CN114528561A - Flash key storage management method - Google Patents
Flash key storage management method Download PDFInfo
- Publication number
- CN114528561A CN114528561A CN202210034309.7A CN202210034309A CN114528561A CN 114528561 A CN114528561 A CN 114528561A CN 202210034309 A CN202210034309 A CN 202210034309A CN 114528561 A CN114528561 A CN 114528561A
- Authority
- CN
- China
- Prior art keywords
- key
- page
- management
- storage
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 87
- 238000000034 method Methods 0.000 claims abstract description 44
- 101000969594 Homo sapiens Modulator of apoptosis 1 Proteins 0.000 claims abstract description 12
- 102100021440 Modulator of apoptosis 1 Human genes 0.000 claims abstract description 12
- 101000979001 Homo sapiens Methionine aminopeptidase 2 Proteins 0.000 claims abstract description 9
- 101000969087 Homo sapiens Microtubule-associated protein 2 Proteins 0.000 claims abstract description 9
- 238000012545 processing Methods 0.000 claims abstract description 7
- 102100021118 Microtubule-associated protein 2 Human genes 0.000 claims abstract 5
- 238000009448 modified atmosphere packaging Methods 0.000 claims description 24
- 102100023174 Methionine aminopeptidase 2 Human genes 0.000 claims description 8
- 238000012795 verification Methods 0.000 claims description 6
- 108090000192 Methionyl aminopeptidases Proteins 0.000 claims description 4
- 230000008676 import Effects 0.000 claims description 3
- 235000019837 monoammonium phosphate Nutrition 0.000 claims description 3
- 102100028379 Methionine aminopeptidase 1 Human genes 0.000 description 1
- 101710161855 Methionine aminopeptidase 1 Proteins 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a flash secret key storage management method, which comprises a secret key encryption and decryption part and a secret key storage management part, wherein the secret key encryption and decryption means that a secret key is subjected to encryption and decryption processing during generation, storage and use; the key storage management is to store the generated keys in the form of pages in an SPI-NORFLASH of the encryption device, wherein the SPI-NORFLASH is provided with a key management page and a key storage page, the key management page comprises a key management MAP1, a key management MAP2, an S _ ID, a WL and a NUM, the key management MAP1 and the MAP2 are used for recording whether the keys are used or not, the S _ ID is used for recording key decryption information, the WL is used for recording the number of times the block is used, the NUM is used for recording the total number of the keys, the key storage page is used for storing the keys, and the key management is realized based on the key management page. The invention ensures the safety of the key in the processes of generation, storage and use, and can effectively improve the utilization rate of the storage space and the access efficiency of the key.
Description
Technical Field
The invention relates to the field of hardware encryption, in particular to key storage in hardware encryption, and specifically relates to a flash key storage management method.
Background
In the field of independent hardware encryption, keys used for encryption, which are imported from the outside, are often stored in FLASH media. The storage mode is to create a file system in the flash for storing the key. This approach does not effectively provide storage space utilization and utilization efficiency. In addition, the conventional key storage is often stored in the storage medium in a plaintext form, and once the storage medium is lost, the key is exposed to the risk of leakage.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a flash secret key storage management method, which is used for encrypting and storing secret keys, ensures the safety of the secret keys in the processes of generation, storage and use, and can effectively improve the utilization rate of a storage space and the access efficiency of the secret keys by establishing a secret key storage MAP mode.
In order to solve the technical problem, the technical scheme adopted by the invention is as follows: a flash key storage management method comprises two parts, namely key encryption and decryption and key storage management, wherein the key encryption and decryption refer to that a key is subjected to encryption processing in the generation process, is stored in an encrypted state during storage and is subjected to decryption processing during use; the key storage management is to store the generated keys in the form of pages in an SPI-norbass of the encryption device, the SPI-norbass is provided with a key management page and a key storage page, the key management page includes a key management MAP1, a key management MAP2, S _ ID, WL, and NUM, the key management MAP1 is used to record whether the keys for encryption are used, the key management MAP2 is used to record whether the keys for decryption are used, the S _ ID is used to record key decryption information, the WL is used to record the number of times of use of the block, the NUM is used to record the total number of the keys, and the key storage page is used to store the keys, and the key management is realized based on the management page.
Further, the key encryption and decryption comprises a key generation and encryption process, a key import to SPI-norpair process, a key decryption and use process:
the key generation and encryption process specifically comprises the following steps:
the first step is as follows: calling a random number interface of the UKEY to generate a plurality of groups of keys;
the second step is that: UKEY generates a master key for encryption;
the third step: the key management software calls an encryption algorithm of the UKEY, encrypts the generated keys one by using the main key and stores the keys in a safe storage area of the UKEY;
the process of importing the key into the SPI-NORFLASH specifically comprises the following steps:
the first step is as follows: inserting the UKEY into the encryption equipment, and carrying out identity authentication on the UKEY by the key service software;
the second step is that: after the first step, acquiring a key component r1 of the UKEY, reading the equipment UID of the UKEY to perform HMAC operation to obtain an HMAC operation value, and storing the r1 and the HMAC operation value to the position of the S _ ID;
the third step: writing all keys to a key storage page one by one and updating MAPs, including MAP1 and MAP 2;
the key decryption and use process specifically comprises the following steps:
the first step is as follows: the key service software acquires a key skey';
the second step is that: reading the data recorded by the S _ ID and analyzing r 1;
the third step: reading a key component r2 of the master key from UKEY, and calculating the master key through r1 and r 2;
the fourth step: calling a decryption algorithm through the outgoing main key to decrypt the skey' to obtain the skey;
the fifth step: and sending the skey to a hardware encryption module.
Further, when the key is used, the UKEY validity verification is performed, and the verification process is as follows: when the key is used, the encryption device inserts the UKEY when the system is started, reads the key component r2 of the main key from the UKEY and stores the key component in the memory, performs HMAC operation on the equipment ID of the UKEY, compares the HMAC operation value with the HMAC operation value stored previously, and if the HMAC operation value is consistent with the HMAC operation value stored previously, proves that the UKEY is legal.
Further, the process of obtaining the key based on the key management page includes:
1. firstly reading a WL value, if the WL value is 0xFFFF, the erasing times of the current storage area exceed 5W times, obtaining the WL value from the position with the offset of 33 xPAGE _ SIZE x n, accumulating n from 1 until the WL value is not 0xFFFF, and recording the PAGE offset n;
2. acquiring a NUM value, and reading a MAP value with a corresponding length;
3. determining the number of keys which have been used according to the MAP value;
4. reading a new key;
5. and updating the MAP value, and marking the key of the corresponding position as used.
Further, the key management MAP1 and the key management MAP2 record whether the key has been used according to the bit, the bit being 1 indicates that the key has not been used, the bit being 0 indicates that the key has been used, when the MAP is updated after reading a key, the PAGE does not need to be erased and then rewritten, and only the corresponding bit is set to 0 from 1.
Further, the process of updating the key based on the key management page comprises:
1. acquiring a current WL value;
2. reading the S _ ID of the key management page and accessing the S _ ID to the specified area;
3. erasing the key management page;
4. updating a key management page, completely writing 1 in MAP, taking the S _ ID read in the step 2 as the S _ ID, and writing the actual number of keys with WL = WL +1 and NUM;
5. the key is written to the key storage page.
Further, the process of destroying the key based on the key management page comprises:
1. acquiring a current WL value;
2. erasing the key management page;
3. the key storage page is erased.
Furthermore, 2000 groups of keys are generated, each key is maximum in length of 64 bytes, 32 4K key storage pages are arranged, and a key management page is additionally arranged.
The invention has the beneficial effects that: the invention provides a FLASH secret key storage management method, which can effectively improve the utilization rate of a storage space and the access efficiency of a secret key by establishing a secret key storage MAP mode, and can reduce the erasing times of FLASH and improve the service life of FLASH. Aiming at the problem that the existing secret key is exposed to the risk of leakage, the method provides a secret key encryption storage method, which ensures that the secret key is stored in FLASH in a ciphertext mode, decrypts the secret key in a memory during actual use, and ensures the safety of the secret key in the processes of generation, storage and use.
Drawings
FIG. 1 is a schematic illustration of a key management page;
fig. 2 is a schematic diagram of key storage.
Detailed Description
The invention is further described with reference to the following figures and detailed description.
Example 1
The embodiment discloses a flash key storage management method, which comprises two parts, namely key encryption and decryption and key storage management, wherein the key encryption and decryption refer to the steps of carrying out encryption processing on a key in the generation process, storing the key in an encrypted state in the storage process and carrying out decryption processing in the use process, so that the security of the key in the generation, storage and use processes is guaranteed.
In this embodiment, the key encryption and decryption includes a key generation and encryption process, a key import to SPI-norpair process, and a key decryption and use process.
The key generation and encryption process specifically comprises the following steps:
the first step is as follows: calling a random number interface of the UKEY to generate a plurality of groups of keys;
the second step is that: UKEY generates a master key for encryption;
the third step: the key management software calls an encryption algorithm of the UKEY, encrypts the generated keys one by using the main key and stores the keys in a safe storage area of the UKEY;
the process of importing the key into the SPI-NORFLASH specifically comprises the following steps:
the first step is as follows: inserting the UKEY into the encryption equipment, and carrying out identity authentication on the UKEY by the key service software;
the second step is that: after the first step, acquiring a key component r1 of the UKEY, reading the equipment UID of the UKEY to perform HMAC operation to obtain an HMAC operation value, and storing the r1 and the HMAC operation value to the position of the S _ ID;
the third step: all keys are written to the key storage page one by one and MAPs are updated, including MAP1 and MAP 2.
The key decryption and use process specifically comprises the following steps:
the first step is as follows: the key service software acquires a key skey';
the second step is that: reading the data recorded by the S _ ID and analyzing r 1;
the third step: reading a key component r2 of the master key from UKEY, and calculating the master key through r1 and r 2;
the fourth step: calling a decryption algorithm through the outgoing main key to decrypt the skey' to obtain the skey;
the fifth step: and sending the skey to a hardware encryption module.
When the key is used, UKEY validity verification is carried out, and the verification process is as follows: when the key is used, the encryption device inserts the UKEY when the system is started, reads the key component r2 of the main key from the UKEY and stores the key component in the memory, performs HMAC operation on the equipment ID of the UKEY, compares the HMAC operation value with the HMAC operation value stored previously, and if the HMAC operation value is consistent with the HMAC operation value stored previously, proves that the UKEY is legal.
In this embodiment, the SM4 encryption and decryption algorithm is used to encrypt and decrypt the key.
In the scheme, the carrier for storing the secret key is SPI-Flash.
The storage of N (N = 2000) group keys is designed according to the capacity of Flash, each key has a maximum length of 64 bytes, so 32 4K PAGEs are required to store all keys, and one PAGE is additionally added for storage key management (i.e. PAGE management).
Due to the Flash property, 0 is stored as 1 in Flash, 1 is stored as 0, since the value in Flash can only be set to 0 from 1, and cannot be set to 1 from 0, 1[ 00000001 ] is written into one byte first, then 2 is written into (because only 0 can be set from 1, after 2 is written into [ 000000010 ], the byte becomes [ 00000000 ]), the read value is 0, if one byte is written into 1[ 11111111110 ] first, then 2[ 11111100 ] is written into, the read value is 3, and the erasing times can be reduced by using the characteristic. That is, when updating the MAP, it is not necessary to erase the PAGE and then rewrite it, but only needs to set the corresponding bit from 1 to 0.
In addition, the minimum unit of Flash erasure is 4096 bytes (one PAGE), the number of reliable erasure is 10 ten thousand, and the data read after erasure is full FF.
The key storage management is to store the generated keys in the form of pages in SPI-norfloat of the encryption device, and the key management pages and the key storage pages are provided, and as shown in fig. 1, the key management pages include a key management MAP1, a key management MAP2, S _ ID, WL, and NUM:
key management MAP 1: 2000/8 = 250 bytes (recording whether the key is used or not by bit, key for encryption)
Key management MAP 2: 2000/8 = 250 bytes (recording whether the key is used or not by bit, key for decryption)
S _ ID: the HMAC calculated value of the ID of UKEY and the key component r1, 48 bytes, are recorded.
WL: the block usage times are recorded by 2 bytes. The number of times of replacement of the storage location exceeds 5 ten thousand times is recorded as 0 xFFFF.
NUM: the total number of keys is recorded, and the maximum number is 2000 and 2 bytes.
The key storage PAGE is used to store keys, and as shown in fig. 2, the first PAGE is a management PAGE, and the last 32 PAGEs store 2000 sets of keys.
The process of obtaining the key based on the key management page comprises the following steps:
1. firstly reading a WL value, if the WL value is 0xFFFF, the erasing times of the current storage area exceed 5W times, obtaining the WL value from the position with the offset of 33 xPAGE _ SIZE x n, accumulating n from 1 until the WL value is not 0xFFFF, and recording the PAGE offset n;
note: the value of 33 means that 1 key management PAGE and 32 key storage PAGEs are included.
2. Acquiring a NUM value, and reading a MAP value with a corresponding length;
3. determining the number of keys which have been used according to the MAP value;
4. reading a new key;
5. and updating the MAP value, and marking the key of the corresponding position as used.
After reading a key, the method for updating the MAP comprises the following steps:
1. acquiring the current MAP:
char currentMap;
this->getKeyMap(¤tMap, 1, (int)(usedKeyNum / 8));
given that 65 KEYs are currently used, the map offset for recording KEY should be 65/8=8, byte 8 offset.
2. Recalculating MAP after acquiring a key:
currentMap &= ~(1 << (usedKeyNum % 8));
description of the drawings: the value of usedKeyNum% 8 is 1, and the value of 1 left-shifted by 1 bit is 1111.. 1101
The current value of currentMap is 1111.. 1110, and becomes 1111.. 1100 after the operation is performed, the operation is to clear 0 byte of the 66 th bit, that is, after the key is obtained, the 66bit position of the key is set to be 0.
3. Updating Map values
this->setKeyMap(¤tMap, 1, (int)(usedKeyNum / 8))。
The process of updating the key based on the key management page comprises the following steps:
1. acquiring a current WL value;
2. reading the S _ ID of the key management page and accessing the S _ ID to the specified area;
3. erasing the key management page;
4. updating a key management page, completely writing 1 in MAP, taking the S _ ID read in the step 2 as the S _ ID, and writing the actual number of keys with WL = WL +1 and NUM;
5. the key is written to the key storage page.
The process of destroying the key based on the key management page comprises the following steps:
1. acquiring a current WL value;
2. erasing the key management page;
3. the key storage page is erased.
In this embodiment, 2000 groups of keys are generated, each key has a maximum length of 64 bytes, and in this embodiment, the key has a length of 16 bytes, and 32 4K key storage pages are provided, and one additional key management page is added.
The embodiment guarantees the safety of the key in the generation, storage and use processes by realizing an encryption and decryption mechanism. The key management mode improves the security and the efficiency of key storage, saves the storage space of Flash, reduces the erasing and writing times of Flash, and improves the service life and the utilization efficiency of Flash.
The foregoing description is only for the basic principle and the preferred embodiments of the present invention, and modifications and substitutions by those skilled in the art are included in the scope of the present invention.
Claims (8)
1. A flash key storage management method is characterized in that: the method comprises two parts of key encryption and decryption and key storage management, wherein the key encryption and decryption refer to that a key is subjected to encryption processing in the generation process, is stored in an encrypted state during storage and is subjected to decryption processing during use; the key storage management is to store the generated keys in the form of pages in an SPI-norbass of the encryption device, the SPI-norbass is provided with a key management page and a key storage page, the key management page includes a key management MAP1, a key management MAP2, S _ ID, WL, and NUM, the key management MAP1 is used to record whether the keys for encryption are used, the key management MAP2 is used to record whether the keys for decryption are used, the S _ ID is used to record key decryption information, the WL is used to record the number of times of use of the block, the NUM is used to record the total number of the keys, and the key storage page is used to store the keys, and the key management is realized based on the key management page.
2. The flash key storage management method according to claim 1, characterized in that: the key encryption and decryption comprises a key generation and encryption process, a key import to SPI-NORFLASH process, a key decryption and use process:
the key generation and encryption process specifically comprises the following steps:
the first step is as follows: calling a random number interface of the UKEY to generate a plurality of groups of keys;
the second step is that: UKEY generates a master key for encryption;
the third step: the key management software calls an encryption algorithm of the UKEY, encrypts the generated keys one by using the main key and stores the keys in a safe storage area of the UKEY;
the process of importing the key into the SPI-NORFLASH specifically comprises the following steps:
the first step is as follows: inserting the UKEY into the encryption equipment, and carrying out identity authentication on the UKEY by the key service software;
the second step is that: after the first step, acquiring a key component r1 of a master key, reading a device UID of UKEY, performing HMAC operation to obtain an HMAC operation value, and storing r1 and the HMAC operation value to the position of S _ ID;
the third step: writing all keys to a key storage page one by one and updating MAPs, including MAP1 and MAP 2;
the key decryption and use process specifically comprises the following steps:
the first step is as follows: the key service software acquires a key skey';
the second step is that: reading the data recorded by the S _ ID and analyzing r 1;
the third step: reading a key component r2 of the master key from UKEY, and calculating the master key through r1 and r 2;
the fourth step: calling a decryption algorithm through the outgoing main key to decrypt the skey' to obtain the skey;
the fifth step: and sending the skey to a hardware encryption module.
3. The flash key storage management method according to claim 2, characterized in that: when the key is used, UKEY validity verification is carried out, and the verification process is as follows: when the key is used, the encryption device is inserted into the UKEY when the system is started, the key component r2 of the main key is read from the UKEY and is stored into the memory, HMAC operation is carried out on the equipment UID of the UKEY, the HMAC operation is compared with the HMAC operation value stored previously, and if the comparison is consistent, the UKEY is proved to be legal.
4. The flash key storage management method according to claim 1, characterized in that: the process of obtaining the key based on the key management page comprises the following steps:
1. reading a WL value, if the WL is 0xFFFF, the erasing times of the current storage area exceed 5W times, obtaining the WL value from the position with the shift of N multiplied by PAGE _ SIZE x N, accumulating N from 1 until the WL value is not 0xFFFF, and recording the PAGE shift N, wherein N is the total number of the key management PAGE and the key storage PAGE;
2. acquiring a NUM value, and reading a MAP value with a corresponding length;
3. determining the number of keys which have been used according to the MAP value;
4. reading a new key;
5. and updating the MAP value, and marking the key of the corresponding position as used.
5. The flash key storage management method according to claim 1 or 4, wherein: the key management MAP1 and the key management MAP2 record whether the key is used according to the bit, the bit is 1 to indicate that the key is not used, the bit is 0 to indicate that the key is used, when the MAP is updated after reading one key, the MAP does not need to be rewritten after erasing the PAGE, and only the corresponding bit is set to 0 from 1.
6. The flash key storage management method according to claim 1, characterized in that: the process of updating the key based on the key management page comprises the following steps:
1. acquiring a current WL value;
2. reading the S _ ID of the key management page and storing the S _ ID into a specified area;
3. erasing the key storage page;
4. updating a key management page, completely writing 1 in MAP, taking the S _ ID read in the step 2 as the S _ ID, and writing the actual number of keys with WL = WL +1 and NUM;
5. the key is written to the key storage page.
7. The flash key storage management method according to claim 1, characterized in that: the process of destroying the key based on the key management page comprises the following steps:
1. acquiring a current WL value;
2. erasing the key management page;
3. the key storage page is erased.
8. The flash key storage management method according to claim 1, characterized in that: 2000 groups of keys are generated, each key is 64 bytes in length at most, 32 4K key storage pages are arranged, and a key management page is additionally arranged.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210034309.7A CN114528561A (en) | 2022-01-13 | 2022-01-13 | Flash key storage management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210034309.7A CN114528561A (en) | 2022-01-13 | 2022-01-13 | Flash key storage management method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114528561A true CN114528561A (en) | 2022-05-24 |
Family
ID=81621865
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210034309.7A Pending CN114528561A (en) | 2022-01-13 | 2022-01-13 | Flash key storage management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114528561A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115567205A (en) * | 2022-09-29 | 2023-01-03 | 中电信量子科技有限公司 | Method and system for realizing encryption and decryption of network session data stream by quantum key distribution |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140181532A1 (en) * | 2010-12-31 | 2014-06-26 | International Business Machines Corporation | Encrypted flash-based data storage system with confidentiality mode |
| CN107608906A (en) * | 2017-09-26 | 2018-01-19 | 北京智芯微电子科技有限公司 | The method for reducing in-chip FLASH erasing times |
| US9983827B1 (en) * | 2016-11-29 | 2018-05-29 | Red Hat Israel, Ltd. | Key-based memory deduplication protection |
| CN109471809A (en) * | 2018-09-29 | 2019-03-15 | 上海东软载波微电子有限公司 | A kind of FLASH encryption protecting method, device, FLASH controller and the chip of chip |
| CN111832087A (en) * | 2020-06-28 | 2020-10-27 | 福建捷宇电脑科技有限公司 | Key management method and device for prolonging service life of flash |
| CN112738083A (en) * | 2020-12-28 | 2021-04-30 | 福建正孚软件有限公司 | Cross-network cross-border data transmission based secure access key management system and method |
-
2022
- 2022-01-13 CN CN202210034309.7A patent/CN114528561A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140181532A1 (en) * | 2010-12-31 | 2014-06-26 | International Business Machines Corporation | Encrypted flash-based data storage system with confidentiality mode |
| US9983827B1 (en) * | 2016-11-29 | 2018-05-29 | Red Hat Israel, Ltd. | Key-based memory deduplication protection |
| CN107608906A (en) * | 2017-09-26 | 2018-01-19 | 北京智芯微电子科技有限公司 | The method for reducing in-chip FLASH erasing times |
| CN109471809A (en) * | 2018-09-29 | 2019-03-15 | 上海东软载波微电子有限公司 | A kind of FLASH encryption protecting method, device, FLASH controller and the chip of chip |
| CN111832087A (en) * | 2020-06-28 | 2020-10-27 | 福建捷宇电脑科技有限公司 | Key management method and device for prolonging service life of flash |
| CN112738083A (en) * | 2020-12-28 | 2021-04-30 | 福建正孚软件有限公司 | Cross-network cross-border data transmission based secure access key management system and method |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115567205A (en) * | 2022-09-29 | 2023-01-03 | 中电信量子科技有限公司 | Method and system for realizing encryption and decryption of network session data stream by quantum key distribution |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100508448C (en) | Content processing apparatus and content protection program | |
| US7058819B2 (en) | Data processing system, data processing method, and program providing medium | |
| CN103065102B (en) | Data encryption mobile storage management method based on virtual disk | |
| EP1958114B1 (en) | Secure and replay protected memory storage | |
| US9009496B2 (en) | Method and apparatus for implementing secure and selectively deniable file storage | |
| US20030105967A1 (en) | Apparatus for encrypting data and method thereof | |
| US6868404B1 (en) | Digital data recording device, digital data memory device, and digital data utilizing device for converting management information which contains restrictive information using a different key in each management information send/receive session | |
| US9319389B2 (en) | Data recording device, and method of processing data recording device | |
| US9413532B2 (en) | Information recording device | |
| CN109981266B (en) | Method and device for storing and reading key and sensitive information | |
| US8983072B2 (en) | Portable data carrier featuring secure data processing | |
| JP2010517447A (en) | File encryption while maintaining file size | |
| CN108573176B (en) | Method and system for safely deleting data of mobile terminal encrypted by key derivation | |
| EP1830240A1 (en) | Memory information protecting system, semiconductor memory, and method for protecting memory information | |
| US20060129845A1 (en) | Memory information protection system and methods | |
| CN111324901A (en) | Method for creating and decrypting enterprise security encrypted file | |
| US9294285B2 (en) | Information recording device | |
| KR100910075B1 (en) | A data processing apparatus, a method and a recording medium having computer program recorded thereon for processing data | |
| CN114528561A (en) | Flash key storage management method | |
| WO2007109373A2 (en) | Recording over the key in otp encryption | |
| CN110188548A (en) | A kind of official document signs the method and system of file protection, transmission and storage | |
| US20140281570A1 (en) | Method of performing an authentication process between data recording device and host device | |
| CN115470506B (en) | Homomorphic mapping-based secure file system implementation method | |
| CN112395627A (en) | Encryption and decryption method, device and storage medium | |
| CN113297611A (en) | Data processing method, data encryption storage method, data reading method, data processing equipment, data encryption storage equipment, data reading equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |