CN117195257A - Virtual disk-based software cryptographic module implementation method and software cryptographic module - Google Patents
Virtual disk-based software cryptographic module implementation method and software cryptographic module Download PDFInfo
- Publication number
- CN117195257A CN117195257A CN202311111300.2A CN202311111300A CN117195257A CN 117195257 A CN117195257 A CN 117195257A CN 202311111300 A CN202311111300 A CN 202311111300A CN 117195257 A CN117195257 A CN 117195257A
- Authority
- CN
- China
- Prior art keywords
- file
- virtual disk
- password
- disk
- partition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000005192 partition Methods 0.000 claims abstract description 74
- 238000000638 solvent extraction Methods 0.000 claims abstract description 4
- 238000012544 monitoring process Methods 0.000 claims description 16
- 238000004364 calculation method Methods 0.000 claims description 7
- 238000012545 processing Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 101100524589 Arabidopsis thaliana RH16 gene Proteins 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a software cryptographic module implementation method and a software cryptographic module based on a virtual disk, wherein the method comprises the steps of calling an API of the virtual disk and creating a virtual disk file; partitioning the virtual disk file, and creating a disk path of a non-letter driver number to hide the obtained disk partition; creating a password file and a unique password file identifier in the hidden disk partition, wherein the password file is protected by adopting a password file access password; receiving a call of a client to access a password file in the virtual disk file; according to the invention, the password file is stored on the virtual disk file, so that the user cannot directly access the password file, and the security of the key is improved compared with that of the traditional software password module.
Description
Technical Field
The invention relates to the technical field of computer security, in particular to a virtual disk-based software cryptographic module implementation method and a software cryptographic module.
Background
With the continuous development of information technology, various encryption algorithms are required to be used in a software system to ensure the security of information. However, due to the complexity of the algorithm and the limitations of the hardware devices, software systems often require the use of special encryption hardware devices to accomplish these encryption operations. Meanwhile, in order to facilitate the use of the encryption algorithm by the software developer, some software cryptographic modules are often developed, and the encryption algorithm is packaged into an API (Application Program Interface ) for the software developer to call. However, the security and reliability of these software cryptographic modules often become one of the main factors that restrict their wide application, and in conventional software cryptographic modules, since encryption operations are performed on a software level, they are easily cracked and attacked by attackers through various means. Therefore, it is desirable to provide a more secure and reliable software cryptographic module.
In the related art, patent application document with publication number CN114741706a proposes to use a hardware encryption technology, and by combining an encryption card driving interface, a LUKS driving module and a virtual disk file driving module in a QEMU, encryption and decryption protection of virtual disk data at a hardware level is realized, instead of encrypting and decrypting the data through a software module. The patent application document with publication number of CN112199724a is focused on solving the problem of internet software internet privacy protection, and the internet privacy is protected by creating an encryption partition and encryption and decryption operations, instead of improving the security of the software cryptographic module. The patent application document with publication number of CN103516722A mainly aims at realizing the real-time encryption and decryption of files in a memory, and the encryption and decryption operation in the memory is performed through a virtual disk, so that the privacy and the security of the files are improved, but the security of a password module is not improved.
Disclosure of Invention
The technical problem to be solved by the invention is how to improve the security of the software cryptographic module.
The invention solves the technical problems by the following technical means:
in one aspect, the invention provides a method for implementing a software cryptographic module based on a virtual disk, the method comprising:
calling a virtual disk API, and creating a virtual disk file;
partitioning the virtual disk file, and creating a disk path of a non-letter driver number to hide the obtained disk partition;
creating a password file and a unique password file identifier in the hidden disk partition, wherein the password file is protected by adopting a password file access password;
and receiving a call of the client to access the password file in the virtual disk file.
Further, after the calling the virtual disk API to create the virtual disk file, the method further includes:
and calling the virtual disk API, and mounting the virtual disk file on a disk drive of an operating system.
Further, before the calling the virtual disk API to create the virtual disk file, the method further includes:
and receiving the partition encryption key input by the client.
Further, the method further comprises:
encrypting the disk partition by using the partition encryption key;
accordingly, the encrypted disk partition is hidden using the created disk path of the non-alphanumeric drive number.
Further, the structure of the password file comprises an application table application, a container table container, a file data table file and a system parameter table sysparam;
the application table application stores application information, the container table container stores container information related to the application, the file data table file stores file information in the application, and the system parameter table sysparam stores system parameter information.
Further, the generation process of the password file access password comprises the following steps:
reading byte data of a set number of tail parts of the virtual disk files, wherein the byte data comprises VHD file marks, types, capacities and creation time stamps;
performing abstract calculation on the byte data by using an SM3HMac algorithm to obtain a byte abstract value;
and performing exclusive OR operation on the first half part and the second half part of the byte digest value to obtain the password file access password.
Further, the unique identification of the password file is obtained by splicing the universal unique identification code at the tail of the virtual disk file with the time stamp.
Further, the method further comprises:
monitoring the partition state and hidden attribute of the disk drive mount through a monitoring thread of a virtual disk;
and sending out error prompt information when the hidden disk partition is restored to normal or the disk partition is unloaded.
Further, the method further comprises:
and closing the monitoring thread when receiving the exit call information sent by the client, and locking partition access and unloading the virtual disk file.
In addition, the invention also provides a software cryptographic module, which comprises:
the virtual disk calling unit is used for calling the virtual disk API and creating a virtual disk file;
the partition hiding unit is used for carrying out partition processing on the virtual disk file, creating a disk path of a non-letter driver number and hiding the obtained disk partition;
the password file creating unit is used for creating a password file and a unique password file identifier in the hidden disk partition, wherein the password file is protected by adopting a password file access password;
and the access control unit is used for receiving the call of the client to access the password file in the virtual disk file.
The invention has the advantages that:
(1) According to the invention, the password file is stored on the virtual disk file, the virtual disk file is hidden, and can not be accessed directly by a user, and can only be accessed through the software password module, so that compared with the traditional software password module, the confidentiality and the overall security of a secret key are enhanced by utilizing the virtual disk technology and encryption operation, the security of the password module is improved, and the security of the password file is enhanced by encrypting, storing and hiding the virtual disk; the password operation of the software password module is completely carried out in the memory, no trace is generated on the disk, and the privacy of the password is improved; and the mode of using the virtual disk can flexibly select the storage equipment, so that the portability is improved.
(2) The scheme can be compatible with the conventional key interface specification, and improves the integration and universality of the system.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
FIG. 1 is a schematic flow chart of a method for implementing a software cryptographic module based on a virtual disk according to an embodiment of the present invention;
FIG. 2 is a diagram showing a password file structure according to an embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating a software cryptographic module according to an embodiment of the present invention;
fig. 4 is a schematic block diagram of a software cryptographic module implementation in an embodiment of the invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions in the embodiments of the present invention will be clearly and completely described in the following in conjunction with the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
As shown in fig. 1, an embodiment of the present invention discloses a method for implementing a software cryptographic module based on a virtual disk, which is applied to the software cryptographic module, and the method includes the following steps:
s10, calling a virtual disk API and creating a virtual disk file;
by using the system virtual disk API, a fixed-mode virtual disk VHD file is created according to default parameters under a system-specific path.
S20, partitioning the virtual disk file, and creating a disk path of a non-letter driver number to hide the obtained disk partition;
the system disk management API is used to calculate the size of a disk sector, set partition information, perform partition formatting, and perform partition processing on a virtual disk file to obtain a disk partition.
S30, creating a password file and a unique identifier of the password file in the hidden disk partition, wherein the password file is protected by adopting a password file access password;
it should be noted that, in this embodiment, the system virtual disk API is called to delete the default loading point for the created partition, and create a disk path with a non-alphabetical driver number, so as to hide the disk file.
S40, receiving a call of the client to access the password file in the virtual disk file.
According to the embodiment, the password file is stored on the virtual disk file, the virtual disk file is hidden, a user cannot directly access the password file, the password file can only be accessed through the software password module, and the security of the key is improved compared with that of the traditional software password module; the password operation of the software password module is completely carried out in the memory, no trace is generated on the disk, and the privacy of the password is improved; and the mode of using the virtual disk can flexibly select the storage equipment, so that the portability is improved.
In one embodiment, in the step S10: after calling the virtual disk API and creating the virtual disk file, the method further comprises the steps of:
and calling the virtual disk API, and mounting the virtual disk file on a disk drive of an operating system.
The virtual disk file is mounted on the disk drive of the operating system, so that the virtual disk file can be accessed through the disk drive of the operating system.
In one embodiment, in the step S10: the method further comprises the steps of, before calling the virtual disk API and creating the virtual disk file:
and receiving the partition encryption key input by the client.
It should be noted that, the application client runs with the identity of the administrator and invokes the access layer SDK initialization interface of the software cryptographic module, and the disk partition encryption key is transferred to the software cryptographic module.
In an embodiment, the method further comprises:
encrypting the disk partition by using the partition encryption key;
accordingly, the encrypted disk partition is hidden using the created disk path of the non-alphanumeric drive number.
It should be noted that, in this embodiment, the disk partition is encrypted by using the encryption key of the partition, so that the security of the key is further improved.
In one embodiment, as shown in fig. 2, the structure of the password file includes application table application, container table container, file data table file and system parameter table sysparam;
the application table application stores application information, the container table container stores container information related to the application, the file data table file stores file information in the application, and the system parameter table sysparam stores system parameter information.
Further, the application table (a 'applicatino') is used for storing relevant application information, and specific parameters include:
an (application primary key), an (app_name) of an (application name), an (administrator password), an (admin_pin_retry_count) of an (administrator password maximum retry number), an (administrator password current error number), user_pin_window_rights, lock_window (application right), and a lock (application lock flag).
The container table (carrier) stores container information related to applications, and specific parameters include:
the method includes the steps of (1) a (container primary key), a (application) app_id (application primary key), a (container_name), a (container_type), a (sign_private_key (signature key private key), a (signature key public key), a (sign_cert's (signature certificate), a (encryption_private_key) of a (encryption key private key), a (encryption key public key), a (encryption_cert) of a (encryption key public key), and a (encryption certificate).
The file data table (file) stores file information in an application, and specific parameters include:
the "program" includes the program "as described above, but is not limited to the program" as defined by the following examples, but is not limited to the program "as defined by the program" and is not limited to the program "as defined by the program".
The system parameter table (b) stores system parameter information, and specific parameters include:
the "parameter key", the "name" and the "value" (parameter content).
The embodiment is used for storing and realizing related functions in GMT 0016-2012 Intelligent password Key password application interface Specification by adopting the password file structure. And the structure of the password file has strong expansibility and security, the password file is realized based on the national secret SQLCipher database, the data is fully encrypted to ensure the security, and meanwhile, the password file supports sql operation, thereby being convenient for the expansion of later functions.
In one embodiment, the generation process of the password file access password includes:
reading byte data of a set number of tail parts of the virtual disk files, wherein the byte data comprises VHD file marks, types, capacities and creation time stamps;
performing abstract calculation on the byte data by using an SM3HMac algorithm to obtain a byte abstract value;
and performing exclusive OR operation on the first half part and the second half part of the byte digest value to obtain the password file access password.
Specifically, the software cryptographic module reads 512 bytes of information at the tail of the virtual disk file VHD, intercepts the first 96 bytes of data from 512 bytes, wherein the 96 bytes of data comprise information such as VHD file marks, types, capacities, creation time stamps and the like, uses a national cipher SM3 hash algorithm SM3-HMAC to perform digest calculation on the 96 bytes of data to obtain 32 byte digest values, respectively takes the first 16 bytes as LH16, takes the last 16 bytes as RH16, and performs LH 16-RH 16 calculation to obtain a 16 byte cryptographic file access password.
The password file is an encrypted sqlite database file, the password is accessed, and the password file password is dispersed by using the tail data of vhd, so that the purpose of binding the password file and the virtual disk vhd file can be achieved.
In an embodiment, the unique identifier of the password file is obtained by splicing a universal unique identifier at the tail of the virtual disk file with a time stamp.
Specifically, the software cryptographic module reads the Universal Unique Identifier (UUID) 16 bytes and the 4-byte UNIX timestamp of the tail of the virtual disk file VHD, and finally splices the unique identifier into a 20-byte cryptographic file, and stores the unique identifier into the cryptographic file.
It should be noted that, the unique identification of the password file includes (1) identification and distinction: the unique identification of the password file can be used for identifying different password files, and each password file has a unique identification, so that different password files can be distinguished in the system, and confusion or misoperation can be avoided. (2) security: by means of the unique identification, the password file can be ensured to be correctly identified, the wrong file is prevented from being operated, incorrect access is prevented, and only authorized users can be ensured to access the specific password file.
In one embodiment, the step S40: when receiving the call of the client to access the password file in the virtual disk file, the software password module provides the service capability equivalent to the traditional password key based on the related interface realization of the GMT 0016-2012 intelligent password key password application interface specification.
In an embodiment, the method further comprises:
monitoring the partition state and hidden attribute of the disk drive mount through a monitoring thread of a virtual disk;
when the hidden disk partition is restored to normal or the disk partition is unloaded, an error prompt message is sent out and the operation is stopped.
In an embodiment, the method further comprises:
and closing the monitoring thread when receiving the exit call information sent by the client, and locking partition access and unloading the virtual disk file.
When the application program client exits from the back initialization exit interface of the calling software cryptographic module, the software cryptographic module closes the monitoring thread and locks partition access, and at the same time, the system interface is called to unload the virtual disk file.
As shown in fig. 3, an embodiment of the present invention discloses a software cryptographic module, which includes:
a virtual disk calling unit 10, configured to call a virtual disk API and create a virtual disk file;
the partition hiding unit 20 is configured to perform partition processing on the virtual disk file, and create a disk path with a non-alphabetical drive number to hide the obtained disk partition;
a password file creating unit 30, configured to create a password file and a unique identifier of the password file in the hidden disk partition, where the password file is protected by using a password file access password;
and the access control unit 40 is used for receiving the call of the client to access the password file in the virtual disk file.
In an embodiment, the software cryptographic module further comprises:
and the mounting unit is used for calling the virtual disk API and mounting the virtual disk file on a disk drive of an operating system.
In an embodiment, the software cryptographic module further comprises:
and the encryption key receiving unit is used for receiving the partition encryption key input by the client.
In an embodiment, the software cryptographic module further comprises:
a partition encryption unit configured to encrypt the disk partition using the partition encryption key;
accordingly, the partition hiding unit 20 is configured to hide the encrypted disk partition using the created disk path of the non-alphabetic drive number.
In an embodiment, the software cryptographic module further comprises:
the disk monitoring unit is used for monitoring the partition state and the hidden attribute of the disk drive through the monitoring thread of the virtual disk, and sending out error prompt information when the hidden disk partition is restored to be normal or unloaded.
In an embodiment, the software cryptographic module further comprises:
and the unloading unit is used for closing the monitoring thread and locking the partition to access and unload the virtual disk file when receiving the exit call information sent by the client.
Specifically, the principle of implementing the software cryptographic module based on the virtual disk is shown in fig. 4, and the specific process is as follows:
(1) The application program client runs with the identity of an administrator and calls the software cryptographic module access layer SDK initialization interface to transfer the encryption key of the disk partition.
(2) The software cryptographic module uses the system virtual disk API to create a fixed mode virtual disk VHD file according to default parameters under a system specified path.
(3) The software cryptographic module mounts virtual disk files through a system virtual disk API, calculates the disk sector size by using the system disk management API, sets partition information and formats the partition.
(4) The software cryptographic module starts the partition encryption function through a system message-bde command and encrypts the disk partition by using the incoming partition encryption key.
(5) The software cryptographic module calls the system API to delete the default volume loading point for the created partition, and creates a disk path of a non-alphabetic drive number to realize disk hiding.
(6) The software cryptographic module creates a cryptographic file in the hidden partition.
(7) The software password module reads 512 bytes of information at the tail part in the virtual disk file VHD, intercepts the first 96 bytes of data from 512 bytes, wherein the 96 bytes of data comprise information such as VHD file marks, types, capacities, creation time stamps and the like, uses an SM3-HMAC algorithm to carry out abstract calculation on the 96 bytes of data to obtain 32-byte abstract values, respectively takes the first 16 bytes as LH16, takes the last 16 bytes as RH16, carries out LH 16-RH 16 calculation to obtain a 16-byte password file access password, and uses the password to protect the password file, and uses the password as an exclusive OR operation.
(8) And the software password module reads a universal unique identification code (UUID) 16-byte and 4-byte UNIX timestamp at the tail of the virtual disk file VHD, and finally splices the unique identification into a 20-byte password file and stores the unique identification into the password file.
(9) The software cryptographic module starts the virtual disk monitoring thread, monitors the state and hidden attribute of the currently mounted partition, and stops working and gives out an error prompt when the hidden partition is restored to normal or unloaded.
(10) The software cryptographic module realizes relevant interfaces based on GMT 0016-2012 cipher key cipher application interface Specification, and provides service capability equivalent to that of a traditional cipher key.
(11) The application program client side exits to call the software password module to reversely initialize the exit interface, the software password module closes the monitoring thread, locks partition access, and calls the system interface to unload the virtual disk file.
It should be noted that, other embodiments of the software cryptographic module or the implementation method thereof according to the present invention may refer to the above-mentioned method embodiments, and are not repeated herein.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present invention, the meaning of "plurality" means at least two, for example, two, three, etc., unless specifically defined otherwise.
While embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the invention, and that variations, modifications, alternatives and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the invention.
Claims (10)
1. A method for implementing a virtual disk-based software cryptographic module, the method comprising:
calling a virtual disk API, and creating a virtual disk file;
partitioning the virtual disk file, and creating a disk path of a non-letter driver number to hide the obtained disk partition;
creating a password file and a unique password file identifier in the hidden disk partition, wherein the password file is protected by adopting a password file access password;
and receiving a call of the client to access the password file in the virtual disk file.
2. The method of claim 1, wherein after the calling the virtual disk API to create the virtual disk file, the method further comprises:
and calling the virtual disk API, and mounting the virtual disk file on a disk drive of an operating system.
3. The method of claim 1, wherein before the calling the virtual disk API to create the virtual disk file, the method further comprises:
and receiving the partition encryption key input by the client.
4. The method for implementing a virtual disk based software cryptographic module of claim 3, the method further comprising:
encrypting the disk partition by using the partition encryption key;
accordingly, the encrypted disk partition is hidden using the created disk path of the non-alphanumeric drive number.
5. The method for implementing a virtual disk-based software cryptographic module according to claim 1, wherein the structure of the cryptographic file includes an application table application, a container table container, a file data table file, and a system parameter table sysparam;
the application table application stores application information, the container table container stores container information related to the application, the file data table file stores file information in the application, and the system parameter table sysparam stores system parameter information.
6. The method for implementing the virtual disk-based software cryptographic module according to claim 1, wherein the process of generating the password file access password comprises:
reading byte data of a set number of tail parts of the virtual disk files, wherein the byte data comprises VHD file marks, types, capacities and creation time stamps;
performing abstract calculation on the byte data by using an SM3-HMAC algorithm to obtain a byte abstract value;
and performing exclusive OR operation on the first half part and the second half part of the byte digest value to obtain the password file access password.
7. The method for implementing a virtual disk-based software cryptographic module according to claim 1, wherein the unique identification of the cryptographic file is obtained by splicing a universal unique identification code of the tail of the virtual disk file with a time stamp.
8. The method for implementing a virtual disk based software cryptographic module of claim 2, the method further comprising:
monitoring the partition state and hidden attribute of the disk drive mount through a monitoring thread of a virtual disk;
and sending out error prompt information when the hidden disk partition is restored to normal or the disk partition is unloaded.
9. The method for implementing a virtual disk based software cryptographic module of claim 1, the method further comprising:
and closing the monitoring thread when receiving the exit call information sent by the client, and locking partition access and unloading the virtual disk file.
10. A software cryptographic module, the software cryptographic module comprising:
the virtual disk calling unit is used for calling the virtual disk API and creating a virtual disk file;
the partition hiding unit is used for carrying out partition processing on the virtual disk file, creating a disk path of a non-letter driver number and hiding the obtained disk partition;
the password file creating unit is used for creating a password file and a unique password file identifier in the hidden disk partition, wherein the password file is protected by adopting a password file access password;
and the access control unit is used for receiving the call of the client to access the password file in the virtual disk file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311111300.2A CN117195257A (en) | 2023-08-29 | 2023-08-29 | Virtual disk-based software cryptographic module implementation method and software cryptographic module |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311111300.2A CN117195257A (en) | 2023-08-29 | 2023-08-29 | Virtual disk-based software cryptographic module implementation method and software cryptographic module |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117195257A true CN117195257A (en) | 2023-12-08 |
Family
ID=88984266
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311111300.2A Pending CN117195257A (en) | 2023-08-29 | 2023-08-29 | Virtual disk-based software cryptographic module implementation method and software cryptographic module |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117195257A (en) |
-
2023
- 2023-08-29 CN CN202311111300.2A patent/CN117195257A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7639819B2 (en) | Method and apparatus for using an external security device to secure data in a database | |
| US6986043B2 (en) | Encrypting file system and method | |
| CN100487715C (en) | Date safety storing system, device and method | |
| US7487365B2 (en) | Saving and retrieving data based on symmetric key encryption | |
| US8601286B2 (en) | Saving and retrieving data based on public key encryption | |
| US7280956B2 (en) | System, method, and computer program product for file encryption, decryption and transfer | |
| US6839437B1 (en) | Method and apparatus for managing keys for cryptographic operations | |
| US20060174352A1 (en) | Method and apparatus for providing versatile services on storage devices | |
| WO2021164166A1 (en) | Service data protection method, apparatus and device, and readable storage medium | |
| US20230021749A1 (en) | Wrapped Keys with Access Control Predicates | |
| US8189790B2 (en) | Developing initial and subsequent keyID information from a unique mediaID value | |
| US11601285B2 (en) | Securely authorizing service level access to a backup system using a specialized access key | |
| US12355873B1 (en) | Secure cryptographic secret bootstrapping in a provider network | |
| CN114942729A (en) | Data safety storage and reading method for computer system | |
| CN117195257A (en) | Virtual disk-based software cryptographic module implementation method and software cryptographic module | |
| CN117454412A (en) | Encryption and decryption file system and method | |
| CN117579267A (en) | Key protection mechanism | |
| CN116633618A (en) | Secret key encryption and decryption method and storage, application control system, electronic equipment | |
| WO2025239916A2 (en) | Improved redundancy protection by way of cloning stateful private keys suitable for protecting against quantum computer attacks using an hsm | |
| CN121098491A (en) | Software authorization method, system, computer device, quantum cipher key and medium | |
| CN118921661A (en) | High-security Bluetooth digital key storage management method based on mobile terminal TEE | |
| CN119622778A (en) | Software upgrade method, computing device and mining equipment | |
| CN119167416A (en) | A secure cross-platform file system and method for mobile storage devices | |
| Iooss | Protecting SSH authentication with TPM 2.0 | |
| SAN_V2225_external_secure | Decru DataFort FC520v2, LKM 2.5. 1 Common Criteria Security Target |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |