CN101308537B - Method for generating key for encryption and decryption in computer apparatus and using the same - Google Patents
Method for generating key for encryption and decryption in computer apparatus and using the same Download PDFInfo
- Publication number
- CN101308537B CN101308537B CN2007101070567A CN200710107056A CN101308537B CN 101308537 B CN101308537 B CN 101308537B CN 2007101070567 A CN2007101070567 A CN 2007101070567A CN 200710107056 A CN200710107056 A CN 200710107056A CN 101308537 B CN101308537 B CN 101308537B
- Authority
- CN
- China
- Prior art keywords
- mentioned
- computer apparatus
- user
- voucher
- golden key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a method which generates an encryption and decryption key in a computer device and a method for using the encryption and decryption key, comprising the following steps: firstly, inputting a password and asking to establish a user certificate; secondly, processing a device key with the inputted password to generate the user certificate, wherein, the device key is established based on the information depending on the computer device in a non-volatile storage device.
Description
Technical field
The technical field that the present invention encrypts about archives refers to a kind of method that produces encryption and decryption gold key and use this encryption and decryption gold key in computer apparatus especially.
Background technology
The use of computer is very general now; and make that information flow is more and more convenient; yet; it faces the problem how the data file safe enough that is stored in the computer apparatus is provided; therefore general computer apparatus all can provide the function with the cryptoguard data file, with the security of protected data.
And in computer apparatus in the function with the security of cryptoguard data file; setting up password on their own with the user again is the most general protection mechanism; Figure 1 shows that and input the synoptic diagram that password comes protected data file 11 with the user in the computer apparatus now; the original data file 11 execution cryptographic calculations of data encrypting and deciphering key pair that wherein use a cryptographic algorithm to obtain as index with this password and user's number of the account; and produce a ciphered data file 12; the user is as desiring this ciphered data file 12 of access; then correct password need be inputed, these ciphered data file 12 deciphering original data file 12 could be.
Above-mentioned mechanism with the cryptoguard data file is by inputing correct password to obtain the required information of encryption and decryption; because these passwords or the needed private information of encryption and decryption are had in the end and be stored among the rigid disk of computer most; so more or less freelyly cracked, and the usability of program fragments of carrying out authentication password is also cracked by the mode of visiting internal memory easily by acquisition.
So how effectively the data file of protection in computer apparatus to promote the security of computer data, is the problem of needing solution badly in fact.
Summary of the invention
The object of the present invention is to provide a kind of method that in computer apparatus, produces encryption and decryption gold key and use this encryption and decryption gold key, to reach the purpose of strengthening information protection.
According to a characteristic of the present invention, a kind of method that produces encryption and decryption gold key in computer apparatus is proposed, above-mentioned computer apparatus has a non-volatile storage, above-mentioned non-volatile storage stores the information that depends upon above-mentioned computer apparatus, it is characterized in that above-mentioned method comprises step:
(A) input one password, and user's voucher is set up in request; And
(B) come to handle with the password of above-mentioned input by the golden key of a device, to produce above-mentioned user's voucher, wherein above-mentioned device gold key is set up with the information that depends upon computer apparatus in the above-mentioned non-volatile storage.
Wherein above-mentioned non-volatile storage is a BIOS chip.
Wherein in step (B), the above-mentioned information that depends upon above-mentioned computer apparatus comprises network card number and the processor sequence number that is stored in the above-mentioned BIOS chip.
In step (A), be to send by an ACPI core schema driver by an application program to ask, and above-mentioned user's voucher is set up in request wherein to above-mentioned BIOS chip.
Wherein in step (B), above-mentioned user's voucher is stored in the hard disk of above-mentioned computer apparatus.
Wherein in step (B), the reversible that is treated to a displacement letter formula that produces above-mentioned user's voucher is handled.
The invention provides a kind of method of in computer apparatus, using encryption and decryption gold key, above-mentioned computer apparatus has a non-volatile storage, above-mentioned non-volatile storage stores the information that depends upon above-mentioned computer apparatus, above-mentioned computer apparatus provides first password and device user's voucher that golden key produced by user's input, wherein above-mentioned device gold key is set up with the information that depends upon computer apparatus in the above-mentioned non-volatile storage, it is characterized in that above-mentioned method comprises step:
(A) obtain above-mentioned user's voucher;
(B) input one second input password;
(C) calculate first password in user's voucher with above-mentioned device gold key and user's voucher; And
(D) check whether second password of above-mentioned input conforms to first password in user's voucher, if then carry out encryption and decryption with second password of importing.
Wherein, above-mentioned non-volatile storage is a BIOS chip.
Wherein, the above-mentioned information that depends upon above-mentioned computer apparatus comprises network card number and the processor sequence number that is stored in the above-mentioned BIOS chip.
In step (A), be to send by an ACPI core schema driver by an application program to ask extremely above-mentioned BIOS chip wherein to obtain above-mentioned user's voucher.
Beneficial effect of the present invention is: utilize existing soft, nextport hardware component NextPort combination in the computer apparatus; with the password of user input and add, decipher required private information and be stored among the non-volatile storage by system firmware; because this non-volatile storage easily by any spiteful invasion or trojan horse program access, therefore can reach the purpose of strengthening information protection unlike hard drives.And owing to add, decipher required private information and be relevant to specific hardware, tackled, duplicated then the private information in the specific hardware for want of and can't be deciphered as if the archives of this encryption.In addition, responsive usability of program fragments such as authentication password is also transferred to system firmware and is responsible for, and significantly reduces by visiting the chance that internal memory is cracked.And non-volatile storage of wanting required for the present invention and system firmware are device indispensable in the computer apparatus now, so the present invention only needs by the software support, and do not need to install additional extra chip or other hardware unit.
Description of drawings
For further specifying concrete technology contents of the present invention, below in conjunction with embodiment and accompanying drawing describes in detail as after, wherein:
Fig. 1 inputs the synoptic diagram that password comes the protected data file in the known computer apparatus with the user.
Fig. 2 carries out according to generation encryption and decryption of the present invention gold key and uses the synoptic diagram of computer apparatus of the method for this encryption and decryption gold key.
Fig. 3 shows the flow process that produces the method for encryption and decryption gold key according to of the present invention in computer apparatus.
Fig. 4 shows the flow process of using the method for encryption and decryption gold key according to of the present invention in computer apparatus.
Embodiment
Below by particular specific embodiment explanation embodiments of the present invention, make this invention technical field tool know that usually the knowledgeable can understand other advantage of the present invention and effect easily by the content that this instructions disclosed.
The relevant method that in computer apparatus, produces encryption and decryption gold key and use this encryption and decryption gold key of the present invention, reference earlier Figure 2 shows that the synoptic diagram of the computer apparatus of the method for carrying out this generation encryption and decryption gold key and using this encryption and decryption gold key, as shown in the figure, have a processor 21, an input media 22, a non-volatile storage 23, a storage device 24, a north bridge chips 25, a South Bridge chip 26, one super I/O chip 27, an and hard disk 28 in the computer apparatus.Above-mentioned processor 21 is the s operation control center of computer apparatus, in order to executive system routine and application program and the function of various kinds data processing is provided.Above-mentioned north bridge chips 25 is coupled to processor 21, storage device 24, and South Bridge chip 26 respectively, gets in touch, controls control, and and the data transmission of this South Bridge chip 26 etc. of read-write, the bus of internal memory 24 with operation and processor 21.Above-mentioned South Bridge chip 26 is coupled to non-volatile storage 23 and super I/O chip 27 respectively, and couples by north bridge chips 25 and processor 21, and South Bridge chip 44 is responsible for the communication of super I/O chip 27 and peripherals etc.Above-mentioned super I/O chip 27 couples this input media 22 and hard disk 28, so that the function of output and input to be provided.
Please refer to and Figure 3 shows that the process flow diagram that in computer apparatus, produces the method for encryption and decryption gold key of the present invention, it at first passes through an ACPI (ACPI by application program 241, AdvancedConfiguration and Power Interface) core schema driver 2421 send ask to the system firmware of Basic Input or Output System (BIOS) 231 to set up user's voucher (step S301), request package wherein contains the password of user's input.After the system firmware of Basic Input or Output System (BIOS) 231 is received this request, come to handle to produce this user's voucher (step S302) by the golden key Vkey of a device with the password of user's input, the processing that wherein produces this user's voucher for example is that the reversible of displacement (shift) letter formula is handled, and this device gold key Vkey is set up with the information that depends upon computer apparatus in the non-volatile storage 23, for example information such as network card number stored in the Basic Input or Output System (BIOS) 231 and processor sequence number are produced this through functional operation and install golden key Vkey, or producing this with time stamp (time stamp) or other information that depends upon computer apparatus through functional operation installs golden key Vkey, and because the singularity of this network card number and processor sequence number, so the device that is produced gold key Vkey also has singularity.The aforementioned user's voucher that produces is stored in the hard disk 28.
Please refer to the method for in computer apparatus, using encryption and decryption gold key of the present invention that Figure 4 shows that again, it is in order to encrypt or to decipher a data file 243, at first by application program 241 by ACPI core schema driver 2421 send ask to the system firmware of Basic Input or Output System (BIOS) 231 obtaining the resulting user's voucher of method (step S401) of aforementioned generation encryption and decryption gold key, and require the user to input password ' (step S402).Then, the system firmware of Basic Input or Output System (BIOS) 231 is calculated password in user's voucher to install golden key Vkey and user's voucher, and check this input password ' with user's voucher in password whether conform to (step S403), if, then can install golden key Vkey with the reduction of the gold of the data encrypting and deciphering in user's voucher key, and complete successfully encryption and decryption with this data encrypting and deciphering gold key.
By above-mentioned explanation as can be known; the present invention utilizes existing soft, nextport hardware component NextPort combination in the computer apparatus; with the password of user input and add, decipher required private information and be stored among the non-volatile storage by system firmware; because this non-volatile storage easily by any spiteful invasion or trojan horse program access, therefore can reach the purpose of strengthening information protection unlike hard drives.And owing to add, decipher required private information and be relevant to specific hardware, tackled, duplicated then the private information in the specific hardware for want of and can't be deciphered as if the archives of this encryption.In addition, responsive usability of program fragments such as authentication password is also transferred to system firmware and is responsible for, and significantly reduces by visiting the chance that internal memory is cracked.And non-volatile storage of wanting required for the present invention and system firmware are device indispensable in the computer apparatus now, so the present invention only needs by the software support, and do not need to install additional extra chip or other hardware unit.
The foregoing description is only given an example for convenience of description, and the interest field that the present invention advocated should be as the criterion so that claims are described certainly, but not only limits to the foregoing description.
Claims (9)
1. method that in computer apparatus, produces golden key, above-mentioned golden key is in order to the data file encryption and decryption in the above-mentioned computer apparatus, above-mentioned computer apparatus has a non-volatile memory device, above-mentioned volatile memory device storing physical has the information that depends upon above-mentioned computer apparatus, it is characterized in that above-mentioned method comprises step:
(A) input one password, and user's voucher is set up in request; And
(B) come to handle by the golden key of a device with the password of above-mentioned input, to produce above-mentioned user's voucher, above-mentioned user's voucher is stored in the hard disk of above-mentioned computer apparatus, comprise above-mentioned golden key in above-mentioned user's voucher, wherein above-mentioned device gold key is set up with the information that depends upon computer apparatus in the above-mentioned non-volatile memory device.
2. the method that produces golden key in computer apparatus according to claim 1 is characterized in that wherein above-mentioned non-volatile memory device is a BIOS chip.
3. the method that in computer apparatus, produces golden key according to claim 2, it is characterized in that, wherein in step (B), the above-mentioned information that depends upon above-mentioned computer apparatus comprises network card number and the processor sequence number that is stored in the above-mentioned BIOS chip.
4. the method that in computer apparatus, produces golden key according to claim 2, it is characterized in that, wherein in step (A), be to send by an ACPI core schema driver by an application program to ask, and above-mentioned user's voucher is set up in request to above-mentioned BIOS chip.
5. the method that produces golden key in computer apparatus according to claim 1 is characterized in that, wherein in step (B), the reversible that is treated to a displacement letter formula that produces above-mentioned user's voucher is handled.
6. method of in computer apparatus, using golden key, above-mentioned golden key is in order to the data file encryption and decryption in the above-mentioned computer apparatus, above-mentioned computer apparatus has a non-volatile memory device, above-mentioned volatile memory device storing physical has the information that depends upon above-mentioned computer apparatus, above-mentioned computer apparatus provides first password and device user's voucher that golden key produced by user's input, above-mentioned user's voucher is stored in the hard disk of above-mentioned computer apparatus, comprise above-mentioned golden key in above-mentioned user's voucher, wherein above-mentioned device gold key is set up with the above-mentioned information that depends upon computer apparatus in the above-mentioned non-volatile memory device, it is characterized in that above-mentioned method comprises step:
(A) obtain above-mentioned user's voucher;
(B) input one second password;
(C) calculate first password in user's voucher with above-mentioned device gold key and user's voucher; And
(D) check whether second password of above-mentioned input conforms to first password in user's voucher, if then the golden key in above-mentioned user's voucher is reduced, and carry out encryption and decryption with above-mentioned golden key with above-mentioned device gold key.
7. the method for using golden key in computer apparatus according to claim 6 is characterized in that wherein, above-mentioned non-volatile memory device is a BIOS chip.
8. the method for in computer apparatus, using golden key according to claim 7, it is characterized in that, wherein, the above-mentioned information that depends upon above-mentioned computer apparatus comprises network card number and the processor sequence number that is stored in the above-mentioned BIOS chip.
9. the method for in computer apparatus, using golden key according to claim 8, it is characterized in that, in step (A), be to send by an ACPI core schema driver by an application program to ask extremely above-mentioned BIOS chip wherein to obtain above-mentioned user's voucher.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2007101070567A CN101308537B (en) | 2007-05-18 | 2007-05-18 | Method for generating key for encryption and decryption in computer apparatus and using the same |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2007101070567A CN101308537B (en) | 2007-05-18 | 2007-05-18 | Method for generating key for encryption and decryption in computer apparatus and using the same |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101308537A CN101308537A (en) | 2008-11-19 |
CN101308537B true CN101308537B (en) | 2011-05-11 |
Family
ID=40124985
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2007101070567A Active CN101308537B (en) | 2007-05-18 | 2007-05-18 | Method for generating key for encryption and decryption in computer apparatus and using the same |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101308537B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1447269A (en) * | 2003-04-10 | 2003-10-08 | 深圳市深信服电子科技有限公司 | Certificate authentication system and method based on hardware characteristics |
CN1746807A (en) * | 2005-09-29 | 2006-03-15 | 浪潮电子信息产业股份有限公司 | Anti-fogery method of parts of famous-brand computer |
CN1752884A (en) * | 2005-08-25 | 2006-03-29 | 深圳市研祥智能科技股份有限公司 | Computer encryption device and its encryption method |
-
2007
- 2007-05-18 CN CN2007101070567A patent/CN101308537B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1447269A (en) * | 2003-04-10 | 2003-10-08 | 深圳市深信服电子科技有限公司 | Certificate authentication system and method based on hardware characteristics |
CN1752884A (en) * | 2005-08-25 | 2006-03-29 | 深圳市研祥智能科技股份有限公司 | Computer encryption device and its encryption method |
CN1746807A (en) * | 2005-09-29 | 2006-03-15 | 浪潮电子信息产业股份有限公司 | Anti-fogery method of parts of famous-brand computer |
Also Published As
Publication number | Publication date |
---|---|
CN101308537A (en) | 2008-11-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6094486A (en) | Security apparatus for data transmission with dynamic random encryption | |
JP4615601B2 (en) | Computer security system and computer security method | |
CN101241527B (en) | System and method for ordinary authentication | |
CN101196855B (en) | Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method | |
US7366916B2 (en) | Method and apparatus for an encrypting keyboard | |
CN107408175B (en) | Challenge response authentication for self-encryption driven | |
US7861015B2 (en) | USB apparatus and control method therein | |
CN101551784B (en) | Method and device for encrypting data in ATA memory device with USB interface | |
US20130156195A1 (en) | Method of obtaining a main key from a memory device, method of generating authentication information for a memory device, an external device and system icluding the external device | |
CN102947836B (en) | Memory device, main process equipment and use dual encryption scheme transmit the method for password between the first and second memory devices | |
US20110126023A1 (en) | Systems And Methods For Data Security | |
US20210216616A1 (en) | Memory controller and storage device including the same | |
CN113383511B (en) | Recovery key for unlocking a data storage device | |
CN101345619A (en) | Electronic data protection method and device based on biological characteristic and mobile cryptographic key | |
CN101685425A (en) | Mobile storage device and method of encrypting same | |
US6236728B1 (en) | Security apparatus for data transmission with dynamic random encryption | |
CN113383335B (en) | Secure logging of data storage device events | |
CN102163267A (en) | Solid state disk as well as method and device for secure access control thereof | |
US8850227B1 (en) | Cryptographic operations using a key hierarchy | |
US20100011221A1 (en) | Secured storage device with two-stage symmetric-key algorithm | |
US20110107109A1 (en) | Storage system and method for managing data security thereof | |
WO2006004130B1 (en) | Data management method, program thereof, and program recording medium | |
CN110619237B (en) | Data storage method and device, computer equipment and storage medium | |
CN101883357A (en) | Method, device and system for mutual authentication between terminal and intelligent card | |
CN102118503A (en) | Data protection method, device and terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |