WO2017101122A1 - 管用分离的计算机加密锁 - Google Patents
管用分离的计算机加密锁 Download PDFInfo
- Publication number
- WO2017101122A1 WO2017101122A1 PCT/CN2015/097959 CN2015097959W WO2017101122A1 WO 2017101122 A1 WO2017101122 A1 WO 2017101122A1 CN 2015097959 W CN2015097959 W CN 2015097959W WO 2017101122 A1 WO2017101122 A1 WO 2017101122A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- encryption
- module
- key
- identification code
- board
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
- H04L9/0656—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
Definitions
- the invention relates to an electronic code lock, in particular to a separate computer encryption lock for a pipe.
- the technical problem to be solved by the present invention is to provide a method for encrypting and decrypting stored data, and real-time authentication is required to prevent the hardware from being copied by using a separate computer encryption lock.
- the separate computer encryption lock includes an encryption board interposed between the main board and the hard disk of the computer, and an electronic key inserted into the encryption board and performing real-time identity authentication on the encryption board;
- the encryption board encrypts or decrypts communication data between the main board and the hard disk;
- a user key for encrypting data between the main board and the hard disk is from a key list, the key list being a first list stored in the encryption board and a second list stored in the electronic key Forming; the user key is selected from the key list according to different partitions stored in the hard disk after data encryption;
- the encryption board collects a unique identification code A of its own hardware, and the electronic key collects a unique identification code B of its own hardware; the encryption board receives a unique identification code B from the electronic key, and The unique identification code A constitutes an encryption board identification code T1, the electronic key receives a unique identification code A from the encryption board, and forms an electronic key identification code T2 with the unique identification code B; the encryption board continues to be generated over time a random array X, and encrypting the random array X, and then performing encryption and logical operation with the encryption board identification code T1 to obtain authentication information A; the encryption board continuously transmits the random array X to the electronic key, The electronic key encrypts the random array X and The encryption board identification code T2 performs encryption and logical operations to obtain the authentication information B, and sends the authentication information B to the encryption board to be compared with the authentication information A, thereby completing identity authentication.
- the encryption board includes:
- a first random number module configured to continuously generate the first random number
- a second random number module configured to continuously generate a second random number
- a first FPGA unit configured to perform logical operations on internal data, perform identity authentication on the electronic key, and encrypt or decrypt data between the main board and the hard disk;
- a first encryption module configured to encrypt data sent by the first FPGA unit, and send back the data
- the first FPGA unit receives the first random number and the second random number, and performs logical operations on the first random number and the second random number to obtain a random number Z and a random array that changes with time.
- X ⁇ x1, x2, x3, x4 ⁇ xn ⁇ and the device key Y the first FPGA unit sends the device key Y to the electronic key through the single chip and the USB interface, the device a key Y as an encryption key when the electronic key and the encryption board encrypt the random number X, the encryption board identification code T1 and the electronic key identification code T2; and the communication between the encryption board and the electronic key
- the content is an encrypted random array X.
- the first FPGA unit includes:
- SATA host controller communicating with the hard disk
- SATA device controller communicating with the motherboard
- a third encryption module is disposed between the hard disk and the motherboard for encrypting data entering and leaving the motherboard and the hard disk;
- a random number operation module configured to perform logical operations on the first random number and the second random number, and generate the random array X ⁇ x1, x2, x3, x4 ⁇ xn ⁇ ;
- a first receiving module configured to receive the authentication information B and the second list from the electronic key
- a first identification code acquisition module configured to collect and transmit a unique identification code A of the encryption board and receive the electronic key unique identification code B;
- the first authentication information generating module receives the encryption board identification code T1 and the random number X sent by the first identification code collection module, and is used to generate the authentication information A of the encryption board;
- An identity authentication module comparing the authentication information B and the authentication information A, determining the The encryption board and the electronic key are hardware pairing products;
- a first anti-firmware copy module which internally stores a unique identification code A1 of the encryption board, and the unique identification code A1 is used for comparison with the unique identification code A to determine whether the firmware is copied;
- the first USB random number control module is configured to communicate with the first encryption module.
- the first FPGA unit further includes a user key control module, the user key control module stores a key list, and selects a pointer T of the user key from the key list, the pointer The initial value of T is the random number Z.
- first random number module and the first encryption module comprise a national chip SSX1019
- second random number module comprises a WNG9 chip
- the first list stores the high level of the user key
- the second list stores the low level of the user key
- the first list stores the user a lower bit of the key, where the second list stores a high bit of the user key
- the first list and the second list together form the user key list, and the user key selected therefrom can Encrypting data entering and leaving the hard disk and the motherboard.
- the generation of the authentication information A, the authentication information B, and the encryption of the user key to and from the hard disk data adopt the SM4 algorithm.
- the electronic key includes:
- a second FPGA unit configured to decrypt data sent by the encryption board, logically calculate and encrypt the generated authentication information B, and then transmit the information to the encryption board;
- the second encryption module is configured to receive data from the second FPGA unit and decrypt the data and then transmit the data back to the second FPGA unit.
- the second FPGA unit includes:
- a second receiving module configured to receive data sent by the encryption board, and send the data to the second encryption module
- a second authentication information generating module configured to generate authentication information B
- a second identification code acquisition module configured to collect and transmit a unique identification code B of the electronic key
- a second anti-firmware copy module configured to determine whether the firmware of the electronic key is copied
- An authentication and key sending module configured to send the authentication information B and a key list pre-stored therein to the encryption board;
- the second anti-firmware copy module pre-stores a unique identification code B1, and the unique identification code B1 is used for comparison with the first unique identification code B to determine whether the electronic key firmware is copied.
- Encryption and decryption of data entering and leaving the hard disk, and the data stored in the hard disk is in the form of ciphertext, which increases security;
- the data is encrypted according to different hard disk partitions by using different user keys, so that the data in the same hard disk is ciphertext encrypted by different keys, thereby increasing security;
- the user key used for data encryption of the hard disk is randomly read from the key list, and the two different keys do not have commonality, which increases the security of the data;
- the keys in the key list are respectively combined in the first list of the encryption board and the second list in the electronic key, and there is no possibility that the key list is stolen, thereby improving security;
- the encryption board generates a random array X in real time, and the electronic key and the encryption board respectively encrypt the random array X to generate the authentication information B and the authentication information A, and the electronic key transmits the authentication information B back to the encryption board and the authentication information in real time.
- A compares and completes the pairing certification. In the whole process, once the electronic key is removed, the certification cannot be completed, the system stops working, and the entire authentication process is highly secure;
- the authentication information A and the authentication information B are obtained by logical operations with the unique identification code in the respective hardware. Once the unique identification code of the electronic key and the encryption board is different, the authentication information A and the authentication information B will be Cannot be paired successfully to prevent hardware firmware from being copied;
- the electronic key and the encryption board store their own unique identification codes in the factory at the time of shipment.
- the unique identification code of the hardware is collected and stored in advance with the electronic key or encrypted.
- the unique identifiers in the board are compared to prevent the hardware firmware from being copied;
- the computer uses the SM4 algorithm to encrypt and decrypt the user data with the separate computer encryption lock.
- the SM1 algorithm is used to encrypt and decrypt the random number and the authentication information, and the encryption and decryption speed is fast.
- FIG. 1 is a schematic diagram showing the overall connection of a computer encryption lock according to the present invention
- FIG. 2 is a schematic structural diagram of a module of an encryption board according to the present invention.
- FIG. 3 is a schematic diagram of a register principle for generating a random number according to the present invention.
- FIG. 4 is a schematic structural diagram of an internal specific module of an encryption board according to the present invention.
- FIG. 5 is a schematic diagram of a composition of a user key list according to the present invention.
- FIG. 6 is a schematic structural diagram of a module of an electronic key according to the present invention.
- Figure 7 is a schematic view showing the structure of an internal specific module with a brain
- Figure 8 is a schematic diagram of a computer encryption lock loading process of the present invention.
- FIG. 9 is a schematic diagram of a self-checking process of a computer encryption lock according to the present invention.
- the first anti-firmware copy module 111, the SATA host controller; 112, the SATA device controller; 113, the third encryption module; 114, the user key control module; 115, the first identification code acquisition module; Module 117, first USB random number control module; 118, first authentication information generating module; 119, random number computing module; 120, identity authentication module; 300, electronic key; 31, second FPGA unit; Encryption module; 310, second anti-firmware copy module; 314, authentication and key transmission module; 315, second identification code acquisition module; 316, second receiving module; 318, second authentication information generating module; 700, hard drive.
- a separate computer encryption lock for a pipe provided by the present invention includes an encryption board 100 interposed between a motherboard of a computer and a hard disk 700, and an electronic key 300 that is inserted into an encrypted version and authenticates the encryption board 100. .
- the encryption board 100 and the electronic key 300 respectively perform self-test on their own hardware after power-on. After the self-test is completed, the electronic key 300 performs hardware pairing detection with the encryption board 100, and performs real-time identity authentication. After the identity authentication is passed, the encryption board 100 encrypts or decrypts the data entering and leaving the computer motherboard and the hard disk 700. The process of self-checking the hardware itself is to detect whether the hardware firmware of the hardware is copied, thereby increasing security.
- the working principle of the separate computer encryption lock is divided into three parts, one is a data encryption process, and the other is an identity authentication process and a hardware copy prevention process.
- the encryption board 100 includes a first FPGA unit 11, a first random number module 13 connected to the first FPGA unit 11, a second random number module 15, a first encryption module 17, and a single chip microcomputer 19.
- the single chip microcomputer 19 is connected to the USB interface 12, and communicates with the electronic key 300 through the USB interface 12.
- the first FPGA unit 11 is configured to perform logical operations on internal data, perform identity authentication on the electronic key 300, and encrypt or decrypt data between the main board and the hard disk 700.
- the first encryption module 17 is configured to encrypt data sent by the first FPGA unit 11 and send back the data.
- the first random number module 13 continuously generates a first random number
- the second random number module 15 continues to generate a second random number, where the first random number and the second random number are both 32.
- the first random number module 13 includes a national chip SSX1019
- the second random number module 15 includes a WNG9 chip.
- the first random number module 13 and the second random number module 15 are mainly used to implement random number generation and perform self-test on the hardware by using random numbers.
- the two modules work independently without interference, and auxiliary circuits are arranged around the WNG9 and SSX1019 chips.
- the second random number module 15 includes a WNG9 and a 32-bit shift register, wherein the WNG9 generates a 1-bit random number per clock, and the random number is stored in the shift register, and when the shift register is full, Output a 32-bit random number to the outside.
- the register 101 can be implemented by software burning in the first FPGA unit 11, and its principle structure is as shown in FIG. 3.
- the first encryption module includes a national chip SSX1019 chip, and the chip supports an SM1 encryption algorithm, and the random number received from the first FPGA unit 11 can be encrypted and returned by the SM1 algorithm.
- the single chip microcomputer 19 is mainly used to control data communication of the USB interface 12 connected to the electronic key 300.
- the first FPGA unit 11 is configured by a software program to form a plurality of circuit units therein after being programmed by software.
- the specific structure includes: a SATA host controller 111 that communicates with the hard disk, and a motherboard. Communication SATA device controller 112, third encryption module 113, random number operation mode The block 119, the first receiving module 116, the first identifier collecting module 115, the first authentication information generating module 118, the identity authentication module 120, the first anti-firmware copying module 110, and the first USB random number control module 117.
- the third encryption module 113 is disposed between the hard disk and the motherboard for encrypting data entering and leaving the motherboard and the hard disk.
- the random number operation module 119 is configured to perform logical operations on the first random number and the second random number, and generate a random array X ⁇ x1, x2, x3, x4 ⁇ xn ⁇ , a random number Z, and a device secret.
- the random array X ⁇ x1, x2, x3, x4 ⁇ xn ⁇ is the plaintext of the encrypted data transmitted during the real-time identity authentication process of the electronic key and the encryption board, in order to prevent others from cracking the encryption board and the electronic key.
- the data communicated between the electronic key and the encryption board is the ciphertext encrypted by the random array X, and the SM1 algorithm is used when encrypting the random number X; the device key Y is the encryption board and the electronic
- the key encrypts the encryption key of the random array X in the firmware copy-protect self-test and the real-time authentication process, and the random number Z is related to the third encryption module 113 encrypting the user key of the data between the hard disk and the motherboard .
- the first receiving module 116 is configured to receive the authentication information B from the electronic key.
- the first identifier collection module 115 is configured to collect and send a unique identifier A related to the hardware firmware of the encryption board, and receive the unique identification code B related to the hardware firmware of the encryption key, and generate the Encryption board identification code T1.
- the first authentication information generating module 118 receives the encryption board identification code T1 and the random number X sent by the first identification code collection module 115, and is used to generate the authentication information A of the encryption board.
- the identity authentication module 120 stores a unique identification code A1 that is identical to the hardware address unique identification code A when the product is shipped, and a unique identification code B1 that is identical to the electronic key hardware address unique identification code B.
- the identity authentication module 120 compares the unique identifier B with the unique identifier B1, and determines that the encryption board and the electronic key are hardware pairing products.
- the first anti-firmware copy module 110 pre-stores a unique identification code A1 of the encryption board, and the unique identification code A1 is used for comparison with the unique identification code A to determine whether the firmware is copied.
- the unique identification code A1 is the same set of IDs that are stored in the first FPGA unit 11 and are identical to the unique identification code A of the hardware part of the first FPGA unit 11 when the product is shipped from the factory, and the same unique identification.
- the code B1 is identical to the principle in which the unique identification code A1 is generated.
- the first identifier collection module 115 collects the unique identification code A of the hardware part and compares it with the unique identification code A1 stored therein, if the firmware of the first FPGA unit 11 hardware is not Copy, then the unique identification code A is the same as the stored unique identification code A1, otherwise the hardware firmware of the first FPGA unit 11 is considered to be copied, and the encryption board cannot be accessed at the time.
- the data of the hard disk is encrypted.
- the first USB random number control module 117 is configured to communicate with the first encryption module 17.
- the first FPGA unit 11 further includes a user key control module 114.
- the user key control module 114 stores a user key for encrypting data by the third encryption module 113, and a list of the user keys. There are many group user keys in the list. When encrypting the data entering the hard disk, different user keys can be selected according to the partition of the hard disk, and which user key is selected according to the pointer T. The random number Z generated after the encryption board is powered is the initial value of the pointer T when the user key is selected.
- a set of computer encryption locks that is, an electronic key paired with hardware and an encryption board, has a set of user keys, each set of user keys having 400 sets, the third
- the encryption module encrypts the data entering and leaving the hard disk
- only the N groups are selected, wherein the size of N depends on the size of the hard disk. For example, if we define a storage key per 20G size, then one user key is used.
- the third encryption module is stored in the hard disk interval according to the encrypted data, the location of the interval where the data storage hard disk address is located corresponds to the corresponding location. User key.
- the hard disk size of 500G we take the example of the hard disk size of 500G as an example.
- the size of the hard disk is 500G
- the number of user keys required to encrypt data in and out of the hard disk is 25, then which 25 are 25 What?
- the encrypted data stores a 20G-sized interval
- the size of the pointer T is changed. There are many ways to change. In the simplest case, the pointer T is calculated by +1 or -1. Then, the next 20G size data is encrypted according to the user key pointed to by the fingerprint T+1 or T-1.
- the user keys in the key list are divided into two groups according to the high and low positions, respectively a first list and a second list, wherein the first list is stored in the encryption board, and the second list is stored in the electronic key, only when the electronic key and the encryption board complete identity authentication and hardware After the anti-firmware copy self-test, the electronic key will be The second list is sent to the user key control module. After the first list and the second list are combined into one complete key list, the third encryption module can select the user key to be used from the user key control module according to the pointer T. In this embodiment, the user key is 128 bits for example.
- the first list is a list of the upper 64 bits of the key list stored in the encryption board
- the second list is stored in the A list of the lower 64 bits in the electronic key, only when the first list of the high 64 is combined with the second list of the lower 64 bits sent from the electronic key into a complete 400 sets of 128-bit user key lists In order to encrypt or decrypt data on hard disk data.
- the encryption algorithm for encrypting the data entering and leaving the hard disk by the third encryption module is an SM4 encryption algorithm, and the algorithm runs faster.
- the third encryption module merely encrypts data sent from the hard disk without encrypting the command.
- the third encryption module identifies commands and data in a form of a frame information structure (FIS) between the SATA host controller and the SATA device through the transport layer.
- FIS frame information structure
- the electronic key 300 includes a second FPGA unit 31 and a second encryption module 37.
- the second FPGA unit 31 is configured to decrypt the data sent by the encryption board, logically calculate and encrypt the generated authentication information B, and then transmit the information to the encryption board;
- the second encryption module 37 is configured to receive data from the second FPGA unit 31 and decrypt the data, and then transmit the data back to the second FPGA unit 31.
- the second encryption module 37 is a random array X ⁇ x1, x2, x3, x4 ⁇ that is continuously transmitted and encrypted by the device key Y when the entire electronic key 300 is plugged on the encryption board. Decrypting is performed, and then the decrypted random array X is sent to the second FPGA unit 31, and the second FPGA unit 31 encrypts the random array X by performing another encryption algorithm. The authentication information B is sent back to the encryption board.
- the encryption of the random array X in the encryption board 100 is the SM1 algorithm, and the random array received by the electronic key first decrypts the SM1 algorithm, and then performs the encryption of the SM4 algorithm.
- the second FPGA unit 31 is configured to form a circuit unit therein, including: a second receiving module 316, a second authentication information generating module 318, and a second identifier collecting module 315.
- the second receiving module 316 is configured to receive the data sent by the encryption board 100, and send the data to the second encryption module 37, where the data includes a unique identification code A and a random array X collected by the encryption board.
- the second identifier collection module 315 is configured to collect and transmit the unique identifier B of the electronic key 300, receive the unique identifier A sent by the encryption board 100, and pair the electronic key 300 and the encryption board 100.
- the second identification code acquisition module 315 firstly sends the hardware identification board unique identification code A and the hardware unique identification code B collected by the electronic key to the received encryption board 100 to form the electronic key identification code T2.
- the second authentication information generating module 318 is configured to generate the authentication information B.
- the authentication and key sending module 314 is configured to send the authentication information B and a key list pre-stored therein to the encryption board 100.
- the second authentication information generating module 318 when generating the authentication information B, encrypts the random array X decrypted by the SM1 algorithm sent from the second receiving module 316 by using an SM4 encryption algorithm, and then The electronic key identification code T2, which is encrypted after being collected by the second identification code collection module 315, is logically operated to obtain the authentication information B.
- the second anti-firmware copy module 310 is configured to determine whether the firmware of the electronic key 300 is copied.
- the manner in which the second anti-firmware copy module 310 determines whether the firmware of the electronic key 300 is copied is the same as the manner in which the first anti-firmware copy module determines whether the firmware of the encryption board 100 is copied.
- the second anti-firmware copy stores the unique identification code B1 when the electronic key 300 is shipped from the factory, and the unique identification code B collected by the second identification code acquisition module 315 is in the second defense The unique identification code B1 stored in the firmware copy module 310 is compared to determine whether the firmware of the electronic key 300 is copied.
- the unique identification code A1 corresponding to the hardware of the encryption board 100 in the second identification code acquisition module 315 is pre-existent and received.
- the unique identification code A sent from the encryption board 100 is compared to determine whether the encryption board 100 and the electronic key 300 are paired.
- the first FPGA unit generates three random numbers with the first random number and the second random number as input, respectively, a random array X ⁇ x1, x2, x3, x4 ⁇ xn ⁇ , device dense Key Y and random number Z.
- the random number Z and the device key Y are two random numbers generated when the encryption board 100 is powered on, and the two random numbers are sent to the first FPGA unit and the second FPGA unit 31, and then What is produced is a random array X, which is generated in the entire remaining working process.
- the electronic key 300 is considered to be unplugged from the encryption board 100. Or the computer is turned off, then the computer encryption lock will no longer work.
- the random number Z is related to the pointer T of the user key used to encrypt the data entering and leaving the hard disk. This random number Z is only generated at the time of power-on, and the random number Z will not change after subsequent normal operation.
- the random number Z will be generated each time the product is powered on, but will not be latched by the third encryption module 113. Only when the user formats the hard disk in full, the third encryption module 113 will latch the random number Z, the stored position.
- the firmware with the FPGA is placed in the off-chip flash.
- the random number Z in the flash will be loaded into the third encryption module 113 every time the power is turned on, unless the user formats the hard disk, the third encryption module.
- the new random number Z is obtained from the random number operation module, and the random number Z in the flash is updated.
- the random array X is actually used as the plaintext of the data communicated during the authentication process of the encryption board 100 and the electronic key 300. There is a generation interval between each element in the random array X. In the present invention, the interval is not more than 1/ 18s, an element of a random array X is not generated, and the encryption board 100 is authenticated once with the electronic key 300 until the encryption operation is completed.
- the data communicated between them is the encrypted ciphertext
- the encrypted plaintext is a random array X
- the encrypted password is the device key Y
- the device is dense.
- the key Y consists of three random numbers, which are y1, y2, and y3.
- the device keys used in different processes are different during the entire identity authentication process. Below we take random in random array X
- the number x1 is taken as an example for explanation.
- the device is powered on and the device key Y is generated:
- the encryption board When the electronic key is plugged into the encryption board and the computer's switch key is pressed, the electronic key and the encryption board are completed.
- the encryption board performs a logical operation on the first random number and the second random number in a first FPGA unit at a power-on time, and generates device keys y1, y2, and y3, and the device key y1 , y2 and y3 are sent to the first FPGA unit and the second FPGA unit for storage.
- the random number operation module performs a logical operation on the first random number and the second random number to generate a random number x1, and the generated random number x1 is not substantially related to the device keys y1, y2, and y3. The only difference is that the values are different.
- the first anti-firmware copy unit in the encryption board compares the unique identification code A collected by the first identification code acquisition unit with the unique identification code A1 stored therein to determine whether the firmware is copied and electronically.
- the second anti-firmware copy unit in the key compares the unique identification code B collected by the second identification code acquisition unit with the unique identification code B1 stored therein to determine whether the hardware is copied; and the first identification code acquisition unit
- the unique identification code B of the collection sent by the electronic key is compared with the unique identification code B1 stored in the first identification code acquisition unit, thereby determining whether the encryption board and the electronic key are paired; the same said
- the second identification code acquisition unit compares the collected unique identification code A sent by the encryption board with the unique identification code A1 stored in the second identification code itself, thereby determining whether the electronic key and the encryption board are pair.
- the first identifier collection module collects the unique identifier A of the first FPGA unit, and then encrypts the unique identifier A with the device key y1 as a password, and encrypts the result ASM4y1 (A).
- ASM4y1 A
- the second identification code collection module further decrypts the SM4 algorithm by using the device key y1 as a password, and compares the decrypted result unique identification code A with the unique identification code A1 stored by itself, if the comparison is successful, then The encryption board and the electronic key hardware are considered to be paired.
- the same electronic key also uses the unique identification code B collected by itself as the password of the device key y2.
- the encrypted BSM4y2 of the SM4 algorithm is sent to the first identification code acquisition module of the encryption board, and the first identification code acquisition module decrypts the SM4 algorithm with the device key y2 as a password, and the decrypted result unique identification code B
- the unique identification code B1 stored in its own is compared to determine that the encryption board is paired with the electronic key hardware.
- the random number operation module sends the generated random number x1 to the first USB random number control module, where the first USB random number control module sends the random number x1 to the first encryption module, and the first encryption module pairs the random number x1
- the SM1 algorithm is encrypted with the device key y2 as a password, and the result x1SM1y1 is transmitted back to the first USB random number control module, and the first USB random number control module sends x1SM1y1 to the electronic key, and the electronic key will
- the x1SM1y1 is sent to the second encryption module, and the second encryption module decrypts the x1SM1y1 by using the device key y2 as the cipher SM1 encryption algorithm to obtain the random number x1, and sends the random number x1 to the second authentication information generating module;
- the second authentication information generating module encrypts the random number x1 with the device key y3 as the password to obtain the x1SM4y3, and the second identification code collecting module performs the
- the random number operation module sends the random number x1 to the first authentication information generating module, and the first authentication information generating module performs SM4 on the random number x1 device key y3. Encryption of the algorithm to obtain x1SM4y3; the first identification code acquisition module sends the encryption board unique identification code T1 to the first authentication information generation module, and the first authentication information generation module performs logic on the unique identification code T1 and the x1SM4y3 The operation obtains T1x1SM4y3, and the authentication information A is obtained.
- the logical operation of the unique identification code T1 and the x1SM4y3 and the unique identification code T2 are the same as the logical operation of the x1SM4y3, for example, an exclusive OR operation.
- the first FPGA unit can compare the authentication information A and the authentication information B, or compare the authentication information A and the authentication information B with the device key y3 according to the SM4 algorithm, if the result of the comparison is authentication.
- the information A is the same as the authentication information B, and the electronic key and the encryption board pass the first identity authentication.
- the encryption board and the electronic key replace the random number x1 with the random number x2 to continue the above authentication process, and the authentication process is cycled until the device is powered off.
- the encryption board is used to process the information processing entry point of the separated computer encryption lock. All the data of the hard disk must pass through the encryption board before processing the data.
- the encryption board also includes a PCIE ⁇ 1 standard interface and a USB standard female port.
- the PCIE is connected to the computer motherboard to power the separate computer encryption lock; the USB female port is connected to the electronic key to complete the identity authentication.
- the electronic key is used as the information quasi-certificate for separating the computer encryption lock.
- the electronic key first receives the information of the encryption board, and then the electronic key generates the non-replicable authentication information, and returns it to the encryption board for identity authentication. After the authentication with the encryption board is completed, the electronic key encrypts the low 64-bit user key list (64 bit x 400) stored in the electronic key, and the ciphertext is sent to the encryption board.
- a key component of the separate computer encryption lock there is a national chip SSX1019, a USB standard port and an FPGA on the electronic key.
- the USB key has a USB port connected to the encryption board for authentication information interaction.
- the computer encryption lock loading process of the present invention is as follows:
- the user inserts the encryption board into the PCIE ⁇ 1 interface of the PC motherboard.
- the two SATA ports are respectively connected to the SATA port of the motherboard and the SATA port of the hard disk, and then the electronic key is inserted.
- the hard disk mounted under the separate computer encryption lock. If the hard disk is used for the first time in the product, it will display only one raw disk, directly formatted; if it is user reloading , the user needs to delete all the partitions in the disk management, and then format the whole disk.
- the tube is separated by a separate computer encryption locker, and the user only needs to insert the electronic key before each boot to use the PC normally.
- the self-checking process of the computer encryption lock of the present invention is as follows:
- the self-test is to use the separate computer encryption lock to self-check its random number, password module and firmware security.
- the product collects 20*10 8- bit random numbers after power-on, and divides into 20 groups in the FPGA. 8 bits, using the poker detection method for detection and determination, the determination is passed sequentially, and if the determination is failed, the process is exited.
- the FPGA SM4 self-test contains all the SM4 algorithms in the two FPGAs with the encryption board and the electronic key.
- the DNA acquisition module obtains the DNA of the current FPGA from the inside of the FPGA, and the DNA constant in the FPGA firmware (this constant is embedded when the FPGA code is written). If the same judgment determines that the current firmware is safely passed, it is different. The firmware has been copied and the error exits.
- the SM4 algorithm in the FPGA is internally completed when the cryptographic card is powered on, and takes 20 milliseconds.
- the random number detection is also performed in the FPGA, which takes less than 200 milliseconds.
- the random number check detects the random number in all aspects of production and use to ensure the security and stability of the random number.
- the random number detection module of the random number operation module of the present invention is as follows:
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Algebra (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (10)
- 一种管用分离计算机加密锁,其特征在于,包括插接在计算机的主板与硬盘之间的加密板、插接在所述加密板上与所述加密板进行实时身份认证的电子钥匙;在身份认证通过后,所述加密板对所述主板与所述硬盘之间的通信数据进行加密或解密;所述主板与所述硬盘之间数据加密的用户密钥来自于密钥列表,所述密钥列表由储存在所述加密板中的第一列表及储存在所述电子钥匙中的第二列表组成;所述用户密钥根据数据加密后储存在所述硬盘中分区的不同从所述密钥列表中选取;所述身份认证时,所述加密板采集自身硬件的唯一识别码A,所述电子钥匙采集自身硬件的唯一识别码B;所述加密板接收来自所述电子钥匙的唯一识别码B,并与所述唯一识别码A组成加密板识别码T1,所述电子钥匙接收来自加密板的唯一识别码A,并与所述唯一识别码B组成电子钥匙识别码T2;所述加密板随时间持续产生随机数组X,并对随机数组X进行加密后再与所述加密板识别码T1进行加密及逻辑运算得到认证信息A;所述加密板将所述随机数组X持续发送至所述电子钥匙,所述电子钥匙对所述随机数组X进行加密后与所述电子钥匙识别码T2进行加密及逻辑运算得到认证信息B,并将所述认证信息B发送至所述加密板内与所述认证信息A比对,从而完成身份认证。
- 根据权利要求1所述的管用分离计算机加密锁,其特征在于,所述加密板包括:第一随机数模块,用于持续产生第一随机数;第二随机数模块,用于持续产生第二随机数;第一FPGA单元,用于对内部数据的逻辑运算,对所述电子钥匙进行身份认证及对所述主板及所述硬盘之间数据加密或解密;第一加密模块,用于对所述第一FPGA单元发送来的数据进行加密,并回传;单片机,用于与所述电子钥匙进行数据通信;所述第一FPGA单元接收所述第一随机数及所述第二随机数,并对所述第一随机数及所述第二随机数进行逻辑运算得到随机数Z、随时间变化的随机数 组X{x1,x2,x3,x4···xn}及设备密钥Y,所述第一FPGA单元将所述设备密钥Y通过所述单片机及USB接口发送至所述电子钥匙,所述设备密钥Y作为所述电子钥匙及所述加密板加密所述随机数X、加密板识别码T1及电子钥匙识别码T2时的加密密钥;所述加密板与所述电子钥匙之间通信的内容是加密后的随机数组X。
- 根据权利要求2所述的管用分离计算机加密锁,其特征在于,所述第一FPGA单元经烧录后在其内部包括:SATA host控制器,与硬盘通信;SATA device控制器,与主板通信;第三加密模块,设置在所述硬盘与所述主板之间,用于对进出所述主板及硬盘的数据进行加密;随机数运算模块,用于对所述第一随机数及第二随机数进行逻辑运算,并产生所述随机数组X{x1,x2,x3,x4···xn};第一接收模块,用于接收来自所述电子钥匙的认证信息B及第二列表;第一识别码采集模块,用于采集并发送所述加密板的唯一识别码A及接收所述电子钥匙唯一识别码B;第一认证信息生成模块,接收所述第一识别码采集模块发送来的加密板识别码T1及所述随机数X,并用于生成所述加密板的认证信息A;身份认证模块,对所述认证信息B及所述认证信息A进行对比,确定所述加密板及所述电子钥匙为硬件配对产品;第一防固件拷贝模块,其内部预储存有所述加密板的唯一识别码A1,所述唯一识别码A1用于与所述唯一识别码A进行对比,从而确定固件是否被拷贝;第一USB随机数控制模块,用于与所述第一加密模块通信。
- 根据权利要求2所述的管用分离计算机加密锁,其特征在于,所述第一FPGA单元还包括用户密钥控制模块,所述用户密钥控制模块内储存有密钥列表,及从所述密钥列表中选取用户密钥的指针T,所述指针T的初始值为所述随机数Z。
- 根据权利要求2所述的管用分离计算机加密锁,其特征在于,所述第一随机数模块及所述第一加密模块包括国密芯片SSX1019,所述第二随机数模块 包括WNG9芯片。
- 根据权利要求1所述的管用分离计算机加密锁,其特征在于,所述第一列表中储存的是所述用户密钥的高位,所述第二列表中储存的是所述用户密钥的低位,或所述第一列表中储存的是所述用户密钥的低位,所述第二列表中储存的是所述用户密钥的高位;所述第一列表与所述第二列表共同组成所述用户密钥列表后,从中选取的用户密钥才能对进出所述硬盘及所述主板的数据进行加密。
- 根据权利要求1或3所述的管用分离计算机加密锁,其特征在于,所述认证信息A、认证信息B的产生以及用户密钥对进出所述硬盘数据的加密均采用SM4算法。
- 根据权利要求1至3任一项所述的管用分离计算机加密锁,其特征在于,所述电子钥匙包括:第二FPGA单元,用于对所述加密板发来的数据进行解密,逻辑运算并加密生成认证信息B后回传至所述加密板;第二加密模块,用于接收来自于所述第二FPGA单元的数据并对所述数据进行解密后回传至所述第二FPGA单元。
- 根据权利要求8所述的管用分离计算机加密锁,其特征在于,所述第二FPGA单元经烧录后在其内部包括:第二接收模块,用于接收所述加密板发送来的数据,并将该数据发送至所述第二加密模块;第二认证信息生成模块,用于生成认证信息B;第二识别码采集模块,用于采集并发送所述电子钥匙的唯一识别码B;第二防固件拷贝模块,用于确定所述电子钥匙的固件是否被拷贝;认证及密钥发送模块,用于将所述认证信息B及预储存在其中的密钥列表发送至所述加密板。
- 根据权利要求9所述的管用分离计算机加密锁,其特征在于,所述第二防固件拷贝模块内预储存有唯一识别码B1,所述唯一识别码B1用于与所述第所述唯一识别码B进行对比,从而确定电子钥匙固件是否被拷贝。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/520,838 US10523436B2 (en) | 2015-12-18 | 2015-12-18 | Security locking device of computers |
PCT/CN2015/097959 WO2017101122A1 (zh) | 2015-12-18 | 2015-12-18 | 管用分离的计算机加密锁 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2015/097959 WO2017101122A1 (zh) | 2015-12-18 | 2015-12-18 | 管用分离的计算机加密锁 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017101122A1 true WO2017101122A1 (zh) | 2017-06-22 |
Family
ID=59055575
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2015/097959 WO2017101122A1 (zh) | 2015-12-18 | 2015-12-18 | 管用分离的计算机加密锁 |
Country Status (2)
Country | Link |
---|---|
US (1) | US10523436B2 (zh) |
WO (1) | WO2017101122A1 (zh) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108833090A (zh) * | 2018-05-25 | 2018-11-16 | 四川斐讯信息技术有限公司 | 一种存储设备的加密方法、解密方法及存储设备 |
CN110113159A (zh) * | 2019-05-07 | 2019-08-09 | 青岛黄海学院 | 一种物联网加密终端 |
CN110457927A (zh) * | 2019-08-13 | 2019-11-15 | 平顶山学院 | 一种计算机硬盘数据加密方法及其装置 |
CN110581764A (zh) * | 2019-09-16 | 2019-12-17 | 杭州华澜微电子股份有限公司 | 一种硬盘分区加解密***、方法和装置 |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110084003B (zh) * | 2018-01-26 | 2021-04-09 | 北大方正集团有限公司 | 一种基于中间件访问加密锁的方法和*** |
CN108768669A (zh) * | 2018-08-14 | 2018-11-06 | 杭州创谐信息技术股份有限公司 | 基于asic可信远程内存交换卡及其数据交换方法 |
CN109409073A (zh) * | 2018-12-13 | 2019-03-01 | 杭州华澜微电子股份有限公司 | 一种指纹认证安全硬盘盒及其移动硬盘 |
CN109889333B (zh) * | 2019-01-24 | 2022-03-29 | 深圳忆联信息***有限公司 | 固件数据加密方法、装置、计算机设备和存储介质 |
CN109840434A (zh) * | 2019-01-24 | 2019-06-04 | 山东华芯半导体有限公司 | 一种基于国密芯片的安全存储方法 |
CN110135200A (zh) * | 2019-05-15 | 2019-08-16 | 长春鸿达光电子与生物统计识别技术有限公司 | 集成sm4算法与双端口通信的加密模块 |
CN110378093B (zh) * | 2019-07-29 | 2021-05-18 | 重庆陆道动美科技有限公司 | 基于人脸识别技术的管理*** |
CN110955878B (zh) * | 2019-11-29 | 2023-05-02 | 临沂大学 | 一种工业计算机信息安全处理装置 |
CN111460530B (zh) * | 2020-04-01 | 2023-05-05 | 山东华芯半导体有限公司 | 一种m.2接口的sata加密卡 |
CN111428258B (zh) * | 2020-04-16 | 2023-08-01 | 北京旋极百旺科技有限公司 | 一种税控服务器加密机及其开票*** |
CN111614456B (zh) * | 2020-05-06 | 2022-04-01 | 武汉大学 | 一种针对sm4算法的多方协同加密方法 |
CN112217631A (zh) * | 2020-07-09 | 2021-01-12 | 青岛鼎信通讯股份有限公司 | 一种电能表cpu卡加密算法实现 |
CN114117484B (zh) * | 2021-11-22 | 2023-03-17 | 绿晶半导体科技(北京)有限公司 | 提高主机缓存数据安全的装置和缓存数据读取和写入方法及装置 |
CN114531240A (zh) * | 2022-04-24 | 2022-05-24 | 北京神州安付科技股份有限公司 | 一种Mini PCI-E密码卡 |
CN117473573B (zh) * | 2023-12-28 | 2024-04-19 | 山东华翼微电子技术股份有限公司 | 一种管理sata接口***及数据安全摆渡的方法 |
CN118133265B (zh) * | 2024-05-07 | 2024-07-02 | 中国人民解放军国防科技大学 | 一种嵌入式软件防克隆方法 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN200990081Y (zh) * | 2006-10-27 | 2007-12-12 | 上海宏光经济信息发展中心青岛电子技术部 | 计算机硬盘数据加密卡 |
CN101236532A (zh) * | 2007-07-31 | 2008-08-06 | 北京理工大学 | Windows环境下基于USB设备的硬盘加密方法 |
CN101853220A (zh) * | 2009-04-02 | 2010-10-06 | 同方股份有限公司 | 一种具有密钥分拆存储机制的移动存储设备 |
US8386797B1 (en) * | 2002-08-07 | 2013-02-26 | Nvidia Corporation | System and method for transparent disk encryption |
CN104077243A (zh) * | 2014-07-10 | 2014-10-01 | 王爱华 | Sata硬盘设备加密方法及*** |
CN104951409A (zh) * | 2015-06-12 | 2015-09-30 | 中国科学院信息工程研究所 | 一种基于硬件的全盘加密***及加密方法 |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7788553B2 (en) * | 2000-01-06 | 2010-08-31 | Super Talent Electronics, Inc. | Mass production testing of USB flash cards with various flash memory cells |
KR101959738B1 (ko) * | 2012-05-24 | 2019-03-19 | 삼성전자 주식회사 | 장치 식별자와 사용자 인증 정보에 기반한 보안 키 생성 장치 |
US8732470B2 (en) * | 2012-07-26 | 2014-05-20 | Kabushiki Kaisha Toshiba | Storage system in which fictitious information is prevented |
US9513913B2 (en) * | 2014-07-22 | 2016-12-06 | Intel Corporation | SM4 acceleration processors, methods, systems, and instructions |
WO2016073411A2 (en) * | 2014-11-03 | 2016-05-12 | Rubicon Labs, Inc. | System and method for a renewable secure boot |
-
2015
- 2015-12-18 WO PCT/CN2015/097959 patent/WO2017101122A1/zh active Application Filing
- 2015-12-18 US US15/520,838 patent/US10523436B2/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8386797B1 (en) * | 2002-08-07 | 2013-02-26 | Nvidia Corporation | System and method for transparent disk encryption |
CN200990081Y (zh) * | 2006-10-27 | 2007-12-12 | 上海宏光经济信息发展中心青岛电子技术部 | 计算机硬盘数据加密卡 |
CN101236532A (zh) * | 2007-07-31 | 2008-08-06 | 北京理工大学 | Windows环境下基于USB设备的硬盘加密方法 |
CN101853220A (zh) * | 2009-04-02 | 2010-10-06 | 同方股份有限公司 | 一种具有密钥分拆存储机制的移动存储设备 |
CN104077243A (zh) * | 2014-07-10 | 2014-10-01 | 王爱华 | Sata硬盘设备加密方法及*** |
CN104951409A (zh) * | 2015-06-12 | 2015-09-30 | 中国科学院信息工程研究所 | 一种基于硬件的全盘加密***及加密方法 |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108833090A (zh) * | 2018-05-25 | 2018-11-16 | 四川斐讯信息技术有限公司 | 一种存储设备的加密方法、解密方法及存储设备 |
CN110113159A (zh) * | 2019-05-07 | 2019-08-09 | 青岛黄海学院 | 一种物联网加密终端 |
CN110113159B (zh) * | 2019-05-07 | 2020-01-10 | 青岛黄海学院 | 一种物联网加密终端 |
CN110457927A (zh) * | 2019-08-13 | 2019-11-15 | 平顶山学院 | 一种计算机硬盘数据加密方法及其装置 |
CN110581764A (zh) * | 2019-09-16 | 2019-12-17 | 杭州华澜微电子股份有限公司 | 一种硬盘分区加解密***、方法和装置 |
Also Published As
Publication number | Publication date |
---|---|
US10523436B2 (en) | 2019-12-31 |
US20170373851A1 (en) | 2017-12-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017101122A1 (zh) | 管用分离的计算机加密锁 | |
CN106897640B (zh) | 管用分离的计算机加密锁 | |
TWI740409B (zh) | 使用密鑰之身份驗證 | |
US20220078035A1 (en) | Generating an identity for a computing device using a physical unclonable function | |
US20210192090A1 (en) | Secure data storage device with security function implemented in a data security bridge | |
CN103246842B (zh) | 用于验证和数据加密的方法和设备 | |
US20130086385A1 (en) | System and Method for Providing Hardware-Based Security | |
US8423774B2 (en) | Integrity protected smart card transaction | |
JP2022528070A (ja) | 運転中の緊急車両のidの検証 | |
CN103886234A (zh) | 一种基于加密硬盘的安全计算机及其数据安全控制方法 | |
CN203746071U (zh) | 一种基于加密硬盘的安全计算机 | |
CN103415855A (zh) | 大容量存储设备存储器加密方法、***及装置 | |
US20200358613A1 (en) | Improvements in and relating to remote authentication devices | |
CN101916346A (zh) | 可防盗版的电子装置及其防盗版方法 | |
JP7087172B2 (ja) | Pqaロック解除 | |
US20090187770A1 (en) | Data Security Including Real-Time Key Generation | |
US20160277182A1 (en) | Communication system and master apparatus | |
WO2009129017A1 (en) | Methods, apparatus and system for authenticating a programmable hardware device and for authenticating commands received in the programmable hardware device from a secure processor | |
KR101256373B1 (ko) | 장착식 스마트 카드와 메모리 카드를 구비한 유에스비 보안장치 및 그 보안 방법 | |
KR101214899B1 (ko) | 유에스비 보안장치 및 그 보안 방법 | |
EP2575068A1 (en) | System and method for providing hardware-based security | |
CN102236754B (zh) | 数据保密方法以及使用此数据保密方法的电子装置 | |
TWI821052B (zh) | 用來進行儲存裝置的權限管理的電子裝置以及方法 | |
CN103178967A (zh) | 一种空白智能卡激活认证密钥方法及装置 | |
CN110555311A (zh) | 一种基于纯软密码运算的电子签章***安全设计方法及*** |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 15520838 Country of ref document: US |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15910591 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 12.11.2018) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 15910591 Country of ref document: EP Kind code of ref document: A1 |