CN115842628A - Method and device for realizing key processing, computer storage medium and solid state disk - Google Patents

Method and device for realizing key processing, computer storage medium and solid state disk Download PDF

Info

Publication number
CN115842628A
CN115842628A CN202211529312.2A CN202211529312A CN115842628A CN 115842628 A CN115842628 A CN 115842628A CN 202211529312 A CN202211529312 A CN 202211529312A CN 115842628 A CN115842628 A CN 115842628A
Authority
CN
China
Prior art keywords
kek
encryption
random number
hard
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211529312.2A
Other languages
Chinese (zh)
Inventor
顾申
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hefei Datang Storage Technology Co ltd
Original Assignee
Hefei Datang Storage Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hefei Datang Storage Technology Co ltd filed Critical Hefei Datang Storage Technology Co ltd
Priority to CN202211529312.2A priority Critical patent/CN115842628A/en
Publication of CN115842628A publication Critical patent/CN115842628A/en
Pending legal-status Critical Current

Links

Images

Abstract

The embodiment of the invention generates a Key Encryption Key (KEK) and a data encryption key (MEK) by a physical random source, improves the randomness of the initially generated KEK and MEK, and performs mask protection processing on the KEK and the MEK by hard encryption in the processes of generation, storage and use, thereby preventing physical cracking, improving the performance of the KEK and the MEK for resisting side channel attack, and improving the security of key application.

Description

Method and device for realizing key processing, computer storage medium and solid state disk
Technical Field
The present disclosure relates to, but not limited to, information security technologies, and in particular, to a method, an apparatus, a computer storage medium, and a solid state disk for implementing key processing.
Background
With the continuous development of security attack technology, the information security in the data storage field is more and more emphasized. The occurrence of the encrypted hard disk plays a certain role in promoting the safety of data storage; however, with the continuous maturity of attack technologies such as side channels, key Encryption Keys (KEKs) and data Encryption keys (MEK) gradually become available attack targets for attackers; at present, links such as the generation, storage and use of the KEK and the MEK have leakage risks, and how to improve the performance of the KEK and the MEK for resisting side channel attacks and improve the application safety of the KEK and the MEK becomes a problem to be solved.
Disclosure of Invention
The following is a summary of the subject matter described in detail herein. This summary is not intended to limit the scope of the claims.
Embodiments of the present invention provide a method and an apparatus for implementing key processing, a computer storage medium, and a solid state disk, which can improve the performance of a key encryption key and a data encryption key against side channel attacks, and improve the security of key application.
The embodiment of the invention provides a method for realizing key processing, which comprises the following steps:
when a preset packaging instruction is received, generating a first preset value of initial key encryption keys KEK and a second preset value of data encryption keys MEK through a preset physical random source TRNG;
respectively carrying out first hard encryption on each initial KEK through a first random number, and writing all the initial KEKs subjected to the first hard encryption into the one-time programmable password (OTP) memory as first KEKs;
performing second hard encryption on the first KEK sequentially through a second random number and the first random number, and writing the first KEK subjected to the second hard encryption into a Random Access Memory (RAM) for storing a secret key as a second KEK;
performing third hard encryption on the second KEK sequentially through a third random number and the second random number, and writing the second KEK subjected to the third hard encryption into a key buffer as a third KEK;
respectively carrying out symmetric encryption operation on each generated MEK by taking the third KEK as a key, and writing all MEKs subjected to the symmetric encryption operation into the OTP memory as encrypted MEKs;
wherein the first random number is a fixed random number.
On the other hand, an embodiment of the present invention further provides a computer storage medium, where a computer program is stored, and when the computer program is executed by a processor, the method for implementing key processing is implemented.
In another aspect, an embodiment of the present invention further provides a terminal, including: a memory and a processor, the memory having a computer program stored therein; wherein the content of the first and second substances,
the processor is configured to execute the computer program in the memory;
the computer program, when executed by the processor, implements a method of implementing key processing as described above.
In another aspect, an embodiment of the present invention further provides a solid state disk for implementing key processing, where the solid state disk includes: the device comprises a generating unit, a first hard encryption unit, a second hard encryption unit, a third hard encryption unit and an encryption processing unit; wherein the content of the first and second substances,
the generation unit is configured to: when a preset packaging instruction is received, generating a first preset value of initial key encryption keys KEK and a second preset value of data encryption keys MEK through a preset physical random source TRNG;
the first hard encryption unit is configured to: respectively carrying out first hard encryption on each initial KEK through a first random number, and writing all the initial KEKs subjected to the first hard encryption into the OTP memory as first KEKs;
the second hard encryption unit is arranged to: performing second hard encryption on the first KEK sequentially through a second random number and the first random number, and writing the first KEK subjected to the second hard encryption into a Random Access Memory (RAM) for storing a secret key as a second KEK;
the third hard encryption unit is set as: performing third hard encryption on the second KEK sequentially through a third random number and the second random number, and writing the second KEK subjected to the third hard encryption into a key buffer as a third KEK;
the encryption processing unit is configured to: respectively carrying out symmetric encryption operation on each generated MEK by taking the third KEK as a key, and writing all MEKs subjected to the symmetric encryption operation into the OTP memory as encrypted MEKs;
wherein the first random number is a fixed random number.
The technical scheme of the application includes: when a preset packaging instruction is received, generating a first preset value initial Key Encryption Key (KEK) and a second preset value data encryption key (MEK) through a preset physical random source (TRNG); respectively carrying out first hard encryption on each initial KEK through a first random number, and writing all the initial KEKs subjected to the first hard encryption into a one-time programmable password (OTP) memory as first KEKs; performing second hard encryption on the first KEK sequentially by using a second random number and the first random number, and writing the first KEK subjected to the second hard encryption into a Random Access Memory (RAM) for storing a key as a second KEK; performing third hard encryption on the second KEK sequentially through a third random number and the second random number, and writing the second KEK subjected to the third hard encryption into a key buffer as a third KEK; respectively performing symmetric encryption operation on each generated MEK by taking the third KEK as a key, and writing all MEKs subjected to the symmetric encryption operation into the OTP memory as encrypted MEKs; wherein the first random number is a fixed random number. According to the embodiment of the invention, the key encryption key and the data encryption key are generated by the physical random source, the randomness of the initially generated KEK and MEK is improved, the KEK and the MEK are subjected to mask protection processing by hard encryption in the generation, storage and use processes, the physical cracking is prevented, the performance of the KEK and the MEK for resisting side channel attack is improved, and the security of key application is improved.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the example serve to explain the principles of the invention and not to limit the invention.
FIG. 1 is a flow chart of a method for implementing key processing according to an embodiment of the present invention;
fig. 2 is a block diagram of a solid state disk implementing key processing according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an exemplary solid state disk applied in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
The steps illustrated in the flow charts of the figures may be performed in a computer system such as a set of computer-executable instructions. Also, while a logical order is shown in the flow diagrams, in some cases, the steps shown or described may be performed in an order different than here.
Fig. 1 is a flowchart of a method for implementing key processing according to an embodiment of the present invention, as shown in fig. 1, including:
step 101, when a preset packaging instruction is received, generating a first preset value number of initial Key Encryption Keys (KEK) and a second preset value number of data encryption keys (MEK) through a preset physical random source (TRNG);
102, performing first hard encryption on each initial KEK through a first random number respectively, and writing all the initial KEKs subjected to the first hard encryption into a one-time programmable password (OTP) memory as first KEKs;
103, performing second hard encryption on the first KEK sequentially through the second random number and the first random number, and writing the first KEK subjected to the second hard encryption into a Random Access Memory (RAM) for storing a secret key as a second KEK;
step 104, performing third hard encryption on the second KEK sequentially through the third random number and the second random number, and writing the second KEK subjected to the third hard encryption into a key buffer as a third KEK;
step 105, taking the third KEK as a key, performing symmetric encryption operation on each generated MEK respectively, and writing all the symmetrically encrypted MEK as encrypted MEK into the OTP memory;
wherein, the first random number is a fixed random number.
According to the embodiment of the invention, the key encryption key and the data encryption key are generated by the physical random source, the randomness of the initially generated KEK and MEK is improved, the KEK and the MEK are subjected to mask protection processing by hard encryption in the generation, storage and use processes, the physical cracking is prevented, the performance of the KEK and the MEK for resisting side channel attack is improved, and the security of key application is improved.
In an exemplary embodiment, a first preset number of initial KEKs that are subjected to the first hard encryption in the embodiment of the present invention are connected in order to obtain a first KEK.
In an exemplary embodiment, the MEK subjected to the symmetric encryption operation in the embodiment of the present invention are connected in sequence to obtain the encrypted MEK.
In an exemplary embodiment, the first preset value of the embodiment of the present invention may be predetermined by a person skilled in the art; the second preset value can be predetermined by a person skilled in the art according to the use scene of the encrypted MEK;
in an exemplary embodiment, the writing position of the first KEK in the OTP memory and the writing position of the encrypted MEK in the OTP memory may be set by referring to the related art, which is not described herein again.
In an illustrative example, in an embodiment of the present invention, the first hard encryption comprises a first exclusive or operation; the second hard encryption comprises a second exclusive-or operation; the third hard encryption includes a third exclusive-or operation. In one illustrative example, first hard encrypting the first KEK with the second random number and the first random number includes: after the first KEK is subjected to first XOR operation through the second random number, the first KEK subjected to the first XOR operation is subjected to first XOR operation through the first random number; it should be noted that the two first xor operations in the first hard encryption may be the same or different; similarly, the xor operations involved in the second hard encryption processing may be the same or different; the xor operation included in the third hard encryption processing process may be the same or different;
in an exemplary embodiment, the specific algorithms of the first exclusive-or operation, the second exclusive-or operation, and the third exclusive-or operation may be the same or different. In an illustrative example, embodiments of the present invention the first hard encryption, the second hard encryption, and the third hard encryption may include other linear operations besides an exclusive-or operation.
In an exemplary embodiment, the second random number in the embodiment of the present invention is a temporarily generated random number, or a fixed random number.
In an exemplary embodiment, the third random number in the embodiment of the present invention is a temporarily generated random number, or a fixed random number.
In an illustrative example, the symmetric encryption operation in the embodiment of the present invention includes one of the following algorithms: advanced encryption standard Algorithm (AES), national secret algorithm (SM 4), or data encryption standard algorithm (DES).
In an exemplary embodiment, after writing all symmetric encrypted MEK as encrypted MEK into the OTP memory, the method in the embodiment of the present invention further includes:
reading the encrypted MEK and the first KEK from the OTP memory when a preset decapsulation instruction is received;
performing fourth hard encryption on the first KEK sequentially through the first random number and the second random number, and writing the first KEK subjected to the fourth hard encryption into the RAM as a fourth KEK;
performing fifth hard encryption on the fourth KEK sequentially through the second random number and the third random number, and writing the fifth hard-encrypted fourth KEK serving as a fifth KEK into the key buffer;
the obtained fifth KEK is used as a key to carry out decryption operation on the read encrypted MEK so as to obtain a decryption operation result;
and carrying out sixth hard encryption on the decryption operation results of the second preset numerical value sequentially through the second random number and the third random number to obtain the MEK which is written into the RAM and completes decryption.
In an exemplary example, the above processing may be performed by firmware executed in a main control chip of the solid state disk, where the firmware is used to process a key. In an exemplary embodiment, the generation, encapsulation, decapsulation, and the like of the KEK and the MEK according to the embodiment of the present invention are all performed inside the solid state disk main control chip.
The embodiment of the invention also provides a computer storage medium, wherein a computer program is stored in the computer storage medium, and when being executed by a processor, the computer program realizes the method for realizing the key processing.
An embodiment of the present invention further provides a terminal, including: a memory and a processor, the memory having stored therein a computer program; wherein the content of the first and second substances,
the processor is configured to execute the computer program in the memory;
the computer program, when executed by a processor, implements a method of implementing key processing as described above.
Fig. 2 is a block diagram of a solid state disk implementing key processing according to an embodiment of the present invention, as shown in fig. 2, including: the device comprises a generating unit, a first hard encryption unit, a second hard encryption unit, a third hard encryption unit and an encryption processing unit; wherein, the first and the second end of the pipe are connected with each other,
the generation unit is configured to: when a preset packaging instruction is received, generating a first preset value of initial key encryption keys KEK and a second preset value of data encryption keys MEK through a preset physical random source TRNG;
the first hard encryption unit is configured to: respectively carrying out first hard encryption on each initial KEK through a first random number, and writing all the initial KEKs subjected to the first hard encryption into the OTP memory as first KEKs;
the second hard encryption unit is set as: performing second hard encryption on the first KEK sequentially through a second random number and the first random number, and writing the first KEK subjected to the second hard encryption into a Random Access Memory (RAM) for storing a secret key as a second KEK;
the third hard encryption unit is set as: performing third hard encryption on the second KEK sequentially through a third random number and the second random number, and writing the second KEK subjected to the third hard encryption into a key buffer as a third KEK;
the encryption processing unit is configured to: respectively carrying out symmetric encryption operation on each generated MEK by taking the third KEK as a key, and writing all MEKs subjected to the symmetric encryption operation into the OTP memory as encrypted MEKs;
wherein, the first random number is a fixed random number.
In an exemplary embodiment, the second random number in the embodiment of the present invention is a temporarily generated random number, or a fixed random number.
In an exemplary embodiment, the third random number in the embodiment of the present invention is a temporarily generated random number, or a fixed random number.
In an illustrative example, the symmetric encryption operation in the embodiment of the present invention includes one of the following algorithms: advanced encryption standard Algorithm (AES), national secret algorithm (SM 4), or data encryption standard algorithm (DES).
In an illustrative example, the apparatus of the embodiment of the present invention further includes a reading unit and a decryption processing unit; wherein the content of the first and second substances,
the reading unit is configured to: when a preset decapsulation instruction is received, reading the encrypted MEK and the first KEK from the OTP memory;
the second hard encryption unit is further configured to: performing fourth hard encryption on the first KEK sequentially through the first random number and the second random number, and writing the first KEK subjected to the fourth hard encryption into the RAM as a fourth KEK;
the third hard encryption unit is further configured to: performing fifth hard encryption on the fourth KEK sequentially through the second random number and the third random number, and writing the fifth hard-encrypted fourth KEK serving as a fifth KEK into the key buffer;
the decryption processing unit is further configured to: the obtained fifth KEK is used as a key to carry out decryption operation on the read encrypted MEK so as to obtain a decryption operation result; and sequentially carrying out sixth hard encryption on the decryption operation results of the second preset numerical value through the second random number and the third random number to obtain the MEK written into the RAM and completing decryption.
The following briefly describes the embodiments of the present invention by using application examples, which are only used to set forth the embodiments of the present invention and are not used to limit the scope of the embodiments of the present invention.
Application example
Fig. 3 is a schematic structural diagram of an application example of the solid state disk, where the application example of the present invention performs security protection on key generation, key storage, and key usage links in an encrypted solid state disk, so as to reduce a risk of key leakage in a life cycle of the encrypted solid state disk. Specifically, both the KEK and the MEK are generated by a physical random source (TRNG) of a main control chip in the encrypted solid state disk, and do not need to be generated and led in from the outside; after the KEK and the MEK are generated, the KEK and the MEK are encrypted and stored in an OTP memory inside the encrypted solid hard disk; during the use process, the KEK and the MEK are encrypted and stored in a RAM (or a register) for storing a key inside the encryption solid state disk, and the key encryption key KEK is also encrypted and transmitted on a path for transmitting the OTP to the RAM (or the key register); the KEK in the form of the ciphertext participates in the key encapsulation or key decapsulation process of the MEK; the coprocessor (Engine) is used for executing symmetric encryption operation or decryption operation; the application example of the invention is that the key processing of the embodiment of the invention is executed by firmware for processing the key on a main control chip of the solid state disk.
The KEK generation process comprises the following steps:
triggering a physical random source (TRNG) by firmware to generate a true random number (a first preset number of initial KEKs), and performing first hard encryption on the initial KEKs through a first random number (Mask R1) to obtain (KEK R1) to be written into a specified address of the OTP memory for storage; wherein, mask R1 is a fixed random number solidified in the chip;
repeating the processing on the first preset value of initial KEK until the first value of initial KEK is subjected to first hard encryption and stored in the OTP;
and (3) packaging:
the firmware triggers the key encapsulation to start, the main control chip loads the first KEK from the OTP to the RAM for storing the key, and the first KEK is firstly subjected to hard encryption through the Mask R2 in the loading process to obtain the KEK R1 R2, and then hard encryption is carried out on the obtained product through Mask R1 to obtain KEK R2, the above hard encryption process is a processing process of a second hard encryption according to the embodiment of the present invention, and the second hard encryption does not expose the KEK plaintext. Protecting the second KEK after the second hard encryption by a Mask R2, and storing the second KEK into the RAM; the invention is applied to the example, the above-mentioned hard encryption includes but is not limited to exclusive or operation, mask R2 is the random number that is produced temporarily;
the firmware triggers the key loading process, and the main control chip will be protected by the Mask R2 Mask of the second KEK (KEK) R2) is loaded into a buffer (Register) from the RAM, and the hard encryption KEK is firstly carried out through a Mask R3 in the loading process R2 R3, and then hard-encrypted by Mask R2 to obtain a third KEK (KEK) R3), the above hard encryption process is a third hard encryption processing process according to the embodiment of the present invention, and the third hard encryption process does not expose the KEK plaintext. Protecting the KEK after the hard encryption by a Mask R3 Mask and storing the KEK into a Register; the above hard encryption includes, but is not limited to, an exclusive or operation, and Mask R2 is a temporarily generated random number.
The firmware triggers a physical random source (TRNG) to generate MEK with a second preset value and outputs the generated MEK to a coprocessor (Engine);
triggering key encapsulation operation by firmware, using KEK ^ R3 as a key by Engine, and using each MEK as a plaintext to respectively carry out symmetric encryption operation with mask protection;
the firmware reads out the symmetric encryption operation result as encrypted (encrypted) MEK from the register and writes all the encrypted MEK into the OTP memory;
and (3) a decapsulating process:
and starting firmware triggering key decapsulation, loading the first KEK from the OTP to the RAM by the main control chip, carrying out hard encryption by the Mask R2 in the loading process, carrying out hard encryption by the Mask R1 to obtain a fourth KEK, and not exposing a KEK plaintext in the hard encryption process. The above hard encryption process is a fourth hard encryption in the embodiment of the present invention, and the KEK after the fourth hard encryption is protected by a Mask R2 Mask and stored in the RAM; wherein the fourth hard encryption includes, but is not limited to, an exclusive or operation;
and triggering a key loading process by the firmware, automatically loading the fourth KEK into the Register from the RAM by the hardware, firstly carrying out hard encryption through a Mask R3 in the loading process, and then carrying out hard encryption through a Mask R2 to obtain a fifth KEK, wherein the KEK plaintext is not exposed in the hard encryption process. The above-mentioned hard encryption process is the fifth hard encryption in the embodiment of the present invention, and the KEK after the fifth hard encryption is protected by Mask R3 Mask and stored in the Register; wherein the fifth hard encryption includes, but is not limited to, an exclusive or operation;
the firmware reads the encrypted MEK through the symmetric encryption operation from the OTP and outputs the MEK to the Engine;
the firmware triggers the key decapsulation operation, the Engine uses KEK ^ R3 as a key and encrypts MEK as a ciphertext to perform the decryption operation with mask protection;
the firmware reads the decryption operation result with the R3 mask from the register and writes the decryption operation result into the RAM; in the writing process, hard encryption is carried out through a Mask R2, hard encryption is carried out through a Mask R3, and MEK plaintext is not exposed in the hard encryption process; the hard encryption process is the sixth hard encryption in the embodiment of the present invention, and after the sixth hard encryption, the MEK is protected by a Mask R2 Mask and stored in the RAM; wherein the sixth hard encryption includes, but is not limited to, an exclusive or operation.
And repeating the decapsulation process for a second preset number of times according to the actual MEK length until all decrypted MEKs are obtained for use in the subsequent data encryption process.
The application example of the invention considers the whole process of generating, storing and using the secret key, provides the safety protection of the whole life cycle for the secret key, and the life cycle of the secret key is completely arranged in the main control chip of the solid state disk, thereby preventing physical cracking. Mask protection is carried out in the processes of generation, storage and use; the second random number and the third random number may be temporarily generated random numbers; when the second random number and the third random number are temporarily generated random numbers, the key encapsulation and key decapsulation processes can be changed every time, and various side channel attacks can be effectively resisted. The application example improves the data security of the encrypted solid state disk while realizing the basic functions of key encapsulation and key decapsulation.
It will be understood by those of ordinary skill in the art that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.

Claims (10)

1. A method of implementing key processing, comprising:
when a preset packaging instruction is received, generating a first preset value of initial key encryption keys KEK and a second preset value of data encryption keys MEK through a preset physical random source TRNG;
respectively carrying out first hard encryption on each initial KEK through a first random number, and writing all the initial KEKs subjected to the first hard encryption into the one-time programmable password (OTP) memory as first KEKs;
performing second hard encryption on the first KEK sequentially through a second random number and the first random number, and writing the first KEK subjected to the second hard encryption into a Random Access Memory (RAM) for storing a secret key as a second KEK;
performing third hard encryption on the second KEK sequentially through a third random number and the second random number, and writing the second KEK subjected to the third hard encryption into a key buffer as a third KEK;
respectively carrying out symmetric encryption operation on each generated MEK by taking the third KEK as a key, and writing all MEKs subjected to the symmetric encryption operation into the OTP memory as encrypted MEKs;
wherein the first random number is a fixed random number.
2. The method of claim 1, wherein:
the first hard encryption comprises a first exclusive-or operation;
the second hard encryption comprises a second exclusive-or operation;
the third hard encryption comprises a third exclusive OR operation.
3. The method of claim 1, wherein the second random number is a temporarily generated random number or a fixed random number.
4. The method of claim 1, wherein the third random number is a temporarily generated random number or a fixed random number.
5. The method of claim 1, wherein the symmetric encryption operation comprises one of any of the following algorithms: an advanced encryption standard algorithm AES, a national encryption algorithm SM4 or a data encryption standard algorithm DES.
6. The method according to any one of claims 1-5, wherein after writing all MEKs that have undergone a symmetric encryption operation as encrypted MEKs into OTP memory, the method further comprises:
when a preset decapsulation instruction is received, reading the encrypted MEK and the first KEK from the OTP memory;
performing fourth hard encryption on the first KEK sequentially through the first random number and the second random number, and writing the first KEK subjected to the fourth hard encryption into the RAM as a fourth KEK;
performing fifth hard encryption on the fourth KEK sequentially through the second random number and the third random number, and writing the fifth hard-encrypted fourth KEK serving as a fifth KEK into the key buffer;
performing decryption operation on the read encrypted MEK by taking the obtained fifth KEK as a key to obtain a decryption operation result;
and sequentially carrying out sixth hard encryption on the decryption operation results of the second preset numerical value through the second random number and the third random number to obtain the MEK which is written into the RAM and completes decryption.
7. A computer storage medium having stored thereon a computer program which, when executed by a processor, implements a method of implementing key processing according to any one of claims 1-6.
8. A terminal, comprising: a memory and a processor, the memory having a computer program stored therein; wherein, the first and the second end of the pipe are connected with each other,
the processor is configured to execute the computer program in the memory;
the computer program, when executed by the processor, implements a method of implementing key processing as recited in any of claims 1-6.
9. A solid state disk for realizing key processing comprises: the device comprises a generating unit, a first hard encryption unit, a second hard encryption unit, a third hard encryption unit and an encryption processing unit; wherein the content of the first and second substances,
the generation unit is configured to: when a preset packaging instruction is received, generating a first preset value of initial key encryption keys KEK and a second preset value of data encryption keys MEK through a preset physical random source TRNG;
the first hard encryption unit is configured to: respectively carrying out first hard encryption on each initial KEK through a first random number, and writing all the initial KEKs subjected to the first hard encryption into the OTP memory as first KEKs;
the second hard encryption unit is set as: performing second hard encryption on the first KEK sequentially through a second random number and the first random number, and writing the first KEK subjected to the second hard encryption into a Random Access Memory (RAM) for storing a secret key as a second KEK;
the third hard encryption unit is set as: performing third hard encryption on the second KEK sequentially through a third random number and the second random number, and writing the second KEK subjected to the third hard encryption into a key buffer as a third KEK;
the encryption processing unit is configured to: respectively carrying out symmetric encryption operation on each generated MEK by taking the third KEK as a key, and writing all MEKs subjected to the symmetric encryption operation into the OTP memory as encrypted MEKs;
wherein the first random number is a fixed random number.
10. The solid state disk of claim 9, wherein:
the first hard encryption comprises a first exclusive-or operation;
the second hard encryption comprises a second exclusive-or operation;
the third hard encryption comprises a third exclusive OR operation.
CN202211529312.2A 2022-11-30 2022-11-30 Method and device for realizing key processing, computer storage medium and solid state disk Pending CN115842628A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211529312.2A CN115842628A (en) 2022-11-30 2022-11-30 Method and device for realizing key processing, computer storage medium and solid state disk

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211529312.2A CN115842628A (en) 2022-11-30 2022-11-30 Method and device for realizing key processing, computer storage medium and solid state disk

Publications (1)

Publication Number Publication Date
CN115842628A true CN115842628A (en) 2023-03-24

Family

ID=85577595

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211529312.2A Pending CN115842628A (en) 2022-11-30 2022-11-30 Method and device for realizing key processing, computer storage medium and solid state disk

Country Status (1)

Country Link
CN (1) CN115842628A (en)

Similar Documents

Publication Publication Date Title
KR102201062B1 (en) System for generating a cryptographic key from a memory used as a physically unclonable function
JP5306465B2 (en) Pre-calculation of message authentication code applied to secure memory
CN108073353B (en) Data processing method and device
US10176121B2 (en) Apparatus and method for memory address encryption
US9515820B2 (en) Protection against side channels
US8000467B2 (en) Data parallelized encryption and integrity checking method and device
US20170063853A1 (en) Data cipher and decipher based on device and data authentication
CN106688027A (en) PUF and address dependent data encryption
CN105450620A (en) Information processing method and device
US20150288524A1 (en) Methods and systems for glitch-resistant cryptographic signing
KR102397579B1 (en) Method and apparatus for white-box cryptography for protecting against side channel analysis
CN110061968A (en) A kind of file encryption-decryption method based on block chain, system and storage medium
CN106100823B (en) Password protection device
EP2103033B1 (en) Efficient data integrity protection
KR101687492B1 (en) Storing method of data dispersively and credential processing unit
CN115842628A (en) Method and device for realizing key processing, computer storage medium and solid state disk
CN115348083A (en) Firmware encryption and decryption method and device, computer equipment and readable storage medium
EP3832945A1 (en) System and method for protecting memory encryption against template attacks
JP2019121955A (en) Semiconductor device and generating method of encryption key
CN110287708B (en) One-time programmable encryption device and encryption method thereof
CN113660234A (en) Data encryption transmission and decryption method, memory and processor
KR20220000537A (en) System and method for transmitting and receiving data based on vehicle network
CN112583573B (en) SM4 fault attack prevention method and SM4 fault attack prevention device
CN107766725B (en) Template attack resistant data transmission method and system
US20200162113A1 (en) Encryption device and decryption device, and operation method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination