KR101758233B1 - Method and apparatus that perform encryption for data of external storage using asymmetric characteristic - Google Patents

Method and apparatus that perform encryption for data of external storage using asymmetric characteristic Download PDF

Info

Publication number
KR101758233B1
KR101758233B1 KR1020150184985A KR20150184985A KR101758233B1 KR 101758233 B1 KR101758233 B1 KR 101758233B1 KR 1020150184985 A KR1020150184985 A KR 1020150184985A KR 20150184985 A KR20150184985 A KR 20150184985A KR 101758233 B1 KR101758233 B1 KR 101758233B1
Authority
KR
South Korea
Prior art keywords
storage device
value
cryptographic key
processing device
data
Prior art date
Application number
KR1020150184985A
Other languages
Korean (ko)
Other versions
KR20170075383A (en
Inventor
박상배
Original Assignee
한국과학기술정보연구원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국과학기술정보연구원 filed Critical 한국과학기술정보연구원
Priority to KR1020150184985A priority Critical patent/KR101758233B1/en
Publication of KR20170075383A publication Critical patent/KR20170075383A/en
Application granted granted Critical
Publication of KR101758233B1 publication Critical patent/KR101758233B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates

Abstract

According to an embodiment of the present invention, a method of performing encryption and decryption of data in a storage device includes installing a device driver in a first processing device for use of a storage device, Receiving, at the device, a password value for encryption and decryption of data stored in the storage device; transmitting, at the first processing device, the received password value to the storage device; , Receiving a value of a first counter from the storage device, generating, at the first processing device, a first cryptographic key using the value of the received first counter and the stored password value, and Storing, in the first processing device, the first cryptographic key in the device driver It should.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention [0001] The present invention relates to an apparatus and a method for encrypting data of an external storage device using asymmetric characteristics,

The present invention relates to information protection for data stored in a storage device. More particularly, the present invention relates to an apparatus and method for enhancing information protection for data stored in an external storage device.

As the semiconductor density increases, the physical size of the memory (storage) decreases, while the storage capacity increases significantly.

As the computing environment changes, such as the need for big data analysis and the increasing amount of data due to the high quality of content, the use of mass storage is increasing.

As the physical size of the storage device decreases, portable external storage devices of a portable type are available in various forms.

That is, a large amount of information is recorded in the external storage device and is easily carried by the user.

However, in portable external storage devices, accidents such as theft or loss may occur frequently, and such accidents cause a leakage of a large amount of information stored in the storage device.

In addition, protection techniques for data stored in an existing external storage device mainly include encryption / decryption of data using a fixed encryption key. The encryption key used for decryption of encrypted data is stored in an external storage device . Therefore, when the external storage device is lost, the encryption key can be obtained by using reverse engineering, or data can be decrypted, so that the information stored in the external storage device can be easily leaked.

SUMMARY OF THE INVENTION The present invention has been made in view of the above problems, and it is an object of the present invention to enhance security for data stored in an external storage device.

It is another object of the present invention to prevent data stored in an external storage device from being leaked even if the external storage device is lost.

According to an aspect of the present invention, there is provided a method of encrypting and decrypting data in a storage device, the method comprising: providing a first device with a device driver for use of the storage device; Receiving, at the first processing device, a password value for encryption and decryption of data stored in the storage device, transmitting, at the first processing device, the received password value to the storage device Receiving, at the first processing device, a value of a first counter from the storage device, at the first processing device, using the value of the received first counter and the stored password value, Generating a first cryptographic key; and, in the first processing device, And storing the device driver.

Preferably, in the storage device, generating a second cryptographic key using the transmitted password value and the value of the first counter, and in the storage device, using the second cryptographic key, And encrypting the data stored in the device.

Advantageously, in the first processing device, the step of decrypting the encrypted data using the first cryptographic key may further comprise decrypting the encrypted data.

Preferably, in the storage device, increasing the value of the first counter to generate a value of a second counter, wherein in the storage device, using the value of the second counter and the password value, Generating the encryption key, and encrypting the data stored in the storage device using the third encryption key in the storage device.

Advantageously, at the first processing device, increasing the value of the first counter to produce a value of the second counter, at the first processing device, the value of the second counter and the password value , Generating a fourth cryptographic key, and, in the first processing device, storing the fourth cryptographic key in the device driver.

Preferably, at the first processing device, receiving information identifying the storage device from the storage device and, at the first processing device, storing information identifying the storage device in the first processing device, In association with each other.

Preferably, in the first processing device, the information identifying the stored storage device and the fourth cryptographic key are transmitted to a second processing device, and in the second processing device, the fourth cryptographic key And decrypting the encrypted data using the third encryption key.

Preferably, in the first processing device, the information identifying the stored storage device and the fourth cryptographic key are transmitted to a driver server; at the second processing device, from the driver server, And decrypting the encrypted data using the third cryptographic key, using the fourth cryptographic key, in the second processing device, and receiving the fourth cryptographic key .

According to an aspect of the present invention, there is provided an apparatus for encrypting and decrypting data in a storage device, the apparatus comprising: a device driver for using the storage device; Receiving a password value for encryption and decryption of data stored in the first counter, transmitting the received password value to the storage device, receiving a value of the first counter from the storage device, And a first processing device for generating a first cryptographic key using the stored password value and storing the first cryptographic key in the device driver.

Preferably, the method further comprises generating the second cryptographic key using the transmitted password value and the value of the first counter, and using the second cryptographic key to encrypt the data stored in the storage device .

Advantageously, the first processing device is able to decrypt the encrypted data using the first cryptographic key.

Preferably, the storage device generates a value of the second counter by incrementing the value of the first counter, generates a third cipher key using the value of the second counter and the password value, The data stored in the storage device can be encrypted using the third encryption key.

Preferably, the first processing device generates a value of the second counter by incrementing the value of the first counter, and using the value of the second counter and the password value, And store the fourth encryption key in the device driver.

Advantageously, the first processing device is capable of receiving, from the storage device, information identifying the storage device and storing information identifying the storage device in association with the fourth cryptographic key.

Advantageously, the apparatus further comprises a second processing device, wherein the first processing device transmits information identifying the stored storage device and the fourth cryptographic key to the second processing device, The second processing device may decrypt the encrypted data using the third cryptographic key using the fourth cryptographic key.

Advantageously, the apparatus further comprises a second processing device, wherein the first processing device transmits information identifying the stored storage device and the fourth cryptographic key to a driver server, The processing device may receive the information identifying the storage device and the fourth cryptographic key from the driver server and decrypt the encrypted data using the third cryptographic key using the fourth cryptographic key .

According to an aspect of the present invention, there is provided a computer-readable recording medium having a device driver for use in a storage device, Receiving a password value for encryption and decryption, transmitting the received password value to the storage device, receiving a value of a first counter from the storage device, receiving a value of the received first counter, Generating a first cryptographic key using the stored password value, and storing, in the first processing device, storing the first cryptographic key in the device driver.

Preferably, the recording medium records a program for further performing the step of decrypting the encrypted data using the first cryptographic key.

Preferably, the recording medium further comprises: increasing the value of the first counter to generate the value of the second counter, and in the first processing device, using the value of the second counter and the password value , Generating a fourth cryptographic key, and storing the fourth cryptographic key in the device driver.

Advantageously, the recording medium further comprises the step of receiving, from the storage device, information identifying the storage device, and storing information identifying the storage device in association with the fourth cryptographic key Record the program to be used.

According to the present invention, encrypted data is transmitted between an external storage device and a computer to provide end-to-end security.

According to the present invention, when the connection between the external storage device and the computer is released, the session key (cryptographic key) for encrypting the data does not exist and thus the external storage device does not exist. There is no effect on the security of the data stored in the external storage device.

According to the present invention, there is an effect that data stored in an external storage device is updated at any time, thereby improving stability of data.

1 is a block diagram illustrating an apparatus for performing encryption and decryption of a storage apparatus according to an embodiment of the present invention.
2 is a diagram illustrating a process of performing encryption / decryption when carrying a storage device according to an embodiment of the present invention.
FIG. 3 is a diagram illustrating a process of performing encryption / decryption when carrying a storage device according to another embodiment of the present invention.
4 is a flowchart illustrating a method of encrypting and decrypting data in a storage device according to an embodiment of the present invention.
5 is a block diagram of an apparatus for performing encryption and decryption of data in a storage apparatus according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings and accompanying drawings, but the present invention is not limited to or limited by the embodiments.

As used herein, terms used in the present invention are selected from general terms that are widely used in the present invention while taking into account the functions of the present invention, but these may vary depending on the intention or custom of a person skilled in the art or the emergence of new technologies. In addition, in certain cases, there may be a term arbitrarily selected by the applicant, in which case the meaning thereof will be described in the description of the corresponding invention. Therefore, it is intended that the terminology used herein should be interpreted based on the meaning of the term rather than on the name of the term, and on the entire contents of the specification.

1 is a block diagram illustrating an apparatus for performing encryption and decryption of a storage apparatus according to an embodiment of the present invention.

Storage device 10100 and / or processing device 10200 can be used to perform encryption / decryption for the storage devices presented in the present invention.

The storage device 10100 is a device capable of storing data. The storage device described in the present invention can be defined not only as a portable external storage device but also as a concept including a general hard disk, a solid state drive (SSD), and / or a flash memory installed in a computer.

The processing device 10200 is a device on which a driver for the storage device 10100 is installed and / or executed. In the present invention, the processing device 10200 may be defined as a device capable of processing data, such as a computer, a smart phone, a tablet, and / or a general electronic device.

The storage device 10100 may include a disk 10110, a coder 10120, a memory 10130, a small power source 10140 and / or a controller 10150.

The processing device 10200 may include a device driver processor 10210, a P / W processor 10220, a decoder 10230, and / or a controller 10240.

The disk 10110 stores data. The disk 10110 can be used in a concept including an apparatus for storing data in the form of a memory (semiconductor), in addition to an apparatus for storing data in the form of an optical disk.

Encryptor 10120 encrypts the encryption key generation and / or data of the storage device.

The memory 10130 includes an EEPROM (Electrically Erasable Programmable Read-Only Memory) storing a counter value and / or a RAM (random access memory) used for storing a session key or used as a cache. The memory 10130 and the disk 10110 may be constituted by one physical device.

The small-sized power source 10140 is a device for supplying power. The small power source 10140 may be configured as a power source module that can be charged as needed.

The control unit 10150 controls the operation of the storage device.

The device driver processor 10210 is a device that handles the installation of a driver for connecting the storage device and the processing device.

The P / W processor 10220 is a module for processing the password inputted by the user.

The decryptor 10230 is a module for decrypting the transmitted ciphertext.

The controller 10240 controls the external storage device or device driver processor 10210.

The P / W processor 10220, the decoder 10230, and the controller 10240 may be included in the device driver processor 10210.

When the storage device 10100 and the processing device 10200 (e.g., a user computer) are connected, the processing device can install the device driver.

Installation and management for the device driver can be performed by the device driver processor 10210. [ The device driver processor 10210 receives a password from a user, verifies the password, and transmits the password to the storage device using a one-way function (password or hash function).

The storage device 10100 can store the received password in the RAM and transmit the counter value stored in the EEPROM to the device driver 10210. [

The P / W processor 10220 can generate the cryptographic key using the cryptographic key generation function with the value of the password and the value of the counter. The encryption key may also be generated in the storage device 10100. [

The encryptor 10120 encrypts data stored in the storage device using the generated encryption key.

When the storage device is connected to the processing device, it is stored in the storage device, and the device driver processor 10210 or the decryptor 10230 decrypts the encrypted data using the encryption key.

On the other hand, when the storage device and the processing device are disconnected (or the external power supplied to the storage device or the processing device is disconnected), the storage device 10100 or the control part 10150 increases the value of the counter of the EEPROM.

The storage apparatus 10100 or the encryptor 10120 generates a new cryptographic key and re-encrypts the data. The new encryption key can be generated by combining the increased counter value of the EEPROM and the value of the password entered by the user. Also in the device driver processor, the count value received previously can be increased by a predefined value, and a new cryptographic key can be generated by using the value of the increased counter and the value of the password inputted by the user.

When the encryption is completed, the storage device 10100 or the control unit 10150 also clears the internal power source and deletes the user password information stored in the RAM.

In the present invention, the storage device may perform encryption and / or encryption update of the data and process the decryption of the data stored in the storage device in the device driver processor.

According to an embodiment of the present invention, an encryption / decryption unit is provided to separate data from an encryption / decryption unit, and a decoder is provided in the device driver processor included in the processing device to store the encryption / The data stored in the storage device can not be decoded by only the information that has been read. Therefore, according to the present invention, even if the storage device is lost, the security of the data stored in the storage device can be maintained.

In the present invention, it is possible to use an asymmetric encryption method in which encryption and decryption of data are performed by separate devices using separate keys. As a method of asymmetric encryption, there may be a method in which a symmetric key cryptographic algorithm is configured differently from an encryption algorithm such as white-box cryptography and stored in a storage device, and a device encryption algorithm is loaded in a device driver processor. Alternatively, as a method of asymmetric encryption, a method of using a cipher using the ID and a counter value of the user as IDs of the storage device using the ID-based cipher and a decoder using the private key therefor can be used.

2 is a diagram illustrating a process of performing encryption / decryption when carrying a storage device according to an embodiment of the present invention.

The storage device is portable and can be used in one or more processing devices. In this case, if the driver for the storage device is installed only in a specific processing device, decryption of the data may not be smooth in other processing devices. To solve this problem, it is possible to perform encryption / decryption on a storage device using a driver server.

When the external storage device is connected to the processing device 1, the processing device may install a driver for the external storage device and perform encryption / decryption of data in the external storage device and the processing device 1 as described above ( S20100).

When the external storage device is disconnected from the processing device 1, the processing device 1 generates a new encryption key according to the above-described method, and transmits the generated encryption key to the driver server (S20200). The processing device 1 may also send information about the settings of the decoder in the device to the driver server. The processing device 1 may be configured to send information identifying the external storage device (e.g., MAC address, device serial number, etc.) Can be transmitted to the server together.

When the external storage device is connected to the processing device 2, the processing device 2 acquires information identifying the external storage device from the external storage device (S20300). The processing device 2 accesses the driver server and receives information (for example, encryption key and / or decoder setting information) given to the information for identifying the external storage device, And sets a decoder (S20300). Then, the processing device 2 can decrypt the data of the external storage device using the encryption key.

According to the present embodiment, there is an effect that the external storage device can be used in an enhanced security mode for stored data even in an environment where the external storage device is used while being carried.

FIG. 3 is a diagram illustrating a process of performing encryption / decryption when carrying a storage device according to another embodiment of the present invention.

The storage device is portable and can be used in one or more processing devices. In this case, if the driver for the storage device is installed only in a specific processing device, decryption of the data may not be smooth in other processing devices. To solve this problem, it is possible to perform encryption / decryption on a storage device using a driver server.

When the external storage device is connected to the processing device 1, the processing device may install a driver for the external storage device and perform encryption / decryption of data in the external storage device and the processing device 1 as described above ( S30100). When the external storage device is detached from the processing device 1, the processing device 1 generates a new cryptographic key according to the method described above. The processing device 1 stores the generated encryption key. The processing device 1 may store information (for example, a MAC address, a device serial number, and the like) identifying the external storage device in the process of storing the encryption key.

When the external storage device is connected to the processing device 2, the processing device 2 receives information identifying the external storage device. The processing device 2 receives the encryption key from the processing device 1 storing the encryption key for the external storage device identified by the information identifying the external storage device (S30200). The processing device 1 and the processing device 2 may be connected to exchange information with each other, such as a P2P network, the same WLAN network, and / or a direct-vicinity communication network.

The processing device 2 and the external storage device perform encryption / decryption on the data stored in the external storage device, as described above (S30300).

According to the present embodiment, there is an effect that the external storage device can be used in an enhanced security mode for stored data even in an environment where the external storage device is used while being carried.

4 is a flowchart illustrating a method of encrypting and decrypting data in a storage device according to an embodiment of the present invention.

A device driver for use of the storage device is installed in the first processing device (s40100).

At the first processing device, a password value for encryption and decryption of data stored in the long device is received (s40200).

In the first processing device, the received password value is transmitted to the storage device (s40300).

At the first processing device, the value of the first counter is received from the storage device (s40400).

In the first processing device, the first cryptographic key is generated using the value of the received first counter and the stored password value (s40500).

In the first processing device, the first cryptographic key is stored in the device driver (s40600).

5 is a block diagram of an apparatus for performing encryption and decryption of data in a storage apparatus according to an embodiment of the present invention.

According to one embodiment of the present invention, an apparatus (or system) 50100 for performing encryption and decryption of data in a storage device may include a processing device 50120 and / or an external storage device 50140 .

The first processing device 50120 installs a device driver for use of the storage device, receives a password value for encryption and decryption of data stored in the storage device, and stores the received password value in a storage device And receives a value of the first counter from the storage device, generates a first cryptographic key using the value of the received first counter and the stored password value, and transmits a first cryptographic key to the device driver Can be stored.

The external storage device 50140 can generate the second cryptographic key using the transmitted password value and the value of the first counter, and encrypt the data stored in the storage device using the second cryptographic key.

A module, processing unit, device or unit may be processors executing sequential execution processes stored in memory (or storage unit). Each of the steps described in the above embodiments may be performed by hardware / processors. Each module / block / unit described in the above embodiments may operate as a hardware / processor. Further, the methods proposed by the present invention can be executed as codes. The code may be written to a storage medium readable by the processor and thus read by a processor provided by the apparatus.

The method inventions according to the present invention can all be implemented in the form of program instructions that can be executed through various computer means and recorded on a computer readable medium.

The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions recorded on the medium may be those specially designed and configured for the present invention or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Magneto-optical media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

While the invention has been shown and described with reference to certain preferred embodiments thereof, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. This is possible. Therefore, the scope of the present invention should not be limited to the described embodiments, but should be determined by the equivalents of the claims, as well as the claims.

Claims (20)

Installing a device driver in the first processing device for use of the storage device;
At the first processing device, receiving a password value;
Transmitting, at the first processing device, the password value to the storage device;
Receiving, at the first processing device, a value of a first counter from the storage device;
Generating, at the first processing device, a first cryptographic key using the value of the first counter and the password value;
At the first processing device, receiving encrypted data from the storage device; And
Decrypting the encrypted data using the first cryptographic key at the first processing device;
And encrypting and decrypting the data of the storage device. The method according to claim 1,
Generating, in the storage device, a second cryptographic key using the password value and the value of the first counter; And
Encrypting data stored in the storage device using the second encryption key in the storage device;
And encrypting and decrypting the data of the storage device. 3. The method of claim 2,
Incrementing a value of the first counter and generating a value of a second counter at the storage device when the storage device is disconnected from the first processing device;
Generating, in the storage device, a third cryptographic key using the value of the second counter and the password value; And
Encrypting data stored in the storage device using the third encryption key in the storage device;
And encrypting and decrypting the data of the storage device. The method of claim 3,
Increasing, at the first processing device, the value of the first counter to generate a value of the second counter;
Generating, at the first processing device, a fourth cryptographic key using the value of the second counter and the password value; And
Storing, in the first processing device, the fourth cryptographic key in the device driver;
And encrypting and decrypting the data of the storage device. 5. The method of claim 4,
Receiving, at the first processing device, information identifying the storage device from the storage device; And
Storing, at the first processing device, information identifying the storage device in association with the fourth cryptographic key;
And encrypting and decrypting the data of the storage device. 6. The method of claim 5,
Transmitting, at the first processing device, information identifying the stored storage device and the fourth cryptographic key to a second processing device; And
Decrypting the encrypted data using the third cryptographic key using the fourth cryptographic key in the second processing device;
And encrypting and decrypting the data of the storage device. 6. The method of claim 5,
Transmitting, at the first processing device, information identifying the stored storage device and the fourth cryptographic key to a driver server;
Receiving, at the second processing device, information identifying the storage device and the fourth cryptographic key from the driver server; And
Decrypting the encrypted data using the third cryptographic key using the fourth cryptographic key in the second processing device;
And encrypting and decrypting the data of the storage device. A device driver for use of the storage device is installed,
Receives a password value,
Transmitting the password value to the storage device,
From the storage, a value of a first counter,
Generating a first cryptographic key using the value of the first counter and the password value,
Receiving encrypted data from the storage device,
A first processing device for decrypting the encrypted data using the first cryptographic key;
And encrypting and decrypting the data of the storage device. 9. The method of claim 8,
Generates a second cryptographic key using the password value and the value of the first counter,
The storage device using the second cryptographic key to encrypt data stored in the storage device;
And encrypting and decrypting the data of the storage device. 10. The method according to claim 9, wherein, in the first processing device, when the storage device is disconnected,
Increasing the value of the first counter to generate a value of the second counter,
Generates a third cryptographic key using the value of the second counter and the password value,
Encrypting data stored in the storage device using the third encryption key,
A device for performing encryption and decryption of data in a storage device. 11. The apparatus of claim 10, wherein the first processing device comprises:
Increasing a value of the first counter to generate a value of the second counter,
Generates a fourth cryptographic key using the value of the second counter and the password value,
Storing the fourth encryption key in the device driver,
A device for performing encryption and decryption of data in a storage device. 12. The apparatus of claim 11, wherein the first processing device comprises:
From the storage device, information identifying the storage device,
Storing information identifying the storage device in association with the fourth cryptographic key,
A device for performing encryption and decryption of data in a storage device. 13. The method of claim 12,
Further comprising a second processing device,
Wherein the first processing device transmits information identifying the stored storage device and the fourth cryptographic key to the second processing device,
Wherein the second processing device decrypts the encrypted data using the third cryptographic key using the fourth cryptographic key,
A device for performing encryption and decryption of data in a storage device. 13. The method of claim 12,
Further comprising a second processing device,
Wherein the first processing device transmits information identifying the stored storage device and the fourth cryptographic key to a driver server,
The second processing device receives from the driver server information identifying the storage device and the fourth cryptographic key and decrypts the encrypted data using the third cryptographic key using the fourth cryptographic key, doing,
A device for performing encryption and decryption of data in a storage device. The method comprising: installing a device driver for use of a storage device at a first processing device; receiving a password value; transferring the password value to the storage device; Generating a first cryptographic key using the value of the received first counter and the password value, receiving encrypted data from the storage device, and receiving the first cryptographic key from the storage device, And decrypting the encrypted data using the decrypted encrypted data. 16. The method of claim 15,
Incrementing a value of the first counter to generate a value of a second counter when the storage device is disconnected from the first processing device; and in the first processing device, Generating a fourth cryptographic key using the password value, and storing the fourth cryptographic key in the device driver. ≪ Desc / Clms Page number 19 > 17. The method of claim 16,
Receiving information identifying the storage device from the storage device; and storing information identifying the storage device in association with the fourth cryptographic key. A recording medium capable of. delete delete delete
KR1020150184985A 2015-12-23 2015-12-23 Method and apparatus that perform encryption for data of external storage using asymmetric characteristic KR101758233B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150184985A KR101758233B1 (en) 2015-12-23 2015-12-23 Method and apparatus that perform encryption for data of external storage using asymmetric characteristic

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150184985A KR101758233B1 (en) 2015-12-23 2015-12-23 Method and apparatus that perform encryption for data of external storage using asymmetric characteristic

Publications (2)

Publication Number Publication Date
KR20170075383A KR20170075383A (en) 2017-07-03
KR101758233B1 true KR101758233B1 (en) 2017-07-14

Family

ID=59357588

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150184985A KR101758233B1 (en) 2015-12-23 2015-12-23 Method and apparatus that perform encryption for data of external storage using asymmetric characteristic

Country Status (1)

Country Link
KR (1) KR101758233B1 (en)

Also Published As

Publication number Publication date
KR20170075383A (en) 2017-07-03

Similar Documents

Publication Publication Date Title
CN109040090B (en) A kind of data ciphering method and device
JP2019516266A (en) System and method for encryption and decryption based on quantum key distribution
KR101527329B1 (en) Apparatus and method for data encryption
US9762548B2 (en) Controlling encrypted data stored on a remote storage device
CN105009597A (en) Master key encryption functions for transmitter-receiver pairing as countermeasure to thwart key recovery attacks
CN103440209A (en) Solid state hard disk data encryption and decryption method and solid state hard disk system
CN110868291B (en) Data encryption transmission method, device, system and storage medium
CN104205117A (en) Device file encryption and decryption method and device
CN102456116A (en) File encryption method, file decryption method and devices
JP2009135890A5 (en)
US9571273B2 (en) Method and system for the accelerated decryption of cryptographically protected user data units
US20220284133A1 (en) Executing entity-specific cryptographic code in a cryptographic coprocessor
JP2014081613A (en) Encryption and decryption method for session state information
CN102769525A (en) Backup and recovery method of user key of TCM (Trusted Cryptography Module)
WO2018099157A1 (en) Method and device for encrypting file system
US20160148002A1 (en) Key storage apparatus, key storage method and program therefor
KR101790948B1 (en) Apparatus and method for providing drm service, apparatus and method for playing contents using drm service
CN108933758A (en) Cloud storage encipher-decipher method, device and system can be shared
WO2016078382A1 (en) Hsm enciphered message synchronization implementation method, apparatus and system
CN103532712A (en) Digital media file protection method, system and client
KR101758233B1 (en) Method and apparatus that perform encryption for data of external storage using asymmetric characteristic
WO2018054144A1 (en) Method, apparatus, device and system for dynamically generating symmetric key
CN103491384A (en) Encrypting method and device of video and decrypting method and device of video
KR20140112815A (en) Method and system for secure data transfer using conditional proxy re-encryption
KR102147315B1 (en) Method for reading document, and apparatus applied to the same

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant