WO2011025185A2 - 보안 유에스비 저장매체 생성 및 복호화 방법, 그리고 보안 유에스비 저장매체 생성을 위한 프로그램이 기록된 매체 - Google Patents
보안 유에스비 저장매체 생성 및 복호화 방법, 그리고 보안 유에스비 저장매체 생성을 위한 프로그램이 기록된 매체 Download PDFInfo
- Publication number
- WO2011025185A2 WO2011025185A2 PCT/KR2010/005520 KR2010005520W WO2011025185A2 WO 2011025185 A2 WO2011025185 A2 WO 2011025185A2 KR 2010005520 W KR2010005520 W KR 2010005520W WO 2011025185 A2 WO2011025185 A2 WO 2011025185A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- usb
- secure
- storage medium
- header
- user password
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
- H04L9/16—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2213/00—Indexing scheme relating to interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F2213/0038—System on Chip
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
Definitions
- the present invention relates to a method for generating and decrypting a secure universal serial bus (USB) storage medium, and a medium in which a program for generating a secure USB storage medium is recorded. More particularly, the present invention relates to a USB storage medium having a security function. A method for creating and reinforcing access to a secure USB storage medium, recovering and reusing a destroyed USB storage medium, and a medium on which a program capable of creating a secure USB storage medium is recorded.
- USB universal serial bus
- USB is a representative mobile storage device, which is designed to use necessary data anytime and anywhere. It is widely used to store files because it is portable and easy to use.
- USB security has been enhanced, but all of them have a function that can block a specific person's access, or it is difficult to completely protect information from attacks such as hacker volume dumps (VOLUME DUMP).
- the first object of the present invention is to solve the security problem of the above-described conventional USB storage media, USB for accessing the USB storage media to prevent the data stored in the USB storage media through the disk dump, etc.
- a method for generating and decrypting a secure volume and a computer-readable recording medium capable of performing the method is provided.
- the second object of the present invention is to destroy the secured volume and header of a secure USB storage medium that can enhance the security by blocking access to the area where the data is stored when the data stored in the secured USB storage medium is illegally accessed. To provide a way.
- a secure USB storage medium generating method includes a USB host device including a USB connection port, an input interface, an output interface, a storage unit, and a host controller.
- the generating of the secure volume main body in step d) may include the sector control unit performing a sector I / O driver to write the second data to be recorded in the main body allocated to the storage area of the USB storage medium. And generating the secure volume main body by encrypting the data in sector units using the sector.
- the host controller stores the predetermined first data including the random key and the disk key in the header allocated to the storage area of the USB storage medium.
- the method may further include transmitting to the USB controller.
- the host controller encrypts data other than the random key among the first data to be stored in the header of the storage area by the USB controller and transmits the encrypted data to the USB controller.
- the step a) of the present embodiment may include outputting, by the host controller, information for requesting input of a connection path of the USB storage medium or requesting confirmation of a quick format through the output interface.
- the USB storage medium is a USB memory stick or a USB external hard drive.
- a CD area in which the sector I / O driver is mounted is formed in a storage area of the USB storage medium, and when the first data is input and output to the main body of the storage area.
- the first data is encrypted and decrypted by a sector I / O driver.
- the host controller may further include installing the sector I / O driver in the storage unit. Include. Accordingly, when the first data is inputted to and outputted from the main body of the storage area, the first data is decoded by the sector I / O driver provided in the storage.
- the host control unit the USB connection Outputting information for requesting a user password (hereinafter referred to as a 'second user password') through the output interface when a connection of the USB interface to a port is detected;
- a 'second user password' a user password
- the second user password is input from the input interface, a key for encrypting and decrypting the secure volume header using the inputted second user password and the random key stored in the secure volume header (hereinafter referred to as 'second arm').
- the host If the controller detects the connection of the USB interface to the USB connection port, outputting information for requesting input of a user password (hereinafter referred to as a third user password) through the output interface; When the third user password is input from the input interface, a key for encrypting and decrypting the secure volume header using the third user password and the random key stored in the secure volume header (hereinafter, 'the third encryption key'). '); Decrypting the secure volume header by using the generated third decryption key; And overwriting the second data recorded in the secure volume main body to a random value if the secure volume header is not normally decrypted.
- a third user password hereinafter referred to as a third user password
- the method for destroying the secure volume header of the secure USB storage medium for achieving the above object, as a method of destroying the secure volume header of the secure USB storage medium generated by the present invention, Outputting, by the host controller, information for requesting input of a user password (hereinafter referred to as 'third user password') through the output interface when the connection of the USB interface is detected to the USB connection port;
- a key for encrypting and decrypting the secure volume header using the inputted third user password and the random key stored in the secure volume header hereinafter referred to as 'third arm'.
- Generating a decryption key ' Decrypting the secure volume header by using the generated third decryption key; And if the secure volume header is not decrypted, resetting the first data stored in the secure volume header to arbitrary data.
- the secure volume header recovery method of the secure USB storage medium for achieving the above object, the secure USB storage medium in which the secure volume header of the secure USB storage medium is destroyed by the present invention; A method for recovering a secure volume header of the server, wherein the host controller detects whether to receive the secure volume header recovery request information of the secure USB storage medium through the input interface when the connection of the USB interface is detected to the USB connection port.
- a portion of a header and a body of a header of a USB storage medium are encrypted and decrypted by sector using an encryption algorithm, and an encryption key for accessing the encrypted body is stored in an encrypted header area.
- the user password entered for the initial security volume is different If a password is entered, the security volume header is reset to arbitrary data so that the key to access the security volume main body cannot be extracted so that the data stored in the USB storage media can not be leaked if the USB storage media is lost. Can be.
- the security volume header of the USB storage medium is destroyed in accordance with the present invention, the information of the security volume header stored in the USB host device or the external storage device is written to the destroyed security volume header as it is and the destroyed security volume header is discarded. By allowing recovery, parties can recover and reuse data stored on destroyed secure USB storage media.
- FIG. 1 is a diagram illustrating an example in which a secure volume is generated for a storage area during a secure USB storage medium creation process according to an embodiment of the present invention.
- FIG. 2 is a flowchart illustrating a security volume generation method according to an embodiment of the present invention.
- FIG 3 is a view for explaining a security volume mounting method according to an embodiment of the present invention.
- FIG. 4 is a flowchart illustrating a security volume header recovery method according to an embodiment of the present invention.
- FIG. 5 is a block diagram showing an example of a system configuration in which an agent program for hardware creation and mounting, and secure volume header recovery is configured in hardware according to an embodiment of the present invention.
- FIG. 6 is a diagram illustrating a configuration example of a computer to which the USB host device of FIG. 5 is applied according to an embodiment of the present invention.
- FIG. 1 is a diagram illustrating an example in which a secure volume is generated for a storage area during a secure USB storage medium creation process according to an embodiment of the present invention.
- the USB storage medium provided with the storage area 100 means all storage devices provided with an interface, and includes an external hard drive device having a USB interface.
- the external hard disk since the CD region is not generally formed separately, the method of generating the security volume will vary slightly depending on the characteristics of each USB storage medium.
- the storage area 100 of the USB storage medium according to the present invention is manufactured so that the CD area 110 is formed when the USB storage medium is manufactured.
- the CD area 110 is an area in which data that deformation should not occur is stored. In the CD area 110, a loading of automatically stored data is executed when a USB storage medium is connected to the USB host device. auto-play).
- the CD region 110 includes an agent program for performing a predetermined function for generating a secure USB storage medium and a sector I / O driver for encrypting and decrypting the storage region 100 sector by sector. At this time, the sector I / O driver must also be installed in the USB host device. At this time, in the case of a USB storage medium that is not provided with the CD region 110 separately, an agent program or a sector I / O driver may be installed in the USB host device.
- USB host device generally refers to a computer device.
- a USB storage medium such as a PC, a server computer, a PDA, a cellular phone, a smartphone, a game machine, and an IPTV set-top box is connected to each other to communicate with each other. Any electronic device equipped with a USB connection porter.
- the storage area 100 of the USB storage medium includes a CD area 110 and a data storage area 120 on which an agent program is mounted. Thereafter, the data storage area 120 is divided into a header 121 and a body part 123 by an agent program, and the header 121 and the body part 123 are transformed into a secure volume area. do.
- the security volume region is deformed into the security volume header 122 and the security volume body portion 124 corresponding to the header 121 and the body portion 123.
- the security volume header 122 is formed by being divided into a non-encryption region 122a and an encryption region 122b.
- the agent program not only accesses the secure volume body unit 124 using the encryption / decryption key stored in the secure volume header 122, but also secure volume mount, secure volume decryption disable, and secure volume destruction operations which will be described later. Directly execute and control.
- the sector I / O driver is a driver that inputs and outputs data stored in the secure volume main body unit 124 to perform encryption on a sector-by-sector basis. That is, the sector I / O driver encrypts the sector where the file is to be stored when the particular file is stored, stores the encrypted sector data, and decrypts the sector by sector when reading the sector corresponding to the specific file. Creates sector data that has not been created and displays it on the screen.
- the sector I / O driver performs encryption and decryption at the same time as the write / read operation for each sector for specific data, the time required for decryption of data can be greatly shortened.
- the data storage area 120 corresponds to a file system of general O / S before the security volume is created.
- the security volume is generated, it is divided into a security volume main body unit 124 corresponding to a file system in which files and the like are stored, and a security volume header 122 in which predetermined information is stored.
- a non-encrypted region 122a of the secure volume header 122 stores a salt key, which is a random key, and other information and data, in the encrypted region 122b.
- a salt key which is a random key
- other information and data in the encrypted region 122b.
- the version information of the secure volume header 122, the version information of the agent program, the secure volume generation time, the media management number, the secure volume main body 124 size information, and the secure volume main body 124 The disk key or the like for decrypting the data may be stored.
- the secure volume header 122 may store a signature value for confirming whether the secure volume header 122 corresponds to the secure volume header 122.
- a signature value is provided by an agent program installed in a USB host device and corresponds to a unique value of each USB storage medium, and thus may be usefully used when mounting a secure volume, which will be described later.
- FIG. 2 is a flowchart illustrating a security volume generation method according to an embodiment of the present invention.
- the agent program and the sector I / O driver must be mounted in the CD area 110 or installed in the USB host device to generate the secure volumes 122 and 124. Even if the agent program is mounted in the CD area 110, a more powerful agent program can be installed in the USB host device. In this case, the agent program installed in the USB host device takes precedence over the agent program installed in the CD area 110. It is preferable to be.
- the agent program inputs a user password (hereinafter, referred to as a 'first user password' to distinguish it from a user password received in another process) for setting security in the storage area 100 to the user.
- Request (S210).
- the agent program may additionally request a user to input a connection path of the USB storage medium or to check whether the USB storage medium is to be formatted quickly or to be formatted in a general manner.
- the agent program When the first user password is input from the user, the agent program generates a salt key that is a random key using a random number generator (S220).
- the salt key is used to generate an encryption / decryption key for encrypting and decrypting the header 121 of the storage area 100.
- the agent program when the first user password is input, the agent program generates a disk key capable of encrypting the main body 123 of the storage area 100 or decrypting the encrypted secure volume main body 124. (S220).
- the agent program repeatedly decrypts the header 121 of the storage area 100 by repeatedly performing the inputted first user password and a hashing algorithm such as SHA1, AHA512, RIPEMD160, WHIRLPOOL, and the like.
- a decryption key (hereinafter, referred to as a 'first encryption key' in order to distinguish it from a decryption key generated in a future mounting process) is generated (S220).
- the salt key and the disk key generated in step S220 are stored in the header 121, and other information already mentioned is stored in the header 121.
- the header 121 is encrypted using the first encryption / decryption key generated in step S220 and an encryption algorithm.
- the salt key since the salt key is used to decrypt the security password header 122 hashed and encrypted each time the user enters the USB storage medium by the user, the salt key should be stored in the non-encryption area 122a. That is, the agent program encrypts the data stored in the encryption area 122b of the secure volume header 122 excluding the salt key (S230).
- the agent program may format and encrypt the main body 123 (file system) in which the file and the like are stored in operation S220.
- the quick format is selected in the first user password input step in step S210, the quick format will be encrypted to encrypt random data. If the quick format is not selected, random data will be encrypted for all sectors of the file system. It will do the normal formatting of recording.
- the encryption process through this format is performed using the generated disk key and encryption algorithm. The encryption process is performed sector by sector by the sector I / O driver according to the present invention.
- a secure volume header 122 in which a predetermined region (encryption region 122b) is encrypted and a secure volume body unit 124 in which all data is encrypted are generated (S240).
- the generated secure volume header 122 may be stored in a USB host device or a separate server (external storage medium) to be used in the future recovery of the secure volume header 122.
- FIG. 3 is a view for explaining a security volume mounting method according to an embodiment of the present invention.
- the secure volume mount refers to a series of processes of decrypting the secure volume header 122 to extract data and informing the operating system of the USB host device of the information stored in the secure volume main body unit 124.
- the agent program requests a user input of a user password (hereinafter referred to as a “second user password”) (S310).
- the agent program When the second user password is input, the agent program reads the salt key stored in the non-encryption area 122a of the secure volume header 122 (S320), hashes the inputted second user password and hashes the secure volume header 122.
- An encryption / decryption key (hereinafter, referred to as a second encryption / decryption key) is generated (S330).
- the agent program attempts to decrypt the encryption area 122b of the secure volume header 122 with the second decryption key generated in step S330 (S340).
- the encryption area 122b of the security volume header 122 is not decrypted with the second encryption / decryption key, a request for reconfirmation of a user password (second user password) is requested, and steps S320 and S340 are performed using the user password again inputted. To repeat. This process may be allowed to repeat a defined number of times. If the encryption area 122b of the secure volume header 122 is not decrypted even after the reconfirmation request, the secure volumes 122 and 124 are decrypted (S350).
- the agent program extracts the disk key from the encryption area 122b of the secure volume header 122 and mounts the secure volume main body 124 (S360).
- the agent program decrypts the encrypted data of the secure volume body unit 124 with an encryption algorithm and a disk key.
- the sector number is decrypted for each sector and input / output is performed for each sector through the I / O driver.
- the signature value is stored in the secure volume header 122.
- FIG. 1 the signature value is uniquely assigned to each USB storage medium when the agent program is distributed, and is intended to prevent the secure USB storage medium from operating in a program other than the agent program.
- the signature value is stored in the secure volume header 122
- a process of checking whether the signature value matches after the secure volume header 122 is decrypted with the second decryption key is followed. If the signature value stored in the agent program and the signature value in the secure volume header 122 match, it is possible to mount the secure volume main body 124, but if it is inconsistent, the mount is impossible.
- the security volumes 122 and 124 may be destroyed or the security volumes header 122 may be destroyed.
- a secure USB storage medium When a secure USB storage medium is connected to a USB host device by a person who is not authorized to use it, a user password (hereinafter referred to as 'third user password') is requested from the agent program.
- the agent program reads the salt key stored in the non-encryption area 122a of the secure volume header 122 of the secure USB storage medium and hashes the inputted third user password with a hashing algorithm to secure the volume.
- An encryption / decryption key (hereinafter referred to as a 'third encryption key') for decrypting the encryption area 122b of the header 122 is generated.
- the decryption of the encryption area 122b of the secure volume header 122 is attempted with the generated third encryption / decryption key. In this case, if it is not normally decrypted, it means that the third user password is inconsistent with the first user password input in step s210 of FIG.
- the third user password input opportunity is further given a defined number of times. If the third user password is input for a defined number of times but the encryption area 122b of the secure volume header 122 is not decrypted, the secure volumes 122 and 124 or the secure volume header 122 are discarded.
- the method for destroying the secure volumes 122 and 124 itself is to overwrite the data stored in the secure volumes 122 and 124 with random values that are random data. When overwritten to a random value in this way, the security volumes 122 and 124 themselves are in an unrecoverable state.
- the method of destroying the secure volume header 122 is to reset only the data of the secure volume header 122 to arbitrary data. That is, the agent program destroys the secure volume header 122 by generating random data as large as the secure volume header 122 and resetting it to meaningless data.
- the disk key stored in the secure volume header 122 cannot be retrieved at all, thereby preventing access to the secure volume main body 124 itself. Therefore, an abnormal user cannot read / write a file stored in the secure volume main body unit 124 of the secure USB storage medium, thereby maintaining security.
- FIG. 4 is a flowchart illustrating a security volume header recovery method according to an embodiment of the present invention.
- the user may store the stored secure volume. Recovery may be performed using the data of the header 122.
- the agent program When receiving the security volume header recovery request from the user (S420), the agent program requests a secure USB serial number input to the user.
- the agent program searches for the corresponding security volume header with the input serial number (S440).
- the agent program When the corresponding security volume header is found, the agent program requests a user to input a user password (hereinafter referred to as a 'fourth user password') (S450).
- a user password hereinafter referred to as a 'fourth user password'
- An encryption / decryption key (hereinafter, referred to as a “fourth encryption key”) for decrypting the stored security volume header is generated by hashing the input fourth user password and the salt key stored in the header storage device (S460).
- the decryption of the secure volume header is attempted using the generated fourth encryption / decryption key to determine whether it is normally decrypted (S470).
- S470 the secure volume header is normally decrypted through this, since the input fourth user password corresponds to the first user password input in step S210 of FIG. 1, the secure volume header information is retrieved and destroyed in the secure volume header storage device.
- the secure volume header 122 is recovered by overwriting the written secure volume header 122 (S480).
- step S470 if the secure volume header is not decrypted using the fourth decryption key in step S470, it means that the fourth user password does not match the first user password input in step S210 of FIG. (122)
- a message for not restoring is output (S490).
- this message is output, the user repeats the steps S450 to S490 again. This repetition process is performed a defined number of times, but it is preferable to limit it to 3 to 5 times.
- FIG. 5 is a system configuration example of hardware implementation of an algorithm for secure volume generation and mounting, and secure volume header recovery for a USB storage medium performed by the agent program through FIGS. 1 to 4 according to an embodiment of the present invention. Is a block diagram showing the following.
- the system of the present invention includes a USB storage medium 200 and a USB host device 300.
- the USB storage device 200 includes a storage area 100, a USB controller 150, and a USB interface 170.
- the storage area 100 is an area in which data shown in FIG. 1 is stored and decoded, and the USB controller 150 controls input / output (read / write) of data with respect to the storage area 100, and a USB interface 170.
- the USB host device 300 includes a host controller 310, an output interface 320, an input interface 330, a USB connection port 340, and a storage 350.
- the host controller 310 is a block implemented in hardware corresponding to the agent program of the present invention, and performs an operation for encrypting and decrypting a USB storage medium according to an embodiment of the present invention.
- the output interface 320 is a display device for displaying information under the control of the host controller 310, and the input interface 330 is an input device for inputting information by a user.
- the USB connection port 340 is a bus through which the USB storage medium 200 is connected and input / output data, and the storage unit 350 is a medium in which programs and data necessary for the operation of the USB host device 300 are stored.
- the host controller 310 detects whether the USB connection port 340 is connected to the USB interface 170 provided in the USB storage medium 200. When the USB interface 170 is connected to the USB connection port 340 while the USB host device 300 is operating, power is supplied from the USB host device 300 to the USB interface 170 through the USB connection port 340. Supplied. Accordingly, the controller 150 drives the USB storage medium 200 using the power supplied.
- the host controller 310 When the host controller 310 detects a connection of the USB interface 170 to the USB connection port 340, information for requesting input of a first user password to be set to generate a secure USB storage medium through the output interface 320. Outputs In this case, the host controller 310 may output information for requesting input of a connection path of the USB storage medium 200 or requesting confirmation of a quick format through the output interface 320.
- the host controller 310 In response, when the first user password is input by the user through the input interface 330, the host controller 310 generates a random key and a disk key based on the input first user password.
- the host controller 310 When the random key and the disk key are generated based on the first user password, the host controller 310 hashes the first user password and the random key to generate a first encryption / decryption key.
- the host controller 310 divides the storage area 100 into the header 121 and the main body 123 using the first encryption / decryption key, encrypts the first data, and stores the first data in the header 121 to secure the volume. Generate a header 122. In addition, the host controller 310 encrypts the second data using the disk key and stores the second data in the main body 123 to generate the secure volume main body 124.
- the host controller 310 when the host controller 310 generates the secure volume main body 124, the sector I / O writes the second data to be recorded in the main body 123 allocated to the storage area 100 of the USB storage medium 200.
- the secure volume main body unit 124 generates the encrypted volume by sector using a driver and stores the same in the main body unit 123.
- the host controller 310 transmits the predetermined first data including the random key and the disk key to the USB controller 150 to store the predetermined first data in the header 121 allocated to the storage area 100 of the USB storage medium 200. do.
- the host controller 310 encrypts data other than the random key among the first data to be stored in the header 121 of the storage area 100 by the USB controller 150 and transmits the encrypted data to the USB controller 150.
- the USB controller 150 stores the first data transmitted from the host controller 310 through the USB connection port 340 and the USB interface 170 in the header 121 of the storage area 100.
- the USB storage medium 200 may be a USB memory stick or a USB external hard drive.
- the USB storage medium 200 when the USB storage medium 200 is a USB memory stick, the CD area 110 in which the sector I / O driver is mounted is formed in the storage area 100 of the USB storage medium 200.
- the first data when the first data is inputted and outputted to the main body 123 of the storage area 100, the first data is decoded by the sector I / O driver.
- the host controller 310 may install the sector I / O driver in the storage 350 before the first user password input request.
- the first data is inputted and outputted to the main body 123 of the storage area 100, the first data is decrypted by the sector I / O driver installed in the storage 350.
- the host controller 310 may store the first data included in the generated secure volume header 122 in the storage 350 or an external storage device. In this case, the host controller 310 may recover the encrypted first data stored in the secure volume header 122 using the stored first data.
- the host controller 310 When the connection of the USB interface 170 is detected to the USB connection port 340, the host controller 310 outputs information for requesting input of the second user password through the output interface 320. In response, when the second user password is input from the input interface 330, the host controller 310 uses the input second user password and the random key stored in the secure volume header 122 to access the secure volume header 122. Generate a second decryption key for decryption.
- the host controller 310 attempts to decrypt the secure volume header 12 by using the generated second decryption key. In this case, if the security volume header 122 is normally decrypted, the host controller 310 extracts the disk key stored in the security volume header 122 and mounts the disk key to the security volume main body 124.
- mounting the secure volume main body 124 may cause the host controller 310 to decrypt second data stored in a specific sector or all sectors of the secure volume main body 124 through a sector I / O driver. I say that.
- the host controller 310 When the connection of the USB interface 170 is detected to the USB connection port 340, the host controller 310 outputs information for requesting input of a third user password through the output interface 320. In response, when the third user password is input from the input interface 330, the host controller 310 decrypts the security volume header 122 by using the third user password and the random key stored in the security volume header 122. A third encryption key is generated.
- the host controller 310 attempts to decrypt the secure volume header 122 by using the generated third encryption / decryption key. At this time, if the secure volume header 122 is not normally decrypted, the host controller 310 overwrites the second data recorded in the secure volume main body 124 with a random value.
- the host controller 310 When the connection of the USB interface 170 is detected to the USB connection port 340, the host controller 310 outputs information for requesting input of a third user password through the output interface 320. In response, when the third user password is input from the input interface 330, the host controller 310 uses the input third user password and the random key stored in the secure volume header 122 to access the secure volume header 122. Generate a third encryption key for decryption.
- the host controller 310 attempts to decrypt the secure volume header 122 by using the generated third encryption / decryption key. If the secure volume header 122 is not decrypted, the host controller 310 resets the first data stored in the secure volume header 122 to arbitrary data.
- the host controller 310 When the host controller 310 detects the connection of the USB interface 170 to the USB connection port 340, the host controller 310 determines whether to receive the recovery request information of the secure volume header 122 of the secure USB storage medium through the input interface 330. do. In response thereto, when the secure volume header recovery request information of the secure USB storage medium is received, the host controller 310 stores the secure volume header of the secure USB storage medium to be recovered in response to the recovery request from the storage 350 or an external storage device. 122).
- the host controller 310 When the secure volume header 122 of the secure USB storage medium to be recovered is found, the host controller 310 outputs information requesting input of a fourth user password through the output interface 320. In response to the input of the fourth user password from the input interface 330, the host controller 310 stores the input fourth user password and the secure volume header 122 stored in the storage 350 or an external storage device. A fourth decryption key for decrypting and decrypting the secure volume header 122 is generated using the random key.
- the host controller 310 attempts to decrypt the secure volume header 122 by using the generated fourth encryption / decryption key. At this time, if the secure volume header 122 is normally decrypted, the host controller 310 may store predetermined first data stored in the secure volume header 122 of the protected secure USB storage medium stored in the storage 350 or an external storage device. Is recorded in the secure volume header 122 of the destroyed secure USB storage medium.
- the I / O driver used for encrypting and decrypting data may be configured to be installed in the USB host device 200 or the USB storage medium 200 in a software format, or may be modularized in a hardware format. It may be configured to be mounted on the host device 200 or the USB storage medium 200.
- FIG. 6 is a diagram illustrating a configuration example of a computer to which the USB host device of FIG. 5 is applied according to an embodiment of the present invention.
- the computer to which the USB host device 300 of the present invention is applied includes a CPU 410, a monitor 420, a keyboard 430, a mouse 435, a USB connection port 440, and a hard disk (HDD). ), And RAM 460.
- the CPU 410 is the host controller 310
- the monitor 420 is the output interface 320
- the keyboard 430 and the mouse 435 is the input interface 330
- the USB connection port 440 is a USB connection port
- the technical features correspond to the storage unit 350 and the hard disk (HDD) 450, respectively.
- the secure USB storage medium according to the embodiment of the present invention can be generated and decrypted through a computer corresponding to the USB host device 300.
- the present invention can be widely used in the field of portable storage media including USB storage media having enhanced data security functions that can compensate for the weak security problem of data stored in the storage media.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
- Signal Processing For Digital Recording And Reproducing (AREA)
Abstract
Description
Claims (17)
- USB 연결 포트, 입력 인터페이스, 출력 인터페이스, 저장부, 및 호스트 제어부로 구성되는 USB 호스트 장치가, USB 인터페이스, 저장영역, 및 USB 제어부로 구성되는 USB 저장매체를 암호화하여 보안 USB 저장매체를 생성하는 방법으로서,상기 호스트 제어부가,a) 상기 USB 연결 포트에 상기 USB 인터페이스의 접속이 감지되면, 상기 출력 인터페이스를 통해 설정할 사용자 암호(이하, '제1 사용자 암호'라 함) 입력을 요청하는 정보를 출력하는 단계;b) 상기 제1 사용자 암호 입력 요청에 대응하여 상기 입력 인터페이스로부터 상기 제1 사용자 암호가 입력되면, 입력된 상기 제1 사용자 암호에 기초하여 랜덤 키 및 디스크 키를 생성하는 단계;c) 상기 랜덤 키 및 디스크 키가 생성되면, 상기 제1 사용자 암호와 상기 랜덤 키를 해싱하여 암복호화 키(이하, '제1 암복호화 키'라 함)를 생성하는 단계; 및d) 상기 제1 암복호화 키를 이용하여 상기 저장영역을 헤더와 본체부로 나누어, 제1 데이터를 암호화하여 상기 헤더에 저장하여 보안볼륨 헤더를 생성하고, 상기 디스크 키를 이용하여 제2 데이터를 암호화하여 상기 본체부에 저장하여 보안볼륨 본체부를 생성하는 단계를 포함하는 보안 USB 저장매체 생성방법.
- 제 1항에 있어서,상기 d) 단계에서 상기 보안볼륨 본체부를 생성하는 것은,상기 호스트 제어부가,상기 USB 저장매체의 저장영역에 할당된 상기 본체부에 기록할 상기 제2 데이터를 섹터 I/O 드라이버를 이용하여 섹터 단위로 암호화하여 상기 본체부에 저장하는 과정을 통해 상기 보안볼륨 본체부가 생성되는 단계를 포함하는 것을 특징으로 하는 보안 USB 저장매체 생성방법.
- 제 2항에 있어서,상기 호스트 제어부가,상기 랜덤 키 및 상기 디스크 키를 포함하는 소정의 상기 제1 데이터가 상기 USB 저장매체의 저장영역에 할당된 상기 헤더에 저장하도록 상기 USB 제어부로 전송하는 단계를 더 포함하는 것을 특징으로 하는 보안 USB 저장매체 생성방법.
- 제 3항에 있어서,상기 호스트 제어부가,상기 USB 제어부에 의해 상기 저장영역의 헤더에 저장될 상기 제1 데이터 중 상기 랜덤 키 이외의 데이터는 암호화하여 상기 USB 제어부로 전송하는 것을 특징으로 하는 보안 USB 저장매체 생성방법.
- 제 1항에 있어서,상기 a) 단계는, 상기 호스트 제어부가,상기 USB 저장매체의 접속 경로 입력을 요청하거나 빠른 포맷 여부 확인을 요청하는 정보를 상기 출력 인터페이스를 통해 출력하는 단계를 포함하는 것을 특징으로 하는 보안 USB 저장매체 생성방법.
- 제 2항에 있어서,상기 USB 저장매체는 USB 메모리 스틱 또는 USB 외장하드 장치인 것을 특징으로 하는 보안 USB 저장매체 생성방법.
- 제 6항에 있어서,상기 USB 저장매체가 USB 메모리 스틱인 경우, 상기 USB 저장매체의 저장영역에는 상기 섹터 I/O 드라이버가 탑재되는 CD 영역이 형성되고,상기 제1 데이터가 상기 저장영역의 본체부에 입출력될 때 상기 섹터 I/O 드라이버에 의해 상기 제1 데이터가 암복호화되는 것을 특징으로 하는 보안 USB 저장매체 생성방법.
- 제 2항에 있어서,상기 a) 단계에서 상기 제1 사용자 암호 입력 요청 전에, 상기 호스트 제어부가,상기 섹터 I/O 드라이버를 상기 저장부에 설치하는 단계를 더 포함하고,상기 제1 데이터가 상기 저장영역의 본체부에 입출력될 때 상기 저장부에 설치된 상기 섹터 I/O 드라이버에 의해 상기 제1 데이터가 암복호화되는 것을 특징으로 하는 보안 USB 저장매체 생성방법.
- 제 2항에 있어서,상기 호스트 제어부가,생성된 상기 보안볼륨 헤더에 포함된 상기 제1 데이터를 상기 저장부 또는 외부 저장장치에 저장하는 단계를 더 포함하고,저장한 상기 제1 데이터를 이용하여 상기 보안볼륨 헤더에 저장된 암호화된 상기 제1 데이터를 복구하는 것을 특징으로 하는 보안 USB 저장매체 생성방법.
- 제 1항의 보안 USB 저장매체 생성방법에 의해 생성된 보안 USB 저장매체.
- 제 4항의 방법에 의해 생성된 상기 보안 USB 저장매체를 마운트하는 방법으로서,상기 호스트 제어부가,상기 USB 연결 포트에 상기 USB 인터페이스의 접속이 감지되면, 상기 출력 인터페이스를 통해 사용자 암호(이하, '제2 사용자 암호'라 함) 입력을 요청하는 정보를 출력하는 단계;상기 입력 인터페이스로부터 상기 제2 사용자 암호가 입력되면, 입력된 상기 제2 사용자 암호와 상기 보안볼륨 헤더에 저장된 상기 랜덤 키를 이용하여 상기 보안볼륨 헤더를 암복호화하기 위한 키(이하, '제2 암복호화 키'라 함)를 생성하는 단계;생성된 상기 제2 암복호화 키를 이용하여 상기 보안볼륨 헤더를 복호화하는 단계; 및상기 보안볼륨 헤더가 정상적으로 복호화되면, 상기 보안볼륨 헤더 내에 저장된 상기 디스크 키를 추출하여 상기 보안볼륨 본체부에 마운트하는 단계를 포함하는 보안 USB 저장매체 마운트 방법.
- 제 11항에 있어서,상기 보안볼륨 본체부 마운트 단계에서, 상기 호스트 제어부는,상기 섹터 I/O 드라이버를 통해 상기 보안볼륨 본체부에 대한 특정 섹터 또는 모든 섹터에 저장된 상기 제2 데이터를 복호화하는 것을 특징으로 하는 보안 USB 저장매체 마운트 방법.
- 제 4항의 방법에 의해 생성된 상기 보안 USB 저장매체의 보안볼륨을 파기하는 방법으로서,상기 호스트 제어부가,상기 USB 연결 포트에 상기 USB 인터페이스의 접속이 감지되면, 상기 출력 인터페이스를 통해 사용자 암호(이하, '제3 사용자 암호'라 함) 입력을 요청하는 정보를 출력하는 단계;상기 입력 인터페이스로부터 상기 제3 사용자 암호가 입력되면, 상기 제3 사용자 암호와 상기 보안볼륨 헤더에 저장된 상기 랜덤 키를 이용하여 상기 보안볼륨 헤더를 암복호화하기 위한 키(이하, '제3 암복호화 키'라 함)를 생성하는 단계;생성된 상기 제3 암복호화 키를 이용하여 상기 보안볼륨 헤더를 복호화하는 단계; 및상기 보안볼륨 헤더가 정상적으로 복호화되지 않으면, 상기 보안볼륨 본체부에 기록된 상기 제2 데이터를 랜덤값으로 오버라이트하는 단계를 포함하는 보안 USB 저장매체의 보안볼륨 파기방법.
- 제 4항의 방법에 의해 생성된 상기 보안 USB 저장매체의 보안볼륨 헤더를 파기하는 방법으로서,상기 호스트 제어부가,상기 USB 연결 포트에 상기 USB 인터페이스의 접속이 감지되면, 상기 출력 인터페이스를 통해 사용자 암호(이하, '제3 사용자 암호'라 함) 입력을 요청하는 정보를 출력하는 단계;상기 입력 인터페이스로부터 상기 제3 사용자 암호가 입력되면, 입력된 상기 제3 사용자 암호와 상기 보안볼륨 헤더에 저장된 상기 랜덤 키를 이용하여 상기 보안볼륨 헤더를 암복호화하기 위한 키(이하, '제3 암복호화 키'라 함)를 생성하는 단계;생성된 상기 제3 암복호화 키를 이용하여 상기 보안볼륨 헤더를 복호화하는 단계; 및상기 보안볼륨 헤더가 복호화되지 않으면, 상기 보안볼륨 헤더 내에 저장된 상기 제1 데이터를 임의의 데이터로 리셋하는 단계를 포함하는 보안 USB 저장매체의 보안볼륨 헤더 파기방법.
- 제 4항의 방법에 의해 상기 보안 USB 저장매체의 보안볼륨 헤더가 파기된 상기 보안 USB 저장매체의 보안볼륨 헤더를 복구하는 방법으로서,상기 호스트 제어부가,상기 USB 연결 포트에 상기 USB 인터페이스의 접속이 감지되면, 상기 입력 인터페이스를 통해 상기 보안 USB 저장매체의 보안볼륨 헤더 복구요청 정보의 수신 여부를 판단하는 단계;상기 보안 USB 저장매체의 보안볼륨 헤더 복구요청 정보가 수신되면, 상기 저장부로부터 상기 복구요청에 따라 복구하고자 하는 상기 보안 USB 저장매체의 보안볼륨 헤더를 검색하는 단계;복구하고자 하는 상기 보안 USB 저장매체의 보안볼륨 헤더가 검색되면, 상기 출력 인터페이스를 통해 사용자 암호(이하, '제4 사용자 암호'라 함) 입력을 요청하는 정보를 출력하는 단계;상기 입력 인터페이스로부터 상기 제4 사용자 암호가 입력되면, 입력된 상기 제4 사용자 암호와 상기 저장부에 저장된 상기 보안볼륨 헤더에 저장된 상기 랜덤 키를 이용하여 상기 보안보륨 헤더를 암복호화하기 위한 키(이하, '제4 암복호화 키'라 함)를 생성하는 단계;생성된 상기 제4 암복호화 키를 이용하여 상기 보안볼륨 헤더를 복호화하는 단계; 및상기 보안볼륨 헤더가 정상적으로 복호화되면, 복호화된 상기 보안 USB 저장매체의 보안볼륨 헤더 내에 저장된 소정의 상기 제1 데이터를 파기된 상기 보안 USB 저장매체의 보안볼륨 헤더 내에 기록하는 단계를 포함하는 파기된 USB 저장매체의 보안볼륨 헤더복구 방법.
- USB 저장매체가 USB 호스트 장치에 접속되면 사용자에게 설정할 사용자 암호 입력을 요청하고,상기 사용자 암호가 입력되면, 랜덤 키를 생성함과 아울러 상기 USB 저장매체의 저장영역에 할당된 본체부를 암복호화하기 위한 디스크 키를 생성하고,상기 사용자 암호와 상기 랜덤 키를 해싱하여 암복호화 키를 생성하고,상기 암복호화 키를 이용하여 상기 USB 저장매체의 저장영역에 할당된 헤더를 암호화하여 보안볼륨 헤더를 생성하고,상기 디스크 키를 이용하여 상기 저장영역에 할당된 상기 본체부를 암호화하여 보안볼륨 본체부를 생성하는 기능을 실현하는 프로그램을 기록한 컴퓨터로 읽을 수 있는 매체.
- 제 7항에 있어서,상기 I/O 드라이버는 상기 USB 호스트 장치 또는 상기 USB 저장매체에 하드웨어 형식으로 모듈화되어 탑재되도록 구성되는 것을 특징으로 하는 보안 USB 저장매체 생성방법.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/391,814 US9100173B2 (en) | 2009-08-22 | 2010-08-20 | Security USB storage medium generation and decryption method, and medium recorded with program for generating security USB storage medium |
JP2012525494A JP5362114B2 (ja) | 2009-08-22 | 2010-08-20 | 保安usb記憶媒体生成及び復号化方法、並びに保安usb記憶媒体生成のためのプログラムが記録された媒体 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020090077884A KR101150415B1 (ko) | 2009-08-22 | 2009-08-22 | 보안 유에스비 저장매체 관리방법 및 보안 유에스비 저장매체 관리를 위한 프로그램이 기록된 매체 |
KR10-2009-0077884 | 2009-08-22 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2011025185A2 true WO2011025185A2 (ko) | 2011-03-03 |
WO2011025185A3 WO2011025185A3 (ko) | 2011-07-07 |
Family
ID=43628548
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2010/005520 WO2011025185A2 (ko) | 2009-08-22 | 2010-08-20 | 보안 유에스비 저장매체 생성 및 복호화 방법, 그리고 보안 유에스비 저장매체 생성을 위한 프로그램이 기록된 매체 |
Country Status (4)
Country | Link |
---|---|
US (1) | US9100173B2 (ko) |
JP (1) | JP5362114B2 (ko) |
KR (1) | KR101150415B1 (ko) |
WO (1) | WO2011025185A2 (ko) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2290873A3 (en) * | 2009-08-28 | 2012-11-14 | Research In Motion Limited | Protocol for protecting content protection data |
JP2014013515A (ja) * | 2012-07-04 | 2014-01-23 | Fuji Xerox Co Ltd | 情報処理システムおよびプログラム |
CN103678964A (zh) * | 2012-09-13 | 2014-03-26 | 上海斐讯数据通信技术有限公司 | 移动终端、密码输入方法及系统 |
US20140157362A1 (en) * | 2012-12-03 | 2014-06-05 | Imation Corp. | Recovering from unexpected flash drive removal |
CN104636682A (zh) * | 2015-02-09 | 2015-05-20 | 上海瀚银信息技术有限公司 | 一种基于硬件设备的密码管理系统及方法 |
US9129114B2 (en) | 2012-12-03 | 2015-09-08 | Imation Corp. | Preboot environment with system security check |
US9430250B2 (en) | 2012-12-03 | 2016-08-30 | Kingston Digital, Inc. | Bootability with multiple logical unit numbers |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130290733A1 (en) * | 2012-04-26 | 2013-10-31 | Appsense Limited | Systems and methods for caching security information |
US20130290734A1 (en) * | 2012-04-26 | 2013-10-31 | Appsense Limited | Systems and methods for caching security information |
GB2523508B (en) * | 2012-12-21 | 2021-01-06 | Hewlett Packard Development Co | Active component embedded in cable |
US20140366148A1 (en) * | 2013-06-10 | 2014-12-11 | Transcend Information, Inc. | Storage Medium Securing Method and Media Access Device thereof |
US9639710B2 (en) | 2013-12-23 | 2017-05-02 | Symantec Corporation | Device-based PIN authentication process to protect encrypted data |
US9672361B2 (en) * | 2014-04-30 | 2017-06-06 | Ncr Corporation | Self-service terminal (SST) secure boot |
KR102263880B1 (ko) | 2014-06-19 | 2021-06-11 | 삼성전자주식회사 | 호스트 컨트롤러 및 시스템-온-칩 |
US9634833B2 (en) * | 2014-06-20 | 2017-04-25 | Google Inc. | Gesture-based password entry to unlock an encrypted device |
US10025932B2 (en) * | 2015-01-30 | 2018-07-17 | Microsoft Technology Licensing, Llc | Portable security device |
US11032320B1 (en) * | 2016-09-19 | 2021-06-08 | Jpmorgan Chase Bank, N.A. | Systems and methods for dynamic application level encryption |
EP3379445B1 (en) | 2017-03-22 | 2024-06-12 | Diebold Nixdorf Systems GmbH | System and method to generate encryption keys based on information of peripheral devices |
KR102118620B1 (ko) * | 2018-04-11 | 2020-06-04 | 주식회사 크레스텍 | 보안성이 강화된 암호화폐 지갑 서비스 시스템 및 이를 이용한 암호화폐 전송방법 |
US11489554B2 (en) * | 2020-10-30 | 2022-11-01 | Schweitzer Engineering Laboratories, Inc. | Systems and methods for establishing secure communication in an electric power distribution system with software defined network |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100348611B1 (ko) * | 2000-02-01 | 2002-08-13 | 엘지전자 주식회사 | 디지탈 콘텐츠의 암호화장치 및 암호화방법 |
US20050114663A1 (en) * | 2003-11-21 | 2005-05-26 | Finisar Corporation | Secure network access devices with data encryption |
KR100583050B1 (ko) * | 2004-08-04 | 2006-05-25 | 송유권 | 유에스비 토큰 키를 이용한 파일 암호화 및 복호화 방법과그를 이용한 시스템 |
KR100703777B1 (ko) * | 2005-04-21 | 2007-04-06 | 삼성전자주식회사 | 컨텐츠 제공자 인증 및 컨텐츠 무결성 보장을 위한 시스템 |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5787169A (en) * | 1995-12-28 | 1998-07-28 | International Business Machines Corp. | Method and apparatus for controlling access to encrypted data files in a computer system |
KR100484209B1 (ko) * | 1998-09-24 | 2005-09-30 | 삼성전자주식회사 | 디지털컨텐트암호화/해독화장치및그방법 |
DE10142498A1 (de) * | 2001-08-30 | 2003-03-27 | Siemens Ag | Verfahren zur Ver- und Entschlüsselung von Kommunikationsdaten |
AU2003250536A1 (en) * | 2002-08-06 | 2004-02-23 | Matsushita Electric Industrial Co., Ltd. | Packet routing device and packet routing method |
KR100549504B1 (ko) * | 2003-10-10 | 2006-02-03 | 한국전자통신연구원 | 서명 암호화를 이용한 웹서비스 보안에서의 soap메시지 생성 및 검증 방법 |
US8060670B2 (en) * | 2004-03-17 | 2011-11-15 | Super Talent Electronics, Inc. | Method and systems for storing and accessing data in USB attached-SCSI (UAS) and bulk-only-transfer (BOT) based flash-memory device |
US8667273B1 (en) * | 2006-05-30 | 2014-03-04 | Leif Olov Billstrom | Intelligent file encryption and secure backup system |
JP5052878B2 (ja) * | 2006-12-12 | 2012-10-17 | 株式会社バッファロー | 記憶装置及び利用者認証方法 |
JP2008245112A (ja) * | 2007-03-28 | 2008-10-09 | Hitachi Global Storage Technologies Netherlands Bv | データ記憶装置及びその暗号鍵の管理方法 |
JP5053032B2 (ja) * | 2007-10-16 | 2012-10-17 | 株式会社バッファロー | データ管理装置、データ管理方法およびデータ管理プログラム |
US8656179B2 (en) * | 2009-03-03 | 2014-02-18 | Roger E. Billings | Using hidden secrets and token devices to create secure volumes |
US20110113235A1 (en) * | 2009-08-27 | 2011-05-12 | Craig Erickson | PC Security Lock Device Using Permanent ID and Hidden Keys |
-
2009
- 2009-08-22 KR KR1020090077884A patent/KR101150415B1/ko not_active IP Right Cessation
-
2010
- 2010-08-20 WO PCT/KR2010/005520 patent/WO2011025185A2/ko active Application Filing
- 2010-08-20 US US13/391,814 patent/US9100173B2/en not_active Expired - Fee Related
- 2010-08-20 JP JP2012525494A patent/JP5362114B2/ja not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100348611B1 (ko) * | 2000-02-01 | 2002-08-13 | 엘지전자 주식회사 | 디지탈 콘텐츠의 암호화장치 및 암호화방법 |
US20050114663A1 (en) * | 2003-11-21 | 2005-05-26 | Finisar Corporation | Secure network access devices with data encryption |
KR100583050B1 (ko) * | 2004-08-04 | 2006-05-25 | 송유권 | 유에스비 토큰 키를 이용한 파일 암호화 및 복호화 방법과그를 이용한 시스템 |
KR100703777B1 (ko) * | 2005-04-21 | 2007-04-06 | 삼성전자주식회사 | 컨텐츠 제공자 인증 및 컨텐츠 무결성 보장을 위한 시스템 |
Non-Patent Citations (1)
Title |
---|
BLUZEN INC. VXSAFE V1.0 SECURITY TARGET V1.0.0.8 03 July 2009, * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2290873A3 (en) * | 2009-08-28 | 2012-11-14 | Research In Motion Limited | Protocol for protecting content protection data |
JP2014013515A (ja) * | 2012-07-04 | 2014-01-23 | Fuji Xerox Co Ltd | 情報処理システムおよびプログラム |
CN103678964A (zh) * | 2012-09-13 | 2014-03-26 | 上海斐讯数据通信技术有限公司 | 移动终端、密码输入方法及系统 |
US20140157362A1 (en) * | 2012-12-03 | 2014-06-05 | Imation Corp. | Recovering from unexpected flash drive removal |
US9104891B2 (en) * | 2012-12-03 | 2015-08-11 | Imation Corp. | Recovering from unexpected flash drive removal |
US9129114B2 (en) | 2012-12-03 | 2015-09-08 | Imation Corp. | Preboot environment with system security check |
US9430250B2 (en) | 2012-12-03 | 2016-08-30 | Kingston Digital, Inc. | Bootability with multiple logical unit numbers |
US9916444B2 (en) | 2012-12-03 | 2018-03-13 | Kingston Digital, Inc. | Recovering from unexpected flash drive removal |
CN104636682A (zh) * | 2015-02-09 | 2015-05-20 | 上海瀚银信息技术有限公司 | 一种基于硬件设备的密码管理系统及方法 |
Also Published As
Publication number | Publication date |
---|---|
US9100173B2 (en) | 2015-08-04 |
US20120151219A1 (en) | 2012-06-14 |
KR101150415B1 (ko) | 2012-06-01 |
WO2011025185A3 (ko) | 2011-07-07 |
KR20110020326A (ko) | 2011-03-03 |
JP5362114B2 (ja) | 2013-12-11 |
JP2013502817A (ja) | 2013-01-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2011025185A2 (ko) | 보안 유에스비 저장매체 생성 및 복호화 방법, 그리고 보안 유에스비 저장매체 생성을 위한 프로그램이 기록된 매체 | |
EP2696305B1 (en) | Method and device for file protection | |
KR101699998B1 (ko) | 일시적 중요정보의 보안 저장 | |
US7987374B2 (en) | Security chip | |
US8103004B2 (en) | Method, apparatus and system for use in distributed and parallel decryption | |
US20080016127A1 (en) | Utilizing software for backing up and recovering data | |
US20040172538A1 (en) | Information processing with data storage | |
CN101441601B (zh) | 一种硬盘ata指令的加密传输的方法及系统 | |
JP2001117823A (ja) | アクセス資格認証機能付きデータ記憶装置 | |
CN110245466B (zh) | 软件完整性保护和验证方法、系统、设备及存储介质 | |
JP2005346182A (ja) | 情報処理装置、耐タンパ方法、耐タンパプログラム | |
WO2023240866A1 (zh) | 密码卡及其根密钥保护方法、计算机可读存储介质 | |
US8458488B2 (en) | Method and system for diagnosing operation of tamper-resistant software | |
US8479020B2 (en) | Method and apparatus for providing an asymmetric encrypted cookie for product data storage | |
CN114942729A (zh) | 一种计算机系统的数据安全存储与读取方法 | |
CN111539042B (zh) | 一种基于核心数据文件可信存储的安全操作方法 | |
JP2003195758A (ja) | データ処理装置、インタフェースボードおよびデータ秘匿方法 | |
KR20100106110A (ko) | 시큐어 부트 데이터(Secure Boot Data) 통합 관리 시스템, 시큐어 부트 데이터 통합 관리를 위한 메타데이터 생성 및 검증 방법, 이를 컴퓨터에서 실행시키기 위한 프로그램을 기록한 컴퓨터로 읽을 수 있는기록매체. | |
CN116594567A (zh) | 信息管理方法、装置和电子设备 | |
JP4836504B2 (ja) | Icチップ、ボード、情報処理装置及びコンピュータプログラム | |
US20150039900A1 (en) | Program execution method and decryption apparatus | |
CN1825291A (zh) | 数据管理装置及数据管理方法 | |
CN113383335A (zh) | 数据存储设备事件的安全日志记录 | |
WO2021025185A1 (ko) | 안티-인버전 함수를 이용한 화이트박스 암호 인코딩 장치 및 방법 | |
CN113139171B (zh) | 一种控制超声诊断系统软件许可和硬件许可的方法及系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10812199 Country of ref document: EP Kind code of ref document: A2 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012525494 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13391814 Country of ref document: US |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 10812199 Country of ref document: EP Kind code of ref document: A2 |