Disk encryption method and system capable of being updated in real time by using License

Abstract

The invention discloses a disk encryption method and system capable of being updated in real time by using License, and the method comprises the steps: generating a host signature according to a diskuuid of a user host, adding user demand related information including encryption time, the host signature and capacity limitation into the License, and encrypting the License to obtain a ciphertext; verifying the License when the disk encryption software requests a key, generating a host signature, reading system time, and comparing the system time with information in the License to determine whether encryption can be performed or not; if the verification is passed, sending a secret key related to the host signature to the disk encryption software, and mapping the disk needing to be encrypted.According to the method, a new encryption idea is no longer limited to a fixed character string as an encryption key, so that the disk encryption process is safer and more reliable, the process is completely controllable, and the awkward situation that a password is forgotten can be solved.

Description

technical field [0001] The invention relates to a disk encryption method, in particular to a disk encryption method and system using a License that can flexibly encrypt and decrypt a disk with high security requirements, and belongs to the field of software encryption authentication. Background technique [0002] The current disk encryption technology mainly adopts device-map technology. When the disk is mapped, it is encrypted. The main technology is DriveCrypt. Although the encryption program provides an extremely reliable real-time encryption function, it can ensure data security and avoid data loss. However, the random characters used in encryption are difficult to remember; and when we use encrypted disks, when the encrypted string is lost or omitted, we can only rely on professional technicians to restore it on site, and even professional operation may cause the risk of data loss; Moreover, the strings of the existing encryption technology are randomly generated, which...

AI Technical Summary

Problems solved by technology

However, the random characters used in encryption are difficult to remember; and when we use encrypted disks, when the encrypted string is lost or omitted, we can only rely on professional technicians to restore it on site, and even professional operation may cause the risk of data loss; Moreover, the strings of existing encryption technologies are randomly generated, which cannot cover some useful information, which is a technical bottleneck

[0003] Current disk encryption has many deficiencies, not flexible enough and low safety factor, which is not safe for users with strong safety factor (such as army / bank / government); the disadvantages mainly include the following aspects: 1. Disk encryption cannot limit the time. After encryption, the disk will always be encrypted. This is not friendly to scenarios that only need to be encrypted for a certain period of time. It may only be necessary to encrypt the data disk within a certain period of time; 2. Full-disk encryption affects efficiency. Every read and write needs to be encrypted before being placed on the disk, which is not suitable for high-security and high-performance scenarios

3. Unable to limit the disk size and type to encrypt; different encryption methods are used for different disks, such as virtual disk encryption; 4. It cannot be updated regularly, and theoretically it can be cracked by brute force method; 5. All use fixed characters string as the encryption key, once you forget it, you can no longer open the old encrypted disk, and if you forget the password, you can no longer decrypt it, you can only format it

Images