Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Furthermore, the use of "and/or" in the specification and claims means at least one of the connected objects, e.g., a and/or B, meaning that it includes a single a, a single B, and that there are three cases of a and B.
In embodiments of the invention, words such as "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "e.g." in an embodiment of the present invention is not to be taken as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
The present invention provides the following preferred embodiments:
Example 1
In order to solve the technical problem that the solid-state storage device is unreliable in key management and encryption mechanism, the embodiment provides an encryption method for the solid-state storage device, and the dynamic property and the safety of data encryption are effectively improved by introducing various technical characteristics such as a multi-state ring structure, a multi-dimensional mixed function, a multiple variable hash function, a frequency disturbance monitoring algorithm and the like.
As shown in fig. 1, the encryption method includes the steps of:
s101, generating a unique device identifier through a multi-state ring structure for key generation of the solid-state storage device.
S102, generating a multi-dimensional dynamic key for data encryption by combining the multi-dimensional mixing function based on the generated device identifier.
S103, encrypting the segmented data by utilizing the multidimensional dynamic key, and embedding each data segment into a progressive vector check code for enhancing the security of the data segmentation level.
S104, carrying out recursive hash operation on the multidimensional dynamic key through the multiple variable hash functions, generating a key map, forming a key map by utilizing the key map, and storing the key map in a safe area in the solid-state storage device.
S105, monitoring the integrity and the encryption state of the multidimensional dynamic key in real time by using a frequency disturbance monitoring algorithm, and verifying the encryption state by high-order vector query.
S106, extracting a decryption key from the key map through the inverse mixing function, and finishing decryption operation on the encrypted segmented data according to the progressive vector check code check sum inverse operation to recover the original data.
In particular, as shown in fig. 2, the present embodiment generates a unique device identifier for unique identification and key generation of a solid state storage device through a polymorphic ring structure. Specifically, the polymorphic ring structure calculates a device identifier, which is a unique identification of the device, from the device hardware feature vector and the system initialization vector, ensuring that the device is not counterfeited. The generated device identifier is permanently stored in the firmware layer of the device by the bit exclusive or and the multi-state authentication code generating function, so that the uniqueness and tamper resistance of the device identifier are ensured.
Further, as shown in fig. 3, a multi-dimensional dynamic key is generated using a multi-dimensional mixing function based on the generated device identifier. The multidimensional mixing function is calculated by combining the device identifier and the current system state vector, and can generate keys with multiple dimensions, wherein each key corresponds to different encryption requirements. The generation process not only introduces unique information of the device, but also combines the current dynamic state of the system to form a dynamic key with high randomness and complexity. Notably, the calculation of the multidimensional mixing function effectively utilizes the current time stamp of the system and the state vector of the previous time period, and generates keys with multiple dimensions through the accumulation operation, thereby improving the unpredictability and the security of the encryption key.
Further, as shown in fig. 4, in the data encryption stage, the present embodiment performs a piece-wise encryption process on data using the generated multidimensional dynamic key. The data to be stored is divided into a plurality of data segments, and each data segment is adjusted in size according to a real-time algorithm and is subjected to independent encryption operation. This not only ensures flexibility of the encryption process, but also enhances segment level security of the data. During encryption of each data segment, a progressive vector check code generated based on the content of the current data segment is embedded. It can be understood that the check code is generated by initializing the vector and the content of the data segment, so that the integrity and tamper resistance of the data segment level are ensured, and a reliable basis is provided for subsequent decryption and check.
Further, as shown in fig. 5, the generated multi-dimensional dynamic key is subjected to a recursive hash operation by a multiple variable hash function to generate a key map. These key maps form a key map and are stored in a secure area of the solid state storage device. It should be understood that the multiple variable hash function performs multiple transform hash calculations on the multidimensional dynamic key, so that the generated key map cannot be directly derived back to the original key, thereby ensuring the physical attack resistance of the key. The construction and storage of the key map further ensures the security of key management and tamper resistance of the storage process.
Further, as shown in fig. 6, in order to monitor the integrity and encryption status of the multidimensional dynamic key in real time, the present embodiment employs a frequency disturbance monitoring algorithm. Specifically, in a set frequency range, the frequency disturbance monitoring algorithm generates multiple inquiry frequencies through random disturbance, and performs high-order vector inquiry on the multidimensional dynamic key. The high-order vector query verifies the encryption state in real time through the calculation of the frequency query vector, and ensures the dynamic property and the safety of the encryption system. It can be appreciated that the frequency disturbance monitoring algorithm improves the sensitivity of the system to external attacks, and can timely discover and respond to potential security threats.
Further, through the inverse mixing function, the embodiment can extract the decryption key from the key map, and complete the decryption operation on the encrypted segmented data by combining the progressive vector check code checksum inverse operation. The inverse mix function ensures the correctness of the decryption process by recovering the multidimensional dynamic key. And checking the encrypted data segment according to the progressive vector check code, and performing decryption operation after confirming that the data is not tampered. The decrypted data segments are reassembled into the complete original data and delivered to the requesting application.
The method has the advantages that the unique equipment identifier is generated through the multi-state ring structure, the multi-dimensional mixing function generates the multi-dimensional dynamic key, the segmented data is encrypted and embedded into the progressive vector check code, the multi-variable hash function carries out recursive hash operation to generate key mapping, the key integrity and encryption state are monitored in real time through the frequency disturbance monitoring algorithm, the decryption key is extracted from the key map through the inverse mixing function, and a series of operations such as data verification and decryption are carried out, so that a complete, dynamic and safe encryption solution is formed. The scheme effectively solves the defects of the prior art in key management, encryption mechanism, real-time monitoring and the like, and improves the data security of the solid-state storage device.
Example two
In order to solve the problems of high complexity and limited application scene of the device identifier generation method in the prior art, the specific steps and principles of generating the unique device identifier through the polymorphic ring structure are further refined in the embodiment. The method is based on the polymorphic ring structure calculation principle and applies the following calculation formula:
wherein MSRI denotes a device identifier, Dhardware denotes a device hardware feature vector, Sinit is a system initialization vector, R is a multi-state ring structure function, MAC is a multi-state authentication code generation function, H denotes a hash function, and a size-out denotes a bit exclusive or operation.
Further, Dhardware may be characterized by a number of hardware features of the solid state storage device, including, but not limited to, physical characteristics of the device, manufacturing process parameters, and built-in unique identifiers, such as serial numbers or physical invariants specific to the storage chip. The hardware characteristic parameters are collected through a preset collecting module and transmitted to a device identifier generating module through a data interface.
It should be appreciated that Sinit is referred to as a system initialization vector, and relates to specific state values or startup parameters at system initialization, which may include device activation time, electrical characteristics parameters of the solid state storage device at initialization, and so on. By strictly controlling and recording the initialization vectors, the uniqueness and unpredictability of the system initialization vector generated each time are guaranteed, and therefore the generation effect of the equipment identifier is improved.
Further, in generating the device identifier, the result after exclusive-or operation of Dhardware and Sinit is processed by the multi-state ring structure function R. The multi-state loop structure function R carries out complex mapping on input data through nonlinear transformation and multi-round iterative computation. The output result is kept as little as possible from the input variation by the characteristics of the multi-state ring structure, thereby ensuring the uniqueness and tamper resistance of the generated device identifier.
It will be appreciated that in performing the operation of the multi-state authentication code generation function, the multi-state authentication code generation function generates an authentication code from the input exclusive or result. By combining hardware features with system initialization vectors, the multi-state authentication code generation function is able to generate short and unique authentication codes that provide an additional security protection layer for device identifiers.
Further, the generated authentication code is subjected to the hash function H, and the hash operation is performed again on the authentication code generated by the multi-state authentication code generation function and the result processed by the multi-state ring structure function R. The hash function H plays a role in this process in transforming the input data to generate a fixed length string, further enhancing the uniqueness and predictability of the device identifier.
It will be appreciated that the device identifier MSRI generated by the above process will be permanently stored in the firmware layer of the solid state storage device, which provides a secure, non-tamperable storage environment for the device. To ensure the uniqueness of the device identifier MSRI, the firmware layer employs redundancy check and encryption storage techniques and performs periodic checks to discover and prevent possible tampering.
By the method, the generation efficiency of the device identifier is improved, and the safety of the device identifier is enhanced, so that the problem in the prior art is effectively solved.
The embodiment has the advantages that an efficient, safe and reliable device identifier generation method is provided, so that the solid-state storage device can have a unique and non-tamperable identifier, and a solid foundation is provided for safety authentication and data protection of a system. By the embodiment, the generation of the equipment identifier is simpler, the equipment identifier is suitable for wide use scenes, and the stable and safe operation of the equipment in various environments is ensured.
Example III
In order to solve the problems that in the prior art, the complexity is high and the security and randomness of the key are difficult to ensure in the process of generating the multi-dimensional dynamic key, the method for generating the multi-dimensional dynamic key by combining the multi-dimensional mixed function and the specific steps thereof are further refined in the embodiment. Specifically, the method comprises the following steps:
as shown in fig. 3, the device identifier and the current system state vector are used to generate a multi-dimensional dynamic key through the algorithm of the multi-dimensional mixing function in the following manner:
Where MDKh represents the h-th dimension key, Tcurrent represents the current timestamp, Pprevious is the state vector of the previous period, and MHF represents the multi-dimensional mixing function.
The multi-dimensional mixing function is calculated as follows:
wherein, N is the vector length, xj,yj,zj is the j-th element of x, y and z respectively, and pi represents the cumulative operation.
It is to be understood that the multidimensional mixing function can fully mix information of input vectors by adopting exclusive-or operation and cumulative operation of multiple vectors, so that the effects of high complexity and difficulty in prediction are achieved. Specifically, the current timestamp Tcurrent ensures timeliness and dynamics of each key generation, so that the generated key has higher uniqueness in the time dimension. The state vector Pprevious of the previous period combines the state information of the device in the previous period, and introduces the relevance of the historical state for key generation.
Further, the device identifier MSRI is composed of a previously generated unique identifier portion, which has completed a complex calculation based on hardware features and system initialization vectors through the multi-state ring structure, ensuring its uniqueness and security. The current system state vector may include multidimensional parameters of the current device operation state, such as current temperature, voltage, current, and other key information. The state information is dynamically collected through a preset collecting module, so that the real-time performance and accuracy of the state vector are ensured.
It should be appreciated that the state vector Pprevious of the previous period typically holds the operational state information of the device for the previous period. In a backup system, this status information may be stored periodically on a secure storage medium and recalled and used as needed through a secure data interface. By combining the state information of the front period and the back period, the randomness and the unpredictability of the generation of the dynamic key can be obviously improved.
Further, implementation of the multi-dimensional mixing function MHF involves bitwise exclusive-oring the device identifier, the state vector of the previous period, and the current timestamp, respectively, and multiplying the results on each bit. It will be appreciated that this operation ensures adequate mixing between the input parameters, enhancing the complexity and resistance to cracking of the mixing function.
It is appreciated that the multi-dimensional dynamic key MDKh generated by the multi-dimensional mixing function will have a high degree of uniqueness and dynamics within each key generation period, thereby effectively preventing key replay attacks and predictive attacks. In a specific implementation, the bit width of the vector and the key generation period may be selected according to a specific application scenario. For example, in high security applications, a wider vector bit width, such as 256 bits, may be selected and the key generation period shortened, such as generating a new key per second, to further increase security.
The benefit of this embodiment is that by combining the device identifier with the current system state vector, the multidimensional mixing function achieves a high degree of dynamics and randomness in the key generation process, ensuring the security and uniqueness of the generated key. By the method, the key generation method is more efficient, has high security protection capability and is suitable for dynamic encryption and authentication in various complex application environments.
Example IV
In order to solve the problem that the security and the data integrity are difficult to guarantee in the process of encrypting the stored data, the embodiment further optimizes the method for encrypting the segmented data by utilizing the multidimensional dynamic key and embedding each data segment into the progressive vector check code and the specific steps thereof.
Specifically, the present embodiment first divides data to be stored into a plurality of data segments so as to perform independent encryption processing on each data segment. It should be understood that the size of each data segment can be dynamically adjusted based on a real-time algorithm, and the adjustment mechanism can flexibly adjust the size of the data segment according to actual storage requirements and system running states, so that storage efficiency and encryption processing performance are optimized.
Further, a multidimensional dynamic key is applied to each data segment for encryption processing. The multidimensional dynamic key is a dynamic key generated by a multidimensional mixing function based on a device identifier and a system state, and has high randomness and security. This ensures that the encryption of each data segment has a very high security strength, through which it is difficult to obtain information of other data segments even if a certain data segment is hacked by an attacker.
Further, during encryption, each data segment will embed a progressive vector check code generated based on the content of the current data segment. The progressive vector check code is generated as follows:
Wherein PVCm represents a progressive vector check code of the mth data segment, Dm represents the mth data segment, Ssegment represents an initialization vector of the data segment, and the progressive vector check code is used for subsequent data check.
It should be understood that the initialization vector Ssegment of each data segment may be generated by a preset initialization vector generation module, which can flexibly generate a required initialization vector according to the real-time state of the system and a specific initialization parameter. The reasonable design and application of the initialization vector can effectively prevent the known plaintext attack and the differential analysis attack, and further improve the security of data encryption.
Further, the generated progressive vector check code PVCm not only plays a role in verifying the integrity of data in the encryption process, but also can be used for quickly and accurately judging whether the data is tampered in the subsequent data verification process. The PVCm generates a hash value of a fixed length that effectively characterizes the uniqueness and integrity of the data segment by transforming the input data through a hash function H, depending on the data segment content and the initialization vector.
It will be appreciated that for each encrypted data segment, the generated progressive vector check code is appended to the end of the data segment and stored together in the storage medium. When the data is read and verified, whether the data is complete and not tampered can be rapidly judged by recalculating the check code of the data segment and comparing the check code with the stored check code. If the data segment check code is found to be not matched with the recalculated value, the data segment may have been tampered, the system will trigger the corresponding security early warning mechanism and refuse to further read the data, so as to ensure the security and integrity of the data.
Further, in a specific implementation, an appropriate hash function may be selected according to the processing power and security requirements of the storage device. For example, in order to increase the speed of generating and checking the check code, an efficient and safe hash algorithm such as SHA-256 can be adopted to ensure that better performance is still achieved when large data segments are processed. Meanwhile, the dynamic adjustment mechanism based on the size of the data segment can flexibly adjust the size of each data segment according to different data types and storage requirements, so that the storage efficiency and the encryption strength are both considered.
According to the method, the segmented data are encrypted by utilizing the multidimensional dynamic key, and the progressive vector check code is embedded, so that the high security and the high integrity of the data segment encryption are realized, and the safety and the reliability of the stored data in various complex application scenes are ensured. The method of the embodiment not only improves the flexibility and the effectiveness of data encryption, but also provides an accurate and quick verification means for subsequent data verification.
Example five
In order to solve the management and storage security problems of the multidimensional dynamic key in the prior art, the embodiment further optimizes a method and specific steps for performing recursive hash operation on the multidimensional dynamic key through multiple variable hash functions so as to generate a key map, forming a key map by using the key map and storing the key map in a secure area in the solid-state storage device.
Specifically, as shown in fig. 5, the steps of performing a recursive hash operation on the multidimensional dynamic key by using the multiple variable hash function, generating a key map, and forming a key map using the key map, and storing the key map in a secure area in the solid-state storage device include:
multiple variable hash operations are carried out on the multidimensional dynamic key, and key mapping is generated through multiple variable hash functions in the following manner:
wherein Kmapn denotes the nth key map, the multiple variable hash operation is performed as follows:
wherein M represents the key length, pt is the t bit of the key, and H is a hash function;
Specifically, the generated key map forms a key map and is stored in an encryption module in a secure area of the solid-state storage device, so as to ensure the physical attack resistance of the key. It should be appreciated that, in each hash operation, the xor operation of the input key bit and the previous calculation result can effectively increase the randomness of the input and the unpredictability of the hash result. In particular implementations, the hash function H may employ a high strength hash algorithm, such as SHA-256, SHA-3, etc., to ensure security and resistance to attacks on the computed result.
Further, the generated key map will constitute a key map based on the multi-dimensional dynamic key. By "key map" is meant that multiple key maps are combined into an ordered structure through a logical relationship, thereby facilitating storage and management. In this embodiment, the key map is formed by referencing the representation method of the adjacency table or adjacency matrix in the map structure, so that each key map and each stage in the variation process form each node, and the edges between the nodes represent the relation of the recursive hash operation.
It will be appreciated that the construction of the key map not only helps manage a large set of key maps, but also provides an efficient path finding mechanism for subsequent key scheduling and invocation. Especially in high security applications, the robustness and security redundancy of the key store can be further enhanced by the topology design of the key map.
Further, to ensure secure storage of the key map, the constructed key map will be stored within an encryption module in a secure area of the solid state storage device. The term "secure area" refers to an isolated storage area preset on a hardware level, which has the characteristic of physical attack resistance, and protects the security of stored data by a hardware encryption means.
It is to be appreciated that to ensure security of the key map during storage and access, security features provided by the Hardware Security Module (HSM) or Trusted Execution Environment (TEE) may be employed. These hardware security features include, but are not limited to, mechanisms such as tamper protection, real-time encrypted storage, access control, etc., so that the key map stored within the secure area retains its integrity and unreadability even when subject to physical attacks.
Further, in order to improve the security of the key map, the present embodiment suggests that the key map is subjected to a global hash operation before being stored, and a global hash value is generated and stored in an independent location of the secure area. When the key map is read or used, the global hash value can be recalculated and compared with the stored hash value, so that whether the key map is tampered or not can be quickly judged.
By the method, the multi-dimensional dynamic key is subjected to recursive hash operation by utilizing the multiple variable hash functions, so that the key map is generated, and the key map is formed and stored in the safety area of the solid-state storage device, so that the safety and the high efficiency of key management are improved, and the protection capability of the multi-dimensional dynamic key in a complex application scene is enhanced.
Example six
In order to solve the problem that the multidimensional dynamic key is easy to attack and the state of the multidimensional dynamic key is difficult to monitor in real time in the encryption process, the embodiment further optimizes a method for monitoring the integrity and the encryption state of the multidimensional dynamic key in real time by using a frequency disturbance monitoring algorithm. Specifically, the state verification is performed through high-order vector query, so that the security and the effectiveness of the key in the whole encryption process are ensured.
The method comprises the following steps of firstly, detecting the state of the multidimensional dynamic key in real time through a preset frequency disturbance monitoring algorithm. It should be appreciated that the frequency disturbance monitoring algorithm randomly generates a plurality of inquiry frequencies within a set frequency range, so as to perform multi-aspect disturbance detection on the key state, and thus, any potential abnormality and attack trace can be effectively captured.
Further, the state verification is performed by using the calculation formula of the high-order vector query:
Where Qstatus is the query result matrix and fquery is the frequency query vector.
Further, a frequency query vector fquery is generated by frequency perturbation, and a high-order vector query is utilized for state verification. The core calculation formula of the high-order vector query is as follows:
The calculation formula of the high-order vector query is as follows:
Wherein, N is the vector length, fi represents the frequency component, re represents the real part operation, and the high-order vector inquiry is used for monitoring the encryption state in real time. It should be appreciated that the high-order vector query processes the frequency component fk through a high-order mathematical tool such as fourier transform, and the generated Qstatus matrix is an effective representation of the current multi-dimensional dynamic key encryption state. The high-order vector query can capture the influence of frequency disturbance on the key, and can also check the state consistency of the key at different time points through complex real part operation.
Further, the calculation of the higher-order vector query involves real-time monitoring of the response of the multi-dimensional dynamic key at different frequency perturbations. In this way, any abnormal change of the key during encryption can be effectively detected. For example, if an abnormal value appears in the Qstatus matrix at a certain query frequency, it indicates that there may be a key leakage or tampering phenomenon, at this time, the system may trigger the security early warning mechanism immediately and take corresponding defensive measures.
It is to be understood that the frequency disturbance monitoring algorithm is characterized by randomness and real-time performance, which means that the query frequency is randomly generated in each time in a set frequency range, so that the prediction difficulty and the cracking difficulty of an attacker on the algorithm are greatly increased. Meanwhile, the state verification is carried out through the high-order vector query, so that the monitoring of the multidimensional dynamic key can be ensured to have high precision and high reliability.
In order to achieve the above functions, the implementation of frequency disturbance monitoring algorithms and high-order vector queries requires powerful computing power and memory power. In particular implementations, it is contemplated that high performance Graphics Processing Units (GPUs) or dedicated encryption processing units (APUs) may be used to perform complex operations and data processing to ensure that the system can still perform key state monitoring in real-time and efficiently under high load.
Further, in order to improve the robustness and the attack resistance of the system, a multi-level safety protection mechanism can be introduced into the frequency disturbance monitoring algorithm. For example, prior to querying, the validity of the query request can be confirmed through a two-factor authentication mechanism, and the response of the key is encrypted in the query process, so that potential man-in-the-middle attacks and data theft are prevented.
According to the embodiment, the integrity and the encryption state of the multidimensional dynamic key are monitored in real time by using the frequency disturbance monitoring algorithm, and the state verification is carried out by means of high-order vector query, so that the precision and the instantaneity of key management and monitoring are improved, and the overall safety of an encryption system is enhanced.
Example seven
In order to solve the problems of complexity of key management and difficulty in verifying data integrity in the decryption process of the conventional encryption method, the embodiment further optimizes the decryption key extraction from the key map through a reverse mixing function, and completes the decryption operation of the encrypted segmented data by combining with the check sum reverse operation of the progressive vector check code.
As shown in fig. 7, the step of decrypting the encrypted piece of data includes:
s701, extracting a decryption key from the key map as required, and recovering the multidimensional dynamic key through a reverse mixing function.
S702, checking the encrypted data segment according to the progressive vector check code, and confirming that the data segment is not tampered and then performing decryption operation.
S703, the data segment is decrypted and reassembled into complete original data, and the complete original data is transmitted to the requesting application.
Specifically, the present embodiment extracts decryption keys from the key map as needed by means of a back-mix function. The key map is a structured set of keys pre-stored in a secure area, containing different mappings and varying hierarchies of multi-dimensional dynamic keys. When the decryption operation needs to be carried out, the original multidimensional dynamic key is restored by gradually reversing the reverse mixing function. It should be appreciated that the design of the inverse mix function is based on highly complex mathematical operations and logical deductions, thus ensuring that it can correctly recover keys only when legally called, while effectively defending against brute force cracking and predictive attacks.
Further, after the multidimensional dynamic key is successfully extracted and restored, the encrypted data segment formed by the encrypted segmented data is verified according to the progressive vector verification code. A progressive vector check code is embedded in each encrypted data segment, which is a unique identifier generated based on the content of the data segment, for verifying that the data has not been tampered with during transmission and storage. Before the decryption operation starts, the integrity and the non-tampered property of the data are confirmed by recalculating the check code of the data segment and comparing the check code with the embedded check code. If the check codes match, the data segment is deemed secure and further decryption operations may be performed.
In detail, the verification step consists in an efficient and accurate hash operation and alignment operation. In particular implementations, high performance computing units such as ASIC chips or dedicated cryptographic processors may be employed to perform these operations to ensure that performance and real-time response capabilities are maintained in the presence of large amounts of data and high concurrency.
Further, after the data segments pass the verification, each data segment is decrypted using the recovered multidimensional dynamic key. The decryption process is based on the inverse of the encryption process, i.e. the transformation and mixing steps used in the encryption process are released in reverse order. It will be appreciated that the correctness of the decryption operation is highly dependent on the exact recovery of the multidimensional dynamic key and the integrity verification of the data segment. Only after all steps have been successfully passed can the result of the decryption of the data segment be considered trusted.
Further, all decrypted data segments are reassembled to recover the complete original data. During reassembly, the correct order between data segments and consistency of the data needs to be maintained, which typically relies on serialization and tagging mechanisms introduced at the time of encryption. In a specific implementation, the correct position and sequence of each data segment after decryption can be ensured by means of the data sequence identification and the inter-segment relation diagram of the original data.
It should be understood that, in order to improve the efficiency and security of the decryption operation, a multi-level guarantee mechanism may be introduced in the decryption process. For example, multiple checks can be made on the key and data state before and after each decryption operation, ensuring that the protection mechanism can be detected and triggered in time when any abnormal situation occurs. Meanwhile, the final confirmation operation before data output can be performed by calculating the data integrity hash value again and comparing the data integrity hash value with an expected value so as to ensure the completeness and accuracy of the final output data.
The embodiment has the advantage that the decryption key and the progressive vector check code are extracted through the inverse mixing function, so that the efficient management of the multidimensional dynamic key and the high security of the data decryption process are realized. Through the optimization measures, the protection capability of the encryption system in a high-security requirement scene is enhanced, and the reliability of data decryption operation is also improved. By the method, the reverse extraction of the multidimensional dynamic key is combined with the verification and decryption of the segmented data, so that the safe decryption and transmission of the data in a complex environment are effectively ensured.
Example eight
In order to solve the complexity problem of key management and data encryption and decryption operations on a solid-state storage device in the current encryption system, the present embodiment further refines an encryption system for implementing an encryption method, which is applied in the solid-state storage device and includes a plurality of functional modules to implement high-security key management and data processing.
Specifically, the encryption system in this embodiment includes the following modules:
it will be appreciated that the controller module leverages the re-establishment of initialization, key generation, and data encryption and decryption operations for the solid state storage device. The controller module comprises the following components that an initialization unit is responsible for generating a unique device identifier and initializing the device so as to ensure that the system has uniqueness and security from a starting stage, a data processing unit is used for managing encryption and decryption operations of data segments and ensuring the security and integrity of the data while ensuring efficient data processing, and a key generation unit is used for generating multidimensional dynamic keys through multidimensional mixing functions, wherein the keys are used for subsequent encryption and decryption operations.
Further, in order to generate and protect the multidimensional dynamic key, the system is provided with a key management module. The module includes a key generation unit and a key protection unit. The key generation unit generates a multidimensional dynamic key based on the device identifier and the dynamic system vector, and it is to be understood that the generation mechanism ensures the dynamic property and the uniqueness of the key and improves the security level of the system; the key protection unit performs multiple hash operations on the generated multidimensional dynamic key through multiple variable hash functions, and aims at the security of the key. The key storage unit stores the multiple hash-operated key map in a secure area in the solid-state storage device to ensure the security of the key in the storage state.
Further, real-time code verification is an important link for ensuring encryption status and data integrity, and for this purpose, the system is provided with a data verification module. The module comprises a real-time monitoring unit, a query generation unit and a verification unit. The real-time monitoring unit monitors the encryption state in real time through a frequency disturbance monitoring algorithm to ensure that data at any time point in the decryption process is safe, the query generation unit is responsible for generating high-order vector query and carrying out state verification, and it is to be understood that the purpose of using the high-order vector query is to further verify the data state through a complex mathematical model, ensure that each step of the decryption process is accurate and safe, and the verification unit carries out integrity verification of data segmentation according to a progressive vector verification code to ensure that the data is not tampered.
Further, the secure storage module ensures secure storage and protection of the key map. The storage control unit manages the storage of the key map in the safety area, keeps the integrity and reliability of the key map, the hash calculation unit carries out recursive hash operation on the multidimensional dynamic key to generate key mapping, the hash operation result is more unpredictable through a complex noise model and random disturbance, the protection unit protects the key through a multiple transformation technology, prevents physical level attacks, for example, uses a reverse engineering resisting technology and a side channel resisting technology, and ensures the safety in the key storage and use process.
Further, in order to achieve efficient transmission of data, the encryption system further comprises a data transmission module, which is responsible for transmitting encrypted data or decrypted data between the solid state storage device and the processor. In practical applications, data transmission may be performed through a high-speed interface, such as PCIe or NVMe, to ensure transmission speed and high efficiency of system response.
It should be understood that, in order to better integrate the above-mentioned modules and implement their functions, this embodiment proposes to introduce an integrated management platform inside the system. The platform can realize the cooperative work of the whole encryption system by arranging the operation sequence and the logic relation of each functional unit. For example, the management platform may immediately invoke the key generation unit and the key protection unit to perform key hash calculation and storage after the data processing unit encrypts the data segment, and transmit the processed data to the requesting application through the data transmission module.
The embodiment has the advantage that the high-efficiency management and the safety guarantee of encrypted data in the solid-state storage device are realized through the systematic integrated controller module, the secret key management module, the data verification module, the safety storage module and the data transmission module. By the embodiment, the operations of generating, protecting, storing and encrypting and decrypting the multidimensional dynamic key are optimized and simplified, the safety and operability of the system are greatly improved, and the reliable operation of the encryption system in a high-strength application environment is ensured.
Example nine
In order to solve the problems of security, uniqueness and complexity of the existing key generation device in the solid-state storage device, the embodiment provides a key generation device applied to the solid-state storage device. The device not only comprises all functional modules of the encryption system, but also adds a special unit for enhancing the security and the uniqueness, and mainly comprises a polymorphic ring generating unit, a dynamic function calculating unit, a recursive hash unit and a storage unit.
In this embodiment, the multi-state ring generation unit generates a unique device identifier by means of a physical unclonable function PUF. PUFs use small manufacturing process variations within solid state storage devices to generate unique and non-replicable identifiers, ensuring that each device has a unique "fingerprint". It is to be appreciated that the use of PUFs greatly improves the security and non-tamper-ability of the device identity, providing a solid basis for subsequent key generation.
Further, the dynamic function calculation unit calculates a multi-dimensional dynamic key using a multi-dimensional hybrid function. The multidimensional mixing function is a core part of an encryption system, and generates a dynamic key which is difficult to predict through multidimensional mathematical operation with high complexity. It will be appreciated that the generation of these keys is not only dependent on the device identifier, but also incorporates various dynamic factors within the system, such as time stamps, environmental variables, etc., ensuring a high degree of randomness and security for each generated key.
In order to ensure tamper resistance of the generated key, the recursive hash unit performs a recursive hash operation on the multi-dimensional dynamic key through multiple variable hash functions to generate a key map. Recursive hashing involves multiple levels of hashing, each of which adds complexity and security to the key. It should be appreciated that with such a multiple hash operation, the generated key enantiomers are difficult to crack by reverse engineering methods, thereby providing powerful protection.
Further, the storage unit is configured to store the generated key map. These keys map secure areas stored within the solid state storage device, such as protected memory partitions, ensuring the security of the keys during storage. Further, the storage units are equipped with advanced secure storage techniques, such as hardware-level encryption and access control, to prevent attacks at the physical level and data theft.
Further, the key generation apparatus of the present embodiment realizes a series of security procedures from the generation of the device identifier, the dynamic calculation of the key, and the storage of the key map through the cooperative work of the above-described functional units. To better manage and coordinate the overall process, an integrated management module may be incorporated into the device. The management module can monitor the working state of each unit in real time and provide necessary data interfaces and log recording functions, so that the transparency and traceability of the whole key generation and management process are ensured.
Further, to promote the stability of the key generation device, some additional features may be introduced. For example, in the polymorphic ring generating unit, a stable mechanism for resisting environmental interference is added to ensure stable generation of the equipment identifier, in the dynamic function calculating unit, an adaptive adjustment strategy is introduced, key calculation parameters are dynamically adjusted according to system load and external environmental change, so that the high efficiency and stability of the key generating process are ensured, and in the recursive hash unit, a hash algorithm for resisting quantum calculation attack, such as a post quantum encryption algorithm, can be considered to be introduced, so that the prospective safety of the system is improved.
By the aid of the method and the device, comprehensive application of polymorphic ring generation, dynamic key calculation, recursive hash operation and safe storage is achieved, overall safety of a key generation system is improved, and uniqueness, uncopyability and difficulty in tamper-proofing of keys are guaranteed. The embodiment has the advantages that an efficient and reliable key generating device is provided by integrating special physical unclonable functions and multiple secure processing units, and a solid technical guarantee is provided for encryption protection of the solid-state storage device.
Examples ten
In order to solve the problems of the traditional electronic product in terms of data security, power consumption management and information presentation, the embodiment further refines a new electronic product design. The electronic product integrates the key generating device, and is provided with a processor module, a power management module and a display module so as to realize all-round data protection, calculation processing and information display functions.
In this embodiment, the key generation means is integrated in the solid state storage device, providing secure key generation and management functions. The unique device identifier is generated by a Physical Unclonable Function (PUF) and the multidimensional dynamic key is generated and protected in combination with a multidimensional hybrid function and a multiple varying hash function. It will be appreciated that this key generation process ensures the uniqueness of the key, thereby providing a reliable basis for data encryption and system security.
Further, the electronic product is configured with a processor module for performing various computing tasks. The processor module is combined with the key generation device, so that high-speed processing of data encryption and decryption operation is realized, and the response speed and the safety of the whole system are improved.
Further, the power management module is responsible for providing power and managing power consumption of the entire electronic product. An intelligent Power Management Unit (PMU) such as Texas Instruments TPS series power management IC is adopted to realize real-time monitoring and adjustment of voltage, current and power modes. It is appreciated that through intelligent power management, the system can automatically adjust power consumption in different modes of operation, thereby extending the service life of the device while guaranteeing high performance operational requirements.
Further, the electronic product is also provided with a display module for presenting visual information of the data in the solid-state storage device. The display module may employ a high resolution LCD or OLED display screen to ensure clarity and color rendition of the information display. The display module and the processor module are mutually matched, and data transmission and image rendering are realized through a high-speed interface such as HDMI or DisplayPort, so that a user can check data timely and accurately.
It should be understood that in this embodiment, the processor module performs data interaction with the key generating device, the power management module and the display module through a bus, such as PCIe or I2C, so as to ensure that each unit can communicate in real time and effectively cooperate. For example, when a user requests access to certain encrypted data, the processor sends the request to the key generation device, which performs key calculation and decryption operations, and then returns the result to the processor via the bus, and the processor performs data processing and display.
Through the high integration and collaborative work of the modules, the comprehensive protection, efficient calculation processing and high-quality information presentation of the data are realized. It will be appreciated that the electronic product may be any electronic device comprising a solid state storage device provided with key generating means.
The foregoing embodiments have further described the objects, technical solutions and advantageous effects of the present invention in detail, and it should be understood that the foregoing embodiments are merely illustrative embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements, etc. made on the basis of the technical solutions of the present invention should be included in the scope of the present invention.