CN1553347A - Computer data protective method - Google Patents

Computer data protective method Download PDF

Info

Publication number
CN1553347A
CN1553347A CN 03136320 CN03136320A CN1553347A CN 1553347 A CN1553347 A CN 1553347A CN 03136320 CN03136320 CN 03136320 CN 03136320 A CN03136320 A CN 03136320A CN 1553347 A CN1553347 A CN 1553347A
Authority
CN
Grant status
Application
Patent type
Prior art keywords
virtual disk
key
computer
security chip
data
Prior art date
Application number
CN 03136320
Other languages
Chinese (zh)
Other versions
CN1266617C (en )
Inventor
王一平
刘昕
吴秋新
李明柱
李亚辉
刘冰
Original Assignee
联想(北京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Abstract

The method includes the following steps: a) a safety chip is installed on computer in advance, b) a virtual disc for holding protective data is set on computer hard disc and to use safety chip to generate virtual disc enciphered by cipher key and c) computer data writing and reading operation is carried out for virtual disca nd virtual disc is deciphered according to said cipher key when computer data is fetched from virtual disc or is written in to virtual disc.

Description

一种计算机数据保护方法 A computer data protection method

技术领域 FIELD

本发明涉及计算机信息安全技术领域,特别是指一种计算机数据保护方法。 The present invention relates to computer technology field of information security, and particularly to a computer data protection method.

背景技术 Background technique

数据加密是保护计算机数据安全的一个重要方法,通常个人计算机上所使用的数据保护方法多建立在操作系统应用层,依赖于软件实现。 Data encryption is to protect computer data security is an important method, typically on a personal computer using a data protection method based on multi-operating system application layer, depending on the software. 软件所提供的数据保护方法是利用伪随机数或者用户口令作为密钥加密磁盘上的数据。 Software provides data protection method is to use a pseudo random number or the password as user data on a disk key encryption. 由于软件加密可以被跟踪调试而破解密钥,因此无法对加密数据所使用的密钥进行有力的保护,尤其针对较为重要的计算机数据时,软件保护难以达到所要求的安全性。 Since the encryption software debugging can be tracked and crack the key, and therefore can not be strong protection against key to encrypt the data used, especially when the more important for computer data, software protection is difficult to achieve the required security.

而基于硬件对数据进行加密保护,则解决了软件所存在的易破解的问题。 The hardware-based data encryption to protect, then solve the problem easily cracked software exists. 目前,通过硬件保护数据,可以采用IC卡或者UKEY等类似外设硬件的方法加密保护数据,但使用外设硬件的保护方法就像是另外配了一把钥匙,每次使用都需要“钥匙”来解密,在使用上不便。 Currently encryption method to protect data, hardware data protection, you can use IC cards or similar UKEY and other peripheral hardware, but the use of peripheral hardware protection method is like another with a handful of keys, each use requires a "key" to decrypt inconvenience in use. 另一方面,由于外设硬件无法和主机系统绑定,还存在着丢失和被盗的安全隐患,丢失“钥匙”不但可能使用户数据泄漏,甚至会导致用户自己也无法使用所加密的数据。 On the other hand, due to the hardware peripherals and the host system can not bind, there are security risks of lost and stolen, lost "key" may not only make the user data leakage, and even lead to the user's own can not use the encrypted data.

为了解决目前的外设硬件无法和主机系统绑定的问题,在本申请人同时提交的另一篇专利申请中提出了安全芯片技术。 In order to address the current hardware peripherals and the host system can not be bound, on the other a patent application submitted by the applicant at the same time raised the security chip technology. 也就是将加解密的复杂过程集成在安装在计算机主板上的一个安全芯片上,通过随机数生成、散列运算、对称加密密码运算、HASH运算等算法实现密钥及公私钥对的生成,加密后的密钥信息存储在安全芯片内部,实现向外提供密钥生成、信息加密、签名验证、唯一身份标识等服务。 The process is complex encryption and decryption integrated on a security chip mounted on the computer's motherboard, generated by a random number, hashing, encryption symmetric cryptographic operation, like the HASH calculation algorithm and the public key private key pair generation, encryption after the key information stored in the internal security chip, providing key generation outward, message encryption, signature verification, the unique identifier and other services. 这里的公钥是指安全芯片提供的一种加密算法,与之成对的私钥则是安全芯片提供的针对这种公钥的解密算法。 Here is the public key encryption algorithm to provide the security chip, paired with the private key is provided for such security chip public key decryption algorithm.

发明内容 SUMMARY

本发明的目的在于利用安全芯片提供一种计算机数据保护方法,使数据可以更方便、更安全地受到保护。 Object of the present invention is to provide a computer data protection method using a security chip, so that the data can be more convenient, more securely protected.

实现本发明,包括以下步骤:A、预先在计算机上安装一个安全芯片;B、在计算机硬盘上设置一个用于存放保护数据的虚拟磁盘,并使用安全芯片生成密钥加密虚拟磁盘;C、在从虚拟磁盘读取或者向虚拟磁盘写入计算机数据时,根据所述密钥解密虚拟磁盘,然后对虚拟磁盘进行计算机数据读写操作。 Implementation of the invention, comprising the following steps: A, a security chip mounted in advance on the computer; B, set the virtual disk for storing a protected data on a computer hard disk, and generates a virtual disk key encryption security chip; C, in virtual disk read or write data to the virtual disk from the computer, according to the key decrypting the virtual disk, then the virtual disk of a computer data read and write operations.

其中,该方法进一步包括:虚拟磁盘管理模块在接收到创建虚拟磁盘的指定虚拟磁盘的大小和格式的指令后,通知虚拟磁盘驱动模块建立虚拟磁盘;虚拟磁盘驱动模块建立作为虚拟磁盘的物理载体的虚拟磁盘镜像文件。 Wherein, the method further comprising: a virtual disk management module after receiving an instruction to create a virtual disk specified virtual disk size and format, notifies virtual disk drive module to establish a virtual disk; virtual disk drive module to establish a physical carrier as the virtual disk virtual disk image file.

其中,该方法进一步包括:在通过安全芯片驱动模块接收到来自安装在主板上安全芯片管理模块的指令后,安全芯片生成加密用公私钥对以及访问该公私钥对的口令;安全芯片生成一个随机数密钥对虚拟磁盘进行加密,并使用私钥对所述随机数密钥进行加密形成随机数密钥加密块。 Wherein the method further comprises: receiving the security chip drive module after the installation instructions secure chip management module on the motherboard, the security chip generates the encrypted using public and private key pair and a password to access the public and private key pair from the; security chip to generate a random virtual disk number key is encrypted using the private key and the random number key is encrypted random number encrypted key block. 其中,安全芯片为不同的用户生成不同的公私钥对及访问其私钥的不同口令。 Wherein the security chip Different passwords generated public and private key to access to its private key and for different users.

其中,该方法进一步包括:通过安全芯片口令认证获取使用安全芯片所提供的私钥,安全芯片用此私钥解密随机数密钥加密块还原出随机数密钥。 Wherein the method further comprises: obtaining the authentication using the private key of the secure chip password provided by the security chip, the security chip using this private key to decrypt the random number encrypted key block to restore the random number key.

其中,该方法进一步包括:将被保护数据写入虚拟磁盘时,安全芯片再次生成随机数密钥衍生密钥对写入的数据进行加密保护;被保护数据从虚拟磁盘读出时,安全芯片用随机数密钥衍生密钥对读出的数据进行解密。 Wherein, the method further comprising: when data is to be written to the virtual disk protected, the security chip generates a random number key derivation key again to encrypt data to be written; when protected data is read out from the virtual disk, the security chip with random number key derivation key to decrypt the data read out.

由上述步骤可以看出,数据可以受到安全芯片产生的多层密钥的保护,保存在虚拟磁盘的数据任何时候至少间接通过加密虚拟磁盘而进行实时加密,保证了数据的安全;正确使用已建立的虚拟磁盘时,除输入用户名与安全芯片提供的访问该用户私钥的口令外,其他加解密的过程由系统自动进行,因此用户就可象对普通文件一样进行操作,而无需对所保护的数据进行烦琐的加密解密过程,使用方便。 As can be seen from the above steps, the data can be protected by multiple layers of security keys generated by the chip, the data stored in the virtual disk at any time and in real time, at least indirectly through an encrypted virtual disk encryption to ensure data security; the proper use of the established when the virtual disk, in addition to enter a password to access the user's private key of user names and security provided by the chip, the other encryption and decryption process is carried out automatically by the system, so users can perform the same as for ordinary file operations, without the need for the protection data encryption and decryption process is cumbersome, easy to use.

基于安全芯片的数据保护方法,所产生的根公钥,以及访问该对应私钥的口令保存在安全芯片内部,无法被导出,而安全芯片与计算机的绑定,实现所保护的数据与计算机平台的绑定,由于安全芯片标识的唯一性,所保护的数据除本机外无法在其他计算机上读取,即使硬盘被插到其他机器上,由于安全芯片标识的唯一性,硬盘上所保护的文件信息也不会被读出,只能通过绑定于原计算机的安全芯片进行解密。 Security chip data protection method based on public key generated by the root, and the password to access the corresponding private key stored in the internal security chip, it can not be exported, and the security chip and computer binding, to achieve the protection of data and computer platforms binding, due to the unique identification of the security chip, the protected data can not be read in addition to other computers on the machine, even if the hard disk is inserted into other machines, due to the unique identification of the security chip, the protection of the hard disk file information will not be read out, it can only be decrypted by the security chip bound to the original computer. 从而确保了重要数据的安全性。 So as to ensure the security of important data.

附图说明 BRIEF DESCRIPTION

图1为本发明数据保护方法的模块示意图;图2为本发明数据保护过程的流程图。 The method of data protection module of FIG. 1 is a schematic view of the present invention; FIG flowchart of a data protection process 2 of the present invention.

具体实施方式 detailed description

图1为本发明数据保护方法的功能模块示意图。 1 function module data protection method of the present invention. FIG. 本发明通过安全芯片生成密钥信息,加密保护用于存放保护数据的虚拟磁盘。 The present invention is generated by the security chip key information, encrypted virtual disk for storing protected data. 为实现本发明,在计算机操作系统上设置了虚拟磁盘模块和安全芯片模块;另外设置了用户管理模块,用来对合法用户进行管理,包括授权和验证用户使用安全芯片。 In order to achieve the present invention, in the virtual computer operating system is provided disk module and the security chip module; additionally provided user management module for managing a legitimate user, including user authentication and authorization to use the secure chip.

其中,虚拟磁盘模块包括虚拟磁盘管理模块和虚拟磁盘驱动模块。 Among them, the virtual disk modules including virtual disk and virtual disk drive management module module. 虚拟磁盘管理模块在接收到用户下发的指令后,通知虚拟磁盘驱动模块对虚拟磁盘进行操作,包括虚拟磁盘的建立、删除、更改。 Virtual Disk Management module after receiving the instruction issued by the user, the virtual disk drive module to notify the virtual disk operations, including the establishment of a virtual disk, delete, change. 另外,计算机操作系统也是通过虚拟磁盘驱动模块实现数据的读、写、删除或更新。 In addition, the computer operating system is also achieved through the virtual disk drive module read data, write, delete, or update.

其中,安全芯片模块包括安全芯片管理模块、安全芯片驱动模块和安全芯片。 Wherein the module comprises a secure chip the secure chip management module, the security module and the security chip driver chip. 安全芯片管理模块通过安全芯片驱动模块获得并使用安全芯片所提供的安全服务,如身份认证、信息加密、数字签名、唯一身份标识等。 Secure Chip Management module to obtain and use the security services provided by the security chip driver module security chip, such as authentication, encryption, digital signatures, unique identity and so on. 安全芯片通过安全芯片驱动模块接收来自安全芯片管理模块的指令,生成加密用公私钥对以及访问该公私钥对的口令,以及生成随机数密钥对存放保护数据的虚拟磁盘进行加密,加密信息存放在安全芯片内部。 The security chip receives the instruction from the management module via the secure chip the secure chip driver module generates the encrypted using public and private key pair and public and private key pair to access the password, and generating the random number data protection key storing virtual disk encryption, encryption information storage inside the security chip.

图2为基于本发明计算机数据保护方法,参照图2进一步详细说明:步骤201:预先在计算机上主板上安装一个安全芯片,使安全芯片与计算机实现硬件上的绑定。 FIG 2 is a computer-based data protection method of the present invention, is further described in detail with reference to FIG. 2: Step 201: pre-installed on a secure chip on a computer motherboard, so that the security chip and the computer-implemented hardware bound.

步骤202:首先,通过用户管理模块创建用户,该信息同时传递给密钥管理模块,密钥管理模块通过安全芯片驱动模块通知安全芯片为该用户生成一对加密用的公私钥对,同时生成访问该私钥的口令。 Step 202: First, create a user through the user management module, while the information is transmitted to the key management module, the key management module for user security chip generation of public and private key encryption pair of drive module notifies the security chip, while generating access the private key password. 安全芯片为不同的用户生成不同的公私钥对及访问其私钥的不同口令。 Generating a different security chip access its private key public and private key pairs and different passwords for different users. 安全芯片产生用于虚拟磁盘保护的随机数密钥,并用公钥对随机数密钥加密,加密后的随机数密钥称为随机密钥加密块存放于硬盘中。 Security chip generates a random number for the virtual disk protection key, public key encrypted with a key and a random number, the random number encrypted random key encryption key called block stored in the hard disk.

然后,创建用来存放用来保护数据的虚拟磁盘,并使用随机数密钥对虚拟磁盘进行加密保护。 Then, create a virtual disk used to store used to protect data, and the use of a random number key on the virtual disk encryption protection.

用户通过虚拟磁盘管理模块指定虚拟磁盘大小和格式,虚拟磁盘管理模块在接收到创建虚拟磁盘的指令后,通知虚拟磁盘驱动模块建立虚拟磁盘;虚拟磁盘驱动模块响应虚拟磁盘管理模块指令创建虚拟磁盘。 The user specifies the virtual disk size and format of the virtual disk management module, the virtual disk management module after receiving an instruction to create a virtual disk, notifies virtual disk drive module to establish a virtual disk; virtual disk drive module in response to a virtual disk management module command to create a virtual disk. 这里所述的创建虚拟磁盘是指:在硬盘上建立一个虚拟磁盘的镜像文件,作为虚拟磁盘的物理载体。 Here the creation of virtual disk refers to: the establishment of a virtual disk image file on the hard disk, virtual disk as a physical carrier. 对虚拟磁盘的任何数据读写操作,是通过访问此镜像文件来完成的。 Any virtual disk read and write data operation is done by accessing this image file.

同时,用步骤202中安全芯片产生的随机数密钥对虚拟磁盘进行加密,即加密虚拟磁盘镜像文件,来达到保护写入虚拟磁盘上的数据的目的。 Meanwhile, the random number key generated by the secure chip in step 202 to encrypt the virtual disk, virtual disk image file that is encrypted to protect the purpose of writing data on the virtual disk. 在读取数据时,只有通过随机数密钥解密虚拟磁盘镜像文件后才可以对虚拟磁盘上所保护的数据进行读写。 When reading data, only the key to decrypt the virtual disk image file using a random number before they can read and write data on a virtual disk protected.

步骤203:在从虚拟磁盘读取或者向虚拟磁盘写入计算机数据时,根据所述私钥解密所述虚拟磁盘,对虚拟磁盘进行计算机数据读写操作。 Step 203: when the virtual disk is read from or write data to the virtual computer disk, according to the private key to decrypt the virtual disk, virtual disk of a computer data read and write operations. 在进行计算机数据读写操作之后,虚拟磁盘依然受到随机密钥加密块的密钥保护。 After making the computer read and write data, a virtual disk is still protected by the random key encrypted key block.

对虚拟磁盘读写保护的数据时,用户需要通过口令认证获取使用安全芯片所提供的私钥,然后安全芯片通过此私钥解密随机数密钥加密块还原出随机数密钥,并传递给虚拟磁盘驱动模块解密虚拟磁盘镜像文件,之后用户可正常对虚拟磁盘上被保护的数据进行访问,保存在虚拟磁盘的数据任何时候都是间接通过加密虚拟磁盘而加密的,保证了数据的安全,因此用户就可象对普通文件一样进行操作,而无需对所保护的数据进行烦琐的加密解密过程。 Data read and write protected virtual disk, a user needs to acquire authentication using a private key provided by the secure chip password, then the security chip by this private key to decrypt the random number encrypted key block to restore the random number key, and transmitted to the virtual disk drive module to decrypt the virtual disk image file, the user can normally after the data on the virtual disk protected access to stored data in the virtual disk at all times and indirectly through encrypted virtual disk encryption to ensure data security, and therefore as the user may operate as an ordinary file, without the need for cumbersome protected data encryption and decryption process.

在将被保护数据写入安全芯片保护的虚拟磁盘的过程中,安全芯片可以再次生成随机数密钥衍生密钥对写入的数据进行加密保护,具体如下:在对虚拟磁盘写入要保护的数据时,虚拟磁盘驱动对操作系统传递下来的数据操作参数进行分析,提取出其中的用户数据,安全芯片使用随机密钥的衍生密钥对数据进行加密,加密后的数据依据操作参数写入镜像文件中的指定位置;相应地,在对虚拟磁盘读出所保护的数据时,虚拟磁盘驱动对所截获的操作系统传递下来数据操作参数进行分析,依据操作参数从镜像文件指定位置读取所需要的用户数据,安全芯片使用随机密钥的衍生密钥对数据进行解密,解密后的数据再传递回操作系统。 In the process of being written to the security chip is protected virtual disk data protection, the security chip key may generate a random number derived key again to encrypt data to be written, as follows: In the virtual disk write to be protected data, the virtual disk drive operating system operating parameters passed down data analysis, wherein the extracted user data, the security chip derived using the random key encrypted key data, the encrypted data written to the mirror based on the operating parameters specified position in the file; accordingly, in the read protected data in the virtual disk, virtual disk drive of the intercepted data is passed down the operating system operating parameters is analyzed, based on the operating parameter specifies the position read from the image file required user data, the security chip key derived using random key to decrypt the data, and then transmitting the decrypted data back to the operating system.

以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 The preferred embodiment of the above embodiments of the present invention only but are not intended to limit the present invention, any modifications within the spirit and principle of the present invention, the, equivalent replacement, or improvement, it should be included in the present invention. within the scope of protection.

Claims (8)

  1. 1.一种计算机数据保护方法,其特征在于包括以下步骤:A、预先在计算机上安装一个安全芯片;B、在计算机硬盘上设置一个用于存放保护数据的虚拟磁盘,并使用安全芯片生成密钥加密虚拟磁盘;C、在从虚拟磁盘读取或者向虚拟磁盘写入计算机数据时,根据所述密钥解密虚拟磁盘,然后对虚拟磁盘进行计算机数据读写操作。 A computer data protection method, comprising the steps of: A, a security chip mounted in advance on the computer; B, disposed on a computer hard disk for storing the virtual disk to protect data, and generates a ciphertext using the security chip virtual disk key encryption; C, when the virtual disk is read from or write data to the virtual computer disk, a virtual disk in accordance with the decryption key, then the virtual disk of a computer data read and write operations.
  2. 2.根据权利要求1所述的计算机数据保护方法,其特征在于,在计算机操作系统上设置虚拟磁盘管理模块和虚拟磁盘驱动模块,步骤B中在计算机硬盘上设置一个用于存放保护数据的虚拟磁盘的步骤进一步包括:B1、虚拟磁盘管理模块在接收到创建虚拟磁盘的指令后,通知虚拟磁盘驱动模块建立虚拟磁盘;B2、虚拟磁盘驱动模块建立作为虚拟磁盘的物理载体的虚拟磁盘镜像文件。 2. The computer data protection method according to claim 1, characterized in that, provided the virtual disk management module and the virtual disk drive module operating on the computer system, the step B is provided for storing a virtual protected data on a computer hard disk step disk further comprising: B1, the virtual disk management module after receiving an instruction to create a virtual disk, notifies virtual disk drive module to create a virtual disk; B2, the virtual disk drive module to create a virtual disk image file as a physical support virtual disk.
  3. 3.根据权利要求2所述的计算机数据保护方法,其特征在于,步骤B1所述创建虚拟磁盘的指令进一步包括:指定虚拟磁盘的大小和格式的信息。 3. The computer data protection method according to claim 2, wherein the step B1 further instructions to create a virtual disk comprising: a designation information of the size and format of the virtual disk.
  4. 4.根据权利要求1所述的计算机数据保护方法,其特征在于,在计算机操作系统上设置安全芯片管理模块和安全芯片驱动模块,步骤B中使用安全芯片生成的随机数密钥对虚拟磁盘进行加密的步骤进一步包括:B3、在通过安全芯片驱动模块接收到来自安全芯片管理模块的指令后,安全芯片生成加密用公私钥对以及访问该公私钥对的口令;B4、安全芯片生成一个随机数密钥对虚拟磁盘进行加密,并使用私钥对所述随机数密钥进行加密形成随机数密钥加密块。 4. The computer data protection method according to claim 1, characterized in that, provided the security chip and the security chip module management driver module operating on the computer system, step B using a random number generated by the security chip key virtual disk encrypting step further comprises: B3, upon receiving an instruction from the secure chip management module of the security chip driver module, the security chip generates the encrypted using public and private key pair and a password to access the public and private key pair; B4, the security chip generates a random number virtual disk key encrypted using the private key and the random number key is encrypted random number encrypted key block.
  5. 5.根据权利要求4所述的计算机数据保护方法,其特征在于,安全芯片为不同的用户生成不同的公私钥对及访问其私钥的不同口令。 The computer data protection method according to claim 4, characterized in that, the secure chip generates different passwords to access different public and private key and its private key pair for different users.
  6. 6.根据权利要求4所述的计算机数据保护方法,其特征在于,所述随机数密钥解密虚拟磁盘的方法进一步包括:通过安全芯片口令认证获取使用安全芯片所提供的私钥,安全芯片用此私钥解密随机数密钥加密块还原出随机数密钥。 6. The computer data protection method according to claim 4, characterized in that the method of decrypting a random number of the virtual disk further comprises: obtaining the authentication using the private key of the secure chip password provided by the security chip, the security chip with this private key to decrypt the random number encrypted key block to restore the random number key.
  7. 7.根据权利要求1所述的计算机数据保护方法,其特征在于,步骤C中对虚拟磁盘进行计算机数据读写操作的方法进一步包括:将被保护数据写入虚拟磁盘时,安全芯片再次生成随机数密钥衍生密钥对写入的数据进行加密保护;被保护数据从虚拟磁盘读出时,安全芯片用随机数密钥衍生密钥对读出的数据进行解密。 7. The computer data protection method according to claim 1, wherein, in step C the virtual disk of a computer data read and write operations further comprising: when data is to be written to the virtual disk protected, again generate a random security chip number key derivation key to encrypt data to be written; when protected data is read out from the virtual disk, the security chip of the derived key to decrypt data read out by random number key.
  8. 8.根据权利要求1所述的计算机数据保护方法,其特征在于,步骤A所述的安全芯片安装在计算机主板上。 8. The computer data protection method according to claim 1, wherein said step A security chip is installed on the computer motherboard.
CN 03136320 2003-05-28 2003-05-28 Computer data protective method CN1266617C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 03136320 CN1266617C (en) 2003-05-28 2003-05-28 Computer data protective method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 03136320 CN1266617C (en) 2003-05-28 2003-05-28 Computer data protective method

Publications (2)

Publication Number Publication Date
CN1553347A true true CN1553347A (en) 2004-12-08
CN1266617C CN1266617C (en) 2006-07-26

Family

ID=34323299

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 03136320 CN1266617C (en) 2003-05-28 2003-05-28 Computer data protective method

Country Status (1)

Country Link
CN (1) CN1266617C (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100399304C (en) 2006-07-26 2008-07-02 北京飞天诚信科技有限公司 Method for automatic protecting magnetic disk data utilizing filter driving program combined with intelligent key device
CN100495366C (en) 2006-09-07 2009-06-03 威盛电子股份有限公司 Virtual disk managing method
CN101859357A (en) * 2010-05-31 2010-10-13 福建升腾资讯有限公司 Hard disk and host binding method based on ATA standard
CN101339589B (en) 2008-08-14 2011-09-07 普华优科(北京)科技有限公司 Method for implementing information safety by dummy machine technology
CN102662872A (en) * 2012-03-29 2012-09-12 山东超越数控电子有限公司 Trusted cryptography module based method for protection of virtual disk image files
CN101800811B (en) 2010-02-02 2012-10-03 中国软件与技术服务股份有限公司 Mobile phone data security protection method
CN102984273A (en) * 2012-12-13 2013-03-20 华为技术有限公司 Encryption method, decryption method, encryption device and decryption device of virtual disk and cloud server
WO2013040915A1 (en) * 2011-09-22 2013-03-28 腾讯科技(深圳)有限公司 File encryption method and device, file decryption method and device
CN105279107A (en) * 2015-11-13 2016-01-27 北京华虹集成电路设计有限责任公司 Disk start-up prevention method and system

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100399304C (en) 2006-07-26 2008-07-02 北京飞天诚信科技有限公司 Method for automatic protecting magnetic disk data utilizing filter driving program combined with intelligent key device
CN100495366C (en) 2006-09-07 2009-06-03 威盛电子股份有限公司 Virtual disk managing method
CN101339589B (en) 2008-08-14 2011-09-07 普华优科(北京)科技有限公司 Method for implementing information safety by dummy machine technology
CN101800811B (en) 2010-02-02 2012-10-03 中国软件与技术服务股份有限公司 Mobile phone data security protection method
CN101859357A (en) * 2010-05-31 2010-10-13 福建升腾资讯有限公司 Hard disk and host binding method based on ATA standard
CN103020537A (en) * 2011-09-22 2013-04-03 腾讯科技(深圳)有限公司 Data encrypting method, data encrypting device, data deciphering method and data deciphering device
US9224002B2 (en) 2011-09-22 2015-12-29 Tencent Technology (Shenzhen) Company Limited Method and apparatus for file encryption/decryption
CN103020537B (en) * 2011-09-22 2015-07-22 腾讯科技(深圳)有限公司 Data encrypting method, data encrypting device, data deciphering method and data deciphering device
WO2013040915A1 (en) * 2011-09-22 2013-03-28 腾讯科技(深圳)有限公司 File encryption method and device, file decryption method and device
CN102662872A (en) * 2012-03-29 2012-09-12 山东超越数控电子有限公司 Trusted cryptography module based method for protection of virtual disk image files
CN102662872B (en) * 2012-03-29 2016-05-25 山东超越数控电子有限公司 A user password modules based on trusted virtual disk image file protection method
CN102984273B (en) * 2012-12-13 2015-01-07 华为技术有限公司 Encryption method, decryption method, encryption device and decryption device of virtual disk and cloud server
CN102984273A (en) * 2012-12-13 2013-03-20 华为技术有限公司 Encryption method, decryption method, encryption device and decryption device of virtual disk and cloud server
CN105279107A (en) * 2015-11-13 2016-01-27 北京华虹集成电路设计有限责任公司 Disk start-up prevention method and system

Also Published As

Publication number Publication date Type
CN1266617C (en) 2006-07-26 grant

Similar Documents

Publication Publication Date Title
US7587608B2 (en) Method and apparatus for storing data on the application layer in mobile devices
US6246771B1 (en) Session key recovery system and method
US7318235B2 (en) Attestation using both fixed token and portable token
US20070005974A1 (en) Method for transferring encrypted data and information processing system
US20020141588A1 (en) Data security for digital data storage
US20050138389A1 (en) System and method for making password token portable in trusted platform module (TPM)
US20060053302A1 (en) Information processing apparatus with security module
US20080072071A1 (en) Hard disc streaming cryptographic operations with embedded authentication
US20070014416A1 (en) System and method for protecting against dictionary attacks on password-protected TPM keys
US20080130893A1 (en) Methods and systems for utilizing cryptographic functions of a cryptographic co-processor
US20070237366A1 (en) Secure biometric processing system and method of use
US20050021948A1 (en) Secure single drive copy method and apparatus
US20040117318A1 (en) Portable token controlling trusted environment launch
Dwoskin et al. Hardware-rooted trust for secure key management and transient trust
Halcrow eCryptfs: An enterprise-class encrypted filesystem for linux
US20130301830A1 (en) Device, system, and method of secure entry and handling of passwords
US20030208686A1 (en) Method of data protection
US20110113235A1 (en) PC Security Lock Device Using Permanent ID and Hidden Keys
US20070209064A1 (en) Secret File Access Authorization System With Fingerprint Limitation
US20050246778A1 (en) Transparent encryption and access control for mass-storage devices
US20030174842A1 (en) Managing private keys in a free seating environment
US20060288232A1 (en) Method and apparatus for using an external security device to secure data in a database
CN101729550A (en) Digital content safeguard system based on transparent encryption and decryption method thereof
US20090276829A1 (en) System for copying protected data from one secured storage device to another via a third party
CN101159556A (en) Group key server based key management method in sharing encryption file system

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
C14 Grant of patent or utility model