CN104639332A - Protective method for solid-state disk encryption key - Google Patents
Protective method for solid-state disk encryption key Download PDFInfo
- Publication number
- CN104639332A CN104639332A CN201510087147.3A CN201510087147A CN104639332A CN 104639332 A CN104639332 A CN 104639332A CN 201510087147 A CN201510087147 A CN 201510087147A CN 104639332 A CN104639332 A CN 104639332A
- Authority
- CN
- China
- Prior art keywords
- encryption key
- solid state
- state hard
- hard disc
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a protective method for a solid-state disk encryption key. The protective method comprises the following steps: a user passes a management procedure authentication password; a solid-state disk safety module calculates a hash value for the authentication password and stores the hash value into a solid-state disk for authenticating a user password in a daily using process; the safety module encrypts the encryption key by using the authentication password; the solid-state disk stores a ciphertext of the encryption key. According to the technical scheme adopted by the invention, the authentication password hash value is stored in the solid-state disk and encryption protection is performed on the encryption key by using the authentication password, so that the safe separation of the protected encryption key and the protected data is achieved while the user's identity is effectively authenticated, and the safety of the encryption key is improved.
Description
Technical field
The present invention relates to field of information security technology, be specifically related to a kind of guard method of solid state hard disc encryption key.
Background technology
Along with the high speed development of data storage technology, solid state hard disc (Solid State Drive, be called for short SSD) feature such as read or write speed is fast owing to possessing, low-power consumption, noiselessness, anti-vibration, low in calories, volume is little, operating temperature range is large, be widely used in the fields such as military affairs, vehicle-mounted, industrial, medical, aviation.Nowadays, namely data are core assets, and hard disk, as data shelf space, is the last line of defense of data protection.Cryptographic technique has been acknowledged as most economical, the most powerful tool guaranteeing information security.Encryption solid state hard disc, as the infrastructure device realizing information security storage, also faces more and more stricter demand for security.
Conventional solid-state hard disk user inputs by BIOS the access rights that password obtains encryption key, and then control module loads encryption key and carries out the encryption/decryption of data.Therefore there is following defect: not high to the safeguard protection complexity of encryption key, only obtain key rights of using by BIOS password authentication mode, be easily cracked.
Summary of the invention
The technical problem to be solved in the present invention is: the present invention is directed to above defect, proposes a kind of guard method for solid state hard disc encryption key.
The technical solution adopted in the present invention is:
A guard method for solid state hard disc encryption key, it is as follows that described method comprises step:
User is by hypervisor authenticate password;
Solid state hard disk secure module calculates Hash Value to authenticate password and is stored in solid state hard disc by Hash Value, for authentication of users password in routine use process;
Security module uses authenticate password to encryption keys;
Solid state hard disc storage encryption key ciphertext.
The inner Hash Value only preserving authenticate password of solid state hard disc, does not preserve authenticate password.User authentication password and encryption key ciphertext are separately deposited, and achieve the physical separation of key and protected data.
Described hypervisor is the setting program be built in solid state hard disc, and when powering on, this program is loaded in internal memory and arranges terminal as user management.
Described security module is the safety function processing module be built in solid state hard disc, realizes the functions such as encryption key protection/storage, authenticate password checking, data encryption/decryption.
Described security module is not supported to read from solid state hard disc, effectively prevent the possibility that rogue attacks person steals protection algorism.
The use procedure of described solid state hard disc encryption key is as follows: user is by hypervisor input authentication password; Security module is carried out hash computing to authenticate password and is obtained Hash Value; Security module uses the Hash Value of Hash Value and the solid state hard disc storage calculated to verify; The result is different, then stop encryption key decryption, cuts off the authority that user uses solid state hard disc; The result is identical, then use authenticate password to encryption key decrypt ciphertext, obtains encryption key expressly; Security module uses encryption key to be encrypted/decryption oprerations to solid state hard disc input/output data.
Beneficial effect of the present invention is: technical scheme of the present invention; by authentication storage password Hash Value in solid state hard disc; and use authenticate password to be encrypted protection to encryption key; achieve can effectively while identifying user identity; reach the safe separating of Protective Key and protected data, improve the fail safe of encryption key.
Accompanying drawing explanation
Fig. 1 is solid state hard disc encryption key guard method setting procedure figure;
Fig. 2 is that solid state hard disc encryption key uses flow chart.
Embodiment
With reference to the accompanying drawings, by embodiment, the present invention is further described:
Embodiment 1:
As shown in Figure 1, a kind of guard method of solid state hard disc encryption key, it is as follows that described method comprises step:
User is by hypervisor authenticate password;
Solid state hard disk secure module calculates Hash Value to authenticate password and is stored in solid state hard disc by Hash Value, for authentication of users password in routine use process;
Security module uses authenticate password to encryption keys;
Solid state hard disc storage encryption key ciphertext.
The inner Hash Value only preserving authenticate password of solid state hard disc, does not preserve authenticate password.User authentication password and encryption key ciphertext are separately deposited, and achieve the physical separation of key and protected data.
By using user authentication password, encryption key is encrypted; so encryption key will be parsed expressly from encryption key cipher-text information file; user authentication password must be obtained; and user authentication password is by user's in use on-the-spot input; only encryption key ciphertext is preserved in solid state hard disc; when therefore losing solid state hard disc, illegal stealer cannot obtain encryption key expressly when not obtaining user password, improve and protect the fail safe of encryption key.
Embodiment 2:
On the basis of embodiment 1, described in the present embodiment, hypervisor is the setting program be built in solid state hard disc, and when powering on, this program is loaded in internal memory and arranges terminal as user management.
Embodiment 3:
On the basis of embodiment 1 or 2, security module described in the present embodiment is the safety function processing module be built in solid state hard disc, realizes the functions such as encryption key protection/storage, authenticate password checking, data encryption/decryption.
Embodiment 4:
On the basis of embodiment 3, security module described in the present embodiment is not supported to read from solid state hard disc, effectively prevent the possibility that rogue attacks person steals protection algorism.
Embodiment 5:
As shown in Figure 2, on the basis of embodiment 4, described in the present embodiment, the use procedure of solid state hard disc encryption key is as follows: in user's routine use process, and user is by hypervisor input authentication password; Security module is carried out hash computing to authenticate password and is obtained Hash Value; Security module uses the Hash Value of Hash Value and the solid state hard disc storage calculated to verify; The result is different, then stop encryption key decryption, cuts off the authority that user uses solid state hard disc; The result is identical, then use authenticate password to encryption key decrypt ciphertext, obtains encryption key expressly; Security module uses encryption key to be encrypted/decryption oprerations to solid state hard disc input/output data.
Above execution mode is only for illustration of the present invention; and be not limitation of the present invention; the those of ordinary skill of relevant technical field; without departing from the spirit and scope of the present invention; can also make a variety of changes and modification; therefore all equivalent technical schemes also belong to category of the present invention, and scope of patent protection of the present invention should be defined by the claims.
Claims (5)
1. a guard method for solid state hard disc encryption key, is characterized in that, described method comprises the steps:
User is by hypervisor authenticate password;
Solid state hard disk secure module calculates Hash Value to authenticate password and is stored in solid state hard disc by Hash Value, for authentication of users password in routine use process;
Security module uses authenticate password to encryption keys;
Solid state hard disc storage encryption key ciphertext.
2. the guard method of a kind of solid state hard disc encryption key according to claim 1, is characterized in that: described hypervisor is the setting program be built in solid state hard disc, and when powering on, this program is loaded in internal memory and arranges terminal as user management.
3. the guard method of a kind of solid state hard disc encryption key according to claim 1 and 2; it is characterized in that: described security module is the safety function processing module be built in solid state hard disc, realize encryption key protection/storage, authenticate password checking, data encryption/decryption function.
4. the guard method of a kind of solid state hard disc encryption key according to claim 3, is characterized in that: described security module is not supported to read from solid state hard disc.
5. the guard method of a kind of solid state hard disc encryption key according to claim 4, it is characterized in that, the use procedure of described solid state hard disc encryption key is as follows:
User is by hypervisor input authentication password; Security module is carried out hash computing to authenticate password and is obtained Hash Value; Security module uses the Hash Value of Hash Value and the solid state hard disc storage calculated to verify; The result is different, then stop encryption key decryption, cuts off the authority that user uses solid state hard disc; The result is identical, then use authenticate password to encryption key decrypt ciphertext, obtains encryption key expressly; Security module uses encryption key to be encrypted/decryption oprerations to solid state hard disc input/output data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510087147.3A CN104639332A (en) | 2015-02-25 | 2015-02-25 | Protective method for solid-state disk encryption key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510087147.3A CN104639332A (en) | 2015-02-25 | 2015-02-25 | Protective method for solid-state disk encryption key |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104639332A true CN104639332A (en) | 2015-05-20 |
Family
ID=53217690
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510087147.3A Pending CN104639332A (en) | 2015-02-25 | 2015-02-25 | Protective method for solid-state disk encryption key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104639332A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105760789A (en) * | 2016-02-19 | 2016-07-13 | 山东超越数控电子有限公司 | Protection method for encryption key in encrypted mobile solid-state disk |
| CN107453880A (en) * | 2017-08-28 | 2017-12-08 | 国家康复辅具研究中心 | A kind of cloud secure storage method of data and system |
| CN108537048A (en) * | 2018-03-13 | 2018-09-14 | 山东超越数控电子股份有限公司 | A kind of security association methods and system of encryption solid state disk and authorization computer |
| CN109255231A (en) * | 2018-09-28 | 2019-01-22 | 山东超越数控电子股份有限公司 | A kind of encryption hard disk cryptographic key protection system and method based on trust computing |
| CN109977039A (en) * | 2019-03-20 | 2019-07-05 | 深圳市海邻科信息技术有限公司 | HD encryption method for storing cipher key, device, equipment and readable storage medium storing program for executing |
| CN110378139A (en) * | 2019-07-25 | 2019-10-25 | 江苏芯盛智能科技有限公司 | A kind of data key guard method, system and electronic equipment and storage medium |
| CN111008390A (en) * | 2019-12-13 | 2020-04-14 | 江苏芯盛智能科技有限公司 | Root key generation protection method and device, solid state disk and storage medium |
| CN112257121A (en) * | 2020-10-20 | 2021-01-22 | 湖南国科微电子股份有限公司 | Encryption method, decryption method, electronic device, and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1527208A (en) * | 2003-09-25 | 2004-09-08 | 联想(北京)有限公司 | Method and device for realizing computer safety and enciphering based on identity confirmation |
| JP2009049731A (en) * | 2007-08-21 | 2009-03-05 | Hitachi Ltd | Encryption method, decryption method, and key management method |
| CN201518127U (en) * | 2009-10-13 | 2010-06-30 | 航天信息股份有限公司 | Encrypted mobile memory based on password authentication |
| CN101968774A (en) * | 2010-10-21 | 2011-02-09 | 中国人民解放军61938部队 | Device and method for storing mobile data safely |
| CN102236756A (en) * | 2011-05-09 | 2011-11-09 | 山东超越数控电子有限公司 | File encryption method based on TCM (trusted cryptography module) and USBkey |
| CN104200156A (en) * | 2014-08-27 | 2014-12-10 | 山东超越数控电子有限公司 | Trusted cryptosystem based on Loongson processor |
-
2015
- 2015-02-25 CN CN201510087147.3A patent/CN104639332A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1527208A (en) * | 2003-09-25 | 2004-09-08 | 联想(北京)有限公司 | Method and device for realizing computer safety and enciphering based on identity confirmation |
| JP2009049731A (en) * | 2007-08-21 | 2009-03-05 | Hitachi Ltd | Encryption method, decryption method, and key management method |
| CN201518127U (en) * | 2009-10-13 | 2010-06-30 | 航天信息股份有限公司 | Encrypted mobile memory based on password authentication |
| CN101968774A (en) * | 2010-10-21 | 2011-02-09 | 中国人民解放军61938部队 | Device and method for storing mobile data safely |
| CN102236756A (en) * | 2011-05-09 | 2011-11-09 | 山东超越数控电子有限公司 | File encryption method based on TCM (trusted cryptography module) and USBkey |
| CN104200156A (en) * | 2014-08-27 | 2014-12-10 | 山东超越数控电子有限公司 | Trusted cryptosystem based on Loongson processor |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105760789A (en) * | 2016-02-19 | 2016-07-13 | 山东超越数控电子有限公司 | Protection method for encryption key in encrypted mobile solid-state disk |
| CN107453880A (en) * | 2017-08-28 | 2017-12-08 | 国家康复辅具研究中心 | A kind of cloud secure storage method of data and system |
| CN107453880B (en) * | 2017-08-28 | 2020-02-28 | 国家康复辅具研究中心 | Cloud data secure storage method and system |
| CN108537048A (en) * | 2018-03-13 | 2018-09-14 | 山东超越数控电子股份有限公司 | A kind of security association methods and system of encryption solid state disk and authorization computer |
| CN108537048B (en) * | 2018-03-13 | 2021-08-17 | 超越科技股份有限公司 | Security association method and system for encrypted solid state disk and authorized computer |
| CN109255231A (en) * | 2018-09-28 | 2019-01-22 | 山东超越数控电子股份有限公司 | A kind of encryption hard disk cryptographic key protection system and method based on trust computing |
| CN109977039A (en) * | 2019-03-20 | 2019-07-05 | 深圳市海邻科信息技术有限公司 | HD encryption method for storing cipher key, device, equipment and readable storage medium storing program for executing |
| CN109977039B (en) * | 2019-03-20 | 2021-02-05 | 深圳市海邻科信息技术有限公司 | Hard disk encryption key storage method, device, equipment and readable storage medium |
| CN110378139A (en) * | 2019-07-25 | 2019-10-25 | 江苏芯盛智能科技有限公司 | A kind of data key guard method, system and electronic equipment and storage medium |
| CN110378139B (en) * | 2019-07-25 | 2021-07-30 | 江苏芯盛智能科技有限公司 | Data key protection method, system, electronic equipment and storage medium |
| CN111008390A (en) * | 2019-12-13 | 2020-04-14 | 江苏芯盛智能科技有限公司 | Root key generation protection method and device, solid state disk and storage medium |
| CN112257121A (en) * | 2020-10-20 | 2021-01-22 | 湖南国科微电子股份有限公司 | Encryption method, decryption method, electronic device, and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104639332A (en) | Protective method for solid-state disk encryption key | |
| CN104951409B (en) | A kind of hardware based full disk encryption system and encryption method | |
| TWI463349B (en) | Method and system for secure data access among two devices | |
| US9811478B2 (en) | Self-encrypting flash drive | |
| CN106529308B (en) | data encryption method and device and mobile terminal | |
| US9647834B2 (en) | Systems and methods with cryptography and tamper resistance software security | |
| US9288054B2 (en) | Method and apparatus for authenticating and managing application using trusted platform module | |
| CN107453880B (en) | Cloud data secure storage method and system | |
| CN105144626A (en) | Generation of working security key based on security parameters | |
| US9529733B1 (en) | Systems and methods for securely accessing encrypted data stores | |
| Lee et al. | Reverse‐safe authentication protocol for secure USB memories | |
| CN107908574A (en) | The method for security protection of solid-state disk data storage | |
| CN108537048B (en) | Security association method and system for encrypted solid state disk and authorized computer | |
| CN104980401A (en) | Secure data storage system and secure data storage and reading method of NAS server | |
| US20100011221A1 (en) | Secured storage device with two-stage symmetric-key algorithm | |
| CN105760789A (en) | Protection method for encryption key in encrypted mobile solid-state disk | |
| CN107092836A (en) | A kind of data guard method and device based on system encryption | |
| US11044105B2 (en) | System, method, and computer program product for sensitive data recovery in high security systems | |
| CN103207976B (en) | Mobile storage file prevents the method for divulging a secret and the secret USB flash disk based on the method | |
| CN112968774B (en) | Method, device storage medium and equipment for encrypting and decrypting configuration file | |
| US9177160B1 (en) | Key management in full disk and file-level encryption | |
| CN104463003A (en) | File encryption protecting method | |
| Kim et al. | Security analysis and bypass user authentication bound to device of windows hello in the wild | |
| CN101692264A (en) | Method of encrypting and protecting files by using hidden partition (HPA), CPU ID and soft keyboard | |
| CN117063439A (en) | Method for key management and computer-based system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150520 |