JP2017050858A - データ転送システムに埋め込まれた暗号鍵サーバ - Google Patents
データ転送システムに埋め込まれた暗号鍵サーバ Download PDFInfo
- Publication number
- JP2017050858A JP2017050858A JP2016142912A JP2016142912A JP2017050858A JP 2017050858 A JP2017050858 A JP 2017050858A JP 2016142912 A JP2016142912 A JP 2016142912A JP 2016142912 A JP2016142912 A JP 2016142912A JP 2017050858 A JP2017050858 A JP 2017050858A
- Authority
- JP
- Japan
- Prior art keywords
- data
- cryptographic
- host device
- key
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0827—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/14—Handling requests for interconnection or transfer
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40267—Bus for use in transportation systems
- H04L2012/4028—Bus for use in transportation systems the transportation system being an aircraft
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
Description
110 ホストシステム
112 ホスト装置
115 暗号ユニット
115.1 暗号ユニット
115.2 暗号ユニット
115.3 暗号ユニット
115.4 暗号ユニット
118 データバス
120 端末
125 ユーザインターフェース
130 着脱可能なデータカートリッジ
205 筐体
210 鍵メモリ
212 鍵メモリインターフェース
215 暗号鍵
218 鍵ローダ
220 データメモリ
222 データメモリインターフェース
225 暗号処理の対象となるデータ
230 コネクタ
232 第1のピン
234 第2のピン
240 コネクタ
242 ピン
250 CIK装置
252 CIKインターフェース
255 CIK
260 コネクタ
262 第1のピン
264 第2のピン
270 コネクタ
300 暗号鍵構成(CKC)
302 許可されたユーザアカウントデータ
304 データ
306 暗号鍵データ、暗号鍵
308 データ
310 ロードスクリプト
312 付加データ、ユーザアカウントデータベース
314 CIK識別子データベース
316 暗号鍵データベース
318 CKCデータベース
320 暗号ユニット識別子データベース
400 例示的な方法
402 方法ステップ
404 方法ステップ
406 方法ステップ
408 方法ステップ
410 方法ステップ
Claims (14)
- 航空機に関連する航空電子工学データ転送システムにおいて暗号鍵を提供する方法(400)であって、
ホスト装置(110)において、前記ホスト装置(110)とインターフェースされた着脱可能なデータ記憶装置から、データの暗号処理のための1つまたは複数の暗号鍵を受信するステップ(404)と、
前記ホスト装置(110)により、前記1つまたは複数の暗号鍵の配信のためにデータバス(118)を介して前記ホスト装置(110)と通信する複数の暗号ユニットのうちの少なくとも1つの暗号ユニットを識別するステップ(408)と、
前記ホスト装置(110)により、前記データバス(118)を介して前記少なくとも1つの暗号ユニットに前記1つまたは複数の暗号鍵(215)を転送するステップ(410)と
を含む方法。 - 前記着脱可能なデータ記憶装置は、鍵フィル装置を含む、請求項1に記載の方法。
- 前記着脱可能なデータ記憶装置は、前記1つまたは複数の暗号鍵(215)を格納する専用鍵メモリ(210)と、暗号処理の対象となるデータを格納する専用データメモリ(220)と、を含む、請求項1に記載の方法。
- 前記ホスト装置(110)において、前記着脱可能なデータ記憶装置から暗号処理の対象となるデータを受信するステップ(406)を含む請求項3に記載の方法。
- 前記着脱可能なデータ記憶装置は、埋め込まれたCIK装置(250)を含む、請求項1に記載の方法。
- 前記データバス(118)を介して前記ホスト装置(110)から前記少なくとも1つの暗号ユニットに転送された前記1つまたは複数の暗号鍵(215)に少なくとも部分的に基づいて、前記少なくとも1つの暗号ユニットにおいてデータを処理するステップ(412)を含む請求項1に記載の方法。
- 前記少なくとも1つの暗号ユニットは、前記少なくとも1つの暗号ユニットを指定する前記ホスト装置(110)とのユーザインタラクションに少なくとも部分的に基づいて識別される、請求項1に記載の方法。
- 前記1つまたは複数の暗号鍵(215)は、ヘッダデータを含む、請求項1に記載の方法。
- 前記少なくとも1つの暗号ユニットは、前記ヘッダデータに少なくとも部分的に基づいて識別される、請求項8に記載の方法。
- 前記1つまたは複数の暗号鍵(215)は、暗号化された鍵および復号化された鍵を含む、請求項1に記載の方法。
- 前記ホスト装置(110)は、暗号ユニットを含む、請求項1に記載の方法。
- 前記ホスト装置(110)は、前記着脱可能なデータ記憶装置とインターフェースするための専用装置を含む、請求項1に記載の方法。
- 前記データバス(118)は、MIL−STD−1554またはARINC−429データバスを含む、請求項1に記載の方法。
- ホスト装置(110)と、
データバス(118)を介して前記ホスト装置(110)に結合された複数の暗号ユニット(115)と
を含む航空電子工学データ転送システムであって、
前記ホスト装置(110)は、1つまたは複数のプロセッサと、1つまたは複数のメモリ装置と、を含み、前記メモリ装置は、前記1つまたは複数のプロセッサにより実行された場合に、前記1つまたは複数のプロセッサに動作を実行させるコンピュータ可読命令を格納し、前記動作は、
前記ホスト装置(110)とインターフェースされた着脱可能なデータ記憶装置から、データの暗号処理のための1つまたは複数の暗号鍵(215)を受信するステップ(404)と、
前記1つまたは複数の暗号鍵(215)の配信のために複数の暗号ユニット(115)のうちの少なくとも1つの暗号ユニットを識別するステップ(408)と、
前記データバス(118)を介して前記少なくとも1つの暗号ユニットに前記1つまたは複数の暗号鍵(215)を転送するステップ(410)と
を含む、システム。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/817,490 US9990503B2 (en) | 2015-08-04 | 2015-08-04 | Cryptographic key server embedded in data transfer system |
US14/817,490 | 2015-08-04 |
Publications (2)
Publication Number | Publication Date |
---|---|
JP2017050858A true JP2017050858A (ja) | 2017-03-09 |
JP6329594B2 JP6329594B2 (ja) | 2018-05-23 |
Family
ID=56936687
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2016142912A Expired - Fee Related JP6329594B2 (ja) | 2015-08-04 | 2016-07-21 | データ転送システムに埋め込まれた暗号鍵サーバ |
Country Status (6)
Country | Link |
---|---|
US (1) | US9990503B2 (ja) |
JP (1) | JP6329594B2 (ja) |
BR (1) | BR102016017987A2 (ja) |
CA (1) | CA2937626C (ja) |
FR (1) | FR3039950B1 (ja) |
GB (1) | GB2543889B (ja) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11546176B2 (en) | 2020-08-26 | 2023-01-03 | Rockwell Collins, Inc. | System and method for authentication and cryptographic ignition of remote devices |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2008040597A (ja) * | 2006-08-02 | 2008-02-21 | Sony Corp | 記憶装置及び方法、並びに、情報処理装置及び方法 |
JP2008271506A (ja) * | 2007-02-13 | 2008-11-06 | Secunet Security Networks Ag | 機密保護装置 |
US20140032903A1 (en) * | 2012-07-30 | 2014-01-30 | Honeywell International Inc. | Secure key distribution with general purpose mobile device |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6466952B2 (en) * | 1999-04-08 | 2002-10-15 | Hewlett-Packard Company | Method for transferring and indexing data from old media to new media |
JP3866105B2 (ja) * | 1999-12-02 | 2007-01-10 | インフィネオン テクノロジーズ アクチエンゲゼルシャフト | 暗号化機能を備えるマイクロプロセッサ装置 |
US7016494B2 (en) | 2001-03-26 | 2006-03-21 | Hewlett-Packard Development Company, L.P. | Multiple cryptographic key precompute and store |
US7761904B2 (en) | 2002-09-30 | 2010-07-20 | Harris Corporation | Removable cryptographic ignition key system and method |
CA2539879C (en) | 2003-10-14 | 2013-09-24 | Goeran Selander | Efficient management of cryptographic key generations |
US20050086471A1 (en) | 2003-10-20 | 2005-04-21 | Spencer Andrew M. | Removable information storage device that includes a master encryption key and encryption keys |
JP2008245112A (ja) | 2007-03-28 | 2008-10-09 | Hitachi Global Storage Technologies Netherlands Bv | データ記憶装置及びその暗号鍵の管理方法 |
WO2009018483A1 (en) * | 2007-07-31 | 2009-02-05 | Viasat, Inc. | Input output access controller |
US8364976B2 (en) | 2008-03-25 | 2013-01-29 | Harris Corporation | Pass-through adapter with crypto ignition key (CIK) functionality |
EP2154814A1 (en) | 2008-08-14 | 2010-02-17 | Koninklijke Philips Electronics N.V. | Scalable key distribution |
KR101601790B1 (ko) | 2009-09-22 | 2016-03-21 | 삼성전자주식회사 | 암호키 선택장치를 구비하는 스토리지 시스템 및 암호 키 선택방법 |
US8844060B2 (en) | 2011-04-07 | 2014-09-23 | Exelis Inc. | Method and system for USB with an integrated crypto ignition key |
US8494154B2 (en) * | 2011-06-20 | 2013-07-23 | Bae Systems Information And Electronic Systems Integration Inc. | Cryptographic ignition key system |
US8879410B1 (en) | 2011-09-30 | 2014-11-04 | Physical Optics Corporation | Platform adaptive data system |
EP2731040B1 (en) | 2012-11-08 | 2017-04-19 | CompuGroup Medical SE | Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method |
US20150303633A1 (en) * | 2012-11-09 | 2015-10-22 | Russell Altieri | Improved slip ring devices, systems, and methods |
US9246884B1 (en) * | 2013-03-14 | 2016-01-26 | Rockwell Collins, Inc. | Position-based cryptographic key management system and related method |
-
2015
- 2015-08-04 US US14/817,490 patent/US9990503B2/en active Active
-
2016
- 2016-07-21 JP JP2016142912A patent/JP6329594B2/ja not_active Expired - Fee Related
- 2016-07-28 FR FR1657291A patent/FR3039950B1/fr active Active
- 2016-07-28 CA CA2937626A patent/CA2937626C/en not_active Expired - Fee Related
- 2016-07-29 GB GB1613101.3A patent/GB2543889B/en active Active
- 2016-08-03 BR BR102016017987A patent/BR102016017987A2/pt not_active Application Discontinuation
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2008040597A (ja) * | 2006-08-02 | 2008-02-21 | Sony Corp | 記憶装置及び方法、並びに、情報処理装置及び方法 |
JP2008271506A (ja) * | 2007-02-13 | 2008-11-06 | Secunet Security Networks Ag | 機密保護装置 |
US20140032903A1 (en) * | 2012-07-30 | 2014-01-30 | Honeywell International Inc. | Secure key distribution with general purpose mobile device |
Non-Patent Citations (1)
Title |
---|
RAMAKER, R., ET AL.: "Application of a Civil Integrated Modular Architecture to Military Transport Aircraft", PROCEEDINGS OF IEEE/AIAA 26TH DIGITAL AVIONICS SYSTEMS CONFERENCE (DASC '07), JPN6017040876, October 2007 (2007-10-01), pages 2 - 4, ISSN: 0003735258 * |
Also Published As
Publication number | Publication date |
---|---|
FR3039950A1 (fr) | 2017-02-10 |
FR3039950B1 (fr) | 2019-05-17 |
GB2543889B (en) | 2018-02-28 |
GB2543889A (en) | 2017-05-03 |
US20170041138A1 (en) | 2017-02-09 |
JP6329594B2 (ja) | 2018-05-23 |
GB201613101D0 (en) | 2016-09-14 |
CA2937626C (en) | 2020-07-14 |
US9990503B2 (en) | 2018-06-05 |
BR102016017987A2 (pt) | 2017-02-07 |
CA2937626A1 (en) | 2017-02-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109033855B (zh) | 一种基于区块链的数据传输方法、装置及存储介质 | |
US9197422B2 (en) | System and method for differential encryption | |
EP3073667A1 (en) | Information delivery system | |
CN108418817B (zh) | 一种加密方法及装置 | |
CN101605137A (zh) | 安全分布式文件系统 | |
CN107124409B (zh) | 一种接入认证方法及装置 | |
CN110610101A (zh) | 一种数据存证方法、装置、设备及存储介质 | |
CN107682303B (zh) | 个人敏感信息加密查询系统及方法 | |
CN109063496A (zh) | 一种数据处理的方法及装置 | |
CN104735020A (zh) | 一种获取敏感数据的方法、设备及系统 | |
US10116446B2 (en) | Cryptographic ignition key (CIK) embedded in removable data cartridge | |
CA2937678C (en) | Configuring cryptographic systems | |
JP6329594B2 (ja) | データ転送システムに埋め込まれた暗号鍵サーバ | |
WO2021237542A1 (zh) | 数据处理、加密、解密方法、设备和存储介质 | |
CA2937625C (en) | Cryptographic key loader embedded in removable data cartridge | |
WO2017183799A1 (ko) | 데이터 확인 장치 및 이를 이용하여 데이터를 확인하는 방법 | |
WO2017122950A1 (ko) | 암복호화 장치 및 방법 | |
CN115643063B (zh) | 一种报文数据处理方法、装置、电子设备及介质 | |
US20240313950A1 (en) | Terminal apparatus, management apparatus, communication system, communication method, management method, and non-transitory computer readable medium | |
WO2023211538A1 (en) | Method and apparatus for distributing encrypted device unique credentials | |
CN117560145A (zh) | 一种基于传统网络的真随机数分发系统及方法 | |
KR20170003080A (ko) | 네트워크 보안 채널을 형성하기 위한 보안 장치와 네트워크 보안 관리 서버 및 이를 이용하여 네트워크 보안 채널을 형성하기 위한 시스템과 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20170911 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20171031 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20180115 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20180213 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20180305 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20180327 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20180420 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 6329594 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
LAPS | Cancellation because of no payment of annual fees |