[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN111935119B - Data encryption authentication method and data encryption authentication system - Google Patents

Data encryption authentication method and data encryption authentication system Download PDF

Info

Publication number
CN111935119B
CN111935119B CN202010759113.5A CN202010759113A CN111935119B CN 111935119 B CN111935119 B CN 111935119B CN 202010759113 A CN202010759113 A CN 202010759113A CN 111935119 B CN111935119 B CN 111935119B
Authority
CN
China
Prior art keywords
encryption
authentication
identity authentication
selection module
code stream
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010759113.5A
Other languages
Chinese (zh)
Other versions
CN111935119A (en
Inventor
厚娇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Anlu Information Technology Co ltd
Original Assignee
Shanghai Anlu Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Anlu Information Technology Co ltd filed Critical Shanghai Anlu Information Technology Co ltd
Priority to CN202010759113.5A priority Critical patent/CN111935119B/en
Publication of CN111935119A publication Critical patent/CN111935119A/en
Application granted granted Critical
Publication of CN111935119B publication Critical patent/CN111935119B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a data encryption authentication method, which is applied to FPGA and comprises the steps of storing a decryption key into a one-time programmable memory when encryption is selected, encrypting an authentication key and storing the encrypted key into an encryption code stream when identity authentication is selected to generate the encryption code stream containing the identity authentication; the encryption is not selected, the authentication key is stored in the one-time programmable memory when the identity authentication is selected, and the code stream containing the identity authentication is generated, so that the one-time programmable memory can store keys with different functions, the authentication key is protected without an additional circuit when only the identity authentication is performed, the occupation of FPGA resources is reduced, and the utilization rate of the one-time programmable memory is improved. The invention also provides a data encryption authentication system for realizing the data encryption authentication method.

Description

Data encryption authentication method and data encryption authentication system
Technical Field
The invention relates to the technical field of FPGA (field programmable gate array), in particular to a data encryption authentication method and a data encryption authentication system.
Background
A Field Programmable Gate Array (FPGA) generally protects data by embedding an AES decryption engine and HMAC authentication, where a decryption key of the AES and an authentication key of the HMAC are key to prevent others from cloning or modifying data in the FPGA.
In order to protect the security of the decryption key and the authentication key, the decryption key and the authentication key are usually stored in a one-time programmable memory inside the FPGA, and the one-time programmable memory can be written once, so that the one-time programmable memory cannot be read from the outside. However, the capacity of the one-time programmable memory is limited, the one-time programmable memory cannot selectively store a decryption key and an authentication key, the utilization rate of the one-time programmable memory is low, and when only HMAC authentication is performed, an extra circuit is used to encrypt the authentication key, which not only occupies extra resources of the FPGA, but also has low security.
Chinese patent publication No. CN110896396A discloses an authentication circuit, an electronic system including the authentication circuit, and a method of forming a network, and provides an authentication circuit, an electronic system including the authentication circuit, and a method of forming a network. The electronic system includes a plurality of hardware devices and an authentication circuit. The authentication circuit is integrated with the plurality of hardware devices as fixed hardware in an electronic system during a manufacturing process of the electronic system, the authentication circuit configured to verify a system integrity based on a system identification code provided by at least one of the plurality of hardware devices from an interior of the electronic system, the system integrity indicating that a combination of the authentication circuit and the plurality of hardware devices has not been modified since the manufacturing process, the authentication circuit configured to perform a mining operation only in response to the system integrity passing verification to generate a next tile to be linked to a tile chain. The possibility of wanting to dig competition can be prevented or reduced. The one-time programmable memory cannot selectively store a decryption key and an authentication key, and the utilization rate of the one-time programmable memory is low.
Chinese patent publication No. CN107925574A discloses secure programming of secret data, the method comprising providing an apparatus comprising a secure element connected to a non-volatile memory, the non-volatile memory including a first encryption key stored therein; the secure element decrypting and authenticating the first secret data using the first encryption key to form second secret data; the actual value of the first encryption key is then rendered unreadable. The non-volatile memory is a one-time programmable memory, a decryption key and an authentication key cannot be selectively stored, and the utilization rate of the one-time programmable memory is low.
Therefore, there is a need to provide a new data encryption authentication method and a new data encryption authentication system to solve the above problems in the prior art.
Disclosure of Invention
The invention aims to provide a data encryption authentication method and a data encryption authentication system, which improve the utilization rate of a one-time programmable memory and reduce the occupation of extra resources of an FPGA.
In order to achieve the above object, the data encryption authentication method of the present invention is applied to an FPGA, and includes the following steps:
when the encryption is selected, the decryption key is stored in the one-time programmable memory, and when the identity authentication is selected, the authentication key is encrypted and stored in the encryption code stream to generate the encryption code stream containing the identity authentication;
and selecting not to encrypt, storing the authentication key into the one-time programmable memory when selecting to authenticate the identity, and generating a code stream containing identity authentication.
The invention has the beneficial effects that: when the encryption is selected, the decryption key is stored in the one-time programmable memory, the encryption is not selected, and when the identity authentication is selected, the authentication key is stored in the one-time programmable memory, so that the one-time programmable memory can store keys with different functions, the utilization rate of the one-time programmable memory is improved, the authentication key is protected without an additional circuit when only the identity authentication is performed, the occupation of FPGA resources is reduced, and the safety is improved.
Preferably, the data encryption authentication method further includes the steps of:
when the encryption is selected, the decryption key is stored in the one-time programmable memory, and when the identity authentication is not selected, the encryption code stream without the identity authentication is directly generated. The beneficial effects are that: the security of the decryption key is ensured.
Preferably, the data encryption authentication method further includes the steps of:
and when the encryption and the identity authentication are not selected, directly generating a code stream without the identity authentication. The beneficial effects are that: and the functional code stream can be generated simply and effectively.
Preferably, the encryption employs a symmetric encryption algorithm. The beneficial effects are that: the calculation amount is small, the encryption speed is high, and the efficiency is high.
Further preferably, the symmetric encryption algorithm is any one of 128-bit advanced encryption standard, 192-bit advanced encryption standard, or 256-bit advanced encryption standard.
Preferably, the encryption employs the SM4 algorithm.
Preferably, the identity authentication adopts a hash operation message authentication code. The beneficial effects are that: the Hash operation message authentication code has the characteristics of non-reversibility, tamper resistance and uniqueness, and improves the safety.
The invention also provides a data encryption and authentication system, which comprises a first selection module, a second selection module, an encryption module, an identity authentication module and a one-time programmable memory, wherein the first selection module is connected with the encryption module, the second selection module is connected with the identity authentication module, the encryption module and the identity authentication module are also connected with the one-time programmable memory, the first selection module is used for selecting whether to encrypt or not, and when encryption is selected, a decryption key is stored in the one-time programmable memory; the second selection module is used for selecting whether to perform identity authentication or not, and when the first selection module selects not to perform encryption and the second selection module selects to perform identity authentication, the second selection module stores an authentication key into the one-time programmable memory; the encryption module is used for encrypting the authentication key and storing the authentication key in an encryption code stream to generate an encryption code stream containing identity authentication when the first selection module selects to encrypt and the second selection module selects to authenticate, and is also used for encrypting data to be processed to generate an encryption code stream not containing identity authentication when the first selection module selects to encrypt and the second selection module selects not to authenticate; the identity authentication module is used for performing identity authentication on the data to be processed to generate a code stream containing identity authentication when the first selection module selects not to perform encryption and the second selection module selects to perform identity authentication, and is also used for performing identity authentication on the data to be processed to generate an encrypted code stream containing identity authentication when the first selection module selects to perform encryption and the second selection module selects to perform identity authentication; the one-time programmable memory is used for storing a decryption key or the authentication key.
The data encryption authentication system has the beneficial effects that: the one-time programmable memory is used for storing a decryption key or an authentication key, so that the utilization rate of the one-time programmable memory is improved, an additional circuit is not needed to protect the authentication key when only identity authentication is carried out, occupation of FPGA resources is reduced, and safety is improved.
Drawings
FIG. 1 is a block diagram of a data encryption authentication system according to the present invention;
fig. 2 is a flow chart of a data encryption authentication method according to some embodiments of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention. Unless defined otherwise, technical or scientific terms used herein shall have the ordinary meaning as understood by one of ordinary skill in the art to which this invention belongs. As used herein, the word "comprising" and similar words are intended to mean that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items.
In order to solve the problems in the prior art, an embodiment of the present invention provides a data encryption authentication system, and referring to fig. 1, the data encryption authentication system 10 includes a first selection module 11, a second selection module 12, an encryption module 13, an identity authentication module 14, and a one-time programmable memory 15. Wherein the one-time programmable memory 15 is an eFuse named english name.
Referring to fig. 1, the first selection module 11 is connected to the encryption module 13, the second selection module 12 is connected to the identity authentication module 14, the encryption module 13 is connected to the identity authentication module 14, and both the encryption module 13 and the identity authentication module 14 are connected to the otp memory 15.
Referring to fig. 1, the first selection module 11 is configured to select whether to perform encryption, and when the encryption is selected, store a decryption key in the otp memory 15;
the second selection module 12 is configured to select whether to perform identity authentication, and when the first selection module 11 selects not to perform encryption and the second selection module 12 selects to perform identity authentication, the second selection module 12 stores an authentication key in the otp memory 15;
the encryption module 13 is configured to encrypt the authentication key and store the encrypted key in an encryption code stream to generate an encryption code stream including identity authentication when the first selection module 11 selects to encrypt and the second selection module 23 selects to perform identity authentication, and is further configured to encrypt the data to be processed to generate an encryption code stream not including identity authentication when the first selection module 11 selects to encrypt and the second selection module 12 selects not to perform identity authentication;
the identity authentication module 14 is configured to perform identity authentication on the data to be processed to generate a code stream including identity authentication when the first selection module 11 selects not to perform encryption and the second selection module 12 selects to perform identity authentication, and is further configured to perform identity authentication on the data to be processed to generate an encrypted code stream including identity authentication when the first selection module 11 selects to perform encryption and the second selection module 12 selects to perform identity authentication;
the one-time programmable memory 15 is used for the storage of the decryption key or the authentication key.
Some embodiments of the present invention provide a data encryption authentication method, which is applied to an FPGA, and includes the following steps:
when the encryption is selected, the decryption key is stored in the one-time programmable memory, and when the identity authentication is selected, the authentication key is encrypted and stored in the encryption code stream to generate the encryption code stream containing the identity authentication;
and selecting not to encrypt, storing the authentication key into the one-time programmable memory when selecting to authenticate the identity, and generating a code stream containing identity authentication.
In some embodiments of the present invention, the data encryption authentication method further includes the following steps: when the encryption is selected, the decryption key is stored in the one-time programmable memory, and when the identity authentication is not selected, the encryption code stream without the identity authentication is directly generated.
In some embodiments of the present invention, the data encryption authentication method further includes the following steps: and when the encryption and the identity authentication are not selected, directly generating a code stream without the identity authentication.
In some embodiments of the invention, the encryption employs a symmetric encryption algorithm.
In some embodiments of the invention, the symmetric encryption algorithm is any one of 128-bit advanced encryption standard, 192-bit advanced encryption standard, or 256-bit advanced encryption standard.
In further embodiments of the present invention, the encryption uses the SM4 algorithm.
In some embodiments of the present invention, the identity Authentication uses a Hash-based Message Authentication Code (HMAC). Specifically, the hash operation message authentication code is constructed by any one of secure hash algorithm 1(SHA-1), secure hash algorithm 224(SHA-224), secure hash algorithm 256(SHA-256), secure hash algorithm 384(SHA-384), and secure hash algorithm 512 (SHA-512).
Specifically, referring to fig. 1 and fig. 2, the first selection module 11 selects whether to use Advanced Encryption Standard (AES) for data Encryption, and if so, stores a decryption key in the one-time programmable memory 15, and then the second selection module 12 selects whether to use a hash operation message authentication code for identity authentication, and if so, the Encryption module 13 encrypts the authentication key using the Advanced Encryption Standard and stores the encrypted key in an Encryption code stream to generate an Encryption code stream including identity authentication, and if not, the Encryption module 13 encrypts the data to be processed to generate an Encryption code stream not including identity authentication;
if the data encryption is not selected, the second selection module 12 selects whether to perform identity authentication by using a hash operation message authentication code, if the identity authentication is selected, the authentication key is stored in the one-time programmable memory 15, then the identity authentication module 14 performs identity authentication on the data to be processed to generate a code stream containing the identity authentication, if the identity authentication is not selected, the encryption module 13 and the identity authentication module 14 do not process the data to be processed, and the encryption module 13 directly outputs the data to be processed, namely the code stream containing no identity authentication.
Although the embodiments of the present invention have been described in detail hereinabove, it is apparent to those skilled in the art that various modifications and variations can be made to these embodiments. However, it is to be understood that such modifications and variations are within the scope and spirit of the present invention as set forth in the following claims. Moreover, the invention as described herein is capable of other embodiments and of being practiced or of being carried out in various ways.

Claims (5)

1. A data encryption authentication method is applied to FPGA and is characterized by comprising the following steps:
when the encryption is selected, the decryption key is stored in the one-time programmable memory, and when the identity authentication is selected, the authentication key is encrypted and stored in the encryption code stream to generate the encryption code stream containing the identity authentication;
when the encryption is selected, the decryption key is stored in the one-time programmable memory, and when the identity authentication is not selected, the encryption code stream without the identity authentication is directly generated;
selecting not to encrypt, storing an authentication key into a one-time programmable memory when selecting identity authentication, and generating a code stream containing identity authentication;
and when the encryption and the identity authentication are not selected, directly generating a code stream without the identity authentication, wherein the encryption adopts a symmetric encryption algorithm.
2. The data encryption authentication method according to claim 1, wherein the symmetric encryption algorithm is any one of 128-bit advanced encryption standard, 192-bit advanced encryption standard, or 256-bit advanced encryption standard.
3. The data encryption authentication method according to claim 1, wherein the encryption employs an SM4 algorithm.
4. The data encryption authentication method according to claim 1, wherein the identity authentication employs a hash operation message authentication code.
5. A data encryption authentication system for realizing the data encryption authentication method of any one of claims 1 to 4, the data encryption authentication system comprises a first selection module, a second selection module, an encryption module, an identity authentication module and a one-time programmable memory, the first selection module is connected with the encryption module, the second selection module is connected with the identity authentication module, the encryption module and the identity authentication module are both connected with the one-time programmable memory,
the first selection module is used for selecting whether to encrypt or not, and storing a decryption key into the one-time programmable memory when encryption is selected;
the second selection module is used for selecting whether to perform identity authentication or not, and when the first selection module selects not to perform encryption and the second selection module selects to perform identity authentication, the second selection module stores an authentication key into the one-time programmable memory;
the encryption module is used for encrypting the authentication key and storing the authentication key in an encryption code stream to generate an encryption code stream containing identity authentication when the first selection module selects to encrypt and the second selection module selects to authenticate, and is also used for encrypting data to be processed to generate an encryption code stream not containing identity authentication when the first selection module selects to encrypt and the second selection module selects not to authenticate, wherein the encryption adopts a symmetric encryption algorithm;
the identity authentication module is used for performing identity authentication on the data to be processed to generate a code stream containing identity authentication when the first selection module selects not to perform encryption and the second selection module selects to perform identity authentication, and is also used for performing identity authentication on the data to be processed to generate an encrypted code stream containing identity authentication when the first selection module selects to perform encryption and the second selection module selects to perform identity authentication;
the one-time programmable memory is used for storing a decryption key or the authentication key.
CN202010759113.5A 2020-07-31 2020-07-31 Data encryption authentication method and data encryption authentication system Active CN111935119B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010759113.5A CN111935119B (en) 2020-07-31 2020-07-31 Data encryption authentication method and data encryption authentication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010759113.5A CN111935119B (en) 2020-07-31 2020-07-31 Data encryption authentication method and data encryption authentication system

Publications (2)

Publication Number Publication Date
CN111935119A CN111935119A (en) 2020-11-13
CN111935119B true CN111935119B (en) 2021-06-18

Family

ID=73315049

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010759113.5A Active CN111935119B (en) 2020-07-31 2020-07-31 Data encryption authentication method and data encryption authentication system

Country Status (1)

Country Link
CN (1) CN111935119B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113158212A (en) * 2021-04-23 2021-07-23 深圳前海华兆新能源有限公司 Distributed database security authentication method based on block chain technology

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102083055A (en) * 2009-11-27 2011-06-01 乐金电子(中国)研究开发中心有限公司 IMEI (International Mobile Equipment Identity) authentication method, IMEI-protecting mobile communication terminal and initializing device thereof
CN105052072A (en) * 2012-12-28 2015-11-11 威斯科数据安全国际有限公司 Remote authentication and transaction signatures
US9208357B1 (en) * 2005-01-25 2015-12-08 Altera Corporation FPGA configuration bitstream protection using multiple keys
CN106168931A (en) * 2015-05-18 2016-11-30 阿尔特拉公司 There is the safe RAM block of multiple subregion
CN106295414A (en) * 2016-08-09 2017-01-04 复旦大学 With subregion write-protect and the nonvolatile memory of guard bit disorder processing and write operation method thereof
CN209642682U (en) * 2019-06-19 2019-11-15 上海安路信息科技有限公司 The ciphering and deciphering device of FPGA

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7675313B1 (en) * 2006-08-03 2010-03-09 Lattice Semiconductor Corporation Methods and systems for storing a security key using programmable fuses
US10771448B2 (en) * 2012-08-10 2020-09-08 Cryptography Research, Inc. Secure feature and key management in integrated circuits
CN110020515A (en) * 2019-03-29 2019-07-16 联想(北京)有限公司 Data guard method, data protecting device, electronic equipment and medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9208357B1 (en) * 2005-01-25 2015-12-08 Altera Corporation FPGA configuration bitstream protection using multiple keys
CN102083055A (en) * 2009-11-27 2011-06-01 乐金电子(中国)研究开发中心有限公司 IMEI (International Mobile Equipment Identity) authentication method, IMEI-protecting mobile communication terminal and initializing device thereof
CN105052072A (en) * 2012-12-28 2015-11-11 威斯科数据安全国际有限公司 Remote authentication and transaction signatures
CN106168931A (en) * 2015-05-18 2016-11-30 阿尔特拉公司 There is the safe RAM block of multiple subregion
CN106295414A (en) * 2016-08-09 2017-01-04 复旦大学 With subregion write-protect and the nonvolatile memory of guard bit disorder processing and write operation method thereof
CN209642682U (en) * 2019-06-19 2019-11-15 上海安路信息科技有限公司 The ciphering and deciphering device of FPGA

Also Published As

Publication number Publication date
CN111935119A (en) 2020-11-13

Similar Documents

Publication Publication Date Title
US9043610B2 (en) Systems and methods for data security
US8443203B2 (en) Secure boot method and semiconductor memory system using the method
US20200106600A1 (en) Progressive key encryption algorithm
US11308241B2 (en) Security data generation based upon software unreadable registers
US9703945B2 (en) Secured computing system with asynchronous authentication
US20170126414A1 (en) Database-less authentication with physically unclonable functions
US8687813B2 (en) Methods circuits devices and systems for provisioning of cryptographic data to one or more electronic devices
CN111586076B (en) Remote control and telemetry information tamper-proof encryption and decryption method and system based on mixed password
US20150256343A1 (en) Securely Generating and Storing Passwords in a Computer System
CN103914662A (en) Access control method and device of file encrypting system on the basis of partitions
US20100011221A1 (en) Secured storage device with two-stage symmetric-key algorithm
CN106549756B (en) A kind of method and device of encryption
CN108920984B (en) Prevent cloning and falsify safe SSD main control chip
US20070014398A1 (en) Generating a secret key from an asymmetric private key
CN111935119B (en) Data encryption authentication method and data encryption authentication system
US9076002B2 (en) Stored authorization status for cryptographic operations
CN112241523B (en) Method for authenticating startup identity of embedded computer
CN106408069A (en) User's data writing and reading method and system for EPC cards
WO2018114574A1 (en) Method for secure management of secrets in a hierarchical multi-tenant environment
CN110610079A (en) Safe starting method, device and system
CN114297673A (en) Password verification method, solid state disk and upper computer
CN114761957A (en) Apparatus and method for controlling access to data stored in untrusted memory
CN113297546A (en) Code protection method and device for composite encryption
US11799662B2 (en) Efficient data item authentication
EP3930254B1 (en) Method for setting permissions for cryptographic keys, computer program and cryptographic processing system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 200434 Room 202, building 5, No. 500, Memorial Road, Hongkou District, Shanghai

Applicant after: Shanghai Anlu Information Technology Co.,Ltd.

Address before: Room 501-504, building 9, Pudong Software Park, 498 GuoShouJing Road, Pudong New Area, Shanghai, 201203

Applicant before: SHANGHAI ANLOGIC INFORMATION TECHNOLOGY Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant