A data security protection system based on an embedded encryption module
By embedding encryption and security proxy modules into the gas station terminal server, a lightweight key management system and two-way authentication mechanism are built, solving the data security problem of the gas station-level server and achieving low-cost, high-efficiency data protection and business continuity.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- NORTHWESTERN POLYTECHNICAL UNIV
- Filing Date
- 2026-03-25
- Publication Date
- 2026-06-09
AI Technical Summary
Gas station-level servers suffer from insufficient encryption and decryption capabilities, inadequate key management, weak device access security, high deployment and maintenance costs, insufficient business adaptability, and poor scalability, which threaten data security and business continuity.
The data security protection system based on embedded encryption modules provides local encryption computing capabilities by building a security proxy module and an embedded encryption module in the terminal server, constructing a lightweight key lifecycle management system, and combining a two-way identity authentication mechanism to achieve fine-grained protection of terminal-side data.
It significantly reduces deployment and maintenance costs, achieves closed-loop security management of the entire key lifecycle, enhances access security and system flexibility, improves business adaptability and fault emergency response capabilities, and ensures data security and business continuity.
Smart Images

Figure CN121907622B_ABST
Abstract
Description
Technical Field
[0001] The embodiments of this application relate to the field of data security protection technology, and in particular to a data security protection system based on an embedded encryption module. Background Technology
[0002] In the process of digital transformation of gas station operations, the gas station's station-level server serves as a key hub connecting the gas station's on-site operations with the headquarters' business platform. Its safe and stable operation directly affects the continuity of the overall business, service reliability, and data security.
[0003] Currently, gas station-level servers face severe security challenges. From a security perspective, these servers, as core nodes, have significant security weaknesses. When interacting with the headquarters' business platform, they lack an effective two-way encryption / decryption authentication mechanism. This vulnerability exposes sensitive data during communication to unauthorized access, and transaction data may be lost or tampered with during transmission. Furthermore, unauthorized devices may bypass the station-level server to impersonate legitimate business operations and interact with the backend, seriously threatening business security.
[0004] Meanwhile, violations in business operations have further exacerbated security risks. Some staff members have been found to have improperly deployed applications on the gas station's server or circumvented the server's access rules, leading to frequent incidents of fraudulent operations interacting with the headquarters' business platform. This not only disrupts normal business processes but may also cause data leaks and financial losses.
[0005] Deploying encryption machines on station-level servers can effectively prevent data leaks and improve data security. However, from an economic and operational management perspective, deploying traditional encryption machines on all station-level servers would not only result in high hardware procurement costs but also in huge initial investments on a large scale. Furthermore, traditional encryption devices are complex to operate, requiring specialized technicians for on-site deployment and maintenance, leading to continuously increasing labor and maintenance costs, placing a heavy economic burden on enterprises. In addition, the widespread distribution of gas stations significantly increases the difficulty of equipment deployment, replacement, and management. Under the current model, the efficiency of on-site operations by professional personnel is low, further driving up operating costs. Headquarters also finds it difficult to conduct unified, real-time monitoring and management of all station-level servers.
[0006] As a typical distributed terminal device, the gas station's station-level server can apply a distributed security solution of "central server encryption + passive reception by terminal devices". However, in this solution, the terminal devices lack independent encryption capabilities, the keys are centrally stored on the central server, which poses a single point of failure risk, the terminal device deployment process is complex, requiring professional technicians to configure on-site, the device status monitoring is decentralized, and it is impossible to achieve centralized control of all terminal encryption devices by the headquarters. Furthermore, when business security requirements change, the terminal devices need to be upgraded on-site, resulting in poor scalability and inability to adapt to the large-scale deployment requirements of distributed terminals.
[0007] In summary, current data security protection systems have the following shortcomings.
[0008] First, terminal devices lack encryption capabilities. Most existing solutions rely on a central server to perform encryption and decryption operations, and terminal devices lack local encryption modules, making business data vulnerable to unauthorized access or tampering on the terminal device side.
[0009] Second, the key management system is inadequate. Firstly, there is a lack of lightweight control solutions. Large HSMs (Hardware Security Modules) are costly and bulky, making them unsuitable for deployment on small terminal devices. Secondly, storage security is insufficient; currently, most keys are stored on terminal devices in plaintext or with simple encryption, making them vulnerable to leakage. Finally, there is a lack of full lifecycle management, lacking a closed-loop mechanism for dynamic key generation, distributed distribution, periodic updates, and secure destruction.
[0010] Third, device access security is weak. Access is restricted only at the network level, lacking two-way authentication between terminal devices and the central server. Unauthorized devices can easily impersonate legitimate terminal devices to access the central server.
[0011] Fourth, deployment and maintenance costs are high. Installing encryption devices on terminal devices requires on-site operation by professional personnel, the status monitoring of encryption devices is scattered, fault response is delayed, and function upgrades require on-site debugging, which cannot meet the maintenance needs of large-scale terminal deployment.
[0012] Fifth, insufficient business adaptability. Current data security protection systems lack a mechanism for binding "business identifier, encryption function, and key permissions," which makes them vulnerable to unauthorized business calls to encryption services and the theft of encryption resources by plug-ins.
[0013] Fifth, poor scalability. When business security requirements change or encryption algorithms are upgraded, hardware replacement or on-site software reinstallation of terminal devices is required, resulting in low upgrade efficiency and seriously affecting business continuity. Summary of the Invention
[0014] To address the aforementioned technical issues, embodiments of this application propose a data security protection system based on an embedded encryption module. By introducing an embedded encryption module adapted for deployment on small terminal servers, it provides local encryption computing capabilities, achieving refined protection of terminal-side data. It constructs a lightweight key lifecycle management system of "centralized control, terminal storage, and dynamic interaction," and combined with a two-way authentication mechanism, it ensures the security of keys throughout the entire process, effectively preventing external programs or unauthorized business calls to encrypted resources.
[0015] To achieve the above objectives, embodiments of this application propose a data security protection system based on an embedded encryption module. The system includes a headquarters management center and several distributed terminal servers. Each terminal server has a built-in security proxy module and connects to the embedded encryption module via a standardized interface. The embedded encryption module provides local cryptographic operations and key security management services. The security proxy module acts as a communication bridge between the business program and the embedded encryption module, enabling the invocation of encryption services and the forwarding of device management commands. The headquarters management center centrally manages all connected embedded encryption modules, including at least device registration, key distribution, status monitoring, and remote operation and maintenance. When a new business program is detected, the security proxy module sends an authorization request corresponding to the new business program to the headquarters management center. The headquarters management center then processes the new business program... The system performs a security assessment and, if the release is permitted, sends the authorization instruction corresponding to the new business program to the security proxy module that initiated the authorization request. The security proxy module then forwards the authorization instruction to the embedded encryption module. The security proxy module is also used to collect the operating status, key usage, and business call logs of the embedded encryption module in real time and upload them to the headquarters management center. It also receives device management instructions from the headquarters management center in real time, forwards them to the embedded encryption module, and provides feedback on the execution results. After power-on, the embedded encryption module is in normal working state and can only respond to device management instructions. It cannot perform local cryptographic operations. When it receives the authorization instruction corresponding to the new business program, it performs two-way authentication with the headquarters management center. If the two-way authentication is successful, it enters the authorized working state and begins to provide local cryptographic operations services for the new business program.
[0016] To achieve the above objectives, embodiments of this application also propose a data security protection method based on an embedded encryption module, implemented based on the data security protection system based on an embedded encryption module as described above. The method includes: after the embedded encryption module connects to the terminal server via a standardized interface, is powered on, and completes initialization, it enters a normal working state. In this state, it only responds to device management commands from the headquarters management center and does not perform local cryptographic operations. When the security proxy module detects a new business program, it sends an authorization request corresponding to the new business program to the headquarters management center. The headquarters management center performs a security assessment of the new business program. If the assessment determines that the new business program is allowed to be published, it sends an authorization command corresponding to the new business program to the security proxy module. The security proxy module then transmits the authorization command corresponding to the new business program issued by the headquarters management center. The authorization command is forwarded to the embedded encryption module. Upon receiving the authorization command corresponding to the new business program, the embedded encryption module performs two-way authentication with the headquarters management center. If the two-way authentication is successful, the embedded encryption module switches from normal working state to authorized working state and begins to provide local cryptographic operation services for the new business program. If the two-way authentication fails, it remains in normal working state. The security proxy module collects the operating status, key usage, and business call logs of the embedded encryption module in real time and uploads them to the headquarters management center. It also receives device management commands issued by the headquarters management center in real time, forwards them to the embedded encryption module, and provides feedback on the execution results. The headquarters management center centrally manages all connected embedded encryption modules, including at least device registration, key distribution, status monitoring, and remote operation and maintenance, to achieve end-to-end data security protection.
[0017] To achieve the above objectives, embodiments of this application also propose an electronic device, including a processor and a memory, wherein the memory stores instructions executable by the processor, and the processor is configured to execute the instructions such that the electronic device can implement a data security protection method based on an embedded encryption module as described above.
[0018] To achieve the above objectives, embodiments of this application also propose a computer-readable storage medium storing a computer program that, when executed by a processor, enables a data security protection method based on an embedded encryption module as described above.
[0019] Optionally, for any given business program, the security agent module calls the embedded encryption module to randomly generate a business identifier corresponding to the business program. The business identifier is submitted by the security agent module to the headquarters management center, then by the headquarters management center to the headquarters business platform, and finally by the headquarters business platform to the business program on the corresponding terminal server. When the business program calls the embedded interaction module, it needs to provide the current business identifier. The business program can only be executed if the current business identifier is correct. If the current business identifier is incorrect, the security agent module generates an alarm message and reports it to the headquarters management center. After the embedded encryption module is powered on again, the business identifier needs to be regenerated for the business program.
[0020] Optionally, the embedded encryption module adopts a miniaturized, low-power hardware design, supports access to the terminal server through a standardized interface, and integrates a cryptographic operation chip and a secure storage chip. All cryptographic operations and key storage are completed inside the embedded encryption module, and the plaintext key is not exposed to the outside world.
[0021] The embedded encryption module supports encryption algorithms including symmetric algorithms, asymmetric algorithms, and hash algorithms. The selection of encryption algorithms is configured according to business requirements. Symmetric algorithms include SM1, SM4, DES, 3DES, and AES; asymmetric algorithms include SM2 and RSA; and hash algorithms include SM3, SHA1, SHA256, and SHA512.
[0022] The embedded encryption module provides cryptographic computation services, key security management services, and identity authentication services. Cryptographic computation services include data encryption, data decryption, MAC (Media Access Control Address) calculation and verification, digital signature and verification, and data encryption. Key security management services include local random key generation, import of encrypted keys issued by the center, secure storage of keys by category, distributed key derivation, and secure key destruction. Identity authentication services include two-way identity authentication with the headquarters management center based on the SM2 algorithm. The two-way identity authentication adopts an authentication mechanism of device private key signing and center public key verification.
[0023] Optionally, the security agent module is installed as software on the terminal server, supporting multiple system platforms including Linux, embedded Linux, and Windows. The security agent module is based on a cross-compilation environment to achieve rapid adaptation of the core library and provides a unified standard interface.
[0024] The security agent module provides command forwarding, status monitoring, and security control services. The command forwarding service specifically receives device management commands issued by the headquarters management center, forwards them to the embedded encryption module, and provides feedback on the execution results. Device management commands include at least key update commands, function upgrade commands, and status query commands. The status monitoring service specifically collects the operating status of the embedded encryption module, key usage, and business call logs in real time and uploads them to the headquarters management center. The security control service specifically binds business identifiers to encryption services, verifies the legitimacy of business requests, and prevents unauthorized business calls to encrypted resources.
[0025] Optionally, the headquarters management center adopts a four-layer architecture design consisting of an infrastructure layer, a core service layer, a device access layer, and a management service layer. The infrastructure layer includes a database cluster, a message queue cluster, a cache service cluster, and a cryptographic machine cluster. The core service layer includes a public service cluster, providing distributed control services, device activation services, device check-in services, data protection services, key control services, and encryption policy services. The device access layer is used to implement load balancing, communication adaptation, message adaptation, and transaction routing. The management service layer provides user management services, permission management services, station-level management services, product management services, device management services, application management services, operation and maintenance monitoring services, remote upgrade services, and statistical analysis services.
[0026] Key management services specifically include root key generation, subkey distribution, key ciphertext distribution, key version management, and key lifecycle monitoring;
[0027] The device management service supports batch registration, information entry, status query, fault alarm, remote activation and deregistration of embedded encryption modules;
[0028] The operation and maintenance monitoring service provides a visual monitoring interface that displays the running status of all connected embedded encryption modules, encryption service call statistics, and fault alarm information;
[0029] The remote upgrade service supports remote upgrades of the algorithm library for embedded encryption modules and remote upgrades of security proxy modules, without requiring on-site operation.
[0030] The statistical analysis service records the device operations, key usage, business calls, and permission change behaviors of all connected embedded encryption modules, and supports log querying and tracing.
[0031] Optionally, the data security protection system adopts a three-level key system to achieve secure key management;
[0032] The data security protection system includes management keys and business keys;
[0033] The management key includes a device key, an authentication key, and a local protection key. The device key is used to identify the embedded encryption module in two-way authentication. There is only one device key per embedded encryption module, which is stored internally and its public key can be obtained through device management commands. The authentication key is used to identify the headquarters management center in two-way authentication. The local protection key is used to encrypt the externally stored key of the embedded encryption module. Both the device key and the authentication key are SM2 key pairs.
[0034] The business key includes a transmission master key, a working key, and an asymmetric key. The transmission master key is used to encrypt and protect the working key during its distribution from the headquarters management center to the embedded encryption module. The working key is a symmetric key used to provide cryptographic services to the embedded encryption module, including encryption, decryption, MAC calculation, and PIN (Personal Identification Number) encryption. The asymmetric key is used to provide cryptographic services to the embedded encryption module, including signing, signature verification, and asymmetric key encryption and decryption.
[0035] The device key and asymmetric key are randomly generated by the embedded encryption module. The authentication key, transmission master key, and working key are generated by the headquarters management center and loaded into the embedded encryption module in a secure manner. The local protection key is randomly generated by the embedded encryption module, or generated by the headquarters management center and loaded into the embedded encryption module in a secure manner.
[0036] Optionally, the embedded encryption module has five states: power-off state, uninitialized state, normal working state, authorized working state, and fault state.
[0037] The embedded encryption module is in a power-off state when not powered on.
[0038] After power-on, the embedded encryption module enters an uninitialized state. In the uninitialized state, the embedded encryption module does not generate a device key or asymmetric key, does not set an access password, and the status code is 0X00.
[0039] After powering on and completing initialization, the embedded encryption module enters the normal working state. In the normal working state, the embedded encryption module is allowed to accept status queries and respond to device management commands, but it cannot perform local cryptographic operations. The status code is 0X01.
[0040] After passing two-way authentication with the headquarters management center, the embedded encryption module enters the authorized working state. In the authorized working state, the embedded encryption module is allowed to provide local cryptographic operation services for business programs. The status code is 0X02. The embedded encryption module returns to the power-off state after power failure.
[0041] If the embedded encryption module fails the self-test, it enters a fault state with a status code of 0X1x, where x in 0X1x depends on the specific fault definition.
[0042] This application proposes a data security protection system based on an embedded encryption module, which brings the following technical advantages compared with traditional data security protection systems.
[0043] First, it significantly reduces deployment and maintenance costs. Compared to the high cost of deploying traditional large-scale encryption machines for each terminal server, this application uses a miniaturized, low-power embedded encryption module, which greatly reduces hardware procurement costs. Simultaneously, remote installation and configuration are achieved through a security agent module, eliminating the need for frequent on-site deployment and maintenance by professional technicians, thus greatly saving labor costs and travel expenses, making it ideal for the cost-effective deployment needs of large-scale terminals.
[0044] Second, it achieves closed-loop secure management of the entire key lifecycle. This application constructs a rigorous three-level key system, solving the problem of chaotic key management in traditional terminals. All keys are stored internally within the embedded encryption module, ensuring that plaintext keys are never exposed or left unattended, effectively resisting physical attacks and brute-force cracking, and achieving closed-loop control of the entire key lifecycle from generation, distributed distribution, dynamic updates to secure destruction.
[0045] Third, a three-pronged defense system has been constructed. This application significantly improves access security by introducing a two-way authentication mechanism and a business identifier binding mechanism. These two mechanisms force business programs to carry a legitimate identifier in order to access encrypted resources, eliminating the risk of plug-ins, illegal software stealing and tampering with data.
[0046] Fourth, it enhances the system's flexibility and functional scalability. This application overcomes the limitations of traditional hardware encryption devices with fixed functions, supporting remote online upgrades. Whether it's updating the algorithm library or optimizing the security agent module, everything can be done remotely from the headquarters management center, without requiring on-site hardware replacement or software reinstallation. This design allows the system to flexibly adapt to dynamic changes in business security needs, ensuring long-term business continuity and technological foresight.
[0047] Fifth, it improves business adaptability and multi-platform compatibility. The security proxy module is developed in software form and based on a cross-compilation environment, possessing excellent cross-platform compatibility and adapting to various terminal server operating systems. Simultaneously, the security proxy module provides a unified standard API interface for business programs, shielding them from underlying hardware differences. This allows various business systems to seamlessly integrate encryption functionality without requiring large-scale modifications to existing business logic, lowering the technical barrier to business integration.
[0048] Sixth, it strengthens fault emergency response and business continuity assurance. This application designs a comprehensive fault monitoring and emergency handling mechanism, capable of real-time monitoring of the embedded encryption module's operational status. When a module malfunctions or unauthorized access is detected, the system immediately sends an alarm to the headquarters management center and supports remote issuance of emergency commands to prevent the spread of risk. Furthermore, the authorized activation mechanism of the embedded encryption module further prevents the risk of data leakage after device theft, comprehensively ensuring the security and continuity of business data. Attached Figure Description
[0049] To more clearly illustrate the technical solutions in the embodiments or related technologies of this application, the accompanying drawings used in the description of the embodiments or related technologies of this application will be briefly introduced below. Obviously, the following drawings are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort. The drawings described herein are only used to explain this application and are not intended to limit this application.
[0050] Figure 1 This is a schematic diagram of the structure of a data security protection system based on an embedded encryption module provided in one embodiment of this application;
[0051] Figure 2 This is a schematic diagram of the business identifier transfer process provided in one embodiment of this application;
[0052] Figure 3 This is a schematic diagram of the structure of a headquarters management center provided in one embodiment of this application;
[0053] Figure 4 This is a schematic diagram of a key system provided in one embodiment of this application;
[0054] Figure 5 This is a schematic diagram of five states of an embedded encryption module provided in one embodiment of this application;
[0055] Figure 6 This is a schematic diagram of a two-way authentication mechanism provided in one embodiment of this application;
[0056] Figure 7 This is a schematic diagram of the visual interface of the headquarters management center provided in one embodiment of this application;
[0057] Figure 8 This is a flowchart of a data security protection method based on an embedded encryption module provided in another embodiment of this application;
[0058] Figure 9 This is a schematic diagram of the structure of an electronic device provided in another embodiment of this application. Detailed Implementation
[0059] To make the objectives, technical solutions, and advantages of the embodiments of this application clearer, the various embodiments of this application will be described in detail below with reference to the accompanying drawings. Those skilled in the art will understand that many technical details have been presented in the embodiments of this application to facilitate better understanding. However, the technical solutions claimed in this application can be implemented even without these technical details and various variations and modifications based on the following embodiments. The division of the following embodiments is for ease of description and should not constitute any limitation on the specific implementation of this application. The following embodiments can be combined with and referenced by each other without contradiction.
[0060] One embodiment of this application proposes a data security protection system based on an embedded encryption module. The implementation details of the data security protection system based on an embedded encryption module proposed in this embodiment are described in detail below. The following implementation details are provided for ease of understanding and are not necessary for implementing this solution.
[0061] The specific structure of the data security protection system based on an embedded encryption module proposed in this embodiment can be as follows: Figure 1 As shown, it includes: a headquarters management center and several distributed terminal servers. Each terminal server has a built-in security proxy module and is connected to an embedded encryption module through a standardized interface (such as a USB interface). The embedded encryption module is used to provide local cryptographic operation services and key security management services. The security proxy module acts as a communication bridge between the business program and the embedded encryption module, and is used to realize the invocation of encryption services and the forwarding of device management commands.
[0062] The headquarters management center is used to centrally manage all connected embedded encryption modules, including at least device registration, key distribution, status monitoring, and remote operation and maintenance.
[0063] The security proxy module is used to send an authorization request for a new business program to the headquarters management center when a new business program is detected. The headquarters management center performs a security assessment on the new business program and, if it determines that the release is allowed, sends an authorization instruction for the new business program to the security proxy module that initiated the authorization request. The security proxy module then forwards the authorization instruction for the new business program to the embedded encryption module.
[0064] The security agent module is also used to collect the running status, key usage, and business call logs of the embedded encryption module in real time and upload them to the headquarters management center. It also receives device management instructions issued by the headquarters management center in real time, forwards them to the embedded encryption module, and provides feedback on the execution results.
[0065] After power-on, the embedded encryption module is in normal working state, which can only respond to device management commands and cannot perform local cryptographic calculation services. When it receives the authorization command corresponding to the new business program, it performs two-way authentication with the headquarters management center. If the two-way authentication is successful, it enters the authorized working state and begins to provide local cryptographic calculation services for the new business program.
[0066] The following is a detailed description of the components and mechanisms of a data security protection system based on an embedded encryption module proposed in this embodiment.
[0067] 1) Business identifier binding mechanism.
[0068] In the data security protection system based on an embedded encryption module proposed in this application, the execution of a business program is bound to a business identifier. For any business program (using... Figure 1 Taking a business program as an example, the security agent module needs to call the embedded encryption module to randomly generate a business identifier corresponding to the business program. The business identifier is submitted by the security agent module to the headquarters management center, then submitted by the headquarters management center to the headquarters business platform, and finally distributed by the headquarters business platform to the corresponding terminal server business program. When the business program calls the embedded interaction module, it needs to provide the current business identifier. The business program can only be executed if the current business identifier is correct. If the current business identifier is incorrect (it may be that a criminal is impersonating the business program, or the business program has expired), the security agent module will generate an alarm message and report it to the headquarters management center.
[0069] The process of transferring business identifiers can be as follows: Figure 2 As shown, the headquarters business platform only issues the business identifier to the business program once. It is particularly important to note that the business identifier needs to be regenerated for the business program after the embedded encryption module is powered on again.
[0070] In one example, the randomly generated business identifier is not completely random, but needs to be generated based on the state of the terminal server, the characteristics of the business program, and the current timestamp.
[0071] In one example, the business identifier is denoted as , This can be expressed by the formula:
[0072] ;
[0073] in, Represents a hash function. This indicates the filing number for the business procedure. This indicates the serial number of the embedded encryption module. Indicates the current timestamp, Random numbers generated for the embedded encryption module. This represents a state summary of the terminal server.
[0074] In one example, the business identifier has a time limit. It expires after its duration exceeds a maximum time limit threshold. The timeout determination for the business identifier is implemented by the headquarters management center, which calculates the current time. Timestamp of business identifier The difference between , ,judge Is it greater than the maximum time limit threshold? ,like If the business identifier expires, the headquarters management center will instruct the security agent module to call the embedded encryption module again to generate a new business identifier.
[0075] It is important to note that the business identifier and the authorization instruction are not the same concept. The business identifier applies to all business programs, while the authorization instruction only applies to newly connected business programs. Newly authorized business programs also need to have their business identifiers generated by the embedded encryption module.
[0076] 2) Authorization activation mechanism.
[0077] The authorization activation mechanism is triggered by the security proxy module. When the security proxy module detects a new business program, it sends an authorization request for the new business program to the headquarters management center. The headquarters management center performs a security assessment of the new business program and, if it deems release permissible, sends an authorization instruction corresponding to the new business program to the security proxy module that initiated the authorization request. The security proxy module then forwards the authorization instruction to the embedded encryption module. Upon receiving the authorization instruction, the embedded encryption module performs two-way authentication with the headquarters management center. If the two-way authentication is successful, it begins providing local cryptographic computation services for the new business program.
[0078] In one example, the headquarters management center calculates the authorization threshold for a new business program. Based on the authorization threshold and a security threshold, a security determination is made. If the authorization threshold is greater than the security threshold, the new business program is deemed to be allowed to be released; otherwise, the new business program is deemed not to be allowed to be released.
[0079] The headquarters management center calculates the authorization determination value for the new business procedure using the following formula:
[0080] ;
[0081] in, This is the authorization judgment value for the new business procedure. The result value is the integrity verification value of the new business procedure. The more complete the new business procedure, the better. The higher the value, the better. The trustworthiness of the operating environment for the new business program indicates whether the operating environment of the new business program is secure. This is the compliance value for the new business procedure, indicating whether the new business procedure is compliant. The current state credibility of the terminal server. This is a factor related to the historical abnormal behavior of the terminal server; the more historical abnormalities the terminal server has, the better. The higher the value, the better. , , , , They are respectively , , , , The corresponding weighting coefficients.
[0082] 3) Embedded encryption module.
[0083] The embedded encryption module adopts a miniaturized, low-power hardware design and supports access to the terminal server through a standardized interface. It integrates a cryptographic operation chip and a secure storage chip. All cryptographic operations and key storage are completed inside the embedded encryption module, and the plaintext key is not exposed to the outside world.
[0084] The embedded encryption module supports encryption algorithms including symmetric, asymmetric, and hash algorithms. The selection of encryption algorithms is configured according to business requirements. Symmetric algorithms include SM1, SM4, DES, 3DES, and AES; asymmetric algorithms include SM2 and RSA; and hash algorithms include SM3, SHA1, SHA256, and SHA512.
[0085] The embedded encryption module provides cryptographic computation services, key security management services, and identity authentication services. Cryptographic computation services include data encryption, data decryption, MAC calculation and verification, digital signature and verification, and data re-encryption. Key security management services include local random key generation, importing ciphertext of keys issued from the central authority, secure storage of categorized keys, distributed key derivation, and secure key destruction. Identity authentication services include two-way authentication with the headquarters management center based on the SM2 algorithm, employing an authentication mechanism of device private key signing and central public key verification.
[0086] 4) Security Agent Module.
[0087] The security proxy module is installed as software on the terminal server and supports multiple system platforms, including Linux, embedded Linux, and Windows. The security proxy module is based on a cross-compilation environment to achieve rapid adaptation of the core library and provides a unified standard interface.
[0088] The security proxy module provides command forwarding, status monitoring, and security control services. The command forwarding service receives device management commands from the headquarters management center, forwards them to the embedded encryption module, and provides feedback on the execution results. Device management commands include at least key update commands, function upgrade commands, and status query commands. The status monitoring service collects real-time data on the embedded encryption module's operating status, key usage, and business call logs, and uploads this data to the headquarters management center. The security control service binds business identifiers to encryption services, verifies the legitimacy of business requests, and prevents unauthorized business access to encrypted resources.
[0089] 5) Headquarters Management Center.
[0090] The headquarters management center adopts a four-layer architecture design consisting of an infrastructure layer, a core service layer, a device access layer, and a management service layer (e.g., Figure 3 (As shown).
[0091] The infrastructure layer comprises four types of clusters: database cluster, message queue cluster, caching service cluster, and cryptographic machine cluster. The core service layer includes a public service cluster, providing distributed management and control services, device activation services, device check-in services, data protection services, key management services, and encryption policy services. The device access layer handles load balancing, communication adaptation, message adaptation, and transaction routing. The management service layer provides user management services, access control services, site-level management services, product management services, device management services, application management services, operation and maintenance monitoring services, remote upgrade services, and statistical analysis services.
[0092] Key management services specifically include root key generation, subkey distribution, key ciphertext distribution, key version management, and key lifecycle monitoring.
[0093] The device management service supports batch registration, information entry, status query, fault alarm, remote activation and deregistration of embedded encryption modules.
[0094] The operation and maintenance monitoring service provides a visual monitoring interface that displays the running status of all connected embedded encryption modules, encryption service call statistics, and fault alarm information.
[0095] The remote upgrade service supports remote upgrades of the algorithm library for embedded encryption modules and remote upgrades of security proxy modules, without requiring on-site operation.
[0096] The statistical analysis service records the device operations, key usage, business calls, and permission change behaviors of all connected embedded encryption modules, and supports log querying and tracing.
[0097] The visual interface of the headquarters management center, such as Figure 7 As shown.
[0098] 6) Three-level key system.
[0099] This embodiment proposes a data security protection system based on an embedded encryption module, which employs a three-level key system (such as...). Figure 4 As shown, this implements secure key management.
[0100] The keys in a data security protection system include two types: management keys and business keys.
[0101] The management key only provides management services for devices (terminal servers, embedded encryption modules) and does not directly provide cryptographic services for business operations.
[0102] The management keys include a device key, an authentication key, and a local protection key. The device key is used to identify the embedded encryption module in two-way authentication; each embedded encryption module has only one device key, which is stored internally and its public key can be obtained through device management commands. The authentication key is used to identify the headquarters management center in two-way authentication. The local protection key is used to encrypt externally stored keys within the embedded encryption module. Both the device key and the authentication key are SM2 key pairs.
[0103] The business keys include a transmission master key, a working key, and an asymmetric key. The transmission master key is used to encrypt and protect the working key during its distribution from the headquarters management center to the embedded encryption module. The working key is a symmetric key, used to provide cryptographic services to the embedded encryption module, including encryption, decryption, MAC calculation, and PIN encryption. The asymmetric key is used to provide cryptographic services to the embedded encryption module, including signing, signature verification, and asymmetric key encryption and decryption.
[0104] The device key and asymmetric key are randomly generated by the embedded encryption module. The authentication key, transmission master key, and working key are generated by the headquarters management center and loaded into the embedded encryption module in a secure manner. The local protection key is randomly generated by the embedded encryption module, or generated by the headquarters management center and loaded into the embedded encryption module in a secure manner.
[0105] The embedded encryption module has a pre-built public key for authentication from the headquarters management center, which is used to protect the secure transmission of the device's public key to the headquarters management center.
[0106] The embedded encryption module randomly generates device keys and cannot regenerate new device keys if they already exist. Each embedded encryption module has only one pair of device keys. The device private key is stored inside the embedded encryption module, and the headquarters management center can obtain the device public key using device management commands.
[0107] The embedded encryption module uses the authentication public key to encrypt the device public key and uploads it to the headquarters management center. The headquarters management center uses the authentication private key to decrypt the device public key and obtain the device public key.
[0108] The headquarters management center generates working keys and transmission master keys, and securely distributes them to the embedded encryption module.
[0109] The headquarters management center uses the device's public key to encrypt the transmission master key using the embedded encryption module, and then sends the encrypted transmission master key ciphertext to the embedded encryption module. The embedded encryption module uses the device's private key to decrypt the transmission master key ciphertext, obtains the plaintext of the transmission master key, and stores it in the storage area.
[0110] After the headquarters management center encrypts the working key using the transmission master key, it sends the working key ciphertext to the embedded encryption module. The embedded encryption module uses the decrypted transmission master key to decrypt the working key ciphertext to obtain the working key, and then uses the local protection key to encrypt the working key and stores it in the storage area.
[0111] The three-level key system has the following advantages: the key is stored in the embedded encryption module and cannot be read in plaintext by the terminal server; the key can be randomly generated in the embedded encryption module or securely imported using ciphertext; each key needs to be specified for a specific purpose (such as for encryption, for MAC calculation, etc.).
[0112] 7) The five states of the embedded encryption module and the two-way authentication mechanism.
[0113] like Figure 5 As shown, the embedded encryption module has a total of five states: power off, uninitialized, normal working, authorized working, and fault.
[0114] The embedded encryption module is in a power-off state when it is not powered on.
[0115] After power-on, the embedded encryption module enters an uninitialized state. In the uninitialized state, the embedded encryption module does not generate a device key or asymmetric key, does not set an access password, and the status code is 0X00.
[0116] After powering on and completing initialization, the embedded encryption module enters the normal working state. In the normal working state, the embedded encryption module is allowed to accept status queries and respond to device management commands, but it cannot perform local cryptographic operations. The status code is 0X01.
[0117] After passing two-way authentication with the headquarters management center, the embedded encryption module enters the authorized working state. In the authorized working state, the embedded encryption module is allowed to provide local cryptographic operation services for business programs, and the status code is 0X02. The embedded encryption module returns to the power-off state after power failure.
[0118] If the embedded encryption module fails the self-test, it enters a fault state with a status code of 0X1x, where x in 0X1x depends on the specific fault definition.
[0119] like Figure 6 As shown, the embedded encryption module employs a two-way authentication mechanism to mitigate the risk of misuse. The embedded encryption module can only perform encryption and decryption calculations using the key after successful two-way authentication with the headquarters management center. This two-way authentication must be repeated after each power outage and power-on.
[0120] 8) Log monitoring and anomaly alerts.
[0121] The headquarters management center needs to perform anomaly detection on the embedded encryption module, that is, calculate the abnormal value of the embedded encryption module based on the embedded encryption module's logs. ,like Greater than the anomaly detection threshold If the embedded encryption module is found to be malfunctioning, the current business program on the terminal server will be frozen, and a restrictive device management command will be issued to the security agent module.
[0122] The formula for calculating outliers in an embedded encryption module is as follows:
[0123] ;
[0124] in, Indicates the number of failed calls. Indicates the number of unauthorized calls. Indicates the total number of calls. Indicates the deviation in call frequency. This indicates the deviation in the distribution of call times. , , , , All of these can be extracted from the logs of the embedded encryption module. , , , They are respectively , , , The corresponding weighting coefficients.
[0125] This embodiment presents a data security protection system based on an embedded encryption module, which brings the following technical effects compared with traditional data security protection systems.
[0126] First, it significantly reduces deployment and maintenance costs. Compared to the high cost of deploying traditional large-scale encryption machines for each terminal server, this embodiment uses a miniaturized, low-power embedded encryption module, greatly reducing hardware procurement costs. Simultaneously, remote installation and configuration are achieved through a security agent module, eliminating the need for frequent on-site deployment and maintenance by professional technicians, significantly saving labor costs and travel expenses, making it ideal for the cost-effective deployment needs of large-scale terminals.
[0127] Secondly, it achieves closed-loop security management of the entire key lifecycle. This embodiment constructs a rigorous three-level key system, solving the problem of chaotic key management in traditional terminals. All keys are stored internally within the embedded encryption module, ensuring that plaintext keys are never exposed or left unattended, effectively resisting physical attacks and brute-force cracking, and achieving closed-loop control of the entire key lifecycle from generation, distributed distribution, dynamic updates to secure destruction.
[0128] Third, a three-pronged defense system was constructed. This embodiment significantly improves access security by introducing a two-way authentication mechanism and a business identifier binding mechanism. These two mechanisms force business programs to carry a legitimate identifier in order to access encrypted resources, eliminating the risk of plug-ins, illegal software theft, and data tampering.
[0129] Fourth, it enhances the system's flexibility and functional scalability. This embodiment overcomes the limitations of traditional hardware encryption devices with fixed functions, supporting remote online upgrades. Whether it's updating the algorithm library or optimizing the security agent module, everything can be done remotely from the headquarters management center without requiring on-site hardware replacement or software reinstallation. This design allows the system to flexibly adapt to dynamic changes in business security needs, ensuring long-term business continuity and technological foresight.
[0130] Fifth, it improves business adaptability and multi-platform compatibility. The security proxy module is developed in software form and based on a cross-compilation environment, possessing excellent cross-platform compatibility and adapting to various terminal server operating systems. Simultaneously, the security proxy module provides a unified standard API interface for business programs, shielding them from underlying hardware differences. This allows various business systems to seamlessly integrate encryption functionality without requiring large-scale modifications to existing business logic, lowering the technical barrier to business integration.
[0131] Sixth, it strengthens fault emergency response and business continuity assurance. This embodiment features a comprehensive fault monitoring and emergency handling mechanism, capable of real-time monitoring of the embedded encryption module's operational status. When a module malfunctions or unauthorized access is detected, the system immediately sends an alarm to the headquarters management center and supports remote issuance of emergency commands to prevent the spread of risk. Furthermore, the authorized activation mechanism of the embedded encryption module further prevents data leakage risks after device theft, comprehensively ensuring the security and continuity of business data.
[0132] It is worth noting that all modules involved in this embodiment are logical modules. In practical applications, a logical module can be a physical module, a part of a physical module, or an organic combination of multiple physical modules. Furthermore, to highlight the innovative aspects of this application, this embodiment does not introduce modules that are not closely related to solving the technical problems proposed in this application. However, this does not mean that other modules are absent from this embodiment.
[0133] In one embodiment, to verify the data security protection system based on an embedded encryption module proposed in this application, we conducted relevant simulation experiments.
[0134] The embedded encryption module is deployed on 200 terminal servers, uses a USB interface for access, measures 8cm×5cm×2cm, consumes no more than 5W, supports SM1 to SM4 Chinese cryptographic algorithms and international algorithms such as AES and RSA, has a key storage capacity of 1024 keys, an SM4 encryption / decryption rate greater than 30Mbps, and an SM2 signature rate greater than 150 times / second.
[0135] The security agent module is deployed on the terminal server, supports Linux CentOS 7.0 and above, and provides API interfaces in multiple languages such as C++, Java and Python to achieve seamless integration between business programs and the embedded encryption module.
[0136] The headquarters management center is deployed in the headquarters computer room and adopts a cluster architecture to ensure high availability. The database uses a MySQL cluster to store device information, key metadata, and operation logs, while the cache uses a Redis cluster to improve query efficiency. The monitoring interface supports real-time display of device status, fault alarm push, and generation of statistical reports.
[0137] Deployment phase: The embedded encryption module is inserted into the terminal server via USB interface. Headquarters maintenance personnel can remotely log in to the terminal server through the headquarters management center to install the security agent module and configure network parameters without on-site operation.
[0138] Registration and initialization phase: The security agent module automatically initiates a registration request to the headquarters management center. The embedded encryption module generates a device key and uploads the public key to the headquarters management center. After verification by the headquarters management center, the registration is completed. The working key is generated based on the root key, encrypted with the device key public key, and then sent to the embedded encryption module. The embedded encryption module stores the working key and completes the initialization.
[0139] During the business operation phase: The business program on the terminal server initiates a transaction data encryption request, carrying the business identifier and calling the embedded encryption module through the security proxy module. After verifying the legitimacy of the business identifier, the transaction data is encrypted using the working key with SM4. The encrypted data is then transmitted to the headquarters business platform with the MAC value. The headquarters business platform obtains the corresponding key from the headquarters management center to decrypt and verify the MAC value, ensuring data integrity.
[0140] During the operation and maintenance phase: The headquarters management center monitors the operational status of the embedded encryption modules on 200 terminal servers in real time. When a key of an embedded encryption module is about to expire, a key update command is automatically issued, and the embedded encryption module updates its key and reports the result. When a hardware failure is detected in an embedded encryption module, an alarm message is immediately sent to the operation and maintenance personnel, who can then remotely troubleshoot the fault without on-site intervention.
[0141] Upgrade Phase: When the business requires support for the new SM3 hash algorithm, the headquarters management center issues an algorithm upgrade package. After receiving the package, the security agent module automatically updates the algorithm library of the embedded encryption module. The upgrade process does not affect the operation of the business program, and the new algorithm is supported immediately after the upgrade is completed.
[0142] The results of this simulation experiment are as follows.
[0143] Data security protection effectiveness: The success rate of encryption of business data on the terminal side is 100%, and no data leakage or tampering incidents have occurred. Three unauthorized device access attempts were blocked through the two-way identity authentication mechanism.
[0144] Deployment and maintenance efficiency: The deployment time of a single terminal server has been reduced from 2 hours to 15 minutes, the number of terminals managed by the average maintenance personnel has increased from 50 to 200, and the fault response time has been reduced from 24 hours to 1 hour.
[0145] Scalability: Three algorithm expansions and two function optimizations were completed through remote upgrades, without the need for on-site operation, and business continuity was not affected.
[0146] Cost savings: Compared to traditional large-scale HSM deployment solutions, hardware costs are reduced by 65%, and deployment and maintenance costs are reduced by 70%, meeting the cost requirements for large-scale terminal deployment.
[0147] This simulation experiment successfully verified the feasibility, security, and practicality of the data security protection system based on an embedded encryption module proposed in this application. The data security protection system based on an embedded encryption module proposed in this application can be widely applied in various distributed terminal service scenarios, providing reliable protection for terminal data security.
[0148] Accordingly, another embodiment of this application proposes a data security protection method based on an embedded encryption module. The implementation details of this data security protection method based on an embedded encryption module are described below. The following details are provided for ease of understanding and are not essential for implementing this solution. The specific process of the data security protection method based on an embedded encryption module proposed in this embodiment can be as follows: Figure 8 As shown, it includes:
[0149] Step 31: After the embedded encryption module is connected to the terminal server through the standardized interface, powered on and initialized, it enters the normal working state. In the normal working state, it only responds to the device management instructions of the headquarters management center and does not perform local cryptographic calculation services.
[0150] Step 32: When the security agent module detects a new business program, it sends an authorization request for the new business program to the headquarters management center. The headquarters management center performs a security assessment on the new business program. If the headquarters management center determines that the new business program is allowed to be published, it sends an authorization instruction for the new business program to the security agent module.
[0151] Step 33: The security agent module forwards the authorization instruction corresponding to the new business program issued by the headquarters management center to the embedded encryption module. After receiving the authorization instruction corresponding to the new business program, the embedded encryption module performs two-way identity authentication with the headquarters management center.
[0152] Step 34: If the two-way authentication is successful, the embedded encryption module switches from the normal working state to the authorized working state and begins to provide local cryptographic operation services for new business programs. If the two-way authentication fails, it will remain in the normal working state.
[0153] Step 35: The security agent module collects the running status, key usage, and business call logs of the embedded encryption module in real time and uploads them to the headquarters management center. It also receives device management instructions issued by the headquarters management center in real time, forwards them to the embedded encryption module, and provides feedback on the execution results.
[0154] Step 36: The headquarters management center centrally manages all connected embedded encryption modules, including at least device registration, key distribution, status monitoring, and remote operation and maintenance, to achieve end-to-end data security protection.
[0155] The steps described above are merely for clarity in describing the technical solution. In actual implementation, they can be combined into one step, or certain steps can be broken down into multiple steps, as long as they involve the same logical relationship, they are all within the scope of protection of this application. Any insignificant modifications or designs added to the algorithm or process, as long as they do not change the core of the algorithm or process, are also within the scope of protection of this application.
[0156] It is not difficult to see that this embodiment is a method embodiment corresponding to the above system embodiment, and this embodiment can be implemented in conjunction with the above system embodiment. The relevant technical details and technical effects mentioned in the above system embodiment are still valid in this embodiment, and will not be repeated here to reduce repetition. Accordingly, the relevant technical details mentioned in this embodiment can also be applied to the above system embodiment.
[0157] Another embodiment of this application provides an electronic device, such as Figure 9 As shown, it includes a processor 41 and a memory 42. The memory 42 stores instructions that the processor 41 can execute. When the processor 41 is configured to execute the instructions, the electronic device can implement a data security protection method based on an embedded encryption module as described in the above method embodiment.
[0158] The memory and processor are connected via a bus, which includes any number of interconnecting buses and bridges, connecting various circuits of one or more processors and the memory. The bus can also connect various other circuits such as peripheral devices, voltage regulators, and power management circuits, which are well known in the art and will not be described further herein. The bus interface provides an interface between the bus and the transceiver. The transceiver can be a single component or multiple components, such as multiple receivers and transmitters, providing a unit for communicating with various other devices over a transmission medium. Data processed by the processor is transmitted over the wireless medium via an antenna, which further receives data and transmits it to the processor.
[0159] The processor manages the bus and general processing, and also provides various functions, including timing, peripheral interfaces, voltage regulation, power management, and other control functions. Memory is used to store data used by the processor during operation.
[0160] Another embodiment of this application proposes a computer-readable storage medium storing a computer program that, when executed by a processor, can implement a data security protection method based on an embedded encryption module as described in the above method embodiments.
[0161] That is, those skilled in the art will understand that all or part of the steps in the above method embodiments can be implemented by a program instructing related hardware. The program is stored in a storage medium and includes several instructions to cause a device (such as a microcontroller, chip, etc.) or processor to execute all or part of the steps of the method described in the method embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory, random access memory, magnetic disks, or optical disks.
[0162] It will be understood by those skilled in the art that the above embodiments are specific implementations of this application, and various changes in form and detail can be made in practical applications without departing from the spirit and scope of this application. For those skilled in the art, several improvements and modifications can be made without departing from the principles of this application, and these improvements and modifications are also considered to be within the scope of protection of this application.
Claims
1. A data security protection system based on an embedded encryption module, characterized in that, include: The headquarters management center consists of several distributed terminal servers. Each terminal server has a built-in security proxy module and is connected to an embedded encryption module through a standardized interface. The embedded encryption module provides local cryptographic operation services and key security management services. The security proxy module acts as a communication bridge between the business program and the embedded encryption module, and is used to implement the invocation of encryption services and the forwarding of device management commands. The headquarters management center is used to centrally manage all connected embedded encryption modules, including at least device registration, key distribution, status monitoring, and remote operation and maintenance; The security proxy module is used to send an authorization request for the new business program to the headquarters management center when a new business program is detected. The headquarters management center performs a security assessment on the new business program and, if it determines that the release is allowed, sends an authorization instruction for the new business program to the security proxy module that initiated the authorization request. The security proxy module then forwards the authorization instruction for the new business program to the embedded encryption module. The security agent module is also used to collect the running status, key usage, and business call logs of the embedded encryption module in real time and upload them to the headquarters management center. It also receives device management instructions issued by the headquarters management center in real time, forwards them to the embedded encryption module and provides feedback on the execution results. After power-on, the embedded encryption module is in normal working state, which can only respond to device management commands and cannot perform local cryptographic calculation services. When it receives the authorization command corresponding to the new business program, it performs two-way authentication with the headquarters management center. If the two-way authentication is successful, it enters the authorized working state and begins to provide local cryptographic calculation services for the new business program. For any given business program, the security agent module calls the embedded encryption module to randomly generate a business identifier corresponding to the business program. The business identifier is submitted by the security agent module to the headquarters management center, then by the headquarters management center to the headquarters business platform, and finally by the headquarters business platform to the corresponding terminal server business program. When the business program calls the embedded interaction module, it needs to provide the current business identifier. The business program can only be executed if the current business identifier is correct. If the current business identifier is incorrect, the security agent module generates an alarm message and reports it to the headquarters management center. After the embedded encryption module is powered on again, it needs to regenerate the business identifier for the business program.
2. The data security protection system based on an embedded encryption module according to claim 1, characterized in that, The embedded encryption module adopts a miniaturized, low-power hardware design and supports access to the terminal server through a standardized interface. It integrates a cryptographic operation chip and a secure storage chip. All cryptographic operations and key storage are completed inside the embedded encryption module, and the plaintext key is not exposed to the outside. The embedded encryption module supports encryption algorithms including symmetric algorithms, asymmetric algorithms, and hash algorithms. The selection of encryption algorithms is configured according to business requirements. Symmetric algorithms include SM1, SM4, DES, 3DES, and AES; asymmetric algorithms include SM2 and RSA; and hash algorithms include SM3, SHA1, SHA256, and SHA512. The embedded encryption module provides cryptographic computation services, key security management services, and identity authentication services. The cryptographic computation services include data encryption, data decryption, MAC calculation and verification, digital signature and signature verification, and data encryption conversion. The key security management services include local random key generation, import of ciphertext of keys issued from the center, secure storage of keys by category, distributed key derivation, and secure key destruction. The identity authentication service includes two-way identity authentication with the headquarters management center, which is based on the SM2 algorithm. The two-way identity authentication adopts an authentication mechanism of device private key signing and center public key verification.
3. A data security protection system based on an embedded encryption module according to claim 2, characterized in that, The security agent module is installed as software on the terminal server and supports multiple system platforms including Linux, embedded Linux, and Windows. The security agent module is based on a cross-compilation environment to achieve rapid adaptation of the core library and provides a unified standard interface. The security agent module provides command forwarding, status monitoring, and security control services. The command forwarding service specifically receives device management commands issued by the headquarters management center, forwards them to the embedded encryption module, and provides feedback on the execution results. Device management commands include at least key update commands, function upgrade commands, and status query commands. The status monitoring service specifically collects the operating status of the embedded encryption module, key usage, and business call logs in real time and uploads them to the headquarters management center. The security control service specifically binds business identifiers to encryption services, verifies the legitimacy of business requests, and prevents unauthorized business calls to encrypted resources.
4. A data security protection system based on an embedded encryption module according to claim 3, characterized in that, The headquarters management center adopts a four-layer architecture design consisting of an infrastructure layer, a core service layer, a device access layer, and a management service layer. The infrastructure layer includes a database cluster, a message queue cluster, a cache service cluster, and a cryptographic machine cluster. The core service layer includes a public service cluster, providing distributed control services, device activation services, device check-in services, data protection services, key control services, and encryption policy services. The device access layer is used to implement load balancing, communication adaptation, message adaptation, and transaction routing. The management service layer provides user management services, permission management services, station-level management services, product management services, device management services, application management services, operation and maintenance monitoring services, remote upgrade services, and statistical analysis services. Key management services specifically include root key generation, subkey distribution, key ciphertext distribution, key version management, and key lifecycle monitoring; The device management service supports batch registration, information entry, status query, fault alarm, remote activation and deregistration of embedded encryption modules; The operation and maintenance monitoring service provides a visual monitoring interface that displays the running status of all connected embedded encryption modules, encryption service call statistics, and fault alarm information; The remote upgrade service supports remote upgrades of the algorithm library for embedded encryption modules and remote upgrades of security proxy modules, without requiring on-site operation. The statistical analysis service records the device operations, key usage, business calls, and permission change behaviors of all connected embedded encryption modules, and supports log querying and tracing.
5. A data security protection system based on an embedded encryption module according to claim 1, characterized in that, The data security protection system employs a three-tier key system to achieve secure key management; The data security protection system includes management keys and business keys; The management key includes the device key, the authentication key, and the local protection key. The device key is used to identify the embedded encryption module in two-way authentication. There is only one device key for each embedded encryption module. It is stored inside the embedded encryption module and its public key can be obtained through device management commands. The authentication key is used to identify the headquarters management center in two-way authentication; the local protection key is used to encrypt the externally stored key of the embedded encryption module; both the device key and the authentication key are SM2 key pairs. The business key includes a transmission master key, a working key, and an asymmetric key. The transmission master key is used to encrypt and protect the working key during the process of being distributed from the headquarters management center to the embedded encryption module. The working key is a symmetric key, used to provide cryptographic services to the embedded encryption module, including encryption, decryption, MAC calculation, and PIN encryption. The asymmetric key is used to provide cryptographic services to the embedded encryption module, including signing, signature verification, and asymmetric key encryption and decryption. The device key and asymmetric key are randomly generated by the embedded encryption module. The authentication key, transmission master key, and working key are generated by the headquarters management center and loaded into the embedded encryption module in a secure manner. The local protection key is randomly generated by the embedded encryption module, or generated by the headquarters management center and loaded into the embedded encryption module in a secure manner.
6. A data security protection system based on an embedded encryption module according to claim 5, characterized in that, The embedded encryption module has five states: power off, uninitialized, normal operation, authorized operation, and fault. The embedded encryption module is in a power-off state when not powered on. After power-on, the embedded encryption module enters an uninitialized state. In the uninitialized state, the embedded encryption module does not generate a device key or asymmetric key, does not set an access password, and the status code is 0X00. After powering on and completing initialization, the embedded encryption module enters the normal working state. In the normal working state, the embedded encryption module is allowed to accept status queries and respond to device management commands, but it cannot perform local cryptographic operations. The status code is 0X01. After passing two-way authentication with the headquarters management center, the embedded encryption module enters the authorized working state. In the authorized working state, the embedded encryption module is allowed to provide local cryptographic operation services for business programs. The status code is 0X02. The embedded encryption module returns to the power-off state after power failure. If the embedded encryption module fails the self-test, it enters a fault state with a status code of 0X1x, where x in 0X1x depends on the specific fault definition.
7. A data security protection method based on an embedded encryption module, implemented based on a data security protection system based on an embedded encryption module as described in any one of claims 1 to 6, characterized in that, The method includes: After the embedded encryption module is connected to the terminal server through a standardized interface, powered on, and initialized, it enters the normal working state. In the normal working state, it only responds to the device management instructions of the headquarters management center and does not perform local cryptographic calculation services. When the security agent module detects a new business program, it sends an authorization request for the new business program to the headquarters management center. The headquarters management center performs a security assessment on the new business program. If the assessment determines that the new business program is allowed to be published, it sends an authorization instruction for the new business program to the security agent module. The security agent module forwards the authorization instructions corresponding to the new business procedures issued by the headquarters management center to the embedded encryption module. After receiving the authorization instructions corresponding to the new business procedures, the embedded encryption module performs two-way identity authentication with the headquarters management center. If two-way authentication is successful, the embedded encryption module switches from normal working state to authorized working state and begins to provide local cryptographic operation services for new business programs. If two-way authentication fails, it remains in normal working state. The security agent module collects the operating status, key usage, and business call logs of the embedded encryption module in real time and uploads them to the headquarters management center. It also receives device management instructions from the headquarters management center in real time, forwards them to the embedded encryption module, and provides feedback on the execution results. The headquarters management center centrally manages all connected embedded encryption modules, including at least device registration, key distribution, status monitoring, and remote operation and maintenance, to achieve end-to-end data security protection.
8. An electronic device, characterized in that, include: The electronic device includes a processor and a memory, wherein the memory stores instructions that the processor can execute, and the processor is configured to execute the instructions such that the electronic device can implement the data security protection method based on an embedded encryption module as described in claim 7.
9. A computer-readable storage medium storing a computer program, characterized in that, When the computer program is executed by the processor, it can implement the data security protection method based on an embedded encryption module as described in claim 7.