CN101470789A - Encryption and decryption method and device of computer - Google Patents
Encryption and decryption method and device of computer Download PDFInfo
- Publication number
- CN101470789A CN101470789A CNA2007101257075A CN200710125707A CN101470789A CN 101470789 A CN101470789 A CN 101470789A CN A2007101257075 A CNA2007101257075 A CN A2007101257075A CN 200710125707 A CN200710125707 A CN 200710125707A CN 101470789 A CN101470789 A CN 101470789A
- Authority
- CN
- China
- Prior art keywords
- decruption key
- encryption
- encrypting
- adelman
- shamir
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention is suitable for the field of computer security, which comprises an encrypting and decrypting method, a system and a device of a computer, wherein the method comprises the following steps: obtaining decryption keys which are used to decrypt important data encrypted by an encrypting system, loading the decryption keys in a trusted platform module, receiving decryption keys after encrypting the decryption keys by a public key which is output by the trusted platform module and utilizes an asymmetric encryption algorithm in the trusted platform module, and storing the decryption keys which are encrypted by the asymmetric encryption algorithm to protected storage space. Since the public key and a private key of the asymmetric encryption algorithm for encrypting and decrypting the decryption keys are both conserved in a TPM in the embodiment of the invention, and the encrypting and the decrypting processes are both executed in the TPM, thereby guaranteeing the security of the private key. The decryption keys in the encrypting system need to be decrypted by the private key, and the security of the private key leads the security of the decryption keys to be guaranteed, thereby confirming the security of important data.
Description
Technical field
The invention belongs to field of computer information security, relate in particular to a kind of encipher-decipher method and device of computing machine.
Background technology
Along with the continuous development of computer technology, the information security of computing machine becomes one of emphasis of user's concern.Checked, use by unauthorized user for fear of important information, usually, in the system of computer vendors before the hardware-initiated os starting afterwards of computing machine, for example: Basic Input or Output System (BIOS) (Basic InputOutput System, BIOS), unify Extensible Firmware Interface (Unified Extensible FirmwareInterface, UEFI), be provided with some outposts of the tax office.The common outpost of the tax office is a cover user a identification system.The authorization information that the authorized user utilization is special, for example user name, password etc. then can pass through the identification of this identification system.Unauthorized user is not owing to understand the identification that authorization information then can't pass this identification system.Because not only exploitation but also operability are better easily in this system, therefore are widely used.
When making in this way, management of information such as user's user name, password just become the key of whole system safety, and many computer vendors are all given tacit consent to BIOS or UEFI is a comparison safety, therefore usually authorization information are stored among BIOS or the UEFI.Also there is part manufacturer that authorization information is stored in other memory devices, for example: hard disk, USB memory device, Flash equipment, volatile storage devices or the like.In order to make computing machine safer, most computer vendors efforts be made so that these memory devices are safer.But these store the memory device of authorization information in case broken through by the hacker, and authorization information will be obtained easily by the hacker.And the hacker also can utilize interception software to intercept and capture authorization information.Therefore, when making in this way, exist bigger potential safety hazard.In addition, under BIOS layer or UEFI layer, also have other significant data to be protected.
(Trusted Platform Module is one can prevent the safety chip that the disabled user invades TPM) to credible platform module, has anti-dictionary attack and anti-physical detecting function.Anti-dictionary attack function: when TPM detects after user's input error user profile reaches certain number of times, can lock a period of time to TPM, have only with the right user decrypts information or after locking time, TPM just can continue to use.Anti-physical detecting function: when TPM detects physical detecting, then can burn circuit, thereby reach the purpose of corrupt data.Along with the development of TPM technology, increasing software developer develops more and more abundanter application program gradually, and the function of TPM is not fully exerted, as the granted access of digital signature, authentication, internal resource, direct anonymous access or the like.
Summary of the invention
The purpose of the embodiment of the invention is to provide a kind of encryption method of computing machine, be intended to solve because the storage medium of existing computing machine safety inadequately, the significant data that causes being stored in these storage mediums is obtained by unauthorized user easily, thereby makes the computing machine problem of safety inadequately.
The embodiment of the invention is achieved in that a kind of encryption method of computing machine, said method comprising the steps of:
Obtain and be used for decruption key that the significant data that encryption system is encrypted is decrypted;
Described decruption key is loaded into credible platform module inside;
The portion within it of reception credible platform module output utilizes the decruption key after the PKI of rivest, shamir, adelman is encrypted described decruption key;
To store in the shielded storage space through the decruption key that rivest, shamir, adelman is encrypted.
Another purpose of the embodiment of the invention is to provide a kind of encryption device of computing machine, and described device comprises:
The decruption key acquisition module is used to obtain and is used for decruption key that the significant data that encryption system is encrypted is decrypted;
The decruption key load-on module is used for described decruption key is loaded into credible platform module inside;
Decruption key receiver module after the encryption, the portion within it that is used to receive credible platform module output utilizes the decruption key after the PKI of rivest, shamir, adelman is encrypted described decruption key; And
Preserve module, the decruption key that is used for encrypting through rivest, shamir, adelman stores shielded storage space into.
Another purpose of the embodiment of the invention is to provide a kind of decryption method of computing machine, said method comprising the steps of:
Obtain the decruption key of encrypting through rivest, shamir, adelman;
The described decruption key of encrypting through rivest, shamir, adelman is loaded in the credible platform module;
The portion within it of reception credible platform module output utilizes the decruption key after the private key of rivest, shamir, adelman is decrypted described decruption key;
Utilize the decruption key control encryption system after the described deciphering that the significant data of encrypting is decrypted.
Another purpose of the embodiment of the invention is to provide a kind of decryption device of computing machine, and described device comprises:
Decruption key acquisition module after the encryption is used to obtain the decruption key of encrypting through rivest, shamir, adelman;
The decruption key load-on module of encrypting is used for the described decruption key of encrypting through rivest, shamir, adelman is loaded into credible platform module;
Decruption key receiver module after the deciphering, the portion within it that is used to receive credible platform module output utilizes the decruption key after the private key of rivest, shamir, adelman is decrypted described decruption key; And
Significant data deciphering control module is used to utilize the decruption key control encryption system after the described deciphering that the significant data of encrypting is decrypted.
Another purpose of the embodiment of the invention is to provide a kind of Basic Input or Output System (BIOS), described Basic Input or Output System (BIOS) is integrated above-mentioned encryption device and decryption device.
Another purpose of the embodiment of the invention is to provide a kind of unified Extensible Firmware Interface, described unified Extensible Firmware Interface is integrated above-mentioned encryption device and decryption device.
In an embodiment of the present invention, after encryption system carries out encipherment protection to significant data, the decruption key of correspondence is loaded among the TPM.By TPM portion within it, utilize the PKI of rivest, shamir, adelman that this decruption key is encrypted, and the decruption key after will encrypting is saved in the shielded storage space.When needing deciphering, from shielded storage space, obtain the decruption key after this encryption, and the decruption key after will encrypting is loaded among the TPM.By TPM portion within it, the decruption key of the private key that utilizes rivest, shamir, adelman after to this encryption is decrypted, the decruption key after obtaining deciphering, thus can utilize this decruption key that the significant data of encrypting is decrypted, obtain significant data.Because the PKI, the private key that are used for the rivest, shamir, adelman that adds, deciphers of decruption key all are kept at TPM inside, and add, decrypting process all carries out in TPM, thereby just guaranteed the security of private key.And the decruption key of encryption system need be decrypted with this private key, and the security of private key is guaranteed with regard to the security that makes decruption key, thereby has guaranteed the safety of significant data.
Description of drawings
Fig. 1 is the implementing procedure figure of the encryption method of the computer data that provides of the embodiment of the invention;
Fig. 2 is the implementing procedure figure of the decryption method of the computer data that provides of the embodiment of the invention;
Fig. 3 be the embodiment of the invention provide UEFI/BIOS checking user profile the time, and the interaction figure between the TPM, hard disk;
Fig. 4 is the structural drawing of the encryption device that provides of the embodiment of the invention;
Fig. 5 is the structural drawing of the decryption device that provides of the embodiment of the invention.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer,, the present invention is further elaborated below in conjunction with drawings and Examples.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
In an embodiment of the present invention, adopt TPM significant data to be encrypted at bottom UEFI/BIOS, its decruption key is carried out superencipher and the decruption key behind the superencipher is kept among the TPM, guaranteed that the secondary decruption key do not usurped by unauthorized user, thereby guaranteed the safety of significant data.
Fig. 1 shows the implementing procedure of the encryption method that embodiments of the invention provide, and details are as follows:
In step S101, obtain and be used for decruption key K1 that the significant data that encryption system is encrypted is decrypted.Need utilize encryption system that the significant data that needs protection is encrypted in advance.
As embodiments of the invention, this encryption system can be the encryption software of hard disk or the encryption software of independent encryption card or UEFI/BIOS.The cryptographic algorithm that adopts can be symmetric encipherment algorithm, and for example DES or AES also can be rivest, shamir, adelman, for example RSA or DSA.Significant data can be user name, the password at the outpost of the tax office of UEFI/BIOS, the perhaps password of the keeper of operating system/other authorized users, the perhaps password of file, perhaps journal information or finger print information.
If what this ciphering process adopted is symmetric encipherment algorithm, then decruption key is encryption key; If what this ciphering process adopted is rivest, shamir, adelman, then its private key is decruption key.
In step S102, the decruption key K1 of this cryptographic algorithm is loaded into TPM inside.
In step S103, the portion within it of reception credible platform module output utilizes the decruption key after the PKI of rivest, shamir, adelman is encrypted this decruption key.
After K1 was loaded into TPM, TPM is portion within it, and the PKI S1 that utilizes rivest, shamir, adelman encrypts the decruption key K1 of this encryption system, and the decruption key R (K1) of output after encrypting.As embodiments of the invention, can generate a pair of PKI and private key at random, and, this is kept at TPM inside to PKI and private key.
In step S104, store the decruption key R (K1) of this process asymmetric encryption into shielded storage space.This shielded storage space is hard disk protection subregion or USB KEY memory device or FLASH memory device or non-volatile memory device.As embodiments of the invention; after utilizing rivest, shamir, adelman that decruption key K1 is encrypted; can directly store into the decruption key R (K1) after encrypting among the TPM; thereby not only avoided the protection memory block of access hard disk and transferred the step of data, but also had higher security from the protection memory block.
Fig. 2 shows the implementing procedure of the decryption method that the embodiment of the invention provides, and details are as follows:
In step S201, obtain the decruption key R (K1) after the encryption.Can obtain R (K1) in the shielded storage space by visiting.
In step S202, R (K1) is loaded among the TPM.
In step S203, the portion within it of reception TPM output utilizes the decruption key K1 after the private key of rivest, shamir, adelman is decrypted this decruption key.After R (K1) was loaded into TPM, TPM is portion within it, utilized the private key R1 of asymmetric arithmetic that R (K1) is decrypted, the decruption key K1 after the output deciphering.
In step S204, utilize the decruption key K1 control encryption system after this deciphering that the significant data of encrypting is decrypted.
When Fig. 3 shows the UEFI/BIOS checking user profile that the embodiment of the invention provides, and the reciprocal process between the TPM, hard disk, details are as follows:
1, UEFI/BIOS receives the user profile of user's input.This user profile can be user name and the password of correspondence or independent encrypted message or finger print information.
2, the access instruction of the protection memory block of UEFI/BIOS transmission hard disk is to TPM.
3, TPM detects the integrality of this access instruction.When detecting access instruction when complete, execution in step 4.Otherwise this access instruction is identified as illegal command, therefore, and can't access hard disk protection subregion.
4, TPM sends the signing certificate of the protection memory block of opening hard disk and transmits this access instruction to hard disk.
5, the embedded control system on the hard disk is opened this protection memory block.Because this access instruction is done encrypted transmission after the digital signature by TPM, thereby guarantee the integrality of instruction, and prevented the interception of interception software effectively.
6, UEFI/BIOS obtains the decruption key R (K1) that encrypts through rivest, shamir, adelman from this hard disk protection district.After encryption system utilizes cryptographic algorithm that user profile is encrypted, owing to further used rivest, shamir, adelman that the decruption key K1 of encryption system has been carried out encrypting and storage in TPM inside, that therefore, obtain here is the decruption key R (K1) that encrypts through rivest, shamir, adelman.
7, UEFI/BIOS sends R (K1) to TPM.
8, TPM utilizes the private key R1 of rivest, shamir, adelman that R (K1) is decrypted.Because the ciphering process of this rivest, shamir, adelman carries out in TPM inside, and the private key R1 of rivest, shamir, adelman has been saved in TPM inside, therefore, can be decrypted R (K1), obtain the decruption key K1 of encryption system from the inner private key R1 that takes out of TPM.
9, UEFI/BIOS obtains the decruption key K1 of encryption system from TPM.
10, UEFI/BIOS passes to encryption system with this decruption key K1.
11, UEFI/BIOS receives the user profile that encryption system utilizes the K1 deciphering.
12, user profile and this user profile that decrypts of user's input are compared.When comparing successfully, illustrate that the user is authorized user, the management system of hard disk is opened the hard disk authority of this user's correspondence, allows UEFI/BIOS use.When the comparison failure, be illustrated as unauthorized user, then do not respond this user.
In said process, UEFI/BIOS is to have adopted special command protocols to the instruction of the operation of hard disk, and encrypts by TPM, behind the completeness check by TPM, sends signing certificate by TPM and gives hard disk, thereby realize the operation to hard disk.
Fig. 4 shows the structure of the encryption device that the embodiment of the invention provides.This encryption device can be for being integrated in the unit of software unit, hardware cell or soft or hard combination in the UEFI/BIOS.
Decruption key acquisition module 41 obtains and is used for decruption key K1 that the significant data that encryption system is encrypted is decrypted; decruption key load-on module 42 is loaded into credible platform module inside with this decruption key K1; the portion within it of the decruption key receiver module 43 reception credible platform module outputs after the encryption utilizes the decruption key R (K1) after the PKI of rivest, shamir, adelman is encrypted this decruption key, and will store in the shielded storage space through the decruption key R (K1) that rivest, shamir, adelman is encrypted by preserving module 44.
As embodiments of the invention, in this encryption device, can also increase by an encryption system calling module 40, call encryption system the significant data of needs encryption is encrypted.
Fig. 5 shows the structure of the decryption device that the embodiment of the invention provides.This decryption device can be for being integrated in the unit of software unit, hardware cell or soft or hard combination in the UEFI/BIOS.
Decruption key acquisition module 51 after the encryption obtains the decruption key R (K1) that encrypts through rivest, shamir, adelman, the decruption key load-on module of encrypting 52 will be somebody's turn to do the decruption key R (K1) that encrypts through rivest, shamir, adelman and be loaded in the credible platform module, the portion within it of the decruption key receiver module 53 reception credible platform module outputs after the deciphering utilizes the decruption key K1 after the private key of rivest, shamir, adelman is decrypted this decruption key, and significant data deciphering control module 54 utilizes the decruption key K1 control encryption system after this deciphering that the significant data of encrypting is decrypted.
In sum, in an embodiment of the present invention, after encryption system carries out encipherment protection to significant data, the decruption key of correspondence is loaded among the TPM.By TPM portion within it, utilize the PKI of rivest, shamir, adelman that this decruption key is encrypted, and the decruption key after will encrypting is saved in the shielded storage space.When needing deciphering, from shielded storage space, obtain the decruption key after this encryption, and the decruption key after will encrypting is loaded among the TPM.By TPM portion within it, the decruption key of the private key that utilizes rivest, shamir, adelman after to this encryption is decrypted, the decruption key after obtaining deciphering, thus can utilize this decruption key that the significant data of encrypting is decrypted, obtain significant data.Because the PKI, the private key that are used for the rivest, shamir, adelman that adds, deciphers of decruption key all are kept at TPM inside, and add, decrypting process all carries out in TPM, thereby just guaranteed the security of private key.And the decruption key of encryption system need be decrypted with this private key, and the security of private key is guaranteed with regard to the security that makes decruption key, thereby has guaranteed the safety of significant data.
The above only is preferred embodiment of the present invention, not in order to restriction the present invention, all any modifications of being done within the spirit and principles in the present invention, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1, a kind of encryption method of computer data is characterized in that, said method comprising the steps of:
Obtain and be used for decruption key that the significant data that encryption system is encrypted is decrypted;
Described decruption key is loaded into credible platform module inside;
The portion within it of reception credible platform module output utilizes the decruption key after the PKI of rivest, shamir, adelman is encrypted described decruption key;
To store in the shielded storage space through the decruption key that rivest, shamir, adelman is encrypted.
2, encryption method as claimed in claim 1 is characterized in that, also comprises before the described step of obtaining the decruption key that the significant data that is used for that encryption system is encrypted is decrypted:
Calling encryption system encrypts the significant data of needs encryption.
3, encryption method as claimed in claim 1 is characterized in that, described encryption system is the encryption software of hard disk or the encryption software of encrypted card or Basic Input or Output System (BIOS)/unification Extensible Firmware Interface independently.
4, encryption method as claimed in claim 1 is characterized in that, described shielded storage space is hard disk protection subregion or USB KEY memory device or FLASH memory device or non-volatile memory device.
5, a kind of encryption device of computer data is characterized in that, described device comprises:
The decruption key acquisition module is used to obtain and is used for decruption key that the significant data that encryption system is encrypted is decrypted;
The decruption key load-on module is used for described decruption key is loaded into credible platform module inside;
Decruption key receiver module after the encryption, the portion within it that is used to receive credible platform module output utilizes the decruption key after the PKI of rivest, shamir, adelman is encrypted described decruption key; And
Preserve module, the decruption key that is used for encrypting through rivest, shamir, adelman stores shielded storage space into.
6, encryption device as claimed in claim 5 is characterized in that, described device also comprises:
The encryption system calling module is used to call encryption system the significant data of needs encryption is encrypted.
7, a kind of decryption method of computer data is characterized in that, said method comprising the steps of:
Obtain the decruption key of encrypting through rivest, shamir, adelman;
The described decruption key of encrypting through rivest, shamir, adelman is loaded in the credible platform module;
The portion within it of reception credible platform module output utilizes the decruption key after the private key of rivest, shamir, adelman is decrypted described decruption key;
Utilize the decruption key control encryption system after the described deciphering that the significant data of encrypting is decrypted.
8, a kind of decryption device of computer data is characterized in that, described device comprises:
Decruption key acquisition module after the encryption is used to obtain the decruption key of encrypting through rivest, shamir, adelman;
The decruption key load-on module of encrypting is used for the described decruption key of encrypting through rivest, shamir, adelman is loaded into credible platform module;
Decruption key receiver module after the deciphering, the portion within it that is used to receive credible platform module output utilizes the decruption key after the private key of rivest, shamir, adelman is decrypted described decruption key; And
Significant data deciphering control module is used to utilize the decruption key control encryption system after the described deciphering that the significant data of encrypting is decrypted.
9, a kind of unified Extensible Firmware Interface is characterized in that, described unified Extensible Firmware Interface the is integrated described encryption device of claim 5.
10, a kind of unified Extensible Firmware Interface, described unified Extensible Firmware Interface the is integrated described decryption device of claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101257075A CN101470789A (en) | 2007-12-28 | 2007-12-28 | Encryption and decryption method and device of computer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101257075A CN101470789A (en) | 2007-12-28 | 2007-12-28 | Encryption and decryption method and device of computer |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101470789A true CN101470789A (en) | 2009-07-01 |
Family
ID=40828253
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007101257075A Pending CN101470789A (en) | 2007-12-28 | 2007-12-28 | Encryption and decryption method and device of computer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101470789A (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101950347A (en) * | 2010-09-21 | 2011-01-19 | 烟台海颐软件股份有限公司 | Method and system for encrypting data |
| CN102549594A (en) * | 2009-10-13 | 2012-07-04 | 微软公司 | Secure storage of temporary secrets |
| CN102819699A (en) * | 2012-06-04 | 2012-12-12 | 珠海欧比特控制工程股份有限公司 | Processor system |
| CN103440209A (en) * | 2013-07-19 | 2013-12-11 | 记忆科技(深圳)有限公司 | Solid state hard disk data encryption and decryption method and solid state hard disk system |
| CN104821946A (en) * | 2015-05-07 | 2015-08-05 | 盐城工学院 | Computer encryption method and computer encryption system |
| CN105308616A (en) * | 2013-04-18 | 2016-02-03 | 费思康有限公司 | File security method and apparatus for same |
| CN105989273A (en) * | 2015-02-13 | 2016-10-05 | 联想(上海)信息技术有限公司 | Method and device for logging-in application program, and electronic equipment |
| CN106203142A (en) * | 2016-07-20 | 2016-12-07 | 杭州华澜微电子股份有限公司 | A kind of method and device of the Primary Hard Drive data protecting computer |
| CN106656510A (en) * | 2017-01-04 | 2017-05-10 | 天地融科技股份有限公司 | Encryption key acquisition method and system |
| CN107688729A (en) * | 2017-07-27 | 2018-02-13 | 大唐高鸿信安(浙江)信息科技有限公司 | Protection system of application program and method based on trusted host |
| CN109842506A (en) * | 2017-11-27 | 2019-06-04 | 财付通支付科技有限公司 | Key management system disaster tolerance processing method, device, system and storage medium |
| WO2019157816A1 (en) * | 2018-02-14 | 2019-08-22 | 华为技术有限公司 | Encryption method and device |
| CN111523129A (en) * | 2020-04-09 | 2020-08-11 | 太原理工大学 | TPM-based data leakage protection method |
| CN113067846A (en) * | 2020-12-10 | 2021-07-02 | 国网浙江省电力有限公司温州供电公司 | Block chain-based power distribution system data sharing method |
| CN113261254A (en) * | 2018-11-23 | 2021-08-13 | 耐瑞唯信有限公司 | Private key cloud storage |
| CN116992474A (en) * | 2023-08-29 | 2023-11-03 | 密卡思(深圳)电讯有限公司 | Firmware encryption method and device |
| US11934539B2 (en) | 2018-03-29 | 2024-03-19 | Alibaba Group Holding Limited | Method and apparatus for storing and processing application program information |
-
2007
- 2007-12-28 CN CNA2007101257075A patent/CN101470789A/en active Pending
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102549594A (en) * | 2009-10-13 | 2012-07-04 | 微软公司 | Secure storage of temporary secrets |
| CN102549594B (en) * | 2009-10-13 | 2015-04-08 | 微软公司 | Secure storage of temporary secrets |
| CN101950347A (en) * | 2010-09-21 | 2011-01-19 | 烟台海颐软件股份有限公司 | Method and system for encrypting data |
| CN101950347B (en) * | 2010-09-21 | 2012-07-04 | 烟台海颐软件股份有限公司 | Method and system for encrypting data |
| CN102819699A (en) * | 2012-06-04 | 2012-12-12 | 珠海欧比特控制工程股份有限公司 | Processor system |
| CN105308616A (en) * | 2013-04-18 | 2016-02-03 | 费思康有限公司 | File security method and apparatus for same |
| CN105308616B (en) * | 2013-04-18 | 2018-07-17 | 费思康有限公司 | File security method and its equipment |
| CN103440209A (en) * | 2013-07-19 | 2013-12-11 | 记忆科技(深圳)有限公司 | Solid state hard disk data encryption and decryption method and solid state hard disk system |
| CN103440209B (en) * | 2013-07-19 | 2016-08-17 | 记忆科技(深圳)有限公司 | A kind of solid state hard disc data encryption/decryption method and solid state hard disk system |
| CN105989273B (en) * | 2015-02-13 | 2019-06-25 | 联想(上海)信息技术有限公司 | Application program login method, device and electronic equipment |
| CN105989273A (en) * | 2015-02-13 | 2016-10-05 | 联想(上海)信息技术有限公司 | Method and device for logging-in application program, and electronic equipment |
| CN104821946B (en) * | 2015-05-07 | 2017-09-05 | 盐城工学院 | A kind of computer encryption method and system |
| CN104821946A (en) * | 2015-05-07 | 2015-08-05 | 盐城工学院 | Computer encryption method and computer encryption system |
| CN106203142A (en) * | 2016-07-20 | 2016-12-07 | 杭州华澜微电子股份有限公司 | A kind of method and device of the Primary Hard Drive data protecting computer |
| CN106656510A (en) * | 2017-01-04 | 2017-05-10 | 天地融科技股份有限公司 | Encryption key acquisition method and system |
| CN106656510B (en) * | 2017-01-04 | 2019-07-30 | 天地融科技股份有限公司 | A kind of encryption key acquisition methods and system |
| CN107688729A (en) * | 2017-07-27 | 2018-02-13 | 大唐高鸿信安(浙江)信息科技有限公司 | Protection system of application program and method based on trusted host |
| CN109842506A (en) * | 2017-11-27 | 2019-06-04 | 财付通支付科技有限公司 | Key management system disaster tolerance processing method, device, system and storage medium |
| WO2019157816A1 (en) * | 2018-02-14 | 2019-08-22 | 华为技术有限公司 | Encryption method and device |
| US11934539B2 (en) | 2018-03-29 | 2024-03-19 | Alibaba Group Holding Limited | Method and apparatus for storing and processing application program information |
| CN113261254A (en) * | 2018-11-23 | 2021-08-13 | 耐瑞唯信有限公司 | Private key cloud storage |
| CN111523129A (en) * | 2020-04-09 | 2020-08-11 | 太原理工大学 | TPM-based data leakage protection method |
| CN113067846A (en) * | 2020-12-10 | 2021-07-02 | 国网浙江省电力有限公司温州供电公司 | Block chain-based power distribution system data sharing method |
| CN116992474A (en) * | 2023-08-29 | 2023-11-03 | 密卡思(深圳)电讯有限公司 | Firmware encryption method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101470789A (en) | Encryption and decryption method and device of computer | |
| US7596812B2 (en) | System and method for protected data transfer | |
| US8281115B2 (en) | Security method using self-generated encryption key, and security apparatus using the same | |
| JP6275653B2 (en) | Data protection method and system | |
| EP2989741B1 (en) | Generation of working security key based on security parameters | |
| CN101452514B (en) | User data protection method for safety computer | |
| US20150186679A1 (en) | Secure processor system without need for manufacturer and user to know encryption information of each other | |
| EP3693880A1 (en) | Software encryption | |
| US20150106618A1 (en) | Device Using Secure Processing Zone to Establish Trust for Digital Rights Management | |
| CN101441601B (en) | Ciphering transmission method of hard disk ATA instruction and system | |
| KR20140126787A (en) | Puf-based hardware device for providing one time password, and method for 2-factor authenticating using thereof | |
| EP4195583A1 (en) | Data encryption method and apparatus, data decryption method and apparatus, terminal, and storage medium | |
| KR101910826B1 (en) | Method and apparatus for security of internet of things devices | |
| US11991276B2 (en) | Method and apparatus for cryptographically aligning and binding a secure element with a host device | |
| CN110298186B (en) | Non-key data encryption and decryption method based on dynamic reconfigurable cipher chip | |
| JP6146476B2 (en) | Information processing apparatus and information processing method | |
| CN109891823B (en) | Method, system, and non-transitory computer readable medium for credential encryption | |
| CN112182669A (en) | System and method for storing data records to be protected | |
| CN109784072B (en) | Security file management method and system | |
| CN110764797A (en) | Method, device and system for upgrading file in chip and server | |
| da Rocha et al. | Secure cloud storage with client-side encryption using a trusted execution environment | |
| KR101947408B1 (en) | Puf-based hardware device for providing one time password, and method for 2-factor authenticating using thereof | |
| KR100952300B1 (en) | Terminal and Memory for secure data management of storage, and Method the same | |
| EP3525391A1 (en) | Device and method for key provisioning | |
| US20240184900A1 (en) | System and method for providing protected data storage in data memory |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20090701 |