another system or some features or functions in a unit or component may be selectively disabled. The connections discussed above in connection with the figures may be direct or indirect couplings between the units or components in terms of connectivity between the different units or components. In some scenarios, the aforementioned direct or indirect coupling involves a communication connection utilizing an interface, where the communication interface may support electrical, optical, acoustic, magnetic, or other forms of signal transmission.
The above embodiments of the present invention are described in detail, and the principle and the implementation of the present invention are explained by applying specific embodiments, and the above description of the embodiments is only used to help understanding the method of the present invention and the core idea thereof; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. A key update method of a user encryption key applied to a storage device, the user encryption key including a user raw password ciphertext (C _ Pin _ Hash) and a data raw key encryption value (C _ TRNG _ Hash), the key update method comprising:
receiving a user update password;
converting the user updating password and the identification code of the storage device by using a hash algorithm to obtain a user updating key hash value (New Pin _ hash D);
acquiring one-time programmable random Data (TRNG Data);
encrypting the user update key Hash value (New Pin _ Hash D) based on the random Data (TRNG Data) to obtain a user update password ciphertext (New C _ Pin _ Hash) and replacing the user original password ciphertext (C _ Pin _ Hash);
generating a true random number (New TRNG _ Data); and
encrypting the true random number (New TRNG _ Data) based on the user update key Hash value (New Pin _ Hash D) to obtain a Data update key encrypted value (New C _ TRNG _ Hash), and replacing the Data original key encrypted value (C _ TRNG _ Hash).
2. The key update method according to claim 1, further comprising:
converting the user original password and the identification code by using a Hash algorithm to obtain a user original key Hash value (Pin _ Hash D);
encrypting the user raw key Hash value (Pin _ Hash D) based on the random Data (TRNG Data) to obtain a user raw ciphertext reference value (C _ Pin _ Hash _ R);
acquiring the user original password ciphertext (C _ Pin _ Hash); and
judging whether the user original password ciphertext (C _ Pin _ Hash) is the same as the user original ciphertext reference value (C _ Pin _ Hash _ R) or not;
if the user update password is the same as the identification code, the user update password and the identification code are converted by using a hash algorithm.
3. The rekeying method of claim 2, wherein said data raw key encrypted value (C TRNG Hash) comprises a first data raw key encrypted value (C TRNG Hash 1) and a second data raw key encrypted value (C TRNG Hash 2), said rekeying method further comprising:
selecting a key specific number of bits from the user raw key Hash value (Pin _ Hash D);
acquiring the first data original key encrypted value (C _ TRNG _ Hash _1) and the second data original key encrypted value (C _ TRNG _ Hash _ 2);
decrypting the first data raw key encrypted value (C _ TRNG _ Hash _1) based on the key specific bit number to obtain a first data raw key (TRNG _ Hash _ 1); and
decrypting the second data raw key encrypted value (C _ TRNG _ Hash _2) based on the first data raw key (TRNG _ Hash _1) to obtain a second data raw key (TRNG _ Hash _ 2).
4. The key renewal method of claim 3, wherein the Data renewal key encryption value (New C TRNG Hash) comprises a first Data renewal key encryption value (New C TRNG Hash _1), the step of encrypting the true random number (New TRNG _ Data) comprising:
converting the true random number (New TRNG _ Data) by using a Hash algorithm to obtain a true random number Hash value (New TRNG _ Hash); and
encrypting the true random number Hash value (New TRNG _ Hash) based on the user update key Hash value (New Pin _ Hash D) to obtain the first data update key encrypted value (New C _ TRNG _ Hash _ 1).
5. The method of claim 3 or 4, wherein the Data update key encrypted value (New C TRNG Hash) comprises a second Data update key encrypted value (New C TRNG Hash _2), the step of encrypting the true random number (New TRNG _ Data) further comprising:
encrypting the second data primary key (TRNG _ Hash _2) based on the true random number Hash value (New TRNG _ Hash) to obtain the second data update key encrypted value (New C _ TRNG _ Hash _ 2).
6. An information processing apparatus comprising a processor and a memory, the memory storing program code which, when executed by the processor, performs the method of any one of claims 1-5.
7. A key renewal apparatus configured in a storage device, connected to an off-chip storage unit storing a user encryption key including a user raw password ciphertext (C _ Pin _ Hash) and a data raw key encrypted value (C _ TRNG _ Hash), the key renewal apparatus comprising:
the hash module is used for converting the user updating password and the identification code of the storage device to obtain a user updating key hash value (New Pin _ hash D);
a one-time programmable module for storing one-time programmable random Data (TRNG Data);
a true random number generation module for generating a true random number (New TRNG _ Data);
and the encryption module is used for encrypting the user updating key Hash value (New Pin _ Hash D) based on the random Data (TRNG Data) so as to obtain a user updating password ciphertext (New C _ Pin _ Hash), and encrypting the true random number (New TRNG _ Data) based on the user updating key Hash value (New Pin _ Hash D) so as to obtain a Data updating encryption key (New C _ TRNG _ Hash).
8. The key updating apparatus according to claim 7, further comprising a decryption module, the data raw key encrypted value (C TRNG Hash) comprising a first data raw key encrypted value (C TRNG Hash 1) and a second data raw key encrypted value (C TRNG Hash 2);
the decryption module decrypts the first data original key encrypted value (C _ TRNG _ Hash _1) based on the specific bit number of the key to obtain a first data original key (TRNG _ Hash _ 1); the decryption module is also used for decrypting the encrypted value (C _ TRNG _ Hash _2) of the second data original key based on the first data original key (TRNG _ Hash _1) to obtain a second data original key (TRNG _ Hash _ 2);
wherein the key-specific number of bits is selected from the user raw key Hash value (Pin _ Hash D).
9. The key updating apparatus as claimed in claim 8, wherein the Data updating key encrypted value (New C TRNG Hash) comprises a first Data updating key encrypted value (New C TRNG Hash _1), the Hash module transforms the true random number (New TRNG Data) to obtain a true random number Hash value (New TRNG Hash), and the encryption module encrypts the true random number Hash value (New TRNG Hash) based on the user updating key Hash value (New Pin Hash D) to obtain the first Data updating key encrypted value (New C TRNG Hash _ 1).
10. The key renewal device according to claim 8 or 9, wherein the encrypted value of the data renewal key (New C TRNG Hash) comprises an encrypted value of a second data renewal key (New C TRNG Hash _2), the encryption module encrypting the second raw data key (TRNG Hash _2) based on the true random number Hash value (New TRNG Hash) to obtain the encrypted value of the second data renewal key (New C TRNG Hash _ 2).
CN202110252142.7A 2021-03-08 2021-03-08 Key updating method, information processing apparatus, and key updating device Active CN113079001B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110252142.7A CN113079001B (en) 2021-03-08 2021-03-08 Key updating method, information processing apparatus, and key updating device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110252142.7A CN113079001B (en) 2021-03-08 2021-03-08 Key updating method, information processing apparatus, and key updating device

Publications (2)

Publication Number Publication Date
CN113079001A true CN113079001A (en) 2021-07-06
CN113079001B CN113079001B (en) 2023-03-10

Family

ID=76612146

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110252142.7A Active CN113079001B (en) 2021-03-08 2021-03-08 Key updating method, information processing apparatus, and key updating device

Country Status (1)

Country Link
CN (1) CN113079001B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114726543A (en) * 2022-04-12 2022-07-08 北京信息科技大学 Message chain construction and key chain generation, message sending and receiving methods and devices
CN115361168A (en) * 2022-07-15 2022-11-18 北京海泰方圆科技股份有限公司 Data encryption method, device, equipment and medium
CN117668936A (en) * 2024-01-31 2024-03-08 荣耀终端有限公司 Data processing method and related device
CN118214557A (en) * 2024-05-21 2024-06-18 北京炼石网络技术有限公司 Secure backup key, method and system for recovering key

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103427984A (en) * 2012-05-24 2013-12-04 三星电子株式会社 Apparatus for generating secure key using device ID and user authentication information
JP2016192715A (en) * 2015-03-31 2016-11-10 株式会社東芝 Encryption key management system and encryption key management method
US20190052634A1 (en) * 2017-08-08 2019-02-14 American Megatrends, Inc. Dynamic generation of key for encrypting data in management node
CN111082935A (en) * 2019-12-31 2020-04-28 江苏芯盛智能科技有限公司 Media key generation method and device and terminal based on media key
CN111131130A (en) * 2018-10-30 2020-05-08 北京忆芯科技有限公司 Key management method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103427984A (en) * 2012-05-24 2013-12-04 三星电子株式会社 Apparatus for generating secure key using device ID and user authentication information
JP2016192715A (en) * 2015-03-31 2016-11-10 株式会社東芝 Encryption key management system and encryption key management method
US20190052634A1 (en) * 2017-08-08 2019-02-14 American Megatrends, Inc. Dynamic generation of key for encrypting data in management node
CN111131130A (en) * 2018-10-30 2020-05-08 北京忆芯科技有限公司 Key management method and system
CN111082935A (en) * 2019-12-31 2020-04-28 江苏芯盛智能科技有限公司 Media key generation method and device and terminal based on media key

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李兴望等: "一种带有盐度值的安全哈希加密算法的设计与实现", 《漳州师范学院学报(自然科学版)》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114726543A (en) * 2022-04-12 2022-07-08 北京信息科技大学 Message chain construction and key chain generation, message sending and receiving methods and devices
CN114726543B (en) * 2022-04-12 2023-07-18 北京信息科技大学 Key chain generation and message sending and receiving methods and devices based on message chain
CN115361168A (en) * 2022-07-15 2022-11-18 北京海泰方圆科技股份有限公司 Data encryption method, device, equipment and medium
CN115361168B (en) * 2022-07-15 2023-05-23 北京海泰方圆科技股份有限公司 Data encryption method, device, equipment and medium
CN117668936A (en) * 2024-01-31 2024-03-08 荣耀终端有限公司 Data processing method and related device
CN118214557A (en) * 2024-05-21 2024-06-18 北京炼石网络技术有限公司 Secure backup key, method and system for recovering key

Also Published As

Publication number Publication date
CN113079001B (en) 2023-03-10

Similar Documents

Publication Publication Date Title
CN113079001B (en) Key updating method, information processing apparatus, and key updating device
WO2021013245A1 (en) Data key protection method and system, electronic device and storage medium
CN108809646B (en) Secure shared key sharing system
KR102182894B1 (en) USER DEVICE PERFORMING PASSWROD BASED AUTHENTICATION AND PASSWORD Registration AND AUTHENTICATION METHOD THEREOF
CN102138300B (en) Message authentication code pre-computation with applications to secure memory
CN101291224B (en) Method and system for processing data in communication system
US9537657B1 (en) Multipart authenticated encryption
US20200153808A1 (en) Method and System for an Efficient Shared-Derived Secret Provisioning Mechanism
KR20190052631A (en) Remote re-enrollment of physical unclonable functions
JP6927981B2 (en) Methods, systems, and devices that use forward secure cryptography for passcode verification.
CN112906070B (en) Integrated circuit and IoT devices with block cipher side channel attack mitigation and related methods
WO2022083324A1 (en) Message encryption method and device, message decryption method and device, and mobile terminal
US11190511B2 (en) Generating authentication information independent of user input
CN107944234B (en) Machine refreshing control method for Android equipment
WO2018122230A1 (en) Pseudo-random generation of matrices for a computational fuzzy extractor and method for authentication
CN110825401A (en) Method and device for setting input document by authentication firmware
JP6991493B2 (en) Memory device that provides data security
US11722467B2 (en) Secured communication from within non-volatile memory device
US9003197B2 (en) Methods, apparatus and system for authenticating a programmable hardware device and for authenticating commands received in the programmable hardware device from a secure processor
CN111401901A (en) Authentication method and device of biological payment device, computer device and storage medium
WO2019142307A1 (en) Semiconductor device, update data-providing method, update data-receiving method, and program
KR100963417B1 (en) RFID Security Apparatus for comprising Security Function and Method thereof
JP6246516B2 (en) Information processing system
JP6037450B2 (en) Terminal authentication system and terminal authentication method
KR102199464B1 (en) Method of authentication among nodes participating in consortium blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant