CN114861231A - Data storage device capable of digitally signing, digital signature system and signature method - Google Patents

Data storage device capable of digitally signing, digital signature system and signature method Download PDF

Info

Publication number
CN114861231A
CN114861231A CN202110149638.1A CN202110149638A CN114861231A CN 114861231 A CN114861231 A CN 114861231A CN 202110149638 A CN202110149638 A CN 202110149638A CN 114861231 A CN114861231 A CN 114861231A
Authority
CN
China
Prior art keywords
data
electronic device
digital signature
hash
storage device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110149638.1A
Other languages
Chinese (zh)
Inventor
陈明胜
郭进忠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Innodisk Corp
Original Assignee
Innodisk Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Innodisk Corp filed Critical Innodisk Corp
Priority to CN202110149638.1A priority Critical patent/CN114861231A/en
Publication of CN114861231A publication Critical patent/CN114861231A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data storage device capable of digitally signing, a digital signing system and a digital signing method, comprising an electronic device and a data storage device; the electronic device executes a specific operation to generate specific data and calculates the specific data by utilizing a Hash algorithm to generate Hash data; the data storage device comprises a controller, a plurality of flash memories and a data transmission interface; the electronic device transmits the hash data to the data storage device through the data transmission interface; the controller comprises a firmware; the firmware reads a non-copy function, generates a private key according to the non-copy function, encrypts the hash data by using the private key to generate a digital signature, and transmits the digital signature to the electronic device through the data transmission interface.

Description

Data storage device capable of digitally signing, digital signature system and signature method
Technical Field
The invention relates to a data storage device capable of digitally signing data generated by a specific operation executed by an electronic device.
Background
With the progress of science and technology and the popularization of networks, digital information is flooded in your life. Since digital information is easily transmitted and copied, encryption protection is generally performed when data is transmitted in order to improve the security and reliability of digital information.
The encryption algorithm is divided into a symmetric encryption algorithm and an asymmetric encryption algorithm. In the symmetric encryption algorithm, the same key is used for encrypting and decrypting data. When transmitting encrypted data, a key must also be transmitted so that the recipient of the data decrypts the encrypted data by the received key. However, in the process of transmitting the key, the key may also be intercepted by the network hacker, so that the data content can also be easily known and tampered by the network hacker. Thus, it is relatively insecure to protect digital information using symmetric encryption algorithms.
Alternatively, asymmetric encryption algorithms may generate a pair of asymmetric keys, such as: a public key and a private key. The public key is a key which can be disclosed to others, and the private key is a key which is stored by the user and can not be disclosed. Encrypting data using the public key and decrypting the encrypted data using the private key; alternatively, the data is encrypted with a private key and the encrypted data is decrypted with a public key. Using asymmetric encryption algorithms to protect digital information, even if the encrypted data is intercepted by a network hacker, the network hacker cannot easily decrypt or tamper with the encrypted data content, due to the freedom to pass the key. Thus, it is relatively secure to protect digital information using asymmetric encryption algorithms.
Furthermore, the asymmetric encryption algorithm is usually stored in a data storage device of the computer device in a software form or built in a security chip of the computer device in a firmware form. A processor or a security chip of the computer device randomly generates a private key and a corresponding public key through an asymmetric encryption algorithm. The private key and the public key are respectively a string of random passwords, and the private key is usually stored in the data storage device. If the private key stored in the data storage device is accidentally deleted or lost, the subsequent encrypted data cannot be decrypted. Therefore, in order to avoid the secret key being deleted or lost by mistake, the secret key can be backed up in a plurality of storage devices, however, the method will increase the chance of stealing the secret key, and further reduce the security during data transmission.
Disclosure of Invention
The present invention is directed to a digital signature system, which includes an electronic device and a data storage device. The electronic device is a device capable of executing a specific operation to generate specific data, and the data storage device is a device capable of digitally signing. The electronic device or the data storage device may perform a hash operation on the specific data to obtain hash data. The data storage device executes a digital signature operation on the hash data, so that the specific data generated by the electronic device and the corresponding hash data can be protected by the digital signature.
Another objective of the present invention is to provide a digital signature system, in which the data storage device includes a controller, a plurality of flash memories, and a data transmission interface. The data storage device is connected with the electronic device through the data transmission interface. When the data storage device executes the operation of digital signature, a non-copy function is read, a private key is generated according to the non-copy function, the private key is converted into a corresponding public key by using an asymmetric encryption algorithm, the hash data corresponding to the specific data generated by the electronic device is encrypted by using the private key to generate a digital signature, and the public key and the digital signature are transmitted to the electronic device through the data transmission interface to finish the operation of digital signature.
Another objective of the present invention is to provide a digital signature system, wherein after receiving the public key and the digital signature from the data storage device, the electronic device transmits the public key to a notarization institution for registration, so as to bind the data storage device and the public key. The electronic device uploads the specific data and the digital signature to a cloud or a data verification unit. The cloud or the data verification unit executes a data verification program when receiving the specific data and the digital signature. In the data verification process, the cloud or the data verification unit obtains the public key bound by the data storage device from the notarization institution, and decrypts the digital signature by using the public key to obtain first hash data. The cloud or the data verification unit performs hash calculation on the specific data to generate second hash data. The cloud or data verification unit then compares the second hash to the first hash. If the second hash data is equal to the first hash data, the specific data is data which is not tampered; on the contrary, if the second hash data is not equal to the first hash data, the specific data is a data which has been tampered. The cloud or the data verification unit performs a data verification procedure to verify whether the specific data is provided by the trusted electronic device.
In order to achieve the above object, the present invention provides a data storage device capable of digital signature, comprising: a controller including a firmware having a private key; a plurality of flash memories; the controller is connected with the flash memory and the data transmission interface, and the data storage device is connected with an electronic device through the data transmission interface; the electronic device executes a specific operation to generate specific data, and calculates the specific data by utilizing a hash algorithm to generate first hash data; the data storage device receives first hash data from the electronic device through the data transmission interface, the firmware of the controller encrypts the first hash data by using a private key to generate a digital signature, and the data storage device transmits the digital signature to the electronic device through the data transmission interface.
In an embodiment of the invention, the firmware reads a non-duplicable function to generate the private key according to the non-duplicable function.
In an embodiment of the invention, the firmware of the controller converts the private key into a corresponding public key by using an asymmetric encryption algorithm, and the data storage device transmits the public key to the electronic device through the data transmission interface.
The present invention further provides a data storage device capable of digitally signing, comprising: a controller including a firmware having a private key; a plurality of flash memories; the controller is connected with the flash memory and the data transmission interface, and the data storage device is connected with an electronic device through the data transmission interface; the electronic device executes a specific operation to generate specific data; the data storage device receives specific data from the electronic device through the data transmission interface, the firmware of the controller calculates the specific data by utilizing a Hash algorithm to generate first Hash data, the first Hash data is encrypted by utilizing a private key to generate a digital signature, and the data storage device transmits the digital signature to the electronic device through the data transmission interface.
In an embodiment of the invention, the firmware reads a non-duplicable function to generate the private key according to the non-duplicable function.
The present invention also provides a digital signature system, comprising: an electronic device, which executes a specific operation to generate specific data and utilizes a hash algorithm to calculate the specific data to generate first hash data; and a data storage device, comprising: a controller including a firmware having a private key; a plurality of flash memories; the controller is connected with the flash memory and the data transmission interface, and the data storage device is connected with the electronic device through the data transmission interface; the electronic device transmits the first hash data to the data storage device; the data storage device receives first hash data from the electronic device through the data transmission interface, the firmware of the controller encrypts the first hash data by using a private key to generate a digital signature, and the data storage device transmits the digital signature to the electronic device through the data transmission interface.
In an embodiment of the invention, the electronic device is a device with networking function, the electronic device is connected to a block chain through a network, and the electronic device transmits the specific data and the digital signature to the block chain to link the specific data and the digital signature on the block chain.
In an embodiment of the present invention, the electronic device is a device with networking function, and the electronic device transmits the public key to a notarization institution for registration, so as to bind the public key and the data storage device together.
In an embodiment of the present invention, the digital signature system includes a cloud or a data verification unit, the electronic device is connected to the cloud or the data verification unit via a network, and the electronic device transmits the specific data and the digital signature to the cloud or the data verification unit; after the cloud or the data verification unit receives the specific data and the digital signature, the cloud or the data verification unit obtains a public key from a notarization institution, decrypts the digital signature by using the public key to obtain first hash data, performs hash calculation on the specific data to generate second hash data, and compares the second hash data with the first hash data to verify the authenticity of the specific data.
The present invention also provides a digital signature system, comprising: an electronic device, which executes a specific operation to generate a specific data; and a data storage device, comprising: a controller including a firmware having a private key; a plurality of flash memories; the controller is connected with the flash memory and the data transmission interface, and the data storage device is connected with the electronic device through the data transmission interface; the electronic device transmits specific data to the data storage device; the data storage device receives specific data from the electronic device through the data transmission interface, the firmware of the controller calculates the specific data by utilizing a Hash algorithm to generate first Hash data, the first Hash data is encrypted by utilizing a private key to generate a digital signature, and the data storage device transmits the digital signature to the electronic device through the data transmission interface.
The invention also provides a digital signature method, which is applied to a digital signature system, wherein the digital signature system comprises an electronic device and a data storage device, the electronic device executes a specific operation to generate specific data and utilizes a hash algorithm to calculate the specific data to generate first hash data, the data storage device comprises a controller, a plurality of flash memories and a data transmission interface, the controller comprises a firmware, and the firmware executes the digital signature method and comprises the following steps: generating a private key; receiving first hash data from an electronic device through a data transmission interface; encrypting the first hash data with a private key to generate a digital signature; and transmitting the digital signature to the electronic device.
The invention also provides a digital signature method, which is applied to a digital signature system, wherein the digital signature system comprises an electronic device and a data storage device, the electronic device executes a specific operation to generate specific data, the data storage device comprises a controller, a plurality of flash memories and a data transmission interface, the controller comprises a firmware, and the firmware executes the digital signature method and comprises the following steps: generating a private key; receiving specific data from the electronic device through the data transmission interface; calculating specific data by utilizing a hash algorithm to generate first hash data; encrypting the first hash data with a private key to generate a digital signature; and transmitting the digital signature to the electronic device.
Drawings
FIG. 1 is a block diagram of a digital signature system according to the present invention.
Fig. 2 is a flowchart of a digital signature method according to an embodiment of the present invention.
Fig. 3 is a flowchart of a digital signature method according to another embodiment of the present invention.
Description of reference numerals: 100-digital signature system; 10-an electronic device; 11-a processor; 12-specific data; 13-application specific chip; 131-an embedded system; 14-first hash data; 15-a network communication component; 16-second hash data; 17-data uplink procedure; 200-block chains; 20-a data storage device; 21-a controller; 211-firmware; 212-digital signature operating program; 22-volatile memory; 221-unclonable function; 23-flash memory; 24-digital stamping; 25-a data transmission interface; 271-private key; 272-public key; 300-notarization institution; 301-private key; 302-public key; 31-an electronic voucher; 400-cloud end; 500-data validation Unit.
Detailed Description
Fig. 1 is a schematic diagram of a digital signature system according to the present invention. As shown in fig. 1, the digital signature system 100 includes an electronic device 10 and a data storage device 20. The electronic device 10 of the present invention is a device capable of performing specific operations, such as: computer host, communication device or thing networking equipment. The electronic device 10 includes a processor 11 or an Application Specific Integrated Circuit (ASIC) 13. The electronic device 10 generates a specific data 12 by a software manner through a specific operation performed by the processor 11, or generates the specific data 12 by a hardware manner through a specific operation performed by the ASIC 13. The data storage device 20 is a digitally signable device, which can perform a digital signature operation on the specific data 12 generated by the electronic device 10 or the specific data 12 subjected to a hash algorithm, so that the specific data 12 generated by the electronic device 10 or the specific data 12 subjected to the hash algorithm can be protected by the digital signature. In addition, the electronic device 10 further includes a network communication component 15, and the electronic device 10 is connected to the network by the network communication component 15.
The data storage device 20 of the present invention can also be a Solid State Disk (Solid State Disk). The data storage device 20 is an external device independent from the electronic device 10, or alternatively can be disposed inside the electronic device 10 as a storage medium of the electronic device 10. The data storage device 20 includes a controller 21, a plurality of flash memories 23 and a data transmission interface 25. The controller 21 is connected to the flash memory 23 and the data transmission interface 25, respectively. The data transmission interface 25 is an interface conforming to the SATA, PCIe, USB or other data standard specification. The data storage device 20 is plugged into a connector of the electronic device 10, such as a SATA, PCIe, or USB cradle, through the data transmission interface 25. The data storage device 20 and the electronic device 10 transmit data through the data transmission interface 25.
The controller 21 includes a firmware 211. The firmware 211 is configured with a digital signature operation 212. The user can also control the firmware 211 of the controller 21 to execute the digital signature operation program 212 through a software method (e.g. application program) or a hardware method (e.g. real operation key).
The firmware 211 has a private key 271. Private key 271 is generated according to a non-replicable function 221. In one embodiment of the present invention, the controller 21 includes a volatile memory (e.g., SRAM)22, and the non-duplicable function 221 is an initial state when the volatile memory 22 is powered on. The firmware 211 reads the initial state of the volatile memory 22 when being powered on to generate the private key 271 according to the initial state of the volatile memory 22 when being powered on. In another embodiment of the present invention, the non-reproducible function 221 is a biometric feature captured by a biometric capture module, such as a fingerprint, vein texture, face or iris, the biometric capture module (not shown) is disposed in the data storage device 20 or is an external device of the data storage device 20, and the firmware 211 reads the biometric feature through the biometric capture module to generate the private key 271 according to the biometric feature. Since the physical characteristic non-reproducible function (e.g., initial state of the volatile memory 22 when it is powered on)221 or the biological characteristic non-reproducible function (e.g., fingerprint, vein pattern, face or iris) 221 are unique, the data storage device 20 can generate the same private key 271 using the physical characteristic or biological characteristic non-reproducible function 221 at any operation time, so that the private key 271 is not necessary to be stored. Without storing the private key 271, the risk of copying and leaking the private key 271 can be reduced, so as to improve the security of the digital signature.
In another embodiment of the present invention, the controller 21 further includes a key storage area (not shown). The key storage area may also be a Read Only Memory (ROM). The private key 271 is recorded in the key storage area in an encrypted manner, for example: the private key 271 is encrypted by AES, DES or other encryption algorithms and the encrypted private key 271 is recorded in the key storage area. Thereafter, the firmware 211 decrypts the private key 271 retrieved from the key storage by the encryption algorithm. Then, the private key 271 is stored in the read-only memory in an encrypted manner, so that the risk of tampering and disclosure can be avoided.
After obtaining the private key 271, the firmware 21 further uses an asymmetric encryption algorithm to convert the private key 271 into a corresponding public key 272. The asymmetric encryption algorithm is an elliptic curve algorithm or an RSA encryption algorithm. The data storage device 20 transmits the public key 272 to the electronic device 10 through the data transmission interface 25. In an embodiment of the invention, after receiving the public key 272, the electronic device 10 may further transmit the public key 272 to a public Certificate Authority (CA) 300 for registration, so as to bind the public key 272 and the data storage device 20 together.
Accordingly, the electronic device 10 will generate the specific data 12 after performing the specific operation. The specific data 12 is subjected to a hash operation by the electronic device 10 or the data storage device 20 to obtain a first hash 14 corresponding to the specific data 12. In an embodiment of the invention, if the hash operation of the specific data 12 is executed by the electronic device 10, the electronic device 10 will execute the hash operation of the specific data 12 through the processor 11 or the application specific chip 13 to obtain the first hash data 14, and transmit the first hash data 14 to the data storage device 20. Alternatively, in another embodiment of the present invention, if the hash operation of the specific data 12 is performed by the data storage device 20, the electronic device 10 transmits the specific data 12 to the data storage device 20, and the data storage device 20 performs the hash operation of the specific data 12 through the firmware 211 of the controller 21 to obtain the first hash data 14. After acquiring the first hash data 14 corresponding to the specific data 12, the firmware 211 encrypts the first hash data 14 by using the private key 271 to generate a digital signature 24, and transmits the digital signature 24 to the electronic device 10 through the data transmission interface 25 to complete the process of digital signature.
After receiving the digital signature 24, the user of the electronic device 10 uploads the specific data 12 and the digital signature 24 to a cloud 400, or sends the specific data 12 and the digital signature 24 to a data verification unit 500. The cloud 400 or the data verification unit 500 may perform a data verification procedure when receiving the specific data 12 and the digital signature 24 in order to verify the authenticity of the specific data 12.
In the data verification process, the cloud 400 or the data verification unit 500 obtains the public key 272 correspondingly bound to the data storage device 20 from the notarization authority 300, and decrypts the digital signature 24 using the public key 272 to obtain the first hash 14. The cloud 400 or the data verification unit 500 performs the hash operation again on the specific data 12 to generate a second hash data 16. Next, the cloud 400 or the data verification unit 500 compares the second hash 16 to the first hash 14. If the second hash 16 is equal to the first hash 14, the specific data 12 is an untampered data; on the other hand, if the second hash 16 is not equal to the first hash 14, the specific data 12 is a data that has been tampered. Here, the cloud 400 or the data verification unit 500 performs a data verification procedure to verify whether the specific data 12 is provided by the trusted electronic device 10. In the present invention, the cloud 400 may also be a network server, a remote computer or a remote communication device, and the data verification unit 500 is a unit configured with a data operation device (e.g., a computer device).
In another embodiment of the present invention, in order to improve the public reliability of the public key 272, the electronic device 10 may also apply the public key 272 to the notarization institution 300 to apply for an electronic certificate. The notarization authority 300 encrypts the public key 272 of the electronic device 10 by using a private key 301 of the notarization authority to bind an electronic certificate 31, and transmits the electronic certificate 31 back to the electronic device 10. Then, the electronic device 10 uploads the electronic certificate 31, the digital signature 24 and the specific data 12 to the cloud 400 or hands the electronic certificate to the data verification unit 500. The cloud 400 or the data verification unit 500 executes the data verification procedure after receiving the electronic certificate 31, the digital signature 24 and the specific data 12. In the data verification process, the cloud 400 or the data verification unit 500 obtains a public key 302 of the notarization institution 300 from the notarization institution 300. The cloud 400 or the data verification unit 500 decrypts the electronic certificate 31 using the public key 302 of the notarization authority 300 to obtain the public key 272 of the electronic device 10. Then, the cloud 400 or the data verification unit 500 decrypts the digital signature 24 by using the public key 272 of the electronic device 10 to obtain the first hash data 14. The cloud 400 or the data verification unit 500 performs the hash operation again on the specific data 12 to generate second hash data 16; next, the cloud 400 or the data verification unit 500 compares the second hash 16 to the first hash 14. If the second hash 16 is equal to the first hash 14, the specific data 12 is a data that has not been tampered; on the other hand, if the second hash 16 is not equal to the first hash 14, the specific data 12 is a data that has been tampered.
For example, in one embodiment of the present invention, the electronic device 10 is a device capable of producing an electronic certificate (e.g., a graduation certificate, a technical certification certificate or a patent certificate, etc.). The electronic device 10 performs an operation of making an electronic certificate by an electronic certificate making software to generate specific data 12 related to the electronic certificate. The processor 11 of the electronic device 10 or the firmware 211 of the data storage device 20 calculates the specific data 12 by a hash algorithm to obtain the first hash data 14 corresponding to the specific data 12. The firmware 211 of the data storage device 20 then encrypts the first hash 14 with the private key 271 to generate the digital signature 24. The data storage device 20 transmits the digital signature 24 to the electronic device 10 through the data transmission interface 25. The electronic device 10 then transmits the specific data 12 and the digital signature 24 relating to the electronic certificate to a data verification entity 500, such as a funding department of the enterprise. Upon receiving the specific data 12 and the digital signature 24, the data verification unit 500 obtains the public key 272 bound to the electronic device 10 from the notarization authority 300, and decrypts the digital signature 24 using the public key 272 to obtain the first hash 14. Further, the data verification unit 500 performs the operation of hashing again for the specific data 12 to generate the second hash data 16. Next, the data verification unit 500 compares the second hash data 16 with the first hash data 14. If the second hash 16 is equal to the first hash 14, the specific data 12 relating to the electronic certificate is an untampered data and is trusted; on the contrary, if the second hash 16 is not equal to the first hash 14, the specific data 12 related to the electronic certificate is a forged data.
In another embodiment of the present invention, the electronic device 10 is a device capable of performing network transactions (e.g., shopping transactions or certificate transactions). The electronic device 10 performs a network transaction operation through a network transaction application to generate specific data 12 related to the network transaction. The processor 11 of the electronic device 10 or the firmware 211 of the data storage device 20 calculates the specific data 12 by a hash algorithm to obtain the first hash data 14 corresponding to the specific data 12. The firmware 211 of the data storage device 20 then encrypts the first hash 14 with the private key 271 to generate the digital signature 24. The data storage device 20 transmits the digital signature 24 to the electronic device 10 via the data transmission interface 25. The electronic device 10 then transmits the specific data 12 and the digital signature 24 related to the network transaction to the cloud 400, such as a network transaction center. The cloud 400 obtains the public key 272 bound by the electronic device 10 from the notarization authority 300 when receiving the specific data 12 and the digital signature 24, and decrypts the digital signature 24 by using the public key 272 to obtain the first hash 14. In addition, the cloud 400 performs the hash operation on the specific data 12 again to generate the second hash data 16. The cloud 400 then compares the second hash 16 to the first hash 14. If the second hash 16 is equal to the first hash 14, the specific data 12 of the network transaction is a data that has not been tampered, and the cloud 400 performs a network transaction process according to the specific data 12; on the contrary, if the second hash 16 is not equal to the first hash 14, the specific data 12 of the network transaction is a tampered data, and the cloud 400 prohibits the network transaction process.
Of course, in the above application embodiment, when the electronic device 10 transmits the public key 272 to the notarization institution 300, it is also possible to further submit the application of the electronic certificate 31 to the notarization institution 300, so as to improve the notarization of the public key 272. Moreover, the digital signature system 100 of the present invention can be applied to other applications requiring data protection besides electronic signatures for electronic certificates or related data of network transactions, and is not listed here.
In another embodiment of the present invention, the electronic device 10 can also directly transmit the public key 272 to the cloud 400 or the data verification unit 500. The cloud 400 or the data verification unit 500 obtains the first hash 14 by directly decrypting the digital signature 24 through the public key 272 delivered by the electronic device 10.
In addition, the electronic device 10 is networked with a blockchain 200 via the network communication component 15. The electronic device 10 further includes a data uplink procedure 17. The data uplink program 17 is selectively built in the processor 11 or the ASIC 13 in the form of a firmware, and is directly executed by the microprocessor 13 or the controller 111. Alternatively, the ASIC 13 includes an embedded system 131, and the data link 17 is installed in the embedded system 131 of the ASIC 13 in the form of software, and executed by the embedded system 131. The electronic device transmits the specific data 12 and/or the digital signature 24 to the blockchain 200 to link the specific data 12 and/or the digital signature 24 on the blockchain 200. Then, by virtue of the fact that the blockchain data is not tampered or not forged, the specific data 12 and/or the digital signature 24 can be protected within the blockchain 200 to increase the security of the application of the specific data 12 and/or the digital signature 24.
Please refer to fig. 2, which is a flowchart illustrating a digital signature method according to an embodiment of the present invention, and also refer to fig. 1. First, in step 601, the firmware 211 of the controller 21 of the data storage device 20 reads a non-duplicable function 221 to generate a private key 271 according to the non-duplicable function 221, and converts the private key 271 into a corresponding public key 272 by using an asymmetric encryption algorithm. In step S603, the electronic device 10 receives the public key 272 from the data storage device 20. In step S605, the processor 11 or the asic 13 of the electronic device 10 performs a specific operation to generate specific data 12, and calculates the specific data 12 by using a hash algorithm to obtain first hash data 14, and transmits the first hash data 14 to the data storage device 20. In step 607, after receiving the first hash data 14, the data storage device 20 encrypts the first hash data 14 by using the private key 271 to generate a digital signature 24, and transmits the digital signature 24 to the electronic device 10 through the data transmission interface 25, so as to complete the process of digital signature. Furthermore, in an embodiment of the invention, after the step S603 of receiving the public key 272 from the data storage device 20, the electronic device 10 executes the step S604, and further transmits the public key 272 to the notarization authority 300 for registration, so as to bind the public key 272 and the data storage device 20 together.
Next, in step 609, the electronic device 10 uploads the specific data 12 and the digital signature 24 to a cloud 400 or a data verification unit 500, and the cloud 400 or the data verification unit 500 can execute a data verification program 70. In the data verification process 70, in step 701, the cloud 400 or the data verification unit 500 obtains the public key 272 bound to the data storage device 20 from the electronic device 10 or the notarization institution 300, and decrypts the digital signature 24 with the public key 272 to obtain the first hash 14. In step 703, the cloud 400 or the data verification unit 500 performs a hash operation on the specific data 12 to generate a second hash 16. Step 705, the cloud 400 or the data verification unit 500 compares the second hash 16 with the first hash 14, and if the second hash 16 is equal to the first hash 14, step 707, the cloud 400 or the data verification unit 500 determines that the specific data 12 is an untampered data; otherwise, in step 709, if the second hash 16 is not equal to the first hash 14, the cloud 400 or the data verification unit 500 determines that the specific data 12 is a tampered data.
Please refer to fig. 3, which is a flowchart illustrating a digital signature method according to another embodiment of the present invention, and also refer to fig. 1. First, in step 601, the firmware 211 of the controller 21 of the data storage device 20 reads a non-duplicable function 221 to generate a private key 271 according to the non-duplicable function 221, and converts the private key 271 into a corresponding public key 272 by using an asymmetric encryption algorithm. In step S603, the electronic device 10 receives the public key 272 from the data storage device 20. In step S606, the processor 11 or the asic 13 of the electronic device 10 performs a specific operation to generate specific data 12, and the data storage device 20 receives the specific data 12 from the electronic device 10 and calculates the specific data 12 by a hash algorithm to obtain a first hash 14. In step 607, after the data storage device 20 obtains the first hash data 14, the first hash data 14 is encrypted by the private key 271 to generate a digital signature 24, and the digital signature 24 is transmitted to the electronic device 10 through the data transmission interface 25 to complete the process of digital signature. Furthermore, in an embodiment of the invention, after the step S603 of receiving the public key 272 from the data storage device 20, the electronic device 10 executes the step S604 of transmitting the public key 272 to the notarization authority 300 for registration, so as to bind the public key 272 and the data storage device 20 together.
Next, in step 609, the electronic device 10 uploads the specific data 12 and the digital signature 24 to a cloud 400 or a data verification unit 500, and the cloud 400 or the data verification unit 500 can execute a data verification program 70. In the data verification process 70, in step 701, the cloud 400 or the data verification unit 500 obtains the public key 272 bound to the data storage device 20 from the electronic device 10 or the notarization institution 300, and decrypts the digital signature 24 with the public key 272 to obtain the first hash 14. In step 703, the cloud 400 or the data verification unit 500 performs a hash operation on the specific data 12 to generate a second hash 16. Step 705, the cloud 400 or the data verification unit 500 compares the second hash 16 with the first hash 14, and if the second hash 16 is equal to the first hash 14, the cloud 400 or the data verification unit 500 determines 707 that the specific data 12 is a data that has not been tampered; otherwise, in step 709, if the second hash 16 is not equal to the first hash 14, the cloud 400 or the data verification unit 500 determines that the specific data 12 is a tampered data.
The above description is only a preferred embodiment of the present invention, and should not be taken as limiting the scope of the invention, which is defined by the appended claims.

Claims (24)

1. A digitally signable data storage device, comprising:
a controller including a firmware, the firmware having a private key;
a plurality of flash memories; and
the controller is connected with the flash memory and the data transmission interface, and the data storage device is connected with an electronic device through the data transmission interface; the electronic device executes a specific operation to generate specific data, and calculates the specific data by utilizing a hash algorithm to generate first hash data; the data storage device receives the first hash data from the electronic device through the data transmission interface, the firmware of the controller encrypts the first hash data by using the private key to generate a digital signature, and the data storage device transmits the digital signature to the electronic device through the data transmission interface.
2. The data storage device of claim 1, wherein the firmware reads a non-copyable function to generate the private key according to the non-copyable function.
3. The data storage device of claim 1, wherein the firmware of the controller converts the private key into a corresponding public key using an asymmetric cryptographic algorithm, and the data storage device transmits the public key to the electronic device through the data transmission interface.
4. A digitally signable data storage device, comprising:
a controller comprising a firmware, the firmware having a private key;
a plurality of flash memories; and
the controller is connected with the flash memory and the data transmission interface, and the data storage device is connected with an electronic device through the data transmission interface; the electronic device executes a specific operation to generate specific data; the data storage device receives the specific data from the electronic device through the data transmission interface, the firmware of the controller calculates the specific data by using a hash algorithm to generate first hash data, encrypts the first hash data by using the private key to generate a digital signature, and the data storage device transmits the digital signature to the electronic device through the data transmission interface.
5. The data storage device of claim 4, wherein the firmware reads a non-copyable function to generate the private key according to the non-copyable function.
6. A digital signature system, comprising:
an electronic device, which executes a specific operation to generate specific data and utilizes a hash algorithm to calculate the specific data to generate first hash data; and
a data storage device, comprising:
a controller including a firmware, the firmware having a private key;
a plurality of flash memories; and
the controller is connected with the flash memory and the data transmission interface, and the data storage device is connected with the electronic device through the data transmission interface; wherein the electronic device transmits the first hash data to the data storage device; the data storage device receives the first hash data from the electronic device through the data transmission interface, the firmware of the controller encrypts the first hash data by using the private key to generate a digital signature, and the data storage device transmits the digital signature to the electronic device through the data transmission interface.
7. The digital signature system as claimed in claim 6, wherein the electronic device is a network-enabled device, the electronic device is networked to a block chain, and the electronic device transmits the specific data and the digital signature to the block chain to chain the specific data and the digital signature on the block chain.
8. The digital signature system as claimed in claim 6, wherein the firmware reads a non-copy function to generate the private key according to the non-copy function.
9. The digital signature system as claimed in claim 6, wherein the firmware of the controller of the data storage device converts the private key into a corresponding public key by using an asymmetric encryption algorithm, and transmits the public key to the electronic device.
10. The digital signature system as claimed in claim 6, wherein the electronic device is a network-enabled device, and the electronic device transmits the public key to a notary organization for registration to bind the public key with the data storage device.
11. The digital signature system as claimed in claim 6, wherein the digital signature system comprises a cloud or a data verification unit, the electronic device is networked to the cloud or the data verification unit, and the electronic device transmits the specific data and the digital signature to the cloud or the data verification unit; after the cloud or the data verification unit receives the specific data and the digital signature, the cloud or the data verification unit obtains the public key from the notarization institution, decrypts the digital signature by using the public key to obtain the first hash data, performs hash calculation on the specific data to generate second hash data, and compares the second hash data with the first hash data to verify the authenticity of the specific data.
12. A digital signature system, comprising:
an electronic device, which executes a specific operation to generate a specific data; and
a data storage device, comprising:
a controller including a firmware, the firmware having a private key;
a plurality of flash memories; and
the controller is connected with the flash memory and the data transmission interface, and the data storage device is connected with the electronic device through the data transmission interface; wherein the electronic device transmits the specific data to the data storage device; the data storage device receives the specific data from the electronic device through the data transmission interface, the firmware of the controller calculates the specific data by using a hash algorithm to generate first hash data, encrypts the first hash data by using the private key to generate a digital signature, and the data storage device transmits the digital signature to the electronic device through the data transmission interface.
13. The digital signature system as claimed in claim 12, wherein the electronic device is a network-enabled device, the electronic device is networked to a block chain, and the electronic device transmits the specific data and the digital signature to the block chain to chain the specific data and the digital signature on the block chain.
14. The digital signature system of claim 12, wherein the firmware reads a non-duplicable function to generate the private key according to the non-duplicable function.
15. The digital signature system as claimed in claim 12, wherein the firmware of the controller of the data storage device converts the private key into a corresponding public key by using an asymmetric encryption algorithm, and transmits the public key to the electronic device.
16. The digital signature system as claimed in claim 12, wherein the electronic device is a network-enabled device, and the electronic device transmits the public key to a notary authority for registration to bind the public key with the data storage device.
17. A digital signature method, wherein the digital signature method is applied to a digital signature system, the digital signature system includes an electronic device and a data storage device, the electronic device performs a specific operation to generate specific data and uses a hash algorithm to calculate the specific data to generate a first hash data, the data storage device includes a controller, a plurality of flash memories and a data transmission interface, the controller includes a firmware, and the firmware performs the digital signature method including the following steps:
generating a private key;
receiving the first hash data from the electronic device through the data transmission interface;
encrypting the first hash data using the private key to produce a digital signature; and
transmitting the digital signature to the electronic device.
18. The digital signature method as claimed in claim 17, wherein the step of the firmware generating the private key comprises:
reading a non-duplicable function; and
generating the private key according to the unclonable function.
19. The method of claim 17, wherein the firmware performs the method further comprising:
converting the private key into a corresponding public key by using the asymmetric encryption algorithm; and
and transmitting the public key to the electronic device.
20. The method of claim 19, wherein the electronic device sends the public key to a notary authority for registration to bind the public key with the data storage device, the digital signature system further comprises a cloud or a data verification unit, the electronic device is networked with the cloud or the data verification unit, and the cloud or the data verification unit performs a data verification process, the data verification process comprises:
receiving the specific data and the digital signature from the electronic device;
obtaining the public key bound by the data storage device from the notarization authority;
decrypting the digital signature using the public key to obtain the first hash data;
performing a hash operation on the specific data to generate second hash data; and
and comparing the second hash data with the first hash data to verify the authenticity of the specific data.
21. A digital signature method is applied to a digital signature system, the digital signature system includes an electronic device and a data storage device, the electronic device executes a specific operation to generate a specific data, the data storage device includes a controller, a plurality of flash memories and a data transmission interface, the controller includes a firmware, and the firmware executes the digital signature method and includes the following steps:
generating a private key;
receiving the specific data from the electronic device through the data transmission interface;
calculating the specific data by utilizing a hash algorithm to generate first hash data;
encrypting the first hash data using the private key to produce a digital signature; and
transmitting the digital signature to the electronic device.
22. The digital signature method as claimed in claim 21, wherein the step of the firmware generating the private key comprises:
reading a non-duplicable function; and
generating the private key according to the unclonable function.
23. The method of claim 21, wherein the firmware performs the method further comprising:
converting the private key into a corresponding public key by using the asymmetric encryption algorithm; and
and transmitting the public key to the electronic device.
24. The method of claim 23, wherein the electronic device sends the public key to a notary authority for registration to bind the public key with the data storage device, the digital signature system further comprises a cloud or a data verification unit, the electronic device is networked with the cloud or the data verification unit, and the cloud or the data verification unit performs a data verification process, the data verification process comprises:
receiving the specific data and the digital signature from the electronic device;
obtaining the public key bound by the data storage device from the notarization authority;
decrypting the digital signature using the public key to obtain the first hash data;
performing a hash operation on the specific data to generate second hash data; and
and comparing the second hash data with the first hash data to verify the authenticity of the specific data.
CN202110149638.1A 2021-02-03 2021-02-03 Data storage device capable of digitally signing, digital signature system and signature method Pending CN114861231A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110149638.1A CN114861231A (en) 2021-02-03 2021-02-03 Data storage device capable of digitally signing, digital signature system and signature method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110149638.1A CN114861231A (en) 2021-02-03 2021-02-03 Data storage device capable of digitally signing, digital signature system and signature method

Publications (1)

Publication Number Publication Date
CN114861231A true CN114861231A (en) 2022-08-05

Family

ID=82623261

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110149638.1A Pending CN114861231A (en) 2021-02-03 2021-02-03 Data storage device capable of digitally signing, digital signature system and signature method

Country Status (1)

Country Link
CN (1) CN114861231A (en)

Similar Documents

Publication Publication Date Title
AU2019240671B2 (en) Methods for secure cryptogram generation
US20240007308A1 (en) Confidential authentication and provisioning
CN112260826B (en) Method for secure credential provisioning
CN110798315B (en) Data processing method and device based on block chain and terminal
EP2876574B1 (en) Attestation of data sanitization
EP2086162B1 (en) System, device, method and program for authenticating communication partner by means of electronic certificate including personal information
KR100876003B1 (en) User Authentication Method Using Biological Information
KR100712655B1 (en) Portable Data Storage Device with Encryption System
US20170272245A1 (en) Method for securing a private key on a mobile device
CN109639427B (en) Data sending method and equipment
CN109257183B (en) Arbitration quantum signature method based on quantum walking invisible transmission
CN107005577B (en) Fingerprint data processing method and processing device
CN110868291B (en) Data encryption transmission method, device, system and storage medium
US7739506B2 (en) Authentication processing device and security processing method
CN109918888B (en) Anti-quantum certificate issuing method and issuing system based on public key pool
US20230269078A1 (en) Key sharing method, key sharing system, authenticating device, authentication target device, recording medium, and authentication method
TWI476629B (en) Data security and security systems and methods
CN110838919B (en) Communication method, storage method, operation method and device
CN112968774B (en) Method, device storage medium and equipment for encrypting and decrypting configuration file
WO2024113724A1 (en) Data transmission method, device, and storage medium
US20150236858A1 (en) Method for Creating a Derived Entity of an Original Data Carrier
CN110740036A (en) Anti-attack data confidentiality method based on cloud computing
KR101868564B1 (en) Apparatus for authenticating user in association with user-identification-registration and local-authentication and method for using the same
CN114861231A (en) Data storage device capable of digitally signing, digital signature system and signature method
US11989424B2 (en) Data storage device, system, and method for digital signature

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination