Related method for encrypting and storing files in trusted execution environment based on encryption chip

An encryption chip and file encryption technology, applied in the field of mobile information security to achieve the effect of improving security

Active Publication Date: 2019-08-09
深圳市中易通安全芯科技有限公司
View PDF6 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For this reason, an object of the present invention is to solve the security risk problem faced by intelligent terminal equipment caused by the fact that the key key is not controlled by the terminal equipment manufacturer during the TEE service process, and

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Related method for encrypting and storing files in trusted execution environment based on encryption chip
  • Related method for encrypting and storing files in trusted execution environment based on encryption chip
  • Related method for encrypting and storing files in trusted execution environment based on encryption chip

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0056] Embodiment 1 of the present invention provides a method for increasing the security of a file encryption key in a trusted execution environment based on an encryption chip. figure 1 An implementation flowchart of a method for increasing the security of a file encryption key in an encryption chip-based trusted execution environment provided by an embodiment of the present invention, as shown in figure 1 As shown, the method includes the following steps:

[0057] S11: Safe storage key (SSK key) acquisition step: refers to using the HUK key as the key through the first encryption algorithm to perform operations on the Message to generate the SSK key. The Message is composed of the main chip ID and the TEE String, wherein, The main chip ID is the serial number written into the chip after the main control chip of the terminal device leaves the factory. When the terminal system starts, it is obtained through the interface function of the TEE security environment and passed to...

Embodiment 2

[0084] Embodiment 2 of the present invention provides a file encryption storage system in a trusted execution environment based on an encryption environment, such as Figure 5 As shown, it is a structural block diagram of a file encryption storage system under an encrypted environment-based trusted execution environment in Embodiment 2. It can be seen from the figure that this embodiment includes a TEE, an encryption chip, and a secure storage area.

[0085] As described in Embodiment 1: the encryption chip is used to generate and store the SEK key, and key components include the SEK key, HUK key, TEE String, main chip ID, and UUID.

[0086] The TEE OS runs in the TEE, and includes an encryption and decryption module and files. The encryption and decryption module is implemented by TEE codes in the TEE environment, and is used to obtain key composition factors and increase the security of the file encryption key according to Embodiment 1. The method obtains the TSK key, and th...

Embodiment 3

[0091] Embodiment 3 of the present invention provides a file encryption storage structure in a trusted execution environment based on an encryption environment, such as Figure 6 As shown, it is a block diagram of file encryption storage structure composition in an encrypted environment-based trusted execution environment in Embodiment 3. The encrypted file in this embodiment is like the encrypted encrypted file in Embodiment 2. It can be seen from the figure that this implementation The encrypted file in the example includes file header, node attribute block and data segment.

[0092] The file header includes Encryption FEK, Meta IV, Tag1 and file node information ciphertext. Specifically, in the process of generating Encryption FEK in Embodiment 1, TEE OS will generate Meta IV as the encryption vector of Meta Data, and then according to the third encryption algorithm, Using Meta IV as the key vector, use the FEK key to encrypt Meta Data to generate Tag1 and file node informa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for increasing the security of a file encryption key in a trusted execution environment based on an encryption chip. The method comprises: integrating an encryption chip on a terminal device; controlling the encryption chip by a terminal device manufacturer to generate an encryption chip secret key as a secret key composition factor; generating a file encryption key protection key, used for protecting the file encryption key used when the file is encrypted in TEE service, and preventing problems that in the TEE service process, a chip manufacturer can completely decrypt the ciphertext data into a plaintext when leaving backdoor in the key generation process or performing inverse operation on the encryption key, and the sensitive data has the risk of being stolen. The security of the file encryption key is improved, and the autonomy and controllability of the terminal device manufacturer in encryption service are also improved. The embodiment is an improvement on the basis of an original TEE file encryption technology. The controllability of file encrypted storage and key algorithm is more conveniently realized under the condition that the encryptionand decryption efficiency of the original technology is not changed, and the security risk of key leakage is avoided.

Description

technical field [0001] The invention relates to the field of mobile information security, in particular to a file encryption storage method and device in a trusted execution environment based on an encryption chip. Background technique [0002] With the development of mobile communication technology, terminal equipment is widely used in various aspects such as communication, social interaction, entertainment, and office. However, while users enjoy the great convenience brought by various applications on terminal equipment, they also face various security threats. To solve security threats such as information leakage, information cracking, illegal access damage, or malicious program attacks, ARM proposed the TrustZone technology solution. TrustZone is a technical product that supports TEE (Trusted Execution Environment, Trusted Execution Environment). On the basis of software and hardware, the mobile terminal equipment is isolated from TEE and REE (Rich Execution Environment,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/62G06F21/72
CPCG06F21/6209G06F21/72
Inventor 刘永康
Owner 深圳市中易通安全芯科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap