CN105760789A - Protection method for encryption key in encrypted mobile solid-state disk - Google Patents
Protection method for encryption key in encrypted mobile solid-state disk Download PDFInfo
- Publication number
- CN105760789A CN105760789A CN201610092583.4A CN201610092583A CN105760789A CN 105760789 A CN105760789 A CN 105760789A CN 201610092583 A CN201610092583 A CN 201610092583A CN 105760789 A CN105760789 A CN 105760789A
- Authority
- CN
- China
- Prior art keywords
- encryption
- solid state
- hard disc
- state hard
- encryption key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Signal Processing For Digital Recording And Reproducing (AREA)
Abstract
The invention particularly relates to a protection method for an encryption key in an encrypted mobile solid-state disk. According to the protection method for the encryption key in the encrypted mobile solid-state disk, the encryption key in the encrypted mobile solid-state disk is decomposed and output into a UKey to be stored, and the decomposed encryption key stored in the UKey is transmitted back into the encrypted mobile solid-state disk to be restored when the encryption key is used, so that physical separation of the encryption key and protected data is achieved, and the security of the encryption key and the protected data is improved.
Description
Technical field
The present invention relates to field of information security technology, particularly to a kind of guard method encrypting mobile solid state hard disc encryption key.
Background technology
High speed development along with data storage technology, solid state hard disc (SolidStateDrive, it is called for short SSD) owing to possessing the features such as read or write speed is fast, low-power consumption, noiselessness, anti-vibration, low in calories, volume is little, operating temperature range is big, being applied to the field such as military affairs, vehicle-mounted, industrial, medical, aviation, mobile solid state hard disc is also used widely gradually.Nowadays, namely data are core assets, and hard disk, as data shelf space, is the last line of defense of data protection.Cryptographic technique has been acknowledged as the powerful tool most economical, most being to ensure that information security.Encryption solid state hard disc, as the infrastructure device realizing information security storage, also faces increasingly stricter demand for security.
The mobile solid state hard disc of tradition does not have encryption measures, even if having also majority is be stored in after encryption keys in solid state hard disc.Therefore having the drawback that do not have safe encryption measures, even if there being the safeguard protection complexity to encryption key not high, and encryption key ciphertext is stored in same physical medium with protected data, has the risk being cracked, reduces the safety of product.
Based on this, the present invention devises a kind of guard method encrypting mobile solid state hard disc encryption key.
Summary of the invention
The present invention is in order to make up the defect of prior art, it is provided that the guard method of a kind of simple mobile solid state hard disc encryption key of efficient encryption.
The present invention is achieved through the following technical solutions:
A kind of guard method encrypting mobile solid state hard disc encryption key, it is characterised in that comprise the following steps:
(1) management procedure identification is to the mobile solid state hard disc access computer of encryption, and judges whether UKey has accessed computer, and UKey does not access computer and then points out and UKey accesses computer and logs in UKey;
(2) management program reads encryption mobile solid state hard disc, UKey identity code, it is judged that whether be complete information binding between the two, if the information of not carrying out binding, prompting needs both are carried out information binding;
(3) after information binding is confirmed, encryption is moved the random number stored in the encryption key after the built-in cryptographic computation program of solid state hard disc uses the decomposition read from UKey, the mobile solid state hard disc of encryption and is restored encryption key, and by judging that the Hash Value of encryption key determines the correctness of encryption key;
(4) cryptographic computation program that the mobile solid state hard disc of encryption simultaneously is built-in uses newly-generated random number again to be decomposed by encryption key, the new random number for key decomposition is preserved inside the mobile solid state hard disc of encryption, delete the random number being originally intended to key decomposition simultaneously, UKey preserves the encryption key after new decomposition, delete the encryption key after the former decomposition preserved, it is ensured that decompose key and change for one time one.
Described encryption is moved the built-in cryptographic computation program of solid state hard disc and is not supported to read from solid state hard disc, effectively prevent rogue attacks person and steals the probability of protection algorism.
In described step (4), the mobile solid state hard disc of encryption uses the encryption key restored that solid state hard disc input/output data is encrypted/decryption oprerations.
The invention has the beneficial effects as follows: the guard method of solid state hard disc encryption key is moved in this encryption; by the encryption key in mobile for encryption solid state hard disc is decomposed; and output preserves to UKey; it is transmitted back to encrypt in mobile solid state hard disc by the encryption key of the decomposition preserved in UKey when using encryption key and reduces; achieve encryption key and protected data physical separation, improve the safety of encryption key and protected data.
Accompanying drawing explanation
Accompanying drawing 1 encrypts the guard method schematic diagram of mobile solid state hard disc encryption key for the present invention.
Detailed description of the invention
In order to make the technical problem to be solved, technical scheme and beneficial effect clearly understand, below in conjunction with drawings and Examples, the present invention will be described in detail.It should be noted that, specific embodiment described herein is only in order to explain the present invention, it is not intended to limit the present invention.
The guard method of solid state hard disc encryption key is moved in this encryption, comprises the following steps:
(1) management procedure identification is to the mobile solid state hard disc access computer of encryption, and judges whether UKey has accessed computer, and UKey does not access computer and then points out and UKey accesses computer and logs in UKey;
(2) management program reads encryption mobile solid state hard disc, UKey identity code, it is judged that whether be complete information binding between the two, if the information of not carrying out binding, prompting needs both are carried out information binding;
(3) after information binding is confirmed, encryption is moved the random number stored in the encryption key after the built-in cryptographic computation program of solid state hard disc uses the decomposition read from UKey, the mobile solid state hard disc of encryption and is restored encryption key, and by judging that the Hash Value of encryption key determines the correctness of encryption key;
(4) cryptographic computation program that the mobile solid state hard disc of encryption simultaneously is built-in uses newly-generated random number again to be decomposed by encryption key, the new random number for key decomposition is preserved inside the mobile solid state hard disc of encryption, delete the random number being originally intended to key decomposition simultaneously, UKey preserves the encryption key after new decomposition, delete the encryption key after the former decomposition preserved, it is ensured that decompose key and change for one time one.
The cryptographic computation program that described encryption moves solid state hard disc built-in realizes the functions such as key decomposition, key recovery, calculating Hash Value, encryption/deciphering, does not support to read from solid state hard disc, effectively prevent rogue attacks person and steal the probability of protection algorism.
In described step (4), the mobile solid state hard disc of encryption uses the encryption key restored that solid state hard disc input/output data is encrypted/decryption oprerations.
Described management program is run application software on a computer platform, it is achieved the data in UKey are input to the mobile solid state hard disc of encryption, the encryption key after decomposing is input to UKey, judges encryption and move solid state hard disc and the function such as UKey identity information whether binding.
The mobile built-in generating random number function of solid state hard disc of encryption, generates random number for encryption key is decomposed.
Claims (3)
1. the guard method encrypting mobile solid state hard disc encryption key, it is characterised in that comprise the following steps:
(1) management procedure identification is to the mobile solid state hard disc access computer of encryption, and judges whether UKey has accessed computer, and UKey does not access computer and then points out and UKey accesses computer and logs in UKey;
(2) management program reads encryption mobile solid state hard disc, UKey identity code, it is judged that whether be complete information binding between the two, if the information of not carrying out binding, prompting needs both are carried out information binding;
(3) after information binding is confirmed, encryption is moved the random number stored in the encryption key after the built-in cryptographic computation program of solid state hard disc uses the decomposition read from UKey, the mobile solid state hard disc of encryption and is restored encryption key, and by judging that the Hash Value of encryption key determines the correctness of encryption key;
(4) cryptographic computation program that the mobile solid state hard disc of encryption simultaneously is built-in uses newly-generated random number again to be decomposed by encryption key, the new random number for key decomposition is preserved inside the mobile solid state hard disc of encryption, delete the random number being originally intended to key decomposition simultaneously, UKey preserves the encryption key after new decomposition, delete the encryption key after the former decomposition preserved, it is ensured that decompose key and change for one time one.
2. the guard method of the mobile solid state hard disc encryption key of encryption according to claim 1; it is characterized in that: described encryption is moved the built-in cryptographic computation program of solid state hard disc and do not supported to read from solid state hard disc, effectively prevent rogue attacks person and steals the probability of protection algorism.
3. the guard method of the mobile solid state hard disc encryption key of encryption according to claim 1; it is characterized in that: in described step (4), the mobile solid state hard disc of encryption uses the encryption key restored that solid state hard disc input/output data is encrypted/decryption oprerations.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610092583.4A CN105760789A (en) | 2016-02-19 | 2016-02-19 | Protection method for encryption key in encrypted mobile solid-state disk |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610092583.4A CN105760789A (en) | 2016-02-19 | 2016-02-19 | Protection method for encryption key in encrypted mobile solid-state disk |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105760789A true CN105760789A (en) | 2016-07-13 |
Family
ID=56330177
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610092583.4A Pending CN105760789A (en) | 2016-02-19 | 2016-02-19 | Protection method for encryption key in encrypted mobile solid-state disk |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105760789A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107590398A (en) * | 2017-09-26 | 2018-01-16 | 北京旅之星业新技术有限公司 | A kind of off line had both ruined the encryption safe storage method and device of key |
| CN108537048A (en) * | 2018-03-13 | 2018-09-14 | 山东超越数控电子股份有限公司 | A kind of security association methods and system of encryption solid state disk and authorization computer |
| WO2019080112A1 (en) * | 2017-10-27 | 2019-05-02 | 福建联迪商用设备有限公司 | Ukey-based software decryption method and terminal |
| CN110210259A (en) * | 2019-06-05 | 2019-09-06 | 深圳忆联信息系统有限公司 | A kind of data guard method and its system of solid state hard disk |
| CN110298186A (en) * | 2019-07-02 | 2019-10-01 | 北京计算机技术及应用研究所 | A kind of non-key data encipher-decipher method based on dynamic reconfigurable crypto chip |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101853220A (en) * | 2009-04-02 | 2010-10-06 | 同方股份有限公司 | Mobile storage device with key removal and storage mechanism |
| CN102053925A (en) * | 2009-11-04 | 2011-05-11 | 许燕 | Realization method of data encryption in hard disk |
| US20120076299A1 (en) * | 2010-09-23 | 2012-03-29 | Oliver Koemmerling | Method for the encrypted transmission of data from a mobile date storage device to a stationary device as well as data encryption adapter |
| CN102508791A (en) * | 2011-09-28 | 2012-06-20 | 梁守龙 | Method and device for encrypting hard disk partition |
| CN102508792A (en) * | 2011-09-30 | 2012-06-20 | 广州尚恩科技有限公司 | Method for realizing secure access of data in hard disk |
| CN103678309A (en) * | 2012-09-03 | 2014-03-26 | 许丰 | Intelligent indexing navigation system |
| CN104200156A (en) * | 2014-08-27 | 2014-12-10 | 山东超越数控电子有限公司 | Trusted cryptosystem based on Loongson processor |
| CN104615942A (en) * | 2015-02-25 | 2015-05-13 | 山东超越数控电子有限公司 | Solid-state drive encryption key generation method |
| CN104639332A (en) * | 2015-02-25 | 2015-05-20 | 山东超越数控电子有限公司 | Protective method for solid-state disk encryption key |
| CN104951409A (en) * | 2015-06-12 | 2015-09-30 | 中国科学院信息工程研究所 | System and method for full disk encryption based on hardware |
-
2016
- 2016-02-19 CN CN201610092583.4A patent/CN105760789A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101853220A (en) * | 2009-04-02 | 2010-10-06 | 同方股份有限公司 | Mobile storage device with key removal and storage mechanism |
| CN102053925A (en) * | 2009-11-04 | 2011-05-11 | 许燕 | Realization method of data encryption in hard disk |
| US20120076299A1 (en) * | 2010-09-23 | 2012-03-29 | Oliver Koemmerling | Method for the encrypted transmission of data from a mobile date storage device to a stationary device as well as data encryption adapter |
| CN102508791A (en) * | 2011-09-28 | 2012-06-20 | 梁守龙 | Method and device for encrypting hard disk partition |
| CN102508792A (en) * | 2011-09-30 | 2012-06-20 | 广州尚恩科技有限公司 | Method for realizing secure access of data in hard disk |
| CN103678309A (en) * | 2012-09-03 | 2014-03-26 | 许丰 | Intelligent indexing navigation system |
| CN104200156A (en) * | 2014-08-27 | 2014-12-10 | 山东超越数控电子有限公司 | Trusted cryptosystem based on Loongson processor |
| CN104615942A (en) * | 2015-02-25 | 2015-05-13 | 山东超越数控电子有限公司 | Solid-state drive encryption key generation method |
| CN104639332A (en) * | 2015-02-25 | 2015-05-20 | 山东超越数控电子有限公司 | Protective method for solid-state disk encryption key |
| CN104951409A (en) * | 2015-06-12 | 2015-09-30 | 中国科学院信息工程研究所 | System and method for full disk encryption based on hardware |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107590398A (en) * | 2017-09-26 | 2018-01-16 | 北京旅之星业新技术有限公司 | A kind of off line had both ruined the encryption safe storage method and device of key |
| WO2019080112A1 (en) * | 2017-10-27 | 2019-05-02 | 福建联迪商用设备有限公司 | Ukey-based software decryption method and terminal |
| CN108537048A (en) * | 2018-03-13 | 2018-09-14 | 山东超越数控电子股份有限公司 | A kind of security association methods and system of encryption solid state disk and authorization computer |
| CN110210259A (en) * | 2019-06-05 | 2019-09-06 | 深圳忆联信息系统有限公司 | A kind of data guard method and its system of solid state hard disk |
| CN110298186A (en) * | 2019-07-02 | 2019-10-01 | 北京计算机技术及应用研究所 | A kind of non-key data encipher-decipher method based on dynamic reconfigurable crypto chip |
| CN110298186B (en) * | 2019-07-02 | 2021-04-06 | 北京计算机技术及应用研究所 | Non-key data encryption and decryption method based on dynamic reconfigurable cipher chip |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9811478B2 (en) | Self-encrypting flash drive | |
| CN204595860U (en) | A kind of memory device encryption bridge | |
| CN105760789A (en) | Protection method for encryption key in encrypted mobile solid-state disk | |
| US20130145171A1 (en) | Method and system for secure data access among two devices | |
| CN104834868A (en) | Electronic data protection method, device and terminal equipment | |
| CN101582109A (en) | Data encryption method and device, data decryption method and device and solid state disk | |
| US9288054B2 (en) | Method and apparatus for authenticating and managing application using trusted platform module | |
| CN103427984A (en) | Apparatus for generating secure key using device ID and user authentication information | |
| WO2013148052A1 (en) | Systems and methods for secure third-party data storage | |
| CN104012030A (en) | Systems and methods for protecting symmetric encryption keys | |
| KR20110020326A (en) | Method of generating and using security universal serial bus, and program recording media for generating security universal serial bus | |
| CN102156843B (en) | Data encryption method and system as well as data decryption method | |
| CN104639332A (en) | Protective method for solid-state disk encryption key | |
| CN104901810A (en) | Data encrypted storage method based on domestic cryptographic algorithm | |
| CN108537048B (en) | Security association method and system for encrypted solid state disk and authorized computer | |
| CN107092836A (en) | A kind of data guard method and device based on system encryption | |
| US8462948B2 (en) | System and method for protecting data of mobile phone | |
| CN103207976B (en) | Mobile storage file prevents the method for divulging a secret and the secret USB flash disk based on the method | |
| CN111177773A (en) | Full disk encryption and decryption method and system based on network card ROM | |
| CN102480353A (en) | Method of password authentication and secret key protection | |
| CN203720848U (en) | Hard disk encryption device based on AES (advanced encryption standard) algorithm | |
| CN104504310A (en) | Method and device for software protection based on shell technology | |
| CN101692266A (en) | Method of intensively encrypting and protecting files by using hidden partition (HPA) and CPU ID | |
| WO2014153312A1 (en) | Methods and apparatuses for securing tethered data | |
| CN104715206A (en) | Data security protection method for mobile storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160713 |
|
| RJ01 | Rejection of invention patent application after publication |