WO2009110878A1 - Système de stockage sécurisé et procédé d’utilisation - Google Patents

Système de stockage sécurisé et procédé d’utilisation Download PDF

Info

Publication number
WO2009110878A1
WO2009110878A1 PCT/US2008/054484 US2008054484W WO2009110878A1 WO 2009110878 A1 WO2009110878 A1 WO 2009110878A1 US 2008054484 W US2008054484 W US 2008054484W WO 2009110878 A1 WO2009110878 A1 WO 2009110878A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
secure
storage system
secure storage
partition
Prior art date
Application number
PCT/US2008/054484
Other languages
English (en)
Inventor
Ben Wei Chen
Original Assignee
Kingston Technology Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kingston Technology Corporation filed Critical Kingston Technology Corporation
Priority to PCT/US2008/054484 priority Critical patent/WO2009110878A1/fr
Priority to CN200880001472.1A priority patent/CN101730886B/zh
Publication of WO2009110878A1 publication Critical patent/WO2009110878A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Definitions

  • the present invention relates generally to data storage and more specifically to storing data securely.
  • a secure storage system comprises a crypto engine and a storage device.
  • the crypto engine comprises a random number generator; a hash function; a general encryption engine; and a data encryption engine.
  • the secure storage system further includes a storage device coupled to the crypto engine.
  • the storage device includes a storage array.
  • the storage array includes a public partition, a secure partition and a system partition.
  • the public partition is accessible to the public.
  • the secure partition is accessible through the password authentication.
  • the system partition is accessible only by the secure storage system.
  • the password authentication is two-level instead of one, to avoid hash collision or insider tampering.
  • the secure partition is accessed with "access gating through access key” instead of "access control through comparison.”
  • the password can be changed without reformatting the secure storage.
  • a secure master password mechanism is available to recover data, if necessary.
  • a storage lock-out procedure is used to defeat brute force attack.
  • Password request utility can be implemented through a standard browser interface on universal host platforms
  • the method and system in accordance with the present invention has significant advantages over the above-identified prior art.
  • the password itself is never transferred for authentication.
  • the original password is never processed or stored.
  • the access key is generated by a random number generator instead of from other less random combinations.
  • the access key is encrypted with the original password and saved. Additionally, it is a more secure mechanism, as both source (access key) and key (password) are not stored or known to the authentication device.
  • the authentication is two-level instead of one, to avoid hash collision or insider tampering.
  • the data is encrypted with the access key that is generated by a random number generator for better security. It does not require public -key infrastructure (PKI) and certificate server to issue public and private encryption keys.
  • PKI public -key infrastructure
  • Figure 1 is a prior art flow chart for secure storage initialization and password authentication and access control based on password encryption and comparison.
  • Figure 2 is a prior art flow chart for secure storage initialization and password authentication and access control based on password hashing and comparison.
  • Figure 3 is a block diagram of user, host system and secure storage system.
  • Figure 4 is a storage element composition of storage array.
  • Figure 5 is a flow chart for a secure storage initialization and secure partition creation based on hashing, master password and access gating in accordance with the present invention.
  • Figure 6 is a flow chart for secure storage password authentication and access gating in accordance with the present invention.
  • Figure 7 is a flow chart for the invention on secure storage password change in accordance with the present invention.
  • Figure 8 is a flow chart for counter measure to brute force attack with storage lockout in accordance with the present invention.
  • the present invention relates generally to data storage and more specifically to storing data securely.
  • the following description is presented to enable one of ordinary skill in the art to make and use the invention and is provided in the context of a patent application and its requirements.
  • Various modifications to the preferred embodiments and the generic principles and features described herein will be readily apparent to those skilled in the art.
  • the present invention is not intended to be limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features described herein.
  • the previously encrypted password X is then retrieved, via step 112 and in turn decrypted through the same encryption/decryption engine ENCl.
  • ENCl' is used to denote decryption as opposed to ENCl as encryption.
  • the originally stored password PSWD is then recovered 113, via step.
  • the retrieved password PSWD is compared with the entered password PSWDl , via step 114. If the result matches, access control to the storage system is granted, via step 115. Otherwise, an error is reported, via step 116, and access is denied.
  • Encryption and decryption is a operation and is reversible, given the right keys.
  • the hash function transforms data into a digest or representation. It is a one-way operation and is not reversible.
  • the requested password PSWD 21 is initially hashed through a HASH function, via step 22.
  • the hashed password X is then stored for later use, via step 23.
  • a password PSWDl is requested from the user, via step 121.
  • X is then retrieved, via step 122.
  • the just entered password PSWDl is in turn fed through the hash function HASH, via step 123. Afterward, these two hashed passwords are compared, via step 123. If the result matches, access control to the storage system is granted, via step 125. Otherwise, error is reported, via step 126, and access is denied.
  • the hash function regardless how sophisticated it is, has a built-in collision problem. It means that there is a possibility, however unlikely, that more than one set of original data can pass through the hash function and produces the same hashed value. It implies there is a slight chance that a back door exists. For a hacker, it is possible to retrieve the hashed password and apply the known hash algorithm with trial- and-error password entries at the side until a match is found.
  • the access key is generated by a random number generator instead of from other less random combinations.
  • the access key is encrypted with the original password and saved. It is a more secure mechanism, as both source (access key) and key (password) are not stored or known to the authentication device.
  • the authentication is two-level instead of one, to avoid hash collision or insider tampering.
  • the data is encrypted with the access key that is generated by a random number generator for better security.
  • the secure data can be recovered utilizing the master password.
  • the method and system in accordance with the present invention is applicable in many areas including but not limited to a Flash storage system, disk storage system, disk storage system, portable storage device, corporate storage system, personal computer server, wireless communication and multimedia system.
  • FIG. 3 A block diagram of the secure storage system 33 in accordance with the present invention, is shown in Figure 3.
  • the host system 30, comprises a processor (not shown), memory (not shown), IO (not shown), a utility and driver 31, a storage interface 38 and a user interface 131. It works with the user 32 through a user interface 131 and work with the secure storage system 33 through a storage interface 38.
  • a utility and driver 31 serves as a mediator between the storage interface 38 and the user interface 131.
  • the utility and driver can be a software utility residing on the host system or a browser link to the secure storage system 33.
  • the browser link is preferable, as it is more universal and requires less system resources to work on cross platform devices.
  • the secure storage system 33 also includes a storage controller (not shown), memory (not shown), IO (not shown), crypto-engine 34, a storage interface 38, and a storage device 35.
  • the storage device 35 comprises a storage array 37 and a storage array interface 39.
  • the crypto-engine 34 includes a random number generator RNG 134, a hash function HASH 36, a general encryption engine ENC2 132, a data encryption engine ENC3 133, a storage interface 38 and a storage array interface 39.
  • the storage array 37 as shown in Figure 4, comprises a public partition DATAl 40, a secure partition D AT A3 41 and a system partition 140.
  • the public partition DATAl 40 is accessible to general public as the name implies.
  • the data content is clear text and not encrypted.
  • the secure partition DATA3 41 is encrypted and is accessible through password authentication with correct access key.
  • the system partition 140 is accessible only by secure storage system 33 internally. It is used to store a hashed password HP 42, an encrypted access key EAK 43, a master hashed password M_HP 44, a master encrypted access key M_EAK 45, and other data spaces 46.
  • the first is (1) Initialization and Secure Partition Creation.
  • the second is (2) Password Authentication and Access Gating.
  • the third is (3) Password Change.
  • the user name is identified and a new user password PSWD is requested for entry and confirmed, via step 52.
  • the default master password M_PSWD is retrieved 51, via step.
  • Both master password and user password are hashed through the HASH function, via step 53.
  • the resulting hashed passwords HP and M_HP are stored, via step 54.
  • an access key ACCESS_KEY is generated by the random number generator RNG, via step 55.
  • the access key ACCESS_KEY is encrypted through encryption engine ENC2 using user password PSWD as a key and stored as EAK, via steps 56, 58.
  • the access key is also encrypted through encryption engine ENC2 using master password M_PSWD as a key and stored as M_EAK, via steps 57, 58.
  • the size of the secure partition is then defined by the user.
  • the access key ACCESS_KEY is further used as an access gating to secure partition, via step 59.
  • the raw data is optionally encrypted/decrypted, via step 150, using ACCESS_KEY as a key through an encryption/decryption engine ENC3 between host system 30 and secure partition 41.
  • the secure partition is formatted and prepared for use later, via step 151. Data flows freely between host system 30 and secure partition 41 from this point on until the user logs off, via step 152.
  • the secure storage system can be re-initialized anytime by the user.
  • the user name is identified first, via step 61.
  • the password PSWDl is then requested, via step 62, through user interface.
  • the password PSWDl is then hashed as
  • HPl through HASH function, via step 63.
  • the original hashed password HP is retrieved from storage, via step 64.
  • HP and HPl are compared to see if they match? If not, it means the password PSWDl entered is incorrect and an error is reported, via step 161. If the result matches, then the original encrypted access key EAK is retrieved, via step 66. EAK is then decrypted through encryption/decryption engine ENC2' using user password
  • PSWDl as a key to retrieve access key ACCESS_KEY, via step 67.
  • ENC2' is used to denote decryption as opposed to ENC2 as encryption.
  • ACCES S_KE Y is applied as access gating to secure storage.
  • the raw data is optionally encrypted/decrypted, via step
  • ACCESS_KEY is a key through an encryption/decryption engine ENC3 between host system 30 and secure partition 41. If access key ACCESS_KEY is correct, data flows freely between host system 30 and secure partition 41 from this point on until the user logs off, via step 162.
  • the access key for access gating serves as a second-level password authentication.
  • the data storage transfer channel is established. It adds another layer of data security to avoid hacking to the data storage in its raw data format. It utilizes another encryption/decryption engine
  • ENC3 via steps 150, 160 to process the data between the host system 30 and the secure storage system such that data can flow freely, until the user logs off.
  • the encrypted data if retrieved in its raw data format, can withstand brute force attack for trial-and-error decryption without proper access key.
  • the password authentication and access gating utility 60 can apply to master user as well to provide a legitimate secure back door for access to data, if necessary.
  • the user name is identified first, via step 71.
  • the original password PSWDl is then requested, via step 72, through user interface.
  • a new password PSWD2 is requested from the user, via step 73.
  • the new password PSWD2 is further confirmed by the user, via step 74.
  • the original password PSWDl is hashed through hash function HASH as HPl, via step 75.
  • the original hashed password HP is then retrieved from storage, via step 76. HP and HPl are compared to see if they match? If not, it means the password PSWDl entered is incorrect and an error is reported, via step 172. If the result matches, then the original encrypted access key EAK is retrieved, via step 78.
  • EAK is then decrypted through encryption/decryption engine ENC2' using user password PSWDl as a key to retrieve access key ACCESS_KEY, via step 79.
  • the access key ACCESS_KEY is then re- encrypted through encryption/decryption engine ENC2 using the new password PSWD2 as a key, via step 170.
  • the resulting encrypted access key EAK is then stored, via step 171.
  • the password change utility 60 can apply to master user as well to change master password, if necessary. As shown in Figure 8, it is beneficial to have a supplemental measure in addition to password protection and strong encryption to counter brute force attack against secure storage, via step 80. As a part of the error handling routine, the number of failed attempts NOFA is retrieved and the count is incremented, via step 81. The new NOFA is then stored 82. The preset number of allowable attempts NOAA is retrieved, via step 83. If NOAA is greater than NOFA, a slow-down response time mechanism is activated, via step 85. The slow-down response time mechanism is optional and is meant to slow down the next brute force attack through password guessing. The mechanism adds more response time to the next guessing attempt.
  • NOAA is normally preset by the administrator depends on the application requirement. If NOAA is less than or equal to NOFA, then the number of allowable attempts or attacks has been reached.
  • a storage lock-out mechanism is activated, via step 86.
  • the lock-out mechanism is meant to prevent the user from attempting the guessing of password, even if a correct password is provided later.
  • the lock-out measures can be to:
  • Password request utility is generally implemented according to the host device environment. It tends to be proprietary based on different operating systems.
  • the invention can also implement password request utility through standard browser interface (not shown in drawings). It brings along a few benefits over traditional proprietary approach: -Interface is more universal, as browser is more pervasion in various operating environments.
  • a call-home mechanism can be hidden and embedded in the browser utility interface. Whenever the Internet or network connection is in place, a call-home channel can be established to allow an administrator to change master password or to manage and lock-out the secure storage system, if necessary.
  • the present invention intends to address issues related to a secure storage system in the following aspects:
  • a system and method in accordance with the invention employs the same hash function HASH as the one in the second set of prior art to process the original password PSWD, via step 52, and to store only the hashed password HP, via steps 53, 54, instead of the password itself.
  • An access key ACCESS_KEY is generated, by a random number generator RNG, via step 55.
  • ACCESS_KEY is encrypted using key PSWD from the original password. It results in an encrypted access key EAK, via step 56 and is stored via step 58 for later usage.
  • the user name is identified via step 61, either as a regular user or a master user.
  • the utility requests password PSWDl from the user, via step 62.
  • the password PSWDl is hashed through function HASH and generates a hashed password HPl, via step 63.
  • the original hashed password HP is retrieved, via step 64 and compared with the new hashed password HP, via step 165. If the result matches, the first- level of password authentication completes.
  • the original encrypted access key EAK is then retrieved, via step 66.
  • EAK is decrypted using the just entered password PSWDl to recover the original access key ACCESS_KEY, via step 67.
  • ACCESS KEY is applied as access gating to secure partition, via step 68.
  • the data storage transfer channel is established. It adds another layer of data security to avoid hacking to the data storage in its raw data format. It utilizes another encryption/decryption engine ENC3, via steps 150, 160 to process the data between the host system 30 and the secure storage system such that data can flow freely, until the user logs off.
  • ENC3 another encryption/decryption engine
  • the encrypted data if retrieved in its raw data format, can withstand brute force attack for trial-and-error decryption without proper access key.
  • the invention utilizes access key as an access gating to the secure partition. There is no comparison mechanism, be it through hardware or software, to be done and to be compromised. When the access key is applied, it opens door to decrypt any data that is available, be it meaningful or gobbled. Only the right access key can decrypt the meaningful data to the user.
  • the transparency in "access gating through access key” provides effectiveness and efficiency over conventional "access control through comparison” approaches.
  • a conventional password implementation requires reformatting of the associated secure storage after password is changed by the user. It brings along several problems: a. Data needs to be backed up before password can be changed
  • the conventional approaches tend to associate the encryption key with the password. It can be secure in a way, but it may not be unique, as there can be duplicates in password selection. Since the encryption key is associated with the password, if the password can be retrieved from the data storage, as is common in the prior art, the key is easily compromised. As such, a back door exists for the encryption key and the key is crackable. Since the encryption key is associated with the password, once the password is changed, the key has to change as well. Therefore the secure partition has to be reformatted whenever the encryption key is changed. And the data itself has to be backed up before the secure partition is reformatted, in order to preserve the original data. It is a very cumbersome process for the user.
  • a system and method in accordance with the present invention uses a random number generator to generate a unique and secure access key for the secure storage. It is a one-time process only after the user chooses to generate the secure partition initially or to re-generate the secure partition afterwards. It is more unique and secure than the password associated encryption key disclosed in conventional systems.
  • the access key is used to encrypt and decrypt the data stored in secure storage.
  • the access key is encrypted by the original user password.
  • the encrypted access key is stored for later retrieval, but the user password is never stored. Instead, only the hashed password, or the digest of the password, is stored.
  • the hashed password is a one-way digest of the password, it is not retrievable and thus provide extra security to the secrecy of the access key.
  • the access key can only be decrypted by the correct password provided by the user. It therefore presents no back door and is not easy to crack. [0071] Even though the access key is very secure and not easy to crack, it is yet recoverable with the combined hash and encryption mechanism described.
  • the combined mechanism can be used by different password to secure the data storage without changing the access key. Not having to reformat the data storage whenever the password changes, it provides convenience and flexibility for user to manage their password and secure storage effectively.
  • the secure storage should not have any back door to breach the security. But under certain circumstances, there is a need to have a master password as a back door to recover data from the secure storage. In one example, the rightful user of the data storage may forget the user password. In another example, the data content needs to be retrieved without the original user's consent for lawful reason. How the master password is able to associate with the user password without user knowledge and to keep up with the secure storage access key generation is a big challenge in conventional systems.
  • the present invention employs the same hash function HASH as the one in the second set of prior art to process the default master password M_PSWD 51 and to store only the master hashed password M HP 53, 54, instead of the master password itself.
  • ACCESS_KEY is encrypted using key M_PSWD from the original master password. It results in a master encrypted access key M_EAK 57 and is stored 58 for later usage.
  • the default master password is fixed initially. It should be changed by the system administrator as soon as the data storage initialization process is complete and detected. The master password is hidden from the access and knowledge of the regular user.
  • the default master password is kept secret by the administrator.
  • the default master password can be changed as soon as the administrator learns that the secure storage has been initialized, through the call-home mechanism described later in this invention.
  • the invention implements a counter to store the number of fail attempts, as shown in Figure 8. Once the count of the number of fail attempts exceeds the number of allowable attempts, a counter measure is activated. The counter measure intends to achieve one or multiple of the following result: a. Slow down the response time from data storage system.
  • a call-home mechanism can be hidden and embedded in the browser utility interface. Whenever the Internet or network connection is in place, a call-home channel can be established to allow an administrator to change master password or to manage or lock-out the secure storage system, if necessary.

Abstract

L’invention concerne un système de stockage sécurisé comprenant un moteur crypto et un dispositif de stockage. Le moteur crypto comprend un générateur de nombres aléatoires; une fonction de hachage; un moteur de chiffrement général; et un moteur de chiffrement de données. Le système de stockage sécurisé inclut en outre un dispositif de stockage couplé au moteur crypto. Le dispositif de stockage inclut un réseau de stockage. Le réseau de stockage inclut une cloison publique, une cloison sécurisée et une cloison de système. La cloison publique est accessible au public. La cloison sécurisée est accessible par l’intermédiaire de l’authentification d’un mot de passe. La cloison de système n’est accessible que par le système de stockage sécurisé. L’authentification du mot de passe est à deux niveaux plutôt qu’un, pour éviter une collision de hachage ou une effraction interne. On accède à la cloison sécurisée par une « grille d’accès par l’intermédiaire d’une clé d’accès » plutôt que par une « commande d’accès par comparaison ». Le mot de passe peut être modifié sans reformater le stockage sécurisé.
PCT/US2008/054484 2008-02-21 2008-02-21 Système de stockage sécurisé et procédé d’utilisation WO2009110878A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/US2008/054484 WO2009110878A1 (fr) 2008-02-21 2008-02-21 Système de stockage sécurisé et procédé d’utilisation
CN200880001472.1A CN101730886B (zh) 2008-02-21 2008-02-21 安全性存储系统及其使用方法

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2008/054484 WO2009110878A1 (fr) 2008-02-21 2008-02-21 Système de stockage sécurisé et procédé d’utilisation

Publications (1)

Publication Number Publication Date
WO2009110878A1 true WO2009110878A1 (fr) 2009-09-11

Family

ID=41056280

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2008/054484 WO2009110878A1 (fr) 2008-02-21 2008-02-21 Système de stockage sécurisé et procédé d’utilisation

Country Status (2)

Country Link
CN (1) CN101730886B (fr)
WO (1) WO2009110878A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8010768B2 (en) 2007-05-09 2011-08-30 Kingston Technology Corporation Secure and scalable solid state disk system
US8024575B2 (en) * 2000-06-29 2011-09-20 Intel Corporation System and method for creation and use of strong passwords
US8499168B2 (en) 2007-05-09 2013-07-30 Kingston Technology Corporation Secure and scalable solid state disk system
US8527781B2 (en) 2007-05-09 2013-09-03 Kingston Technology Corporation Secure and scalable solid state disk system
US8667569B2 (en) 2011-09-29 2014-03-04 Target Brands, Inc. Credentials management

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201245956A (en) * 2011-05-04 2012-11-16 Chien-Kang Yang Memory card and its access, data encryption, golden key generation and changing method
CN108090358B (zh) * 2017-12-28 2021-07-20 哈尔滨安天科技集团股份有限公司 一种防御哈希碰撞躲避反病毒检测的方法及系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5999711A (en) * 1994-07-18 1999-12-07 Microsoft Corporation Method and system for providing certificates holding authentication and authorization information for users/machines
US7089585B1 (en) * 2000-08-29 2006-08-08 Microsoft Corporation Method and system for authorizing a client computer to access a server computer
US7124203B2 (en) * 2000-07-10 2006-10-17 Oracle International Corporation Selective cache flushing in identity and access management systems

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1378146A (zh) * 2001-04-03 2002-11-06 李长珍 计算机用信息安全智能保护锁
US8745409B2 (en) * 2002-12-18 2014-06-03 Sandisk Il Ltd. System and method for securing portable data
US7240219B2 (en) * 2003-05-25 2007-07-03 Sandisk Il Ltd. Method and system for maintaining backup of portable storage devices
DE602004020276D1 (de) * 2004-05-04 2009-05-07 Research In Motion Ltd Anfrage-antwort-system und -verfahren
JP4735026B2 (ja) * 2004-10-01 2011-07-27 ソニー株式会社 情報記憶装置
JP4764639B2 (ja) * 2005-01-28 2011-09-07 株式会社オーク情報システム ファイルの暗号化・復号化プログラム、プログラム格納媒体

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5999711A (en) * 1994-07-18 1999-12-07 Microsoft Corporation Method and system for providing certificates holding authentication and authorization information for users/machines
US7124203B2 (en) * 2000-07-10 2006-10-17 Oracle International Corporation Selective cache flushing in identity and access management systems
US7089585B1 (en) * 2000-08-29 2006-08-08 Microsoft Corporation Method and system for authorizing a client computer to access a server computer

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8024575B2 (en) * 2000-06-29 2011-09-20 Intel Corporation System and method for creation and use of strong passwords
US8010768B2 (en) 2007-05-09 2011-08-30 Kingston Technology Corporation Secure and scalable solid state disk system
US8499168B2 (en) 2007-05-09 2013-07-30 Kingston Technology Corporation Secure and scalable solid state disk system
US8527781B2 (en) 2007-05-09 2013-09-03 Kingston Technology Corporation Secure and scalable solid state disk system
US8667569B2 (en) 2011-09-29 2014-03-04 Target Brands, Inc. Credentials management

Also Published As

Publication number Publication date
CN101730886A (zh) 2010-06-09
CN101730886B (zh) 2014-10-29

Similar Documents

Publication Publication Date Title
US8607070B2 (en) Secure storage system and method of use
US8312269B2 (en) Challenge and response access control providing data security in data storage devices
KR100889099B1 (ko) 데이터 저장 장치의 보안 방법 및 장치
US8010790B2 (en) Block-level storage device with content security
US6044155A (en) Method and system for securely archiving core data secrets
TWI463349B (zh) 於兩裝置間保護資料存取之方法及系統
JP4615601B2 (ja) コンピュータセキュリティシステムおよびコンピュータセキュリティ方法
US20040098591A1 (en) Secure hardware device authentication method
CN107908574B (zh) 固态盘数据存储的安全保护方法
US20190379542A1 (en) Dongle for ciphering data
CN113545006A (zh) 远程授权访问锁定的数据存储设备
KR20080071528A (ko) 저장 장치 데이터 암호화와 데이터 액세스를 위한 방법 및시스템
WO2004034184A3 (fr) Systeme d'exploitation a chiffrement
WO2009110878A1 (fr) Système de stockage sécurisé et procédé d’utilisation
KR102510785B1 (ko) 데이터를 안전하게 전송하는 방법 및 시스템
WO2007071501A1 (fr) Methode destinee a des systemes de gestion d'acces en cascade
US20120096280A1 (en) Secured storage device with two-stage symmetric-key algorithm
WO2008148114A1 (fr) Mémoire à sécurité multiniveau
GB2621045A (en) Encrypted cache protection
JP2024511236A (ja) コンピュータファイルのセキュリティ暗号化方法、復号化方法および読み取り可能な記憶媒体
US20230195912A1 (en) Secure data content access system and method
CN107919966B (zh) 一种计算机网络安全控制器
US8738531B1 (en) Cryptographic distributed storage system and method
KR101327193B1 (ko) 사용자 접근추적이 가능한 이동식 저장매체 보안 방법
JP3868218B2 (ja) アクセス制限付コンテンツ表示方法およびその装置

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200880001472.1

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08730316

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08730316

Country of ref document: EP

Kind code of ref document: A1