CN106897640A - The computer encryption lock of effective separation - Google Patents
The computer encryption lock of effective separation Download PDFInfo
- Publication number
- CN106897640A CN106897640A CN201510957135.1A CN201510957135A CN106897640A CN 106897640 A CN106897640 A CN 106897640A CN 201510957135 A CN201510957135 A CN 201510957135A CN 106897640 A CN106897640 A CN 106897640A
- Authority
- CN
- China
- Prior art keywords
- key
- module
- random number
- densifying plate
- electron key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000926 separation method Methods 0.000 title claims abstract description 22
- 238000004891 communication Methods 0.000 claims abstract description 7
- 239000000203 mixture Substances 0.000 claims description 5
- 235000015170 shellfish Nutrition 0.000 claims description 3
- 238000001514 detection method Methods 0.000 abstract description 11
- 230000007306 turnover Effects 0.000 abstract description 10
- 238000005192 partition Methods 0.000 abstract 1
- 238000000034 method Methods 0.000 description 22
- 230000005611 electricity Effects 0.000 description 16
- 238000007689 inspection Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 7
- 238000012360 testing method Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 108020004414 DNA Proteins 0.000 description 3
- 238000013500 data storage Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000000682 scanning probe acoustic microscopy Methods 0.000 description 3
- 238000004321 preservation Methods 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 210000004556 brain Anatomy 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000035515 penetration Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
Abstract
The effective separation computer encryption lock that the present invention is provided includes being plugged on the densifying plate between the mainboard of computer and hard disk, being plugged on the densifying plate electron key for carrying out real-time identity authentication with the densifying plate;The electron key carries out real-time authentication and firmware anti-copy detection with the densifying plate, and the data between turnover electron key and densifying plate are encrypted;After authentication and firmware anti-copy detection is completed, the electron key combines the internal certain customers' cipher key list for preserving with the certain customers' cipher key list on densifying plate, and certain customers' key of selecting of the different random of partition holding from cipher key list according to hard disk carries out encryption and decryption to the data of turnover hard disk.Computer encryption lock degree of safety of the invention is high, and firmware will not be copied, and the data and electron key encrypted in hard disk, by encryption, will not be cracked with densifying plate communication data, and privacy degrees are high.
Description
Technical field
The present invention relates to a kind of electronic password lock, more particularly to a kind of computer encryption lock of effective separation.
Background technology
At present, most safety information products are mainly the anti-of a similar fire wall are done to the outside of information
Shield, and the protection to information itself does not deal with, i.e., do not carry out encryption and decryption to the information for storing, and only exists
Information output increases encryption device to realize encryption.May be for suddenly for this encryption device user
Depending on, misread or the reason such as do not want to take the trouble, once during information use violation operation and cause information
Leakage, for example dismantle encryption device, or private link etc..
Also occur in that now at present a kind of to Source Encryption product, but this output aggregate generally existing hardware is easy
Be cloned and in-convenience in use the shortcomings of.
The content of the invention
The technical problem to be solved in the present invention is:There is provided a kind of data to storing carries out encryption and decryption, and needs
Real-time authentication, prevents the computer encryption lock of the effective separation that hardware is copied.
To achieve the above object, it is described it is effective separate computer encryption lock include being plugged on the mainboard of computer with
Densifying plate between hard disk, the electricity that real-time identity authentication is carried out with the densifying plate is plugged on the densifying plate
Sub- key;
After authentication passes through, the densifying plate enters to the communication data between the mainboard and the hard disk
Row encryption is decrypted;
The user key of data encryption comes from cipher key list, the key between the mainboard and the hard disk
List is by the first list being stored in the densifying plate and the second list being stored in the electron key
Composition;The user key according to be stored in the difference of subregion in the hard disk after data encryption and from described close
Chosen in key list;
During the authentication, the densifying plate gathers the unique identifier A of own hardware, the electronics key
The unique identifier B of spoon collection own hardware;The densifying plate receives the unique knowledge from the electron key
Other code B, and densifying plate identification code T1 is constituted with the unique identifier A, the electron key is received and come from
The unique identifier A of densifying plate, and constitute electron key identification code T2 with the unique identifier B;It is described
Densifying plate persistently produces random array X with the time, and after being encrypted to random array X again with the encryption
Plate identification code T1 is encrypted and logical operation obtains authentication information A;The densifying plate is by the random array
X is persistently sent to the electron key, and the electron key is encrypted rear and institute to the random array X
State that densifying plate identification code T2 is encrypted and logical operation obtains authentication information B, and by the authentication information B
Send to the densifying plate and compared with the authentication information A, so as to complete authentication.
Further, the densifying plate includes:
First random number module, for persistently producing the first random number;
Second random number module, for persistently producing the second random number;
First FPGA unit, for the logical operation to internal data, identity is carried out to the electron key
Certification and to data encryption or decryption between the mainboard and the hard disk;
First encrypting module, for being encrypted to the data that first FPGA unit sends, and returns
Pass;
Single-chip microcomputer, for entering row data communication with the electron key;
First FPGA unit receives first random number and second random number, and to described the
One random number and second random number carry out the random number that logical operation obtains random number Z, changes over time
Group X { x1, x2, x3, x4xn } and device keyses Y, first FPGA unit is by the device keyses
Y is sent to the electron key by the single-chip microcomputer and USB interface, and the device keyses Y is used as described
Electron key and the densifying plate encrypt the random number X, densifying plate identification code T1 and electron key identification code
Encryption key during T2;The content communicated between the densifying plate and the electron key is random after encrypting
Array X.
Further, first FPGA unit includes after burning inside it:
SATA host controllers, communicate with hard disk;
SATA device controllers, communicate with mainboard;
3rd encrypting module, is arranged between the hard disk and the mainboard, for pass in and out the mainboard and
The data of hard disk are encrypted;
Random number computing module, for carrying out logical operation to first random number and the second random number, and
Produce the random array X { x1, x2, x3, x4xn };
First receiver module, for receiving authentication information B and second list from the electron key;
First identification code acquisition module, for gathering and sends unique identifier A and the reception of the densifying plate
The electron key unique identifier B;
First authentication information generation module, receives the densifying plate knowledge that the first identification code acquisition module sends
The other code T1 and random number X, and for generating the authentication information A of the densifying plate;
Authentication module, contrasts, it is determined that described to the authentication information B and the authentication information A
Densifying plate and the electron key are that hardware matches product;
First anti-copies of firmware module, its internal pre-stored has the unique identifier A1 of the densifying plate, institute
Unique identifier A1 is stated for being contrasted with the unique identifier A, so that it is determined that whether firmware is copied
Shellfish;
First USB random number control modules, for being communicated with first encrypting module.
Further, first FPGA unit also includes user key control module, the user key
Cipher key list is stored in control module, and the pointer T of user key, institute are chosen from the cipher key list
The initial value for stating pointer T is the random number Z.
Further, the first random number module and first encrypting module include the close chip of state
SSX1019, the second random number module includes WNG9 chips.
Further, what is stored in the first list is a high position for the user key, the second list
Middle storage be the user key low level, or in the first list store be the user key
Low level, what is stored in the second list is a high position for the user key;The first list and described
After two lists collectively constitute the user key list, the user key therefrom chosen could be described hard to passing in and out
The data of disk and the mainboard are encrypted.
Further, the authentication information A, the generation of authentication information B and user key are described to turnover
The encryption of hard disc data uses SM4 algorithms.
Further, the electron key includes:
Second FPGA unit, for being decrypted to the data that the densifying plate is sent, logical operation simultaneously adds
The densifying plate is back to after close generation authentication information B;
Second encrypting module, the data of second FPGA unit are come from and to the data for receiving
Second FPGA unit is back to after being decrypted.
Further, second FPGA unit includes after burning inside it:
Second receiver module, for receiving the data that the densifying plate sends, and sends the data to institute
State the second encrypting module;
Second authentication information generation module, for generating authentication information B;
Second identification code acquisition module, for gathering and sends the unique identifier B of the electron key;
Whether the second anti-copies of firmware module, the firmware for determining the electron key is copied;
Certification and key sending module, for the cipher key list by the authentication information B and pre-stored wherein
Send to the densifying plate;
Further, pre-stored has a unique identifier B1 in the described second anti-copies of firmware module, it is described only
One identification code B1 is used to be contrasted with unique identifier B described in described the, so that it is determined that electron key firmware
Whether it is copied.
The invention has the advantages that:
1st, the data for passing in and out hard disk are carried out with encryption and decryption, storage data in a hard disk are the form of ciphertext,
Increased security;
When the 2nd, to turnover HD encryption, according to different fdisks using different user keys to data
It is encrypted, the ciphertext for making the data in same hard disk be different key encryptions increases security;
3rd, the user key used to fixed disk data enciphering is the random read take from cipher key list, different
Two keys between do not have general character, increase data security;
4th, the key in cipher key list is second be separately stored in densifying plate first list and electron key
What list was combined, in the absence of the possibility that cipher key list is stolen, improve security;
5th, densifying plate produces random array X in real time, and electron key is with the densifying plate respectively to the random number
Group X is encrypted generation authentication information B and authentication information A, and electron key passes authentication information B back in real time
Densifying plate is compared with authentication information A, completes pairing certification, in whole process, once electron key
Take out, certification can not be completed, system stalls, whole verification process is safe;
6th, authentication information A and authentication information B are to carry out logical operation with the unique identifier in respective hardware to obtain
Arrive, once electron key is different from the unique identifier gathered of any one of densifying plate, then and certification is believed
Breath A and authentication information B will be unable to successful matching, so as to prevent hardware firmware to be copied;
7th, electron key and densifying plate have respective unique identifier when dispatching from the factory in its internal reservoir, in electricity
During sub- key and densifying plate use, the unique identifier of acquisition hardware, and it is described with having previously been stored in
Unique identifier in electron key or densifying plate is contrasted, so as to prevent hardware firmware to be copied;
8th, the computer encryption lock of this effective separation carries out encryption and decryption using SM4 algorithms to user data, adopts
Encryption and decryption is carried out to random number and authentication information with SM1 algorithms, its encryption/decryption speed is fast.
Brief description of the drawings
Below in conjunction with the accompanying drawings, described in detail by specific embodiment of the invention, skill of the invention will be made
Art scheme and other beneficial effects are apparent.
In accompanying drawing,
Fig. 1 is the integrated connection schematic diagram of computer encryption lock of the present invention;
Fig. 2 is the modular structure schematic diagram of densifying plate of the present invention;
Fig. 3 is a kind of register principle schematic of generation random number of the invention;
Fig. 4 is the specific modular structure schematic diagram in inside of densifying plate of the present invention;
Fig. 5 is the composition schematic diagram of user key list of the present invention;
Fig. 6 is the modular structure schematic diagram of electron key of the present invention;
If Fig. 7 is the specific modular structure schematic diagram in the inside with brain of the invention;
Fig. 8 is computer encryption lock loading process schematic diagram of the invention;
Fig. 9 is computer encryption lock power-on self-test process schematic of the present invention.
Drawing reference numeral explanation:
100th, densifying plate;11st, the first FPGA unit;12nd, USB interface;13rd, the first random digital-to-analogue
Block;15th, the second random number module;17th, the first encrypting module;19th, single-chip microcomputer;101st, register;
110th, the first anti-copies of firmware module;111st, SATA host controllers;112nd, SATA device controls
Device processed;113rd, the 3rd encrypting module;114th, user key control module;115th, the first identification code collection
Module;116th, the first receiver module;117th, a USB random number control modules;118th, the first certification
Information generating module;119th, random number computing module;120th, authentication module;300th, electron key;
31st, the second FPGA unit;37th, the second encrypting module;310th, the second anti-copies of firmware module;314、
Certification and key sending module;315th, the second identification code acquisition module;316th, the second receiver module;318、
Second authentication information generation module;500th, mainboard;700th, hard disk.
Specific embodiment
Further to illustrate technological means and its effect that the present invention is taken, below in conjunction with of the invention
Preferred embodiment and its accompanying drawing are described in detail.
Fig. 1 is referred to, the effective separation computer encryption lock that the present invention is provided includes being plugged on the master of computer
Densifying plate 100 between plate and hard disk 700, it is plugged on encrypted version and carries out identity with the densifying plate 100 and recognize
The electron key 300 of card.
In the present invention, densifying plate 100 is carried out to the hardware of itself respectively after the power-up with electron key 300
Self-inspection, after the completion of self-inspection, electron key 300 carries out hardware pairing detection with densifying plate 100 again, goes forward side by side
The real-time authentication of row, carrying out after authentication passes through, densifying plate 100 just to pass in and out computer main board and
The data of hard disk 700 are encrypted or decrypt;It is exactly to detect certainly wherein to the process that own hardware carries out self-inspection
Whether the hardware firmware of body is copied, so as to increase security.
So in the present invention, the effective operation principle for separating computer encryption lock is divided into three parts,
One is data encryption process, and one is authentication procedures and hardware anti-copy process.
Hardware configuration of the invention is first introduced below, and three operation principles are illustrated respectively again then.
Fig. 2 is referred to, the densifying plate 100 includes that the first FPGA unit 11 and a FPGA are mono-
The first random number module 13, the second random number module 15, the first encrypting module 17 and list that unit 11 connects
Piece machine 19, wherein single-chip microcomputer 19 are connected with usb 12, are entered with electron key 300 by usb 12
Row communication.
First FPGA unit 11 is used for the logical operation to internal data, to the electron key 300
Carry out authentication and to data encryption or decryption between the mainboard and the hard disk 700.
First encrypting module 17 is used to add the data that first FPGA unit 11 sends
It is close, and return.
In the present embodiment, the first random number module 13 persistently produces the first random number, described
Two random number modules 15 persistently produce the second random number, wherein, the first random number is with the second random number
The random number of 32.Wherein described first random number module 13 include the close chip SSX1019 of state, second with
Machine digital-to-analogue block 15 includes WNG9 chips.
The first random number module 13 is mainly used to realize random number with the second random number module 15
Generate and self-inspection is carried out to own hardware using random number.Two modules work independently and do not interfere with each other, WNG9,
SSX1019 chip circumferences are provided with auxiliary circuit.Wherein described second random number module 15 includes one
WNG9 and 32 bit shift register, wherein WNG9 each clock generation 1bit random numbers, and
Be exist in the shift register by random number, when shift register completely after just externally output one 32
Random number.
Certainly, in the present embodiment, the register 101 can be by first FPGA unit 11
Interior software burning realization, its theory structure such as Fig. 3.
In the present embodiment, first encrypting module includes the close chip SSX1019 chips of state, the core
Piece supports SM1 AESs, can carry out SM1 to the random number received from first FPGA unit 11
Algorithm for encryption is simultaneously returned.In the present embodiment, the single-chip microcomputer 19 is mainly used in control and electron key
The data communication of the usb 12 of 300 connections.
Wherein, further, first FPGA unit 11 is by software programming, after burning in it
Portion forms multiple circuit units, refers to Fig. 4, specifically includes:The SATA host controls communicated with hard disk
Device 111 communicates SATA device controllers 112, the 3rd encrypting module 113, random number computing mould with mainboard
Block 119, the first receiver module 116, the first identification code acquisition module 115, the first authentication information generation module
118th, authentication module 120, the USB random number control modules of the first anti-copies of firmware module 110 and the
117。
3rd encrypting module 113 is arranged between the hard disk and the mainboard, for described to turnover
The data of mainboard and hard disk are encrypted.
The random number computing module 119 is used to carry out logic fortune to first random number and the second random number
Calculate, and produce random array X { x1, x2, x3, x4xn }, random number Z and device keyses Y.Wherein,
The random array X { x1, x2, x3, x4xn } is electron key and densifying plate real-time identity authentication process
The plaintext of the encryption data of middle transmission, communicates to prevent other people from cracking between densifying plate and the electron key
Data, the data communicated between electron key and the densifying plate be to random array X encrypt after it is close
Text, uses SM1 algorithms when being encrypted to random number X;The device keyses Y is that densifying plate exists with electronic key
Carry out the encryption key of encrypted random number group X during firmware anti-copy self-inspection and real-time authentication, it is described with
Machine number Z is relevant with the user key that the 3rd encrypting module 113 encrypts data between hard disk and the mainboard.
First receiver module 116 is used to receive the authentication information B from the electron key.
The first identification code acquisition module 115 is used to gather and to send the densifying plate related to hardware firmware
Unique identifier A, receive the electron key and collect the unique identifier related to own hardware firmware
B, and generate the densifying plate identification code T1.
The first authentication information generation module 118 receives the first identification code acquisition module 115 and sends
The densifying plate identification code T1 and the random number X, and for generating the authentication information A of the densifying plate.
Densifying plate and hardware address unique identification in product export are stored in the authentication module 120
Code A identical unique identifier A1, and with the electron key hardware address unique identifier B identicals only
One identification code B1.The unique identifier B and unique identifier B1 of the authentication module 120 pairs is carried out
Contrast, determines that the densifying plate and the electron key are that hardware matches product.
The inside pre-stored of the first anti-copies of firmware module 110 has the unique identifier of the densifying plate
A1, the unique identifier A1 are used to be contrasted with the unique identifier A, so that it is determined that firmware is
It is no to be copied.When unique identifier A1 described herein is product export, described first is artificially stored in
With the unique identifier A identicals one of the hardware components of the first FPGA unit 11 inside FPGA unit 11
ID, same unique identifier B1 are identical with the principle that the unique identifier A1 is produced for group.In this product
After upper electricity, the unique identifier A of the acquisition hardware part of the first identification code acquisition module 115 and in preservation
Unique identifier A1 internally is contrasted, if the firmware of the hardware of the first FPGA unit 11 not by
Copy, then the unique identifier A for collecting is identical with the unique identifier A1 of storage, is otherwise just recognized
For the hardware firmware of first FPGA unit 11 is copied, now the densifying plate cannot be to entering
The data for going out the hard disk are encrypted.
First USB random numbers control module 117, for being communicated with first encrypting module 17.
Wherein, first FPGA unit 11 also includes user key control module 114, and the user is close
The user key of the encryption data of the 3rd encrypting module 113 is stored in key control module 114, and should
The list of user key, there is many group user keys in list, be encrypted in the data to entering hard disk
When, the difference of the subregion according to hard disk can choose different user key, specifically choose which user key
Determined according to pointer T.When the random number Z produced after electricity on the densifying plate is to choose the user key
The initial value of pointer T.
Fig. 5 is referred to, in the present embodiment, an electricity of a set of computer encryption lock, i.e. hardware pairing
Sub- key and a densifying plate, with a set of user key, every suit user key is described with 400 groups
3rd encrypting module is only chosen N groups therein and is used when the data to passing in and out the hard disk are encrypted,
Wherein the size of N depends on hard disk size, if for example we define the storage interval of every 20G sizes and use
If one user key, then the user key to be used of hard disk of a total M G size is
N=M/20, the 3rd encrypting module according to encrypted data storage when hard disk is interval, data storage
Hard disk address where interval position choose corresponding user key.
In the present embodiment, we are illustrated so that hard disk size is as 500G as an example, when hard disk
When size is 500G, the user key used required for the data of encryption turnover hard disk is 25, then this
Which 25 25 beWhen at this moment only needing to point out that the 3rd encrypting module starts encryption, used
The address of the user key of first, i.e., the initial value random number Z of above-mentioned pointer T, is obtaining pointer T
Afterwards, the data for entering hard disk are encrypted according to the pointer T, when complete one of the data storage of encryption
Behind the interval of 20G sizes, change the size of pointer T, the mode of change there are many kinds, when simplest pair
Pointer T carries out+1 or -1 calculating, under the user key for then being pointed to according to fingerprint T+1 or T-1 is docked
The 20G size datas for coming are encrypted.
In order to further prevent turnover hard disk to be cracked by the data that user key is encrypted and in order to ensure
The authentication success of electron key and densifying plate, user key in the cipher key list according to it is high-order with
The mode of low level is divided into two groups, respectively first list and second list, and wherein first list is stored in institute
State in densifying plate, the second list is stored in the electron key, only when the electron key with
After the densifying plate completes authentication and the anti-copies of firmware self-inspection of hardware, the electron key just will
The second list is sent to the user key control module.When the first list and the secondary series
, into after a complete cipher key list, the 3rd encrypting module could be according to pointer T from the use for table pack
The user key chosen in the key control module of family.In present embodiment, with the user key
It is illustrated for 128, then, first list is the height for being stored in cipher key list in the densifying plate
The list of 64, the second list is the list of low 64 be stored in the electron key, only
When high 64 first lists for being have been combined into the second list of low 64 sent from the electron key
During whole 400 groups of 128 user key lists, the encryption or decryption of data could be carried out to hard disc data.
In the present embodiment, the encryption that the 3rd encrypting module is encrypted to the data for passing in and out hard disk
Algorithm is SM4 AESs, and the algorithm speed of service is very fast.
It is further to note that the 3rd encrypting module is added in the data to passing in and out the hard disk
In close process, it is encrypted merely by the data to being sent from hard disk, without being added to order
It is close.3rd encrypting module is passed through by transport layer between SATA host controllers and SATA device
The form recognition command and data of Frame Information Structure (FIS).
Fig. 6 is referred to, in the present invention, the electron key 300 includes:Second FPGA unit 31 and
Two encrypting modules 37.
Second FPGA unit 31 is used to be decrypted the data that the densifying plate is sent, logical operation
And it is back to the densifying plate after encrypting the generation authentication information B;
Second encrypting module 37 is used to receive and comes from the data of second FPGA unit 31 and right
The data are back to second FPGA unit 31 after being decrypted.
In the present embodiment, it is by encryption that the densifying plate is sent to the data of the electron key 300
, then the electron key 300 is accomplished by being decrypted the data described in reception, then can just enter
Logical operation and application inside row, second encrypting module 37 is exactly in whole electron key 300
It is plugged on the random array persistently sended over when on the densifying plate by being encrypted with device keyses Y
X { x1, x2, x3, x4xn } is decrypted, and then the random array X after to decryption is sent to described
Second FPGA unit 31, second FPGA unit 31 is carrying out other one to the random array X
Broken out for authentication information B beams back the densifying plate after set AES encryption.Wherein, random array X is existed
Encryption in densifying plate 100 is SM1 algorithms, and electron key is calculated the advanced row SM1 of random array for receiving
The decryption of method, is then carrying out the encryption of SM4 algorithms.
Fig. 7 is referred to, second FPGA unit 31 at it after burning by being internally formed circuit unit bag
Include:Second receiver module 316, the second authentication information generation module 318, the second identification code acquisition module 315,
Second anti-copies of firmware module 310 and certification and key sending module 314.
Second receiver module 316 is used to receive the data that the densifying plate 100 sends, and by the data
Send to second encrypting module 37, the data include the unique identifier A and random number of densifying plate collection
Group X.
The second identification code acquisition module 315 is used to gather and send unique knowledge of the electron key 300
Other code B, receives the unique identifier A that the densifying plate 100 sends, and to electron key 300 and encryption
Plate 100 carries out pairing detection, densifying plate 100 of the second identification code acquisition module 315 first to receiving
The hardware of the self-encryption plate unique identifier A and electron key itself collection that send hardware collection is uniquely known
Other code B composition electron key identification codes T2.
The second authentication information generation module 318 is used to generate authentication information B.The certification and key are sent out
Module 314 is sent to be sent to the encryption for the cipher key list by the authentication information B and pre-stored wherein
Plate 100.
In the present embodiment, the second authentication information generation module 318 generate authentication information B when,
SM4 is carried out to the random array X decrypted through SM1 algorithms sent from second receiver module 316
AES is encrypted, the electronics being encrypted after then being gathered with the second identification code acquisition module 315 again
Key identification code T2 carries out logical operation so as to certified Information B.
The second anti-copies of firmware module 310 is used to determine whether the firmware of the electron key 300 is copied
Shellfish.
In the present embodiment, the second anti-copies of firmware module 310 judges the firmware of the electron key 300
Whether whether the mode being copied judges the firmware of the densifying plate 100 with the described first anti-copies of firmware module
The mode being copied is identical, the second anti-copies of firmware when the electron key 300 dispatches from the factory, its
Internal reservoir has unique identifier B1, the unique identification of the collection of the second identification code acquisition module 315
Code B is contrasted in the unique identifier B1 with storage in the described second anti-copies of firmware module 310
So as to whether the firmware for judging the electron key 300 is copied.
The second identification code acquisition module 315 carries out pairing detection to electron key 300 and densifying plate 100
When, the corresponding unique knowledge of the hardware of densifying plate 100 in the second identification code acquisition module 315 will be pre-stored in
The unique identifier A that other code A1 sends with the densifying plate 100 for receiving compares, so that it is determined that described
Whether densifying plate 100 matches with the electron key 300.
Herein it should be noted that a set of computer encryption lock of hardware pairing, electron key therein
300 with densifying plate 100 when dispatching from the factory, the first FPGA unit is hard with what the burning of the second FPGA unit 31 was formed
Part unique identifier A and unique identifier B are differed, and are stored in the described first anti-copies of firmware module
And the second unique identifier A1 and unique identifier B1 in anti-copies of firmware module 310 is also to differ
, but unique identifier A and unique identifier A1 is identical, unique identifier B and unique identifier
B1 is identical.
By described above, the hardware configuration of electron key of the invention 300 and densifying plate 100, turnover are hard
The data encryption process of disk and the course of work of hardware firmware anti-copy have been illustrated and finished, below to electricity
Sub- key 300 is illustrated with the authentication principle of densifying plate 100.
It is known that being produced as input with the first random number and the second random number in first FPGA unit
Three random numbers, be respectively random array X { x1, x2, x3, x4xn }, device keyses Y and with
Machine number Z.Wherein, random number Z and device keyses Y be the densifying plate 100 on two of electricity generation with
Machine number, and the two random numbers are sent to the first FPGA unit and the second FPGA unit 31, Ran Houjie
That get off generation is exactly random array X, and this random array X results from the whole remaining course of work, one
Denier is powered off or this random array X is not generated, then just will be considered that the electron key 300 from described
Pulled up on densifying plate 100 or computer shutdown, this computer-chronograph encryption lock just no longer works.
The user key that random number Z is used with the data of encryption turnover hard disk is aware of by the introduction of top
Pointer T it is relevant.This random number Z was only produced at the upper electric moment, the random number after subsequent normal operation
Z will not change
Can be produced during electricity on each products of random number Z, but be used all without being latched by the 3rd encrypting module 113,
When only user formats hard disk totally, the 3rd encrypting module 113 just can latched random number Z, the position of storage
Put and be placed in the outer flash of piece with the firmware of FPGA, later every time upper Dan Shang electricity exist it is random in flash
Number Z can be loaded into the 3rd encrypting module 113, except non-user formats hard disk, the 3rd encryption mould again
Block just can obtain new random number Z from random number computing module, and update random number Z in flash.
Random array X effectively as be to communicate in densifying plate 100 and the verification process of electron key 300
The plaintext of data, has one to produce interval, in the present invention between each element in the random array X
The interval is not more than 1/18s, does not generate an element of random array X, the densifying plate 100 and the electricity
The certification of sub- key 300 once, is continued for the encrypted work completing.
In order to the data transmitted between densifying plate and electron key are not cracked, the number communicated between them
According to being ciphertext by encrypting, the plaintext of encryption is random array X, and the password of encryption is device keyses Y,
Device keyses Y mono- has 3 random number compositions, respectively y1, y2, y3, whole authentication procedures
In, the device keyses used in different processes are different.We are with random in random array X below
Illustrated as a example by number x1.
1st, device power, the generation of device keyses Y:
When electron key is plugged on densifying plate, and press the on & off switch of computer, electron key and plus
Electricity is completed on close plate.Wherein random number computing mould of the densifying plate on one in the FPGA unit of moment first of electricity
After block carries out logical operation to the first random number and the second random number, device keyses y1, y2 and y3 are produced,
And device keyses y1, y2 and y3 are sent into the first FPGA unit and the second FPGA unit preservation.
2nd, the generation of random number x1:
Likewise, after random number computing module carries out logical operation to the first random number and the second random number,
Produce random number x1, the random number x1 of generation actually with device keyses y1, between y2 and y3 not this
Difference in matter, only difference is that numerical value is different.
3rd, the hardware pairing detection between densifying plate and electron key:
Elaborate on top, the anti-copies of firmware unit of first in densifying plate is gathered to the first identification code
The unique identifier A1 of unique identifier A and the therein storage of unit collection compare so that it is determined that
Firmware whether be copied and, the second anti-copies of firmware unit in electron key gathers single to the second identification code
The unique identifier B of unit's collection compares so that it is determined that hard with the unique identifier B1 of therein storage
Whether part is copied;The collection that is sent to electron key of the first identification code collecting unit simultaneously from
The unique identifier B of body is carried out with the unique identifier B1 of the first identification code collecting unit internal reservoir
Compare, so that it is determined that whether encryption trigger and electron key match;Second identification code collection described in identical
In the unique identifier A of itself of the collection that unit sends to densifying plate and second identification code itself
The unique identifier A1 of portion's storage compares, so that it is determined that the electron key and the densifying plate whether
Pairing.
Specifically, the first identification code acquisition module gathers the unique identifier A of the first FPGA unit,
Then carry out the encryption of SM4 algorithms as password with device keyses y1 to unique identifier A, and to encryption after
As a result (A represents that in plain text, SM4 represents AES, and y1 represents encryption key to ASM4y1;In the present invention
Encrypted result uses this illustrative method during middle authentication) sent to electron key by USB interface,
Electron key sends to the second identification code acquisition module ASM4y1, and the second identification code acquisition module is again
Carry out the decryption of SM4 algorithms as password with device keyses y1, and the result unique identifier A that will be decrypted with from
The unique identifier A1 of body storage compares, if compared successfully, then it is assumed that densifying plate and electron key
Hardware is matched.
The unique identifier B that same electron key also gathers oneself is carried out by password of device keyses y2
BSM4y2 after the encryption of SM4 algorithms is sent to the first identification code acquisition module of densifying plate, described first
Identification code acquisition module carries out the decryption of SM4 algorithms, and the knot that will be decrypted with device keyses y2 as password again
The unique identifier B1 that fruit unique identifier B is stored with therein compares, so that it is determined that described add
Close plate is matched with electron key hardware.
After the pairing of above-mentioned two hardware passes through, just think that the densifying plate is hard with the electron key
The complete sets of products of part pairing.
4th, the real-time identity authentication of electron key and densifying plate:
The random number computing module sends to a USB random numbers to the random number x1 for producing and controls mould
Block, a USB random numbers control module sends to the first encrypting module random number x1, and first adds
Close module carries out SM1 algorithm for encryption to random number x1 by password of device keyses y2, and by result
X1SM1y1 is back to the USB random number control modules, and a USB random numbers control mould
Block sends to electron key x1SM1y1, and the electron key sends to the second encryption mould x1SM1y1
Block, second encrypting module is solved by password SM1 AESs of device keyses y2 to x1SM1y1
It is close, random number x1 is obtained, and random number x1 is sent to the second authentication information generation module;Described second
Random number x1 is carried out SM4 algorithm for encryption by authentication information generation module by password of device keyses y3, is obtained
x1SM4y3;The second identification code acquisition module by electron key unique identifier T2 with it is described
X1SM4y3 carries out logical operation and obtains T2x1SM4y3, that is, obtain described authentication information B, and will be described
Authentication information B is sent to the first receiver module of the densifying plate by the certification and key sending module.
Simultaneously inside the densifying plate, the random number computing module sends to the random number x1
One authentication information generation module, the first authentication information generation module will be close to the random number x1 equipment
Key y3 carries out SM4 algorithm for encryption and obtains x1SM4y3;The first identification code acquisition module by densifying plate only
One identification code T1 is sent to the first authentication information generation module, the first authentication information generation module
The unique identifier T1 and x1SM4y3 is carried out into logical operation and obtains T1x1SM4y3, that is, obtain certification
Information A.
In the present embodiment, the logical operation of the unique identifier T1 and x1SM4y3 with it is unique
Identification code T2 is identical with the logical operation of the x1SM4y3, for example XOR.
This is arrived, first FPGA unit can be contrasted to authentication information A and authentication information B, or
Person is right after being decrypted to authentication information A and authentication information B respectively with device keyses y3 according to SM4 algorithms
Than, if the result of contrast is authentication information A identical with authentication information B, electron key and densifying plate the
One-time identity authentication passes through.
After above-mentioned first time authentication is completed, the densifying plate is with the electron key with random number x2
Replace random number x1 and continue to complete above-mentioned verification process, and verification process is circulated with this, until equipment is fallen
Untill electricity.
Densifying plate is the information processing point of penetration of the computer encryption lock of effective separation, all data of hard disk
Turnover will first pass through densifying plate, and data are processed inside it.Densifying plate also includes PCIE × 1
Standard interface, USB standard mother's mouth.It is that the computer of effective separation adds that PCIE is connected on computer main board
Close lock power supply;USB mother's mouths are connected with electron key, to complete authentication.
Electron key as the computer encryption lock of effective separation the mutatis mutandis voucher of information, electron key is first
The information of densifying plate is received, then electron key generates not reproducible authentication information, returns to densifying plate
Carry out authentication.After certification is completed with densifying plate, electron key is low in electron key to being stored in
64bit user keys list (64bit × 400) are encrypted, and ciphertext is sent to densifying plate.As effective point
From computer encryption lock crucial part, have the close chip SSX1019 of a piece of state on electron key,
One USB standard public affairs mouth and a piece of FPGA.There is a USB public affairs mouth to be connected with densifying plate on electron key,
It is authenticated information exchange.
Such as Fig. 8, computer encryption lock loading process of the invention is as follows:
1. densifying plate is inserted into PCIE × 1 interface of PC mainboards, two SATA according to specification demand for user
Mouth is connected with mainboard SATA mouthfuls and hard disk SATA mouthfuls respectively, is inserted into electron key.
2. PC is opened, is set into BIOS, the mode of operation for setting SATA at BIOS ends is AHCI
3. hard disk of the carry under the computer encryption lock of effective separation is formatted, if hard disk is to hang for the first time
Used in this product, then can show it is only one of which raw disks, direct formatting words;If with
Family resets, then need user that first all subregions are deleted inside disk management, then format totally.
4. normal load windows7 operating systems.
So far, the computer encryption lock installation of effective separation is finished, and user need to only insert electricity before start every time
Sub- key can normally use this PC.
Such as Fig. 9, computer encryption lock power-on self-test process of the present invention is as follows:
Need just normal work by self-inspection after product start, self-inspection is the computer encryption lock of effective separation
Self-inspection its random number, crypto module and firmware security.
1. the close algorithm chip SSX1019 built in self testings of state are started, SM1 algorithms carry out self-inspection, internally,
Be input into the key for determining carries out ECB encryption computing with plaintext, if obtain correct ciphertext so to judge to calculate
Method module is normal, otherwise judges unsuccessfully to exit.
2. start random number inspection and boot up power-on self-test, foundation《GM/T 0005-2012 randomnesss are examined
Gauge model》, 20*10 is gathered after electricity on product8The random number of bit, is divided into 20 groups, often in FPGA
Group 108Bit, is detected and is judged using playing card detection mode, judges to be performed by then order, is judged
Failure is then exited.
3. SM4 algorithms detection in FPGA, feeding are enabled《GM/T 0002-2012SM4 block ciphers are calculated
Method》The key and plaintext of the determination gone out given in middle appendix A computing example 1 are encrypted computing, if
Then evaluation algorithm module is normal to obtain correct ciphertext, otherwise judges unsuccessfully to exit.FPGA SM4 self-inspections contain
All SM4 algorithms in densifying plate and electron key two panels FPGA.
4. FPGA firmwares anti-copy detection is started, DNA acquisition modules obtain current from FPGA inside
(this constant is when FPGA code is write to DNA constants in the DNA of FPGA, with FPGA firmwares
Embedded), if identical judgement current firmware safety, differs, firmware has been copied, and mistake is moved back
Go out.
Completed inside when SM4 algorithms detect the electricity on cipher card in wherein FPGA, take 20 milliseconds, with
The detection of machine number is also to be carried out in FPGA, is taken within 200 milliseconds.
As shown in table 1 below, in addition to being detected in start section, product is being produced, used for random number inspection
Links all random number is detected, to ensure the safety and stability of random number.Random number of the invention
The random number detection of computing module is as follows:
The random number statistic mixed-state of table 1
The above, for the person of ordinary skill of the art, can be with technology according to the present invention scheme
Other various corresponding changes and deformation are made with technology design, and all these changes and deformation should all belong to
The protection domain of the claims in the present invention.
Claims (10)
1. one kind is effective separates computer encryption lock, it is characterised in that the mainboard including being plugged on computer
Densifying plate between hard disk, it is plugged on the densifying plate and carries out real-time identity authentication with the densifying plate
Electron key;
After authentication passes through, the densifying plate enters to the communication data between the mainboard and the hard disk
Row encryption is decrypted;
The user key of data encryption comes from cipher key list, the key between the mainboard and the hard disk
List is by the first list being stored in the densifying plate and the second list being stored in the electron key
Composition;The user key is according to being stored in the different from the key of subregion in the hard disk after data encryption
Chosen in list;
During the authentication, the densifying plate gathers the unique identifier A of own hardware, the electronics key
The unique identifier B of spoon collection own hardware;The densifying plate receives the unique knowledge from the electron key
Other code B, and densifying plate identification code T1 is constituted with the unique identifier A, the electron key is received and come from
The unique identifier A of densifying plate, and constitute electron key identification code T2 with the unique identifier B;
The densifying plate persistently produces random array X with the time, and after being encrypted to random array X again with
The densifying plate identification code T1 is encrypted and logical operation obtains authentication information A;The densifying plate will be described
Random array X is persistently sent to the electron key, and the electron key is added to the random array X
It is encrypted with the electron key identification code T2 after close and logical operation obtains authentication information B, and will be described
Authentication information B sends to the densifying plate and is compared with the authentication information A, so as to complete authentication.
2. it is according to claim 1 it is effective separation computer encryption lock, it is characterised in that the encryption
Plate includes:
First random number module, for persistently producing the first random number;
Second random number module, for persistently producing the second random number;
First FPGA unit, for the logical operation to internal data, identity is carried out to the electron key
Certification and to data encryption or decryption between the mainboard and the hard disk;
First encrypting module, for being encrypted to the data that first FPGA unit sends, and returns
Pass;
Single-chip microcomputer, for entering row data communication with the electron key;
First FPGA unit receives first random number and second random number, and to described the
One random number and second random number carry out the random number that logical operation obtains random number Z, changes over time
Group X { x1, x2, x3, x4xn } and device keyses Y, first FPGA unit is by the device keyses
Y is sent to the electron key by the single-chip microcomputer and USB interface, and the device keyses Y is used as described
Electron key and the densifying plate encrypt the random number X, densifying plate identification code T1 and electron key identification code
Encryption key during T2;The content communicated between the densifying plate and the electron key is random after encrypting
Array X.
3. it is according to claim 2 it is effective separation computer encryption lock, it is characterised in that described first
FPGA unit includes after burning inside it:
SATA host controllers, communicate with hard disk;
SATA device controllers, communicate with mainboard;
3rd encrypting module, is arranged between the hard disk and the mainboard, for pass in and out the mainboard and
The data of hard disk are encrypted;
Random number computing module, for carrying out logical operation to first random number and the second random number, and
Produce the random array X { x1, x2, x3, x4xn };
First receiver module, for receiving authentication information B and second list from the electron key;
First identification code acquisition module, for gathering and sends unique identifier A and the reception of the densifying plate
The electron key unique identifier B;
First authentication information generation module, receives the densifying plate knowledge that the first identification code acquisition module sends
The other code T1 and random number X, and for generating the authentication information A of the densifying plate;
Authentication module, contrasts, it is determined that described to the authentication information B and the authentication information A
Densifying plate and the electron key are that hardware matches product;
First anti-copies of firmware module, its internal pre-stored has the unique identifier A1 of the densifying plate, institute
Unique identifier A1 is stated for being contrasted with the unique identifier A, so that it is determined that whether firmware is copied
Shellfish;
First USB random number control modules, for being communicated with first encrypting module.
4. it is according to claim 2 it is effective separation computer encryption lock, it is characterised in that described first
FPGA unit also includes user key control module, and key column is stored in the user key control module
Table, and the pointer T of user key is chosen from the cipher key list, the initial value of the pointer T is described
Random number Z.
5. it is according to claim 2 it is effective separation computer encryption lock, it is characterised in that described first
Random number module and first encrypting module include the close chip SSX1019 of state, the second random number module
Including WNG9 chips.
6. it is according to claim 1 it is effective separation computer encryption lock, it is characterised in that described first
What is stored in list is a high position for the user key, and what is stored in the second list is the user key
Low level, or in the first list store be the user key low level, in the second list store up
What is deposited is a high position for the user key;The first list collectively constitutes the user with the second list
After cipher key list, the user key therefrom chosen could be carried out to the data for passing in and out the hard disk and the mainboard
Encryption.
7. the effective separation computer encryption lock according to claim 1 or 3, it is characterised in that described
Authentication information A, the generation of authentication information B and user key are adopted to the encryption for passing in and out the hard disc data
Use SM4 algorithms.
8. the effective separation computer encryption lock according to any one of claims 1 to 3, it is characterised in that
The electron key includes:
Second FPGA unit, for being decrypted to the data that the densifying plate is sent, logical operation simultaneously adds
The densifying plate is back to after close generation authentication information B;
Second encrypting module, the data of second FPGA unit are come from and to the data for receiving
Second FPGA unit is back to after being decrypted.
9. it is according to claim 8 it is effective separation computer encryption lock, it is characterised in that described second
FPGA unit includes after burning inside it:
Second receiver module, for receiving the data that the densifying plate sends, and sends the data to institute
State the second encrypting module;
Second authentication information generation module, for generating authentication information B;
Second identification code acquisition module, for gathering and sends the unique identifier B of the electron key;
Whether the second anti-copies of firmware module, the firmware for determining the electron key is copied;
Certification and key sending module, for the cipher key list by the authentication information B and pre-stored wherein
Send to the densifying plate.
10. effective separation computer encryption lock according to claim 9, it is characterised in that described the
In two anti-copies of firmware modules pre-stored have unique identifier B1, the unique identifier B1 be used for it is described
Unique identifier B described in is contrasted, so that it is determined that whether electron key firmware is copied.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510957135.1A CN106897640B (en) | 2015-12-18 | 2015-12-18 | Separate computer encryption lock for pipes |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510957135.1A CN106897640B (en) | 2015-12-18 | 2015-12-18 | Separate computer encryption lock for pipes |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106897640A true CN106897640A (en) | 2017-06-27 |
| CN106897640B CN106897640B (en) | 2024-02-02 |
Family
ID=59189490
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510957135.1A Active CN106897640B (en) | 2015-12-18 | 2015-12-18 | Separate computer encryption lock for pipes |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106897640B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108337053A (en) * | 2017-12-29 | 2018-07-27 | 北京航天测控技术有限公司 | A kind of testing and diagnosing information wireless transmission device and system |
| CN108762791A (en) * | 2018-06-07 | 2018-11-06 | 深圳市元征科技股份有限公司 | Firmware upgrade method and device |
| CN108830071A (en) * | 2018-05-03 | 2018-11-16 | 深圳市中微信息技术有限公司 | The encryption and decryption and recognition methods of SCM Based motherboard hardware and upper layer software (applications) |
| CN111295654A (en) * | 2017-09-05 | 2020-06-16 | 爱存储有限公司 | Method and system for securely transferring data |
| CN112199740A (en) * | 2020-12-03 | 2021-01-08 | 飞天诚信科技股份有限公司 | Encryption lock implementation method and encryption lock |
| CN112527700A (en) * | 2020-12-04 | 2021-03-19 | 四川效率源信息安全技术股份有限公司 | Method for realizing defect hard disk isolation based on PCI-E device |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1924835A (en) * | 2006-09-01 | 2007-03-07 | 西安交通大学 | Dynamic key based hardware data enciphering method and device thereof |
| US20090323966A1 (en) * | 2008-06-30 | 2009-12-31 | Condel International Technologies Inc. | Method and system for enhancing data encryption using multiple-key lists |
| CN101742072A (en) * | 2009-12-18 | 2010-06-16 | 四川长虹电器股份有限公司 | Anti-copy method for set-top box software |
| CN101980241A (en) * | 2010-10-27 | 2011-02-23 | 北京握奇数据系统有限公司 | Method, system and device for authenticating radio frequency tag |
| US20130318358A1 (en) * | 2012-05-24 | 2013-11-28 | Weixin WANG | Apparatus for generating secure key using device and user authentication information |
| US20140032910A1 (en) * | 2012-07-26 | 2014-01-30 | Yuji Nagai | Storage system in which fictitious information is prevented |
| CN104463026A (en) * | 2014-12-08 | 2015-03-25 | 深圳中科讯联科技有限公司 | System and method for hardware anti-copying board |
| CN104868994A (en) * | 2015-05-26 | 2015-08-26 | 北京数字认证股份有限公司 | Collaboration secret key management method, device and system |
-
2015
- 2015-12-18 CN CN201510957135.1A patent/CN106897640B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1924835A (en) * | 2006-09-01 | 2007-03-07 | 西安交通大学 | Dynamic key based hardware data enciphering method and device thereof |
| US20090323966A1 (en) * | 2008-06-30 | 2009-12-31 | Condel International Technologies Inc. | Method and system for enhancing data encryption using multiple-key lists |
| CN101742072A (en) * | 2009-12-18 | 2010-06-16 | 四川长虹电器股份有限公司 | Anti-copy method for set-top box software |
| CN101980241A (en) * | 2010-10-27 | 2011-02-23 | 北京握奇数据系统有限公司 | Method, system and device for authenticating radio frequency tag |
| US20130318358A1 (en) * | 2012-05-24 | 2013-11-28 | Weixin WANG | Apparatus for generating secure key using device and user authentication information |
| US20140032910A1 (en) * | 2012-07-26 | 2014-01-30 | Yuji Nagai | Storage system in which fictitious information is prevented |
| CN104463026A (en) * | 2014-12-08 | 2015-03-25 | 深圳中科讯联科技有限公司 | System and method for hardware anti-copying board |
| CN104868994A (en) * | 2015-05-26 | 2015-08-26 | 北京数字认证股份有限公司 | Collaboration secret key management method, device and system |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111295654A (en) * | 2017-09-05 | 2020-06-16 | 爱存储有限公司 | Method and system for securely transferring data |
| CN111295654B (en) * | 2017-09-05 | 2023-07-18 | 爱存储有限公司 | Method and system for securely transferring data |
| CN108337053A (en) * | 2017-12-29 | 2018-07-27 | 北京航天测控技术有限公司 | A kind of testing and diagnosing information wireless transmission device and system |
| CN108337053B (en) * | 2017-12-29 | 2020-10-20 | 北京航天测控技术有限公司 | Test diagnosis information wireless transmission device and system |
| CN108830071A (en) * | 2018-05-03 | 2018-11-16 | 深圳市中微信息技术有限公司 | The encryption and decryption and recognition methods of SCM Based motherboard hardware and upper layer software (applications) |
| CN108762791A (en) * | 2018-06-07 | 2018-11-06 | 深圳市元征科技股份有限公司 | Firmware upgrade method and device |
| CN108762791B (en) * | 2018-06-07 | 2022-09-16 | 深圳市元征科技股份有限公司 | Firmware upgrading method and device |
| CN112199740A (en) * | 2020-12-03 | 2021-01-08 | 飞天诚信科技股份有限公司 | Encryption lock implementation method and encryption lock |
| CN112199740B (en) * | 2020-12-03 | 2021-03-16 | 飞天诚信科技股份有限公司 | Encryption lock implementation method and encryption lock |
| CN112527700A (en) * | 2020-12-04 | 2021-03-19 | 四川效率源信息安全技术股份有限公司 | Method for realizing defect hard disk isolation based on PCI-E device |
| CN112527700B (en) * | 2020-12-04 | 2024-04-12 | 四川效率源信息安全技术股份有限公司 | Method for realizing isolation of defective hard disk based on PCI-E device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106897640B (en) | 2024-02-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2017101122A1 (en) | Computer encryption lock having separating management and use | |
| CN106897640A (en) | The computer encryption lock of effective separation | |
| CN103246842B (en) | For verifying the method and apparatus with data encryption | |
| CN101197667B (en) | Dynamic password authentication method | |
| CN103873440B (en) | Application program upgrading method and system | |
| CN107579817A (en) | User ID authentication method, apparatus and system based on block chain | |
| CN103348357B (en) | Sensitive data processing means and method | |
| CN203746071U (en) | Security computer based on encrypted hard disc | |
| US9690952B2 (en) | Encryption key generation in encrypted storage devices | |
| CN102138300A (en) | Message authentication code pre-computation with applications to secure memory | |
| CN110059458A (en) | A kind of user password encryption and authentication method, apparatus and system | |
| CN105447394B (en) | A kind of intelligent code key with local data encryption function | |
| CN104408356B (en) | A kind of fingerprint verification method and system, fingerprint template encryption device | |
| CN106664204A (en) | Differential power analysis countermeasures | |
| CN104579680B (en) | A kind of method of secure distribution seed | |
| CN102571348A (en) | Ethernet encryption and authentication system and encryption and authentication method | |
| CN103246832B (en) | Microprocessor chip with anti-copy function and recording system thereof | |
| TW201245956A (en) | Memory card and its access, data encryption, golden key generation and changing method | |
| CN101923654A (en) | Ultrahigh frequency reader-writer suitable for remote security control by different users | |
| CN101916346A (en) | Electronic device capable of preventing piracy and anti-piracy method thereof | |
| CN112887085B (en) | Method, device and system for generating security key of SSD (solid State disk) main control chip | |
| US20160277182A1 (en) | Communication system and master apparatus | |
| CN104735094B (en) | Data safe transmission system and method based on information separation | |
| CN105281915A (en) | Ciphertext generating method of password keyboard | |
| KR101214899B1 (en) | USB Security Device and Security Method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |