GB2541975B - Data protection device and data protection method thereof - Google Patents

Data protection device and data protection method thereof Download PDF

Info

Publication number
GB2541975B
GB2541975B GB1610965.4A GB201610965A GB2541975B GB 2541975 B GB2541975 B GB 2541975B GB 201610965 A GB201610965 A GB 201610965A GB 2541975 B GB2541975 B GB 2541975B
Authority
GB
United Kingdom
Prior art keywords
digital signature
random number
data protection
protection device
message digest
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
GB1610965.4A
Other versions
GB2541975A (en
GB201610965D0 (en
Inventor
Hsu Wen-Jui
Hewson Peter
Cuong Tran Jimmy
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wistron Neweb Corp
Original Assignee
Wistron Neweb Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wistron Neweb Corp filed Critical Wistron Neweb Corp
Publication of GB201610965D0 publication Critical patent/GB201610965D0/en
Publication of GB2541975A publication Critical patent/GB2541975A/en
Application granted granted Critical
Publication of GB2541975B publication Critical patent/GB2541975B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator

Description

DATA PROTECTION DEVICE AND DATA PROTECTION METHOD THEREOF
CROSS REFERENCE TO RELATED APPLICATIONS
[0001] This application claims the benefit of priority from an application of Taiwan Patent Application No. 104128766 filed on Sep. 01, 2015, the entirety of which is incorporated by reference herein.
BACKGROUND
Technical Field [0002] The disclosure relates to a data protection device capable of protecting transmission data, and in particular to a data protection device capable of using keys to protect data.
Description of the Related Art [0003] The most common methods for verifying user information include generating keys or digital signatures by encryption and decryption to provide four secure assurances: confidentiality, authentication, integrity, and non-repudiation for protecting user information and preventing forgery and falsification.
[0004] Conventionally, key encryption used by the verification device for user information includes symmetric encryption and asymmetric encryption. The keys in encryption and decryption of symmetric encryption are the same, so that the receiver and transmitter have the same key. Each user of the asymmetric encryption has a public key and a private key, and the message is encrypted by the private key and decrypted by the public key. The public key can be widely released, and the private key must be preserved by the user. Using different kinds of key encryption verification devices has both advantages and disadvantages. Due to the high usage of card-based transactions and the high number and variety of verification organizations across all fields, an efficient and universal safety verification system must be established.
SUMMARY
[0005] A detailed description is given in the following embodiments with reference to the accompanying drawings.
[0006] The present invention provides a data protection device capable of communicating with a remote data protection device. The data protection device includes a communication device, a random number generation device, an encryption database and a processor. The communication device transmits and receives data. The random number generation device generates a first random number. The encryption database stores a first public key and a first private key, wherein the first public key corresponds to the remote data protection device, and the first private key corresponds to the data protection device. The processor is coupled to the random number generation device, the encryption database and the communication device, wherein the processor combines the instruction data sector and the first random number to produce a first message digest, performs a digital signature encryption algorithm by using the first random number to encode the first message digest to obtain a first interim digital signature, performs the digital signature encryption algorithm again by using the first private key to encode the first interim digital signature to obtain a first digital signature, combines the instruction data sector, the first random number and the first digital signature to produce instruction information, and enables the communication device to transmit the instruction information to the remote data protection device.
[0007] The present invention further provides a data protection device capable of communicating with a remote data protection device. The data protection device includes a communication device, an encryption database, and a processor. The communication device receives instruction information from the remote data protection device, wherein the instruction information includes an instruction data sector, a first random number and a first digital signature. The encryption database stores a first public key and a first private key, wherein the first public key corresponds to the remote data protection device, and the first private key corresponds to the data protection device. The processor is coupled to the encryption database and the communication device, the processor uses the first public key to perform a digital signature decryption algorithm on the first digital signature to obtain a first interim digital signature, combines the instruction data sector and the first random number to produce a first message digest, uses the first random number to perform a digital signature encryption algorithm on the first message digest to obtain a second interim digital signature, and determines the first interim digital signature and the second interim digital signature are the same to verify the instruction information.
[0008] (Cancelled) [0009] Moreover, the present invention provides a data protection method applied to a data protection device having a first public key and a first private key, wherein the first public key corresponds to a remote data protection device, and the first private key belongs to the data protection device. The data protection method includes: generating a first random number; combining an instruction data sector and the first random number to produce a first message digest; using the first random number to perform a digital signature encryption algorithm on the first message digest to obtain a first interim digital signature; using the first private key to perform the digital signature encryption algorithm again on the first interim digital signature to obtain a first digital signature; combining the instruction data sector, the first random number and the first digital signature to produce instruction information; and transmitting the instruction information to the remote data protection device.
BRIEF DESCRIPTION OF THE DRAWINGS
The disclosure may be more fully understood by reading the subsequent detailed description and examples with references made to the accompanying drawings, wherein: [0010] Fig. 1 is a schematic diagram of a data protection device in accordance with some embodiments of the present disclosure; [0011] Fig. 2 is a schematic diagram of a data protection system in accordance with some embodiments of the present disclosure; [0012] Figs. 3A-3B are schematic diagrams of message digest of instruction in accordance with some embodiments of the present disclosure; [0013] Figs. 4A-4B are schematic diagrams of combining instruction data sector and message digest in accordance with some embodiments of the present disclosure; [0014] Fig. 5A and Fig. 6A are schematic diagrams of digital signature for instructing in accordance with some embodiments of the present disclosure; [0015] Figs. 5B-5C and Figs. 6B-6C are schematic diagrams of transition digital signature in accordance for instructing with some embodiments of the present disclosure; [0016] Fig. 7 is a schematic diagram of instruction information in accordance with some embodiments of the present disclosure; some embodiments of the present disclosure; [0017] Figs. 8A-8B are schematic diagrams of message digest of response in accordance with some embodiments of the present disclosure; [0018] Figs. 9A-9B are schematic diagrams of combining response data sector and message digest in accordance with some embodiments of the present disclosure; [0019] Fig. 10A and Fig. 11A are schematic diagrams of digital signature for responding in accordance with some embodiments of the present disclosure; [0020] Figs. 10B-10C and Figs. 11B-11C are schematic diagrams of transition digital signature for responding in accordance for instructing with some embodiments of the present disclosure; [0021] Fig. 12 is a schematic diagram of response information in accordance with some embodiments of the present disclosure; [0022] Figs. 13A-13B are a flowchart of a data protection method according to an embodiment of the present invention; and [0023] Figs. 14A-14B is a flowchart of a data protection method according to an embodiment of the present invention.
DETAILED DESCRIPTION
[0024] The following description is of the best-contemplated mode of carrying out the invention. This description is made for the purpose of illustrating the general principles of the invention and should not be taken in a limiting sense. The scope of the invention is best determined by reference to the appended claims.
[0025] Fig. 1 is a schematic diagram of a data protection device in accordance with some embodiments of the present disclosure. The data protection device 100 includes a communication device 102, a random number generation device 104, an encryption database 106 and a processor 108. The data protection device 100 is arranged to communicate with a remote data protection device. It should be noted that, in some embodiments, the data protection device 100 can be regarded as the remote data protection device. For example, the data protection device 100 is the remote data protection device for another data protection device that is communicating with the data protection device 100. The communication device 102 is arranged to transmit data to the remote data protection device, and receive data from the remote data protection device. For example, the communication device 102 communicates with the remote data protection device through a wireless interface or a wired interface, such as 3G, 4G, optical fiber or microwave, etc., but it is not limited thereto, communication device 102 is a WAN (Wide Area Network) module having at least one antenna and a controller arranged to control the antenna.
[0026] The random number generation device 104 is arranged to generate different random numbers, wherein the random number has a random number sequence with a predetermined length. In one embodiment, the random number generation device 104A can be a hardware circuit having a plurality of logic gates, wherein the random number generation device 104A produces random numbers by the combination of logic gates. In another embodiment, the random number generation device 104A can be a processor configured to generate random number by software program code.
[0027] The encryption database 106 is arranged to store a plurality of public keys ΡΒΚ0-ΡΒΚΝ and a private key PRK, wherein each of the public keys ΡΒΚ0-ΡΒΚΝ corresponds to different remote data protection devices, and the first private key PRK corresponds to the data protection device 100. More specifically, the data protection device 100 has a unique public key PBK and a unique private key PRK, the public key PBK is arranged to decrypt the data encrypted by the private key PRK. The private key PRK is stored in the data protection device 100A for encrypting the data of the data protection device 100A. The public key PBK is arranged to be stored in the remote data protection devices for decrypting the data received from the data protection device 100. Namely, each of the public keys PBKO-PBKN of the encryption database 106 corresponds to a specific remote data protection device and is arranged to decrypt the data received from the specific remote data protection device. In this embodiment, the encryption database 106 further includes an encryption/decryption circuit 1062A and a storage device 1064A. The encryption/decryption circuit 1062A is a hardware circuit having a plurality of logic gates, wherein the encryption/decryption circuit 1062A is arranged to encrypt the data received from the processor 108A to store the encrypted data into the storage device 1064A, and decrypt the data retrieved from the storage device 1064A to transmit the decrypted data to the processor 108A.
[0028] The processor 108 is coupled to the random number generation device 104, the encryption database 106 and the communication device 102. The processor 108 is configured to enable and process the random number generation device 104, the encryption database 106 and the communication device 102. For example, the processor 108 may include a computing unit, a non-volatile memory (ROM) and a random access memory (RAM). The program code stored in the non-volatile memory and data stored in the nonvolatile memory constitute firmware executed by the computing unit, the processor 108 controls and processes the random number generation device 104, the encryption database 106 and the communication device 102.
[0029] Fig. 2 is a schematic diagram of a data protection system in accordance with some embodiments of the present disclosure. Fig. 2 shows a data protection device 100A and a remote data protection device 100B arranged to communicate with each other, wherein the construction of the data protection device 100 A and the remote data protection device 100B are the same as the data protection device 100 shown in FIG. 1. In contrast, the data protection device 100A is the remote data protection device with respect to the data protection device 100B. The encryption database 106A of the data protection device 100A stores the private key PRK A of the data protection device 100A and the public key PBK B of the data protection device 100B. The encryption database 106B of the data protection device 100B stores the private key PRKB of the data protection device 100B and the public key PBK A of the data protection device 100 A.
[0030] In one embodiment, the data protection device 100A has to transmit an instruction data sector to the data protection device 100B for enabling the data protection device 100B to perform a specific operation. In this embodiment, the processor 108A produces a random number RN1 using the random number generation device 104A. Next, the processor 108A combines an instruction data sector CMDDATA and the random number RN1 to produce a message digest DI with a predetermined length as shown in FIG. 3A. In one embodiment, the random number RN1 may be arranged in front of the instruction data sector CMD DATA to constitute the message digest DI, or the random number RN1 can be inserted into the instruction data sector CMD DATA in a predetermined order to constitute the message digest DI. In another embodiment to obtain a message digest DI , as shown in 4A, the processor 108A combines the instruction data sector CMD DATA and the random number RN1 to produce a combined instruction data sector CBCMD. The message digest DI defines a predetermined length, such like 32 bytes or 128 bytes. Next, the processor 108A performs a hash algorithm on the combined instruction data sector CBCMD to obtain the message digest DI. The length of the output data of the hash algorithm can be freely set, so that the length of the message digest DI can be predetermined, such like 64 bytes, to increase the freedom of design.
[0031] After obtaining the message digest DI, the processor 108A uses the random number RN1 and the private key PRK A to perform an encryption algorithm to encode the message digest DI for obtaining a digital signature SN1. In one embodiment, as shown in FIG. 5 A, the processor 108A uses the random number RN1 to perform a digital signature encryption algorithm DSAEN on the message digest DI to obtain an interim digital signature SN INT1, then uses the private key PRK A to perform the digital signature encryption algorithm DSA EN on the interim digital signature SN INT1 again to obtain the digital signature SN1, but it is not limited thereto. In another embodiment to obtain a digital signature SN1, as shown in FIG. 6A, the processor 108A uses the private key PRK A to perform a digital signature encryption algorithm DSA EN on the message digest DI to obtain an interim digital signature SN INT1, then uses the random number RN1 to perform the digital signature encryption algorithm DSA EN again on the interim digital signature SN_INT1 to obtain the digital signature SN1.
[0032] After obtaining the digital signature SN1, the processor 108A combines the instruction data sector CMDDATA, the random number RN1 and the digital signature SN1 to produce instruction information CMI, as shown in FIG. 7. In other embodiments, the processor 108A can also combines the instruction data sector CMD DATA, the random number RN1 and the digital signature SN1 in a different sequence to constitute the instruction information CMI. Next, the processor 108A enables the communication device 102A to transmit the instruction information CMI to the data protection device 100B.
[0033] When the communication device 102B of the data protection device 100B receives the instruction information CMI from the data protection device 100A, the processor 108B retrieves the instruction data sector CMD DATA, the random number RN1 and the digital signature SN1 from the instruction information CMI. Next, the processor 108B performs a digital signature decryption algorithm DSA DE to decode the digital signature SN1 of the instruction information CMI to obtain the interim digital signature SN INT1’. It should be noted that the digital signature SN1 of FIG. 5B is produced by the process of FIG. 5 A. As shown in FIG. 5B, the processor 108B uses the public key PBK A stored in the encryption database 106B to perform a digital signature decryption algorithm DSADE to decrypt the digital signature SN1 of the instruction information CMI to obtain an interim digital signature SN INTl’. In another embodiment to obtain an interim digital signature SN INTl’, based on the digital signature SN1 produced by the process of FIG. 6A, the processor 108B uses the random number RN1 to perform the digital signature decryption algorithm DSA DE on the digital signature SN1 of the instruction information CMI to obtain an interim digital signature SN INTl’, as shown in FIG. 6B.
[0034] Next, the processor 108B produces a message digest DI’ according to the instruction data sector CMDDATA and the random number RN1, which are retrieved from the received instruction information CMI. Based on the message digest DI of the embodiment shown in FIG. 3A, the processor 108B directly combines the instruction data sector CMD DATA and the random number RN1 to produce the message digest DI’, as shown in FIG. 3B. It should be noted that the method used by the processor 100B of the data protection device 100B to combine the instruction data sector CMD DATA and the random number RN1 has to be the same as the method used by the processor 108 A of the data protection device 100A to combine instruction data sectors and random numbers. Based on the message digest DI of the embodiment shown in FIG. 4A, the processor 108B combines the instruction data sector CMD DATA and the random number RN1, which are retrieved from the instruction information CMI to produce a combined instruction data sector CBCMD’, and performs a hash algorithm on the combined instruction data sector CBCMD’ to obtain the message digest DI’, as shown in 4B. It should be noted that the combination sequence of FIG. 4B is the same as FIG. 4A. More specifically, the decryption and encryption of the processor 108A and the processor 100B can be predetermined or defined by the specific bits in the header of the data packet.
[0035] Next, the processor 108B performs the digital signature encryption algorithm DSAEN on the obtained message digest DE to obtain an interim digital signature SN INT1”. It should be noted that, based on the digital signature SN1 obtained in FIG. 5 A, the processor 108B uses the random number RN1 of the instruction information CMI to perform the digital signature encryption algorithm DSA EN on the obtained message digest DE to obtain the interim digital signature SN INT1”, as shown in FIG. 5C. In another embodiment to obtain an interim digital signature SN INT1”, based on the digital signature SN1 obtained in FIG. 6A, the processor 108B uses the public key PBK A stored in the encryption database 106B to perform the digital signature encryption algorithm DSA EN on the obtained message digest DE to obtain the interim digital signature SN_INT1”, as shown in FIG. 6C.
[0036] In the final step, the processor 108B determines whether the interim digital signature SN_INT1’ and the interim digital signature SN_INT1” are the same to verify the instruction information CMI. If the instruction information CMI received by the data protection device 100B is not transmitted by the data protection device 100A having the private key PRK A, the digital signature of the private key used to encrypt the instruction information CMI will not be the same as the public key that is stored in the data protection device 100B and corresponds to the data protection device 100A. Therefore, the obtained interim digital signature SN_INT1’ and the obtained interim digital signature SN_INT1” will not be the same.
[0037] When the instruction information CMI is verified, i.e., the interim digital signature SN_INT1’ and the interim digital signature SN_INT1” are the same, the processor 108B performs the corresponding operation or produces the corresponding response according to the received instruction data sector CMD DATA. When the processor 108B has to transmit a response data sector RSP DATA corresponding to the instruction data sector CMD DATA to the data protection device 100A, the processor 108B combines the response data sector RSPDATA corresponding to the instruction data sector CMD DATA and the random number RN1 of instruction information CMI to produce a message digest D2 with a predetermined length. In one embodiment, as shown in FIG. 8A, the processor 108B directly combines the response data sector RSP DATA and the random number RN1 of the instruction information CMI to obtain the message digest D2, but as previously described, the combination sequence is not limited thereto. In another embodiment, as shown in FIG. 9A, the processor 108A further combines the response data sector RSP DATA and the random number RN1 of the instruction information CMI to produce a combined response data sector CBRSP. Next, the processor 108B performs the hash algorithm on the combined response data sector CB RSP to obtain the message digest D2.
[0038] After obtaining the message digest D2, the processor 108B uses the random number RN1 of the instruction information CMI and the private key PRKB to perform an encryption algorithm on the message digest D2 to obtain a digital signature SN2. In one embodiment, as shown in FIG. 10A, the processor 108B uses the random number RN1 to perform a digital signature encryption algorithm DSA EN (DSA) on the message digest D2 to obtain an interim digital signature SN INT2, then uses the private key PRK B to perform the digital signature encryption algorithm DSA EN again on the interim digital signature SN INT2 to obtain a digital signature SN2. In another embodiment to obtain a digital signature SN2, as shown in FIG. 11 A, the sequence of performing the digital signature encryption algorithm DSA_EN is reversed.
[0039] After obtaining the digital signature SN2, the processor 108B combines the response data sector RSP DATA, the random number RN1 and the digital signature SN2 to produce response information RPI, as shown in FIG. 12. In other embodiments, the processor 108B further combines the response data sector RSPDATA, the random number RN1 and the digital signature SN2 in a different sequence to constitute the response information RPI. Next, the communication device 102B transmits the response information RPI to the data protection device 100A.
[0040] When the communication device 102A of the data protection device 100A receives the response information RPI from the data protection device 100B, the processor 108B retrieves the response data sector RSP DATA, the random number RN1 and the digital signature SN2 from the response information RPI. Next, the processor 108A performs a digital signature decryption algorithm DSA DE on the digital signature SN2 of the response information RPI to obtain an interim digital signature SN INT2. It should be noted that, based on the digital signature SN2 obtained in FIG. 10A, the processor 108A uses the public key PBK B stored in the encryption database 106A to perform a digital signature decryption algorithm DSA DE on the digital signature SN2 of the response information RPI to obtain an interim digital signature SN INT2’, as shown in FIG. 10B. In another embodiment to obtain an interim digital signature SN INT2’, based on the digital signature SN2 obtained in FIG. 11 A, the processor 108A uses the random number RN1 retrieved from the response information RPI to perform the digital signature decryption algorithm DSA DE on the digital signature SN2 of the response information RPI to obtain the interim digital signature SN INT2’, as shown in FIG. 1 IB.
[0041] Next, the processor 108A produces a message digest D2’ according to the response data sector RSP DATA and the random number RN1 of the response information RPI. Based on the message digest D2 obtained by the embodiment of FIG. 8A, the processor 108A combines the response data sector RSP DATA and the random number RN1 to produce the message digest D2’, as shown in FIG. 8B. In another embodiment to obtain a message digest D2’, based on the message digest D2 obtained by the embodiment of FIG. 9A, the processor 108A combines the response data sector RSP DATA and the random number RN1 of the response information RPI to produce a combined response data sector CB RSP’, and performs a hash algorithm on the combined response data sector CB RSP’ to obtain the message digest D2’, as shown in FIG. 9B. It should be noted that the method of combining the response data sector RSP DATA and the random number RN1 of the response information RPI has to be the same as the combination method of the processor 108B of the data protection device 100B.
[0042] Next, the processor 108A performs the digital signature encryption algorithm DSA EN on the obtained message digest D2’ to obtain an interim digital signature SN_INT2”. It should be noted that, based on the digital signature SN2 obtained by the embodiment of FIG. 10A, the processor 108A uses the random number RN1 of the response information RPI to perform the digital signature encryption algorithm DSA EN on the obtained message digest D2’ to obtain the interim digital signature SN INT2”, as shown in FIG. 10C. In another embodiment to obtain an interim digital signature SN_INT2”, based on the digital signature SN2 obtained by the embodiment of FIG. 11A, the processor 108A uses the public key PBK B stored in the encryption database 106A to perform the digital signature encryption algorithm DSA EN on the obtained message digest D2’ to obtain the interim digital signature SN INT2”, as shown in FIG. 11C.
[0043] Lastly, the processor 108A determines whether the interim digital signature SN_INT2’ and the interim digital signature SN_INT2” are the same to verify the response information RPI. Namely, when the response information RPI received by the data protection device 100A is not transmitted by the data protection device 100B having the private key PRK B, the private key used to encrypt the digital signature of the response information RPI is different from the public key that corresponds to the data protection device 100B and is stored in the data protection device 100A. Therefore, the obtained interim digital signature SN_INT2’ and the obtained interim digital signature SN_INT2” are different. In another embodiment, the processor 108A further determines whether the random number of the response information RPI and the random number used to produce the instruction information CMI by the processor 108A are the same. When the random number of the response information RPI and the random number used by the processor 108A to produce the instruction information CMI are the same, the processor 108A determines that the response information RPI is transmitted in response to the instruction information CMI. If the data protection device 100B does not receive the instruction information CMI, the data protection device 100B cannot produce the response information RPI by using the random number of the instruction information CMI. Therefore, the processor 108A can determine whether the response information RPI is transmitted in response to the instruction information CMI according to the random number of the response information RPI.
[0044] It should be noted that, in one embodiment, the instruction data sector and the response data sector have a predetermined length that is 200 bytes; the random number has a predetermined length that is 8 bytes, the message digest has a predetermined length that is 70 bytes, and the digital signature has a predetermined length that is 70-80 bytes, wherein the instruction data sector, the response data sector, the random number, the message digest and the digital signature are hexadecimal, but it is not limited thereto.
[0045] Fig. 13 is a flowchart of a data protection method according to an embodiment of the present invention. The data protection method is applied to the data protection device 100 of FIG. 1, and based on the data protection device 100A of FIG. 2 as the example. In this embodiment, the data protection device 100A is required to transmit an instruction data sector to the data protection device 100B to enable the data protection device 100B to perform specific operations or specific responses, and receive the response information from the data protection device 100B. The process starts at step S1300.
[0046] In step SI300, the processor 108A enables the random number generation device 104A to produce a random number RN1.
[0047] Next, in step SI302, the processor 108A produces an message digest DI with a predetermined length according to the instruction data sector CMD DATA and a random number RN1. In one embodiment, as shown in FIG. 3A, the processor 108A can directly combine the instruction data sector CMD DATA and the random number RN1 to obtain the message digest DI. In another embodiment to obtain a message digest DI, as shown in 4A, the processor 108A combines the instruction data sector CMD DATA and the random number RN1 to produce a combined instruction data sector CB CMD. Next, the processor 108A performs a hash algorithm on the combined instruction data sector CB CMD to obtain the message digest DI.
[0048] Next, in step SI304, the processor 108A uses the random number RN1 and the private key PRK A to perform an encryption algorithm on the message digest DI to obtain a digital signature SN1. In one embodiment, as shown in FIG. 5 A, the processor 108A uses the random number RN1 to perform a digital signature encryption algorithm DSAEN on the message digest DI to obtain an interim digital signature SN INTl, then uses the private key PRK A to perform the digital signature encryption algorithm DSA EN on the interim digital signature SN INTl again to obtain the digital signature SN1. In another embodiment to obtain an interim digital signature SN INTl, as shown in FIG. 6A, the processor 108A uses the private key PRK A to perform a digital signature encryption algorithm DSA EN on the message digest DI to obtain an interim digital signature SN INTl, then uses the random number RN1 to perform the digital signature encryption algorithm DSA EN again on the interim digital signature SN INTl to obtain the digital signature SN1.
[0049] Next, in step SI306, the processor 108A combines the instruction data sector CMD DATA, the random number RN1 and the digital signature SN1 to produce instruction information CMI, as shown in FIG. 7. In other embodiments, the processor 108A can also combines the instruction data sector CMD DATA, the random number RN1 and the digital signature SN1 in a different sequence to constitute the instruction information CMI.
[0050] Next, in step SI308, the processor 108A enables the communication device 102A to transmit the instruction information CMI to the data protection device 100B.
[0051] Next, in step S1310, the processor 108 A determines whether the communication device 102A receives response information RPI in a predetermined period. When the communication device 102A receives response information RPI in the predetermined period, the process goes to step S1312, otherwise, the process ends at step S1310. It should be noted that the predetermined period is determined based on the kind of instructions. Namely, the designer can determine the predetermined period according to an estimated time of the response or an estimated time of operations corresponding to the instruction.
[0052] In step S1312, the processor 108B obtains the response data sector RSP DATA, the random number RN1 and the digital signature SN2 from the response information RPI.
[0053] Next, in step S1314, the processor 108A performs a digital signature decryption algorithm DSADE on the digital signature SN2 of the response information RPI to obtain an interim digital signature SN INT2’. It should be noted that, in one embodiment, the processor 108A uses the public key PBK B stored in the encryption database 106A to perform a digital signature decryption algorithm DSA DE on the digital signature SN2 of the response information RPI to obtain an interim digital signature SN INT2’, as shown in FIG. 10B. More specifically, in this embodiment, the step of selecting the public key PBKB to perform the digital signature decryption algorithm DSADE is based on step SI304 with the embodiment of FIG. 5A that uses the private key PRK A to perform the digital signature encryption algorithm DSA EN on the interim digital signature SN INT1 again to obtain the digital signature SN1. In another embodiment, the processor 108A uses the random number RN1 obtained from the response information RPI to perform the digital signature decryption algorithm DSA DE on the digital signature SN2 of the response information RPI to obtain an interim digital signature SN INT2’, as shown in FIG. 11B. More specifically, in this embodiment, the step of selecting the random number RN1 to perform the digital signature decryption algorithm DSA DE is based on step S1304 with the embodiment of FIG. 6A that using the random number RN1 to perform the digital signature encryption algorithm DSA_EN on the interim digital signature SN_INT1 again to obtain the digital signature SN1. Namely, the encryption order and decryption order are corresponding to each other. It should be noted that step S1314 can be performed after step S1318 and before step SI320.
[0054] Next, in step S1316, the processor 108A produces a message digest D2’ according to the response data sector RSP DATA and the random number RN1 of the response information RPI. In one embodiment, the processor 108A combines the response data sector RSP DATA and the random number RN1 of the response information RPI to produce the message digest D2’, as shown in FIG 8B. In another embodiment to obtain a message digest D2’, the processor 108A combines the response data sector RSP DATA and the random number RN1 of the response information RPI to produce a combined response data sector CB RSP’, and performs a hash algorithm on the combined response data sector CB RSP’ to obtain the message digest D2’, as shown in FIG. 9B. In previous embodiments, it should be noted that the method of combining the response data sector RSP DATA and the random number RN1 of the response information RPI has to be the same as the combination method of the processor 108B of the data protection device 100B. [0055] Next, in step S1318, the processor 108A performs the digital signature encryption algorithm DSA EN on the obtained message digest D2’ to obtain an interim digital signature SN INT2”. It should be noted that, in one embodiment, the processor 108A uses the random number RN1 of the response information RPI to perform the digital signature encryption algorithm DSA EN on the obtained message digest D2’ to obtain the interim digital signature SN INT2”, as shown in FIG. 10C. In another embodiment to obtain an interim digital signature SN_INT2”, the processor 108A uses the public key PBK B stored in the encryption database 106A to perform the digital signature encryption algorithm DSA EN on the obtained message digest D2’ to obtain the interim digital signature SN_INT2”, as shown in FIG. 11C.
[0056] Next, in step SI320, the processor 108A verifies the response information RPI. More specifically, the processor 108A determines whether the interim digital signature SN_INT2’ and the interim digital signature SN_INT2” are the same to verify the response information RPI. Namely, when the response information RPI received by the data protection device 100A is not transmitted by the data protection device 100B using the private key PRK B, the private key used to encrypt the digital signature of the response information RPI is different from the public key that corresponds to the data protection device 100B and is stored in the data protection device 100A. Therefore, the obtained interim digital signature SN_INT2’ and the obtained interim digital signature SN_INT2” will be different. In another embodiment, the processor 108A further determines whether the random number of the response information RPI and the random number used to produce the instruction information CMI by the processor 108A are the same to verify the response information RPI. When the random number of the response information RPI and the random number used by the processor 108A to produce the instruction information CMI are the same, the processor 108A determines that the response information RPI is transmitted in response to the instruction information CMI. On the other hand, if the data protection device 100B does not receive the instruction information CMI, the data protection device 100B cannot produce the response information RPI by using the random number of the instruction information CMI. Therefore, the processor 108 A can determine whether the response information RPI is transmitted in response to the instruction information CMI according to the random number of the response information RPI. When the response information RPI is verified, the process goes to step SI322, otherwise, the process ends at step SI320.
[0057] In step SI322, the processor 108A performs the corresponding operations according to the response data sector RSP DATA of the response information RPI. The process ends at step SI322.
[0058] Fig. 14 is a flowchart of a data protection method according to an embodiment of the present invention. The data protection method is applied to the data protection device 100 of FIG. 1, and based on the data protection device 100B of FIG. 2 as the example. In this embodiment, the data protection device 100B receives instruction information from the data protection device 100A and produce response information accordingly. The process starts at step S1400.
[0059] In step SI400, the data protection device 100B determines whether the communication device 102B receives instruction information CMI from the data protection device 100A. when the communication device 102B receives instruction information CMI from the data protection device 100A, the process goes to step S1402, otherwise, the process returns to step SI400 that the data protection device 100B continues to determine whether the communication device 102B receives instruction information CMI from the data protection device 100A.
[0060] Next, in step SI402, the processor 108B retrieves the instruction data sector CMD DATA, the random number RN1 and the digital signature SN1 from the instruction information CMI.
[0061] Next, in step SI403, the processor 108B performs a digital signature decryption algorithm DSA DE on the digital signature SN1 of the instruction information CMI to obtain the interim digital signature SN INT1’. It should be noted that, in the embodiment of the digital signature SN1 obtain in FIG. 5 A, the processor 108B uses the public key PBK A stored in the encryption database 106B to perform a digital signature decryption algorithm DSA DE to decrypt the digital signature SN1 of the instruction information CMI to obtain an interim digital signature SN INT1’, as shown in FIG. 5B. In another embodiment to obtain an interim digital signature SN INTl’, based on the digital signature SN1 produced by the process of FIG. 6 A, the processor 108B uses the random number RN1 to perform the digital signature decryption algorithm DSA DE on the digital signature SN1 of the instruction information CMI to obtain an interim digital signature SN INTl’, as shown in FIG. 6B. It should be noted that step S1403 can be perform after step S1408 and before step S1410.
[0062] Next, in step S1404, the processor 108B produces a message digest DI’ according to the instruction data sector CMD DATA and the random number RN1, which are retrieved from the instruction information CMI. Based on the message digest DI of the embodiment shown in FIG. 3A, the processor 108B directly combines the instruction data sector CMD DATA CMI and the random number RN1 to produce the message digest DI’, as shown in FIG. 3B. Based on the message digest DI of the embodiment shown in FIG. 4A, the processor 108B combines the instruction data sector CMD DATA of the instruction information CMI and the random number RN1 to produce a combined instruction data sector CB CMD’, and performs a hash algorithm on the combined instruction data sector CB CMD’ to obtain the message digest DI’, as shown in 4B. It should be noted that the method used by the processor 100B of the data protection device 100B to combine the instruction data sector CMD DATA and the random number RN1 is the same as the combination method of the processor 108A of the data protection device 100A.
[0063] Next, in step SI406, the processor 108B performs the digital signature encryption algorithm DSA EN on the message digest DI’ to obtain an interim digital signature SN INT1”. It should be noted that, based on the digital signature SN1 obtained in FIG. 5 A, the processor 108B uses the random number RN1 of the instruction information CMI to perform the digital signature encryption algorithm DSA EN on the obtained message digest DI’ to obtain the interim digital signature SN INT1 ”, as shown in FIG. 5C. In another embodiment to obtain an interim digital signature SN INT1”, based on the digital signature SN1 obtained in FIG. 6A, the processor 108B uses the public key PBK A stored in the encryption database 106B to perform the digital signature encryption algorithm DSA EN on the obtained message digest DI’ to obtain the interim digital signature SN_INT1”, as shown in FIG. 6C.
[0064] Next, in step S1408, the processor 108B determines whether the obtained interim digital signature SN_INT1’ and the obtained interim digital signature SN_INT1” are the same to verify the instruction information CMI. If the instruction information CMI received by the data protection device 100B is not transmitted by the data protection device 100A using the private key PRK A, the digital signature of the private key used to encrypt the instruction information CMI will not be the same as the public key that is stored in the data protection device 100B and corresponds to the data protection device 100A. Therefore, the obtained interim digital signature SN INT1’ and the obtained interim digital signature SN_INT1” will not be the same. When the instruction information CMI is verified, the process goes to step S1410, otherwise, the process ends at step S1408.
[0065] In step S1410, the processor 108B performs the specific operations and produces a response data sector RSP DATA according to the instruction data sector CMD DATA of the instruction information CMI. It should be noted that, in some embodiments, the operations performed by the processor 108B according to the instruction information CMI do not need to have a response, and the process ends at step S1410.
[0066] In step S1412, the processor 108B combines the response data sector RSP DATA corresponding to the instruction data sector CMD DATA and the random number RN1 of the instruction information CMI to produce a message digest D2 with a predetermined length. In one embodiment, as shown in FIG. 8A, the processor 108B directly combines the response data sector RSP DATA and the random number RN1 of the instruction information CMI to obtain the message digest D2, but it is not limited thereto. In another embodiment to obtain a message digest D2, as shown in FIG. 9A, the processor 108A further combines the response data sector RSP DATA and the random number RN1 of the instruction information CMI to produce a combined response data sector CBRSP. Next, the processor 108B performs the hash algorithm on the combined response data sector CB RSP to obtain the message digest D2.
[0067] Next, in step S1414, the processor 108B uses the random number RN1 of the instruction information CMI and the private key PRKB to perform the encryption algorithm on the message digest D2 to obtain a digital signature SN2. In one embodiment, as shown in FIG. 10A, the processor 108B uses the random number RN1 to perform a digital signature encryption algorithm DSA EN on the message digest D2 to obtain an interim digital signature SN INT2, then uses the private key PRK B to perform the digital signature encryption algorithm DSA_EN again on the interim digital signature SN_INT2 to obtain a digital signature SN2. In another embodiment to obtain a digital signature SN2, as shown in FIG. 11 A, the processor 108B uses the private key PRK B to perform a digital signature encryption algorithm DSA EN on the message digest D2 to obtain an interim digital signature SN INT2, then uses the random number RN1 to perform the digital signature encryption algorithm DSA_EN again on the interim digital signature SN_INT2 to obtain the digital signature SN2.
[0068] Next, in step S1416, the processor 108B combines the response data sector RSP DATA, the random number RN1 and the digital signature SN2 to produce response information RPI, as shown in FIG. 12. In other embodiments, the processor 108B can combine the response data sector RSP DATA, the random number RN1 and the digital signature SN2 in a different sequence to constitute the response information RPI.
[0069] In step S1418, the processor 108B enables the communication device 102B to transmit the response information RPI to the data protection device 100A. The process ends at step S1418.
[0070] The data protection device and the data protection method of the present invention insert a random number in the conventional digital signature to further protect data security.
[0071] While the invention has been described by way of example and in terms of the preferred embodiments, it is to be understood that the invention is not limited to the disclosed embodiments. On the contrary, it is intended to cover various modifications and similar arrangements (as would be apparent to those skilled in the art). Therefore, the scope of the appended claims should be accorded the broadest interpretation so as to encompass all such modifications and similar arrangements.

Claims (10)

1. A data protection device, capable of communicating with a remote data protection device, comprising: a communication device, transmitting and receiving data; a random number generation device, generating a first random number; an encryption database, storing a first public key and a first private key, wherein the first public key corresponds to the remote data protection device, and the first private key corresponds to the data protection device; and a processor, coupled to the random number generation device, the encryption database and the communication device, wherein the processor combines an instruction data sector and the first random number to produce a first message digest, performs a digital signature encryption algorithm by using the first random number to encode the first message digest to obtain a first interim digital signature, performs the digital signature encryption algorithm again by using the first private key to encode the first interim digital signature to obtain a first digital signature, combines the instruction data sector, the first random number and the first digital signature to produce instruction information, and enables the communication device to transmit the instruction information to the remote data protection device.
2. A data protection device as claimed in claim 1, wherein the first message digest has a predetermined length, wherein the processor further combines the instruction data sector and the first random number to produce a combined instruction data sector, and performs a hash algorithm on the combined instruction data sector to obtain the first message digest.
3. A data protection device as claimed in claim 1, wherein the communication device further receives response information from the remote data protection device, and the response information includes a response data sector, a second random number and a second digital signature, wherein the processor further uses the first public key to perform a digital signature decryption algorithm on the second digital signature to obtain a second interim digital signature, combines the response data sector and the second random number to produce a second message digest, uses the second random number to perform the digital signature encryption algorithm on the second message digest to obtain a third interim digital signature, and determines whether the second interim digital signature and the third interim digital signature are the same to verify the response information.
4. A data protection device as claimed in claim 3, wherein the second message digest has a predetermined length, wherein the processor further combines the response data sector and the second random number to produce a combined response data sector, and performs a hash algorithm on the combined response data sector to obtain the second message digest.
5. A data protection device as claimed in claim 3, wherein the processor further determines whether the first random number and the second random number are the same, and determines that the response information is transmitted in response to the instruction information when the first random number and the second random number are the same.
6. A data protection device, capable of communicating with a remote data protection device, comprises: a communication device, receiving instruction information from the remote data protection device, wherein the instruction information comprises an instruction data sector, a first random number and a first digital signature; an encryption database, storing a first public key and a first private key, wherein the first public key corresponds to the remote data protection device, and the first private key corresponds to the data protection device; and a processor, coupled to the encryption database and the communication device, wherein the processor uses the first public key to perform a digital signature decryption algorithm on the first digital signature to obtain a first interim digital signature, combines the instruction data sector and the first random number to produce a first message digest, uses the first random number to perform a digital signature encryption algorithm on the first message digest to obtain a second interim digital signature, and determines whether the first interim digital signature and the second interim digital signature are the same to verify the instruction information.
7. The data protection device as claimed in claim 6, wherein when the first interim digital signature and the second interim digital signature are the same, the processor further combines a response data sector of the instruction data sector and the first random number to produce a second message digest, uses the first random number to perform a digital signature encryption algorithm on the second message digest to obtain a third interim digital signature, uses the first private key to perform the digital signature encryption algorithm again on the third interim digital signature to obtain the second digital signature, combines the response data sector, the first random number and the second digital signature to produce response information, and enables the communication device to transmit the response information to the remote data protection device.
8. A data protection method, applied to a data protection device having a first public key and a first private key, wherein the first public key corresponds to a remote data protection device, and the first private key corresponds to the data protection device, the data protection method comprising: generating a first random number; combining an instruction data sector and the first random number to produce a first message digest; using the first random number to perform a digital signature encryption algorithm on the first message digest to obtain a first interim digital signature; and using the first private key to perform the digital signature encryption algorithm again on the first interim digital signature to obtain a first digital signature. combining the instruction data sector, the first random number and the first digital signature to produce instruction information; and transmitting the instruction information to the remote data protection device.
9. The data protection method as claimed in claim 8, further comprising: receiving response information from the remote data protection device, wherein the response information comprises a response data sector, a second random number and a second digital signature; using the first public key to perform a digital signature decryption algorithm on the second digital signature to obtain a second interim digital signature; combining the response data sector and the second random number to produce a second message digest; using the second random number to perform the digital signature encryption algorithm on the second message digest to obtain a third interim digital signature; and determining whether the second interim digital signature and the third interim digital signature are the same to verify the response information.
10. The data protection method as claimed in claim 9, further comprising: determining whether the first random number and the second random number are the same; and determining whether the response information is transmitted in response to the instruction information when the first random number and the second random number are the same.
GB1610965.4A 2015-09-01 2016-06-23 Data protection device and data protection method thereof Active GB2541975B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW104128766A TWI560572B (en) 2015-09-01 2015-09-01 Data protection device and data protection method thereof

Publications (3)

Publication Number Publication Date
GB201610965D0 GB201610965D0 (en) 2016-08-10
GB2541975A GB2541975A (en) 2017-03-08
GB2541975B true GB2541975B (en) 2019-08-28

Family

ID=56891673

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1610965.4A Active GB2541975B (en) 2015-09-01 2016-06-23 Data protection device and data protection method thereof

Country Status (2)

Country Link
GB (1) GB2541975B (en)
TW (1) TWI560572B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI712914B (en) * 2019-09-12 2020-12-11 奕智鏈結科技股份有限公司 Fractal file encryption engine and method thereof
FR3102024B1 (en) * 2019-10-15 2021-11-05 My IDN A method of managing a public key database, a method of authenticating public keys, and server and client devices implementing these methods

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6079018A (en) * 1997-10-08 2000-06-20 Agorics, Inc. System and method for generating unique secure values for digitally signing documents
WO2008133521A1 (en) * 2007-04-26 2008-11-06 Conax As Method for signing and encrypting digital data

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI242966B (en) * 2004-05-25 2005-11-01 Chung Shan Inst Of Science Security transmitting method and system of digital medical information
US9703945B2 (en) * 2012-09-19 2017-07-11 Winbond Electronics Corporation Secured computing system with asynchronous authentication
DE102013104735A1 (en) * 2013-05-08 2014-11-13 Vorwerk & Co. Interholding Gmbh Method for the copy-protected storage of information on a data medium
TWI614636B (en) * 2013-06-10 2018-02-11 Jie Chen Content verification method based on digital signature code
TWM491898U (en) * 2014-04-21 2014-12-11 Ding Ding Integrated Marketing Service Co Ltd Authentication device of user information

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6079018A (en) * 1997-10-08 2000-06-20 Agorics, Inc. System and method for generating unique secure values for digitally signing documents
WO2008133521A1 (en) * 2007-04-26 2008-11-06 Conax As Method for signing and encrypting digital data

Also Published As

Publication number Publication date
TWI560572B (en) 2016-12-01
GB2541975A (en) 2017-03-08
GB201610965D0 (en) 2016-08-10
TW201710941A (en) 2017-03-16

Similar Documents

Publication Publication Date Title
US11438176B2 (en) Mutually authenticated ECDHE key exchange for a device and a network using multiple PKI key pairs
CN108270836B (en) Data processing method, device and system based on block chain
US11880831B2 (en) Encryption system, encryption key wallet and method
KR101684076B1 (en) A secure Data Communication system between IoT smart devices and a Network gateway under Internet of Thing environment
US5481610A (en) Digital radio transceiver with encrypted key storage
CN111079128A (en) Data processing method and device, electronic equipment and storage medium
CN105553951A (en) Data transmission method and data transmission device
EP3476078B1 (en) Systems and methods for authenticating communications using a single message exchange and symmetric key
CN105809046A (en) Efficient encryption method and system of data
US9165148B2 (en) Generating secure device secret key
WO2019243259A1 (en) Method for securely sharing data under certain conditions on a distributed ledger
CN104868998A (en) System, Device, And Method Of Provisioning Cryptographic Data To Electronic Devices
CN112087302A (en) Device for encrypting and decrypting algorithm of asymmetric dynamic token
CN108965279A (en) Data processing method, device, terminal device and computer readable storage medium
GB2541975B (en) Data protection device and data protection method thereof
CN110383755A (en) The network equipment and trusted third party's equipment
KR20180113688A (en) Encryption method and system using authorization key of device
CN103370718B (en) Use the data guard method of distributed security key, equipment and system
CN109194467A (en) A kind of safe transmission method and system of encryption data
CN105721144A (en) Password storage method of wireless network access point and terminal
Whelihan et al. Shamrock: a synthesizable high assurance cryptography and key management coprocessor
CN108921561B (en) Digital hot wallet based on hardware encryption
KR101668995B1 (en) Cryptographic device, system and method for security authentication using the same
KR101146509B1 (en) Internet banking transaction system and the method that use maintenance of public security card to be mobile
CN106055989B (en) A kind of data transferring method and terminal