[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN101308537B - Method for generating key for encryption and decryption in computer apparatus and using the same - Google Patents

Method for generating key for encryption and decryption in computer apparatus and using the same Download PDF

Info

Publication number
CN101308537B
CN101308537B CN2007101070567A CN200710107056A CN101308537B CN 101308537 B CN101308537 B CN 101308537B CN 2007101070567 A CN2007101070567 A CN 2007101070567A CN 200710107056 A CN200710107056 A CN 200710107056A CN 101308537 B CN101308537 B CN 101308537B
Authority
CN
China
Prior art keywords
mentioned
computer apparatus
user
voucher
golden key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2007101070567A
Other languages
Chinese (zh)
Other versions
CN101308537A (en
Inventor
李仕群
杨仁宗
杨耀明
刘丁荣
郑旭修
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Asustek Computer Inc
Original Assignee
Asustek Computer Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Asustek Computer Inc filed Critical Asustek Computer Inc
Priority to CN2007101070567A priority Critical patent/CN101308537B/en
Publication of CN101308537A publication Critical patent/CN101308537A/en
Application granted granted Critical
Publication of CN101308537B publication Critical patent/CN101308537B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention relates to a method which generates an encryption and decryption key in a computer device and a method for using the encryption and decryption key, comprising the following steps: firstly, inputting a password and asking to establish a user certificate; secondly, processing a device key with the inputted password to generate the user certificate, wherein, the device key is established based on the information depending on the computer device in a non-volatile storage device.

Description

In computer apparatus, produce encryption and decryption gold key and use the method for this encryption and decryption gold key
Technical field
The technical field that the present invention encrypts about archives refers to a kind of method that produces encryption and decryption gold key and use this encryption and decryption gold key in computer apparatus especially.
Background technology
The use of computer is very general now; and make that information flow is more and more convenient; yet; it faces the problem how the data file safe enough that is stored in the computer apparatus is provided; therefore general computer apparatus all can provide the function with the cryptoguard data file, with the security of protected data.
And in computer apparatus in the function with the security of cryptoguard data file; setting up password on their own with the user again is the most general protection mechanism; Figure 1 shows that and input the synoptic diagram that password comes protected data file 11 with the user in the computer apparatus now; the original data file 11 execution cryptographic calculations of data encrypting and deciphering key pair that wherein use a cryptographic algorithm to obtain as index with this password and user's number of the account; and produce a ciphered data file 12; the user is as desiring this ciphered data file 12 of access; then correct password need be inputed, these ciphered data file 12 deciphering original data file 12 could be.
Above-mentioned mechanism with the cryptoguard data file is by inputing correct password to obtain the required information of encryption and decryption; because these passwords or the needed private information of encryption and decryption are had in the end and be stored among the rigid disk of computer most; so more or less freelyly cracked, and the usability of program fragments of carrying out authentication password is also cracked by the mode of visiting internal memory easily by acquisition.
So how effectively the data file of protection in computer apparatus to promote the security of computer data, is the problem of needing solution badly in fact.
Summary of the invention
The object of the present invention is to provide a kind of method that in computer apparatus, produces encryption and decryption gold key and use this encryption and decryption gold key, to reach the purpose of strengthening information protection.
According to a characteristic of the present invention, a kind of method that produces encryption and decryption gold key in computer apparatus is proposed, above-mentioned computer apparatus has a non-volatile storage, above-mentioned non-volatile storage stores the information that depends upon above-mentioned computer apparatus, it is characterized in that above-mentioned method comprises step:
(A) input one password, and user's voucher is set up in request; And
(B) come to handle with the password of above-mentioned input by the golden key of a device, to produce above-mentioned user's voucher, wherein above-mentioned device gold key is set up with the information that depends upon computer apparatus in the above-mentioned non-volatile storage.
Wherein above-mentioned non-volatile storage is a BIOS chip.
Wherein in step (B), the above-mentioned information that depends upon above-mentioned computer apparatus comprises network card number and the processor sequence number that is stored in the above-mentioned BIOS chip.
In step (A), be to send by an ACPI core schema driver by an application program to ask, and above-mentioned user's voucher is set up in request wherein to above-mentioned BIOS chip.
Wherein in step (B), above-mentioned user's voucher is stored in the hard disk of above-mentioned computer apparatus.
Wherein in step (B), the reversible that is treated to a displacement letter formula that produces above-mentioned user's voucher is handled.
The invention provides a kind of method of in computer apparatus, using encryption and decryption gold key, above-mentioned computer apparatus has a non-volatile storage, above-mentioned non-volatile storage stores the information that depends upon above-mentioned computer apparatus, above-mentioned computer apparatus provides first password and device user's voucher that golden key produced by user's input, wherein above-mentioned device gold key is set up with the information that depends upon computer apparatus in the above-mentioned non-volatile storage, it is characterized in that above-mentioned method comprises step:
(A) obtain above-mentioned user's voucher;
(B) input one second input password;
(C) calculate first password in user's voucher with above-mentioned device gold key and user's voucher; And
(D) check whether second password of above-mentioned input conforms to first password in user's voucher, if then carry out encryption and decryption with second password of importing.
Wherein, above-mentioned non-volatile storage is a BIOS chip.
Wherein, the above-mentioned information that depends upon above-mentioned computer apparatus comprises network card number and the processor sequence number that is stored in the above-mentioned BIOS chip.
In step (A), be to send by an ACPI core schema driver by an application program to ask extremely above-mentioned BIOS chip wherein to obtain above-mentioned user's voucher.
Beneficial effect of the present invention is: utilize existing soft, nextport hardware component NextPort combination in the computer apparatus; with the password of user input and add, decipher required private information and be stored among the non-volatile storage by system firmware; because this non-volatile storage easily by any spiteful invasion or trojan horse program access, therefore can reach the purpose of strengthening information protection unlike hard drives.And owing to add, decipher required private information and be relevant to specific hardware, tackled, duplicated then the private information in the specific hardware for want of and can't be deciphered as if the archives of this encryption.In addition, responsive usability of program fragments such as authentication password is also transferred to system firmware and is responsible for, and significantly reduces by visiting the chance that internal memory is cracked.And non-volatile storage of wanting required for the present invention and system firmware are device indispensable in the computer apparatus now, so the present invention only needs by the software support, and do not need to install additional extra chip or other hardware unit.
Description of drawings
For further specifying concrete technology contents of the present invention, below in conjunction with embodiment and accompanying drawing describes in detail as after, wherein:
Fig. 1 inputs the synoptic diagram that password comes the protected data file in the known computer apparatus with the user.
Fig. 2 carries out according to generation encryption and decryption of the present invention gold key and uses the synoptic diagram of computer apparatus of the method for this encryption and decryption gold key.
Fig. 3 shows the flow process that produces the method for encryption and decryption gold key according to of the present invention in computer apparatus.
Fig. 4 shows the flow process of using the method for encryption and decryption gold key according to of the present invention in computer apparatus.
Embodiment
Below by particular specific embodiment explanation embodiments of the present invention, make this invention technical field tool know that usually the knowledgeable can understand other advantage of the present invention and effect easily by the content that this instructions disclosed.
The relevant method that in computer apparatus, produces encryption and decryption gold key and use this encryption and decryption gold key of the present invention, reference earlier Figure 2 shows that the synoptic diagram of the computer apparatus of the method for carrying out this generation encryption and decryption gold key and using this encryption and decryption gold key, as shown in the figure, have a processor 21, an input media 22, a non-volatile storage 23, a storage device 24, a north bridge chips 25, a South Bridge chip 26, one super I/O chip 27, an and hard disk 28 in the computer apparatus.Above-mentioned processor 21 is the s operation control center of computer apparatus, in order to executive system routine and application program and the function of various kinds data processing is provided.Above-mentioned north bridge chips 25 is coupled to processor 21, storage device 24, and South Bridge chip 26 respectively, gets in touch, controls control, and and the data transmission of this South Bridge chip 26 etc. of read-write, the bus of internal memory 24 with operation and processor 21.Above-mentioned South Bridge chip 26 is coupled to non-volatile storage 23 and super I/O chip 27 respectively, and couples by north bridge chips 25 and processor 21, and South Bridge chip 44 is responsible for the communication of super I/O chip 27 and peripherals etc.Above-mentioned super I/O chip 27 couples this input media 22 and hard disk 28, so that the function of output and input to be provided.
Aforementioned input media 22 for example is a keyboard, it is available for users to import data to computer apparatus, storage device 24 can be for storing the performed application program 241 of processor 21, driver 242 or other software program, or the archives of processor 21 handled data files 243 or other type, and non-volatile storage device 23 for example is Basic Input or Output System (BIOS) 231 (BasicInput/Output System, BIOS), its system firmware is in order to initiating hardware when starting shooting, the detection hardware function, and pilot operationp system, wherein, store the information that depends upon this computer apparatus in the Basic Input or Output System (BIOS) 231, for example network card number and processor sequence number etc., in addition, also store the time stamp (time stamp) that is relevant to this computer apparatus.
Please refer to and Figure 3 shows that the process flow diagram that in computer apparatus, produces the method for encryption and decryption gold key of the present invention, it at first passes through an ACPI (ACPI by application program 241, AdvancedConfiguration and Power Interface) core schema driver 2421 send ask to the system firmware of Basic Input or Output System (BIOS) 231 to set up user's voucher (step S301), request package wherein contains the password of user's input.After the system firmware of Basic Input or Output System (BIOS) 231 is received this request, come to handle to produce this user's voucher (step S302) by the golden key Vkey of a device with the password of user's input, the processing that wherein produces this user's voucher for example is that the reversible of displacement (shift) letter formula is handled, and this device gold key Vkey is set up with the information that depends upon computer apparatus in the non-volatile storage 23, for example information such as network card number stored in the Basic Input or Output System (BIOS) 231 and processor sequence number are produced this through functional operation and install golden key Vkey, or producing this with time stamp (time stamp) or other information that depends upon computer apparatus through functional operation installs golden key Vkey, and because the singularity of this network card number and processor sequence number, so the device that is produced gold key Vkey also has singularity.The aforementioned user's voucher that produces is stored in the hard disk 28.
Please refer to the method for in computer apparatus, using encryption and decryption gold key of the present invention that Figure 4 shows that again, it is in order to encrypt or to decipher a data file 243, at first by application program 241 by ACPI core schema driver 2421 send ask to the system firmware of Basic Input or Output System (BIOS) 231 obtaining the resulting user's voucher of method (step S401) of aforementioned generation encryption and decryption gold key, and require the user to input password ' (step S402).Then, the system firmware of Basic Input or Output System (BIOS) 231 is calculated password in user's voucher to install golden key Vkey and user's voucher, and check this input password ' with user's voucher in password whether conform to (step S403), if, then can install golden key Vkey with the reduction of the gold of the data encrypting and deciphering in user's voucher key, and complete successfully encryption and decryption with this data encrypting and deciphering gold key.
By above-mentioned explanation as can be known; the present invention utilizes existing soft, nextport hardware component NextPort combination in the computer apparatus; with the password of user input and add, decipher required private information and be stored among the non-volatile storage by system firmware; because this non-volatile storage easily by any spiteful invasion or trojan horse program access, therefore can reach the purpose of strengthening information protection unlike hard drives.And owing to add, decipher required private information and be relevant to specific hardware, tackled, duplicated then the private information in the specific hardware for want of and can't be deciphered as if the archives of this encryption.In addition, responsive usability of program fragments such as authentication password is also transferred to system firmware and is responsible for, and significantly reduces by visiting the chance that internal memory is cracked.And non-volatile storage of wanting required for the present invention and system firmware are device indispensable in the computer apparatus now, so the present invention only needs by the software support, and do not need to install additional extra chip or other hardware unit.
The foregoing description is only given an example for convenience of description, and the interest field that the present invention advocated should be as the criterion so that claims are described certainly, but not only limits to the foregoing description.

Claims (9)

1. method that in computer apparatus, produces golden key, above-mentioned golden key is in order to the data file encryption and decryption in the above-mentioned computer apparatus, above-mentioned computer apparatus has a non-volatile memory device, above-mentioned volatile memory device storing physical has the information that depends upon above-mentioned computer apparatus, it is characterized in that above-mentioned method comprises step:
(A) input one password, and user's voucher is set up in request; And
(B) come to handle by the golden key of a device with the password of above-mentioned input, to produce above-mentioned user's voucher, above-mentioned user's voucher is stored in the hard disk of above-mentioned computer apparatus, comprise above-mentioned golden key in above-mentioned user's voucher, wherein above-mentioned device gold key is set up with the information that depends upon computer apparatus in the above-mentioned non-volatile memory device.
2. the method that produces golden key in computer apparatus according to claim 1 is characterized in that wherein above-mentioned non-volatile memory device is a BIOS chip.
3. the method that in computer apparatus, produces golden key according to claim 2, it is characterized in that, wherein in step (B), the above-mentioned information that depends upon above-mentioned computer apparatus comprises network card number and the processor sequence number that is stored in the above-mentioned BIOS chip.
4. the method that in computer apparatus, produces golden key according to claim 2, it is characterized in that, wherein in step (A), be to send by an ACPI core schema driver by an application program to ask, and above-mentioned user's voucher is set up in request to above-mentioned BIOS chip.
5. the method that produces golden key in computer apparatus according to claim 1 is characterized in that, wherein in step (B), the reversible that is treated to a displacement letter formula that produces above-mentioned user's voucher is handled.
6. method of in computer apparatus, using golden key, above-mentioned golden key is in order to the data file encryption and decryption in the above-mentioned computer apparatus, above-mentioned computer apparatus has a non-volatile memory device, above-mentioned volatile memory device storing physical has the information that depends upon above-mentioned computer apparatus, above-mentioned computer apparatus provides first password and device user's voucher that golden key produced by user's input, above-mentioned user's voucher is stored in the hard disk of above-mentioned computer apparatus, comprise above-mentioned golden key in above-mentioned user's voucher, wherein above-mentioned device gold key is set up with the above-mentioned information that depends upon computer apparatus in the above-mentioned non-volatile memory device, it is characterized in that above-mentioned method comprises step:
(A) obtain above-mentioned user's voucher;
(B) input one second password;
(C) calculate first password in user's voucher with above-mentioned device gold key and user's voucher; And
(D) check whether second password of above-mentioned input conforms to first password in user's voucher, if then the golden key in above-mentioned user's voucher is reduced, and carry out encryption and decryption with above-mentioned golden key with above-mentioned device gold key.
7. the method for using golden key in computer apparatus according to claim 6 is characterized in that wherein, above-mentioned non-volatile memory device is a BIOS chip.
8. the method for in computer apparatus, using golden key according to claim 7, it is characterized in that, wherein, the above-mentioned information that depends upon above-mentioned computer apparatus comprises network card number and the processor sequence number that is stored in the above-mentioned BIOS chip.
9. the method for in computer apparatus, using golden key according to claim 8, it is characterized in that, in step (A), be to send by an ACPI core schema driver by an application program to ask extremely above-mentioned BIOS chip wherein to obtain above-mentioned user's voucher.
CN2007101070567A 2007-05-18 2007-05-18 Method for generating key for encryption and decryption in computer apparatus and using the same Active CN101308537B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2007101070567A CN101308537B (en) 2007-05-18 2007-05-18 Method for generating key for encryption and decryption in computer apparatus and using the same

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2007101070567A CN101308537B (en) 2007-05-18 2007-05-18 Method for generating key for encryption and decryption in computer apparatus and using the same

Publications (2)

Publication Number Publication Date
CN101308537A CN101308537A (en) 2008-11-19
CN101308537B true CN101308537B (en) 2011-05-11

Family

ID=40124985

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2007101070567A Active CN101308537B (en) 2007-05-18 2007-05-18 Method for generating key for encryption and decryption in computer apparatus and using the same

Country Status (1)

Country Link
CN (1) CN101308537B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1447269A (en) * 2003-04-10 2003-10-08 深圳市深信服电子科技有限公司 Certificate authentication system and method based on hardware characteristics
CN1746807A (en) * 2005-09-29 2006-03-15 浪潮电子信息产业股份有限公司 Anti-fogery method of parts of famous-brand computer
CN1752884A (en) * 2005-08-25 2006-03-29 深圳市研祥智能科技股份有限公司 Computer encryption device and its encryption method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1447269A (en) * 2003-04-10 2003-10-08 深圳市深信服电子科技有限公司 Certificate authentication system and method based on hardware characteristics
CN1752884A (en) * 2005-08-25 2006-03-29 深圳市研祥智能科技股份有限公司 Computer encryption device and its encryption method
CN1746807A (en) * 2005-09-29 2006-03-15 浪潮电子信息产业股份有限公司 Anti-fogery method of parts of famous-brand computer

Also Published As

Publication number Publication date
CN101308537A (en) 2008-11-19

Similar Documents

Publication Publication Date Title
US6094486A (en) Security apparatus for data transmission with dynamic random encryption
JP4615601B2 (en) Computer security system and computer security method
CN101241527B (en) System and method for ordinary authentication
CN101196855B (en) Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method
US7366916B2 (en) Method and apparatus for an encrypting keyboard
CN107408175B (en) Challenge response authentication for self-encryption driven
US7861015B2 (en) USB apparatus and control method therein
CN101551784B (en) Method and device for encrypting data in ATA memory device with USB interface
US20130156195A1 (en) Method of obtaining a main key from a memory device, method of generating authentication information for a memory device, an external device and system icluding the external device
CN102947836B (en) Memory device, main process equipment and use dual encryption scheme transmit the method for password between the first and second memory devices
US20110126023A1 (en) Systems And Methods For Data Security
US20210216616A1 (en) Memory controller and storage device including the same
CN113383511B (en) Recovery key for unlocking a data storage device
CN101345619A (en) Electronic data protection method and device based on biological characteristic and mobile cryptographic key
CN101685425A (en) Mobile storage device and method of encrypting same
US6236728B1 (en) Security apparatus for data transmission with dynamic random encryption
CN113383335B (en) Secure logging of data storage device events
CN102163267A (en) Solid state disk as well as method and device for secure access control thereof
US8850227B1 (en) Cryptographic operations using a key hierarchy
US20100011221A1 (en) Secured storage device with two-stage symmetric-key algorithm
US20110107109A1 (en) Storage system and method for managing data security thereof
WO2006004130B1 (en) Data management method, program thereof, and program recording medium
CN110619237B (en) Data storage method and device, computer equipment and storage medium
CN101883357A (en) Method, device and system for mutual authentication between terminal and intelligent card
CN102118503A (en) Data protection method, device and terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant