CN111566989A - 一种密钥处理方法及装置 - Google Patents
一种密钥处理方法及装置 Download PDFInfo
- Publication number
- CN111566989A CN111566989A CN201880085208.4A CN201880085208A CN111566989A CN 111566989 A CN111566989 A CN 111566989A CN 201880085208 A CN201880085208 A CN 201880085208A CN 111566989 A CN111566989 A CN 111566989A
- Authority
- CN
- China
- Prior art keywords
- key
- file
- execution environment
- trusted execution
- environment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6281—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Power Engineering (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
本申请实施例公开了一种密钥处理方法及装置,该方法包括:在可信执行环境中接收普通运行环境中的文件加密模块发送的初始密钥;在可信执行环境中对初始密钥进行解密处理得到文件密钥;在可信执行环境中将文件密钥存储至存储控制器的密钥寄存器中,普通运行环境中的文件加密模块被禁止访问密钥寄存器;在可信执行环境中获取密钥寄存器中文件密钥的密钥索引,密钥索引用于指示文件密钥在密钥寄存器中的存储位置;在可信执行环境中将密钥索引发送给普通运行环境中的文件加密模块。其中,普通运行环境内的文件加密模块被禁止访问可信执行环境和密钥寄存器,所以在生成文件密钥、写入文件和读取文件的过程中,文件密钥在智能设备内均是安全的。
Description
PCT国内申请,说明书已公开。
Claims (41)
- PCT国内申请,权利要求书已公开。
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2018/091282 WO2019237304A1 (zh) | 2018-06-14 | 2018-06-14 | 一种密钥处理方法及装置 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111566989A true CN111566989A (zh) | 2020-08-21 |
CN111566989B CN111566989B (zh) | 2022-06-07 |
Family
ID=68841689
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201880085208.4A Active CN111566989B (zh) | 2018-06-14 | 2018-06-14 | 一种密钥处理方法及装置 |
Country Status (4)
Country | Link |
---|---|
US (1) | US11405202B2 (zh) |
EP (1) | EP3787219A4 (zh) |
CN (1) | CN111566989B (zh) |
WO (1) | WO2019237304A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116743357A (zh) * | 2022-09-30 | 2023-09-12 | 荣耀终端有限公司 | 密钥存储方法和装置 |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111212044B (zh) * | 2019-12-24 | 2022-11-01 | 视联动力信息技术股份有限公司 | 一种数据的传输方法、装置和存储介质 |
CN113449293A (zh) * | 2021-07-14 | 2021-09-28 | 上海交通大学 | 基于可信执行环境的密文搜索系统与方法 |
CN114143117B (zh) * | 2022-02-08 | 2022-07-22 | 阿里云计算有限公司 | 数据处理方法及设备 |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101539979A (zh) * | 2009-04-29 | 2009-09-23 | 北京红旗贰仟软件技术有限公司 | 一种电子文档控制保护方法和装置 |
CN104392188A (zh) * | 2014-11-06 | 2015-03-04 | 三星电子(中国)研发中心 | 一种安全数据存储方法和系统 |
US20150270956A1 (en) * | 2014-03-20 | 2015-09-24 | Microsoft Corporation | Rapid Data Protection for Storage Devices |
CN105260663A (zh) * | 2015-09-15 | 2016-01-20 | 中国科学院信息工程研究所 | 一种基于TrustZone技术的安全存储服务系统及方法 |
CN105812332A (zh) * | 2014-12-31 | 2016-07-27 | 北京握奇智能科技有限公司 | 数据保护方法 |
US20170185789A1 (en) * | 2015-12-23 | 2017-06-29 | Mcafee, Inc. | Method and apparatus for hardware based file/document expiry timer enforcement |
CN106980794A (zh) * | 2017-04-01 | 2017-07-25 | 北京元心科技有限公司 | 基于TrustZone的文件加解密方法、装置及终端设备 |
US9875368B1 (en) * | 2015-06-30 | 2018-01-23 | Google Llc | Remote authorization of usage of protected data in trusted execution environments |
CN107743133A (zh) * | 2017-11-30 | 2018-02-27 | 中国石油大学(北京) | 移动终端及其基于可信安全环境的访问控制方法和系统 |
CN108155986A (zh) * | 2017-12-14 | 2018-06-12 | 晶晨半导体(上海)股份有限公司 | 一种基于可信执行环境的密钥烧录系统及方法 |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5495533A (en) * | 1994-04-29 | 1996-02-27 | International Business Machines Corporation | Personal key archive |
US20050262361A1 (en) * | 2004-05-24 | 2005-11-24 | Seagate Technology Llc | System and method for magnetic storage disposal |
WO2006109307A2 (en) * | 2005-04-13 | 2006-10-19 | Discretix Technologies Ltd. | Method, device, and system of selectively accessing data |
CN104778794B (zh) | 2015-04-24 | 2017-06-20 | 华为技术有限公司 | 移动支付装置和方法 |
WO2017004447A1 (en) * | 2015-06-30 | 2017-01-05 | Activevideo Networks, Inc. | Remotely managed trusted execution environment for digital-rights management in a distributed network with thin clients |
US10181946B2 (en) | 2015-07-20 | 2019-01-15 | Intel Corporation | Cryptographic protection of I/O data for DMA capable I/O controllers |
CN105912272B (zh) | 2016-04-14 | 2019-03-01 | 华为技术有限公司 | 一种控制多个安全应用软件的运行的装置和方法 |
US10181951B2 (en) * | 2016-05-13 | 2019-01-15 | Blackberry Limited | Protected encryption key recovery |
US10423804B2 (en) * | 2016-06-12 | 2019-09-24 | Apple Inc. | Cryptographic separation of users |
CN109075815A (zh) | 2016-08-09 | 2018-12-21 | 华为技术有限公司 | 一种片上系统和处理设备 |
US11416605B2 (en) * | 2018-03-27 | 2022-08-16 | Telefonaktiebolaget Lm Ericsson (Publ) | Trusted execution environment instances licenses management |
US10922441B2 (en) * | 2018-05-04 | 2021-02-16 | Huawei Technologies Co., Ltd. | Device and method for data security with a trusted execution environment |
-
2018
- 2018-06-14 EP EP18922834.9A patent/EP3787219A4/en active Pending
- 2018-06-14 WO PCT/CN2018/091282 patent/WO2019237304A1/zh unknown
- 2018-06-14 CN CN201880085208.4A patent/CN111566989B/zh active Active
-
2020
- 2020-12-07 US US17/114,052 patent/US11405202B2/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101539979A (zh) * | 2009-04-29 | 2009-09-23 | 北京红旗贰仟软件技术有限公司 | 一种电子文档控制保护方法和装置 |
US20150270956A1 (en) * | 2014-03-20 | 2015-09-24 | Microsoft Corporation | Rapid Data Protection for Storage Devices |
CN104392188A (zh) * | 2014-11-06 | 2015-03-04 | 三星电子(中国)研发中心 | 一种安全数据存储方法和系统 |
CN105812332A (zh) * | 2014-12-31 | 2016-07-27 | 北京握奇智能科技有限公司 | 数据保护方法 |
US9875368B1 (en) * | 2015-06-30 | 2018-01-23 | Google Llc | Remote authorization of usage of protected data in trusted execution environments |
CN105260663A (zh) * | 2015-09-15 | 2016-01-20 | 中国科学院信息工程研究所 | 一种基于TrustZone技术的安全存储服务系统及方法 |
US20170185789A1 (en) * | 2015-12-23 | 2017-06-29 | Mcafee, Inc. | Method and apparatus for hardware based file/document expiry timer enforcement |
CN106980794A (zh) * | 2017-04-01 | 2017-07-25 | 北京元心科技有限公司 | 基于TrustZone的文件加解密方法、装置及终端设备 |
CN107743133A (zh) * | 2017-11-30 | 2018-02-27 | 中国石油大学(北京) | 移动终端及其基于可信安全环境的访问控制方法和系统 |
CN108155986A (zh) * | 2017-12-14 | 2018-06-12 | 晶晨半导体(上海)股份有限公司 | 一种基于可信执行环境的密钥烧录系统及方法 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116743357A (zh) * | 2022-09-30 | 2023-09-12 | 荣耀终端有限公司 | 密钥存储方法和装置 |
CN116743357B (zh) * | 2022-09-30 | 2024-03-12 | 荣耀终端有限公司 | 密钥存储方法和装置 |
Also Published As
Publication number | Publication date |
---|---|
CN111566989B (zh) | 2022-06-07 |
US11405202B2 (en) | 2022-08-02 |
WO2019237304A1 (zh) | 2019-12-19 |
EP3787219A4 (en) | 2021-04-28 |
US20210091945A1 (en) | 2021-03-25 |
EP3787219A1 (en) | 2021-03-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11347888B2 (en) | Blockchain-based user privacy data providing methods and apparatuses | |
CN111566989B (zh) | 一种密钥处理方法及装置 | |
US11089018B2 (en) | Global unique device identification code distribution method | |
KR101657613B1 (ko) | 보안 저장 장치에 저장된 디지털 컨텐츠의 백업 | |
US9721071B2 (en) | Binding of cryptographic content using unique device characteristics with server heuristics | |
KR20190018869A (ko) | 블록체인 기반의 스토리지 서비스 제공 시스템 및 방법 | |
CN103931137A (zh) | 用于保护内容的方法和存储设备 | |
US20220366030A1 (en) | Password Management Method and Related Apparatus | |
US20180053018A1 (en) | Methods and systems for facilitating secured access to storage devices | |
US8798261B2 (en) | Data protection using distributed security key | |
KR102328057B1 (ko) | 단말 정보에 기반하여 문서 파일의 암호화가 수행되도록 지원하는 문서 보안 서비스 서버 및 그 동작 방법 | |
JP2015104020A (ja) | 通信端末装置、通信端末関連付けシステム、通信端末関連付け方法、及びコンピュータプログラム | |
US8234501B2 (en) | System and method of controlling access to a device | |
WO2015154469A1 (zh) | 数据库的操作方法及装置 | |
KR102542213B1 (ko) | 네트워크 기반 스토리지의 데이터 실시간 암복호화 보안 시스템 및 방법 | |
CN113468545A (zh) | 文件加解密方法、装置及系统 | |
CN107967432B (zh) | 一种安全存储装置、系统及方法 | |
CN111512308A (zh) | 一种存储控制器、文件处理方法、装置及系统 | |
WO2019216847A2 (en) | A sim-based data security system | |
CN106209381A (zh) | 一种照片加解密方法及其系统 | |
CN112804195A (zh) | 一种数据安全存储方法及系统 | |
KR100952300B1 (ko) | 저장매체의 안전한 데이터 관리를 위한 단말 장치, 메모리및 그 방법 | |
JP6919484B2 (ja) | 暗号通信方法、暗号通信システム、鍵発行装置、プログラム | |
CN110909391A (zh) | 一种基于risc-v的安全存储方法 | |
CN115361140B (zh) | 安全芯片密钥验证方法及装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |