Key management method, key encryption method, data encryption method, and related device

Abstract

Embodiments of the present invention provide a key management method, a key encryption method, a data encryption method, and a related device. The key management method is applied to a cryptographic module built into a processor, and comprises: receiving a key management request for requesting management of a target key, the key management request comprising key management requirement information, the target key being at least used for encrypting an application key, and the application key being a critical key for a virtual private network to achieve secure data transmission; using a root key to generate a target key ciphertext corresponding to the target key; storing the target key ciphertext and target key authentication information in a dedicated memory, stored content of the dedicated memory being managed by the cryptographic module; when the stored content is to be used, loading the stored content to a secure memory; and returning index information for indexing storage locations of the target key ciphertext and the target key authentication information. The technical solution provided by the embodiments of the present invention can improve the security of an execution result of an encryption and decryption program.

Description

Key management methods, key encryption methods, data encryption methods and related equipment

[0001] Related applications

[0002] This application claims priority to Chinese Patent Application No. 202411822734.8, filed on December 11, 2024, entitled "Key Management Method, Key Encryption Method, Data Encryption Method and Related Device", the entire contents of which are incorporated herein by reference. Technical Field

[0003] This application relates to the field of computer technology, specifically to a key management method, a key encryption method, a data encryption method, and related equipment. Background Technology

[0004] A Virtual Private Network (VPN) is a technology that establishes a private network over a public network, allowing secure connections between two or more private networks. For example, an IPsec (Internet Protocol Security) VPN uses IPsec for remote access, establishing an IPsec tunnel between two or more private networks over a public network and ensuring the security of the VPN connection through encryption and authentication algorithms. To achieve automatic negotiation of IPsec protection parameters and tunnels, the execution results of encryption and decryption programs (such as key keys generated during execution) are required. Therefore, the security of the execution results of encryption and decryption programs is crucial for the reliable implementation of IPsec.

[0005] Against this backdrop, how to provide technical solutions to improve the security of the execution results of encryption and decryption programs has become a technical problem that urgently needs to be solved by those skilled in the art. Summary of the Invention

[0006] In view of this, embodiments of the present invention provide a key management method, a key encryption method, a data encryption method, and related devices to improve the security of the execution results of encryption and decryption operations.

[0007] To achieve the above objectives, the embodiments of the present invention provide the following technical solutions.

[0008] In a first aspect, embodiments of the present invention provide a key management method applied to a cryptographic module built into a processor, the method comprising:

[0009] A key management request is received, the key management request being used to request the management of a target key, the key management request including key management requirement information; the target key is at least used to encrypt an application key, the application key being a key for achieving secure data transmission in a virtual private network.

[0010] Using the root key of the cryptographic module, generate the target key ciphertext corresponding to the target key;

[0011] The target key ciphertext and the target key authentication information in the key management requirement information are merged and saved to a dedicated memory that stores the root key; the storage content of the dedicated memory is managed by the cryptographic module, and when the storage content is used, the cryptographic module loads the storage content into the secure memory of the processor;

[0012] In addition, the index information is returned, which is used to index the storage location of the target key ciphertext and the target key authentication information.

[0013] Secondly, embodiments of the present invention provide a key encryption method applied to a cryptographic module built into a processor, the method comprising:

[0014] A key encryption request is received, the key encryption request including at least index information and target key authentication information; the index information is obtained based on the key management method described in the first aspect.

[0015] Based on the index information, the stored target key ciphertext and target key authentication information are retrieved from the processor's dedicated memory.

[0016] When the received target key authentication information and the saved target key authentication information are successfully verified, the root key of the cryptographic module is used to decrypt the saved target key ciphertext to obtain the target key, which is used at least to encrypt the application key.

[0017] The application key determined by the key encryption request is encrypted using the target key to obtain the application key ciphertext and application key integrity verification information.

[0018] Return the encrypted application key and application key integrity verification information.

[0019] Thirdly, embodiments of the present invention provide a data encryption method applied to a cryptographic module built into a processor, the method comprising:

[0020] Receive a data encryption request, the data encryption request including the data to be encrypted and encryption requirement information;

[0021] The data encryption key is obtained according to the encryption requirement information. The data encryption key includes at least an application key. The application key is obtained by decrypting the application key ciphertext returned by the key encryption method described in the second aspect.

[0022] The data to be encrypted is encrypted using the data encryption key to obtain encrypted data ciphertext.

[0023] Return the encrypted data ciphertext.

[0024] Fourthly, embodiments of the present invention provide a processor, including: a built-in cryptographic module;

[0025] The cryptographic module includes:

[0026] A key management module is used to receive a key management request, which requests the management of a target key and includes key management requirement information. The target key is used at least to encrypt an application key, which is a key key for secure data transmission in a virtual private network.

[0027] The algorithm operation module is used to generate target key ciphertext corresponding to the target key using the root key of the cryptographic module;

[0028] The key management module is further configured to merge and save the target key ciphertext and the target key authentication information in the key management requirement information into a dedicated storage for storing the root key; and to return index information, which is used to index the storage location of the target key ciphertext and the target key authentication information.

[0029] The contents stored in the dedicated memory are managed by the cryptographic module, and when the contents are used, the cryptographic module loads the contents into the processor's secure memory.

[0030] Fifthly, embodiments of the present invention provide a cryptographic device, comprising:

[0031] The processor as described in the fourth aspect.

[0032] This invention provides a key management method applied to a cryptographic module built into a processor. The method includes: receiving a key management request, the key management request being used to request the management of a target key, the key management request including key management requirement information; the target key being used at least to encrypt an application key, the application key being a key for secure data transmission in a virtual private network; generating target key ciphertext corresponding to the target key using the root key of the cryptographic module; merging and storing the target key ciphertext and the target key authentication information from the key management requirement information into a dedicated memory storing the root key; the storage content of the dedicated memory being managed by the cryptographic module, and when using the storage content, the cryptographic module loading the storage content into the secure memory of the processor; and returning index information, the index information being used to index the storage location of the target key ciphertext and the target key authentication information.

[0033] As can be seen, the technical solution provided by this embodiment of the invention encrypts the target key using the root key of the cryptographic module according to the key management request. Since the root key of the cryptographic module is a unique root key generated internally by the cryptographic module and stored in the processor's dedicated memory, the content of the dedicated memory is visible within the cryptographic module but not visible to other modules. That is, it is managed by the cryptographic module and inaccessible to other modules. Therefore, after encrypting the target key using the root key, further storing the target key ciphertext and target key authentication information in the dedicated memory ensures the security of the target key encryption process and the security of the target key ciphertext. Simultaneously, since the content stored in the dedicated memory is loaded into secure memory for use, and the target key is used at least to encrypt the application key, which is a key key for secure data transmission in a virtual private network, the security of the target key ciphertext and the subsequent use of the target key to encrypt the application key can be effectively protected, thereby improving the security of the application key and the security of the execution result of the encryption program. Attached Figure Description

[0034] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on the provided drawings without creative effort.

[0035] Figure 1A is a flowchart illustrating a key management method provided in an embodiment of the present invention;

[0036] Figure 1B is another flowchart illustrating the key management method provided in an embodiment of the present invention;

[0037] Figure 2A is a flowchart illustrating a key encryption method provided in an embodiment of the present invention;

[0038] Figure 2B is another flowchart illustrating the key encryption method provided in an embodiment of the present invention.

[0039] Figure 3 is another flowchart illustrating the key encryption method provided in an embodiment of the present invention;

[0040] Figure 4 is a flowchart illustrating a data encryption method provided in an embodiment of the present invention;

[0041] Figure 5 is a schematic diagram of a processor provided in an embodiment of the present invention;

[0042] Figure 6 is a schematic diagram of the implementation process of the user-mode IKE program based on the Linux system provided in the embodiment of the present invention;

[0043] Figure 7 is a schematic diagram of the process of a processor executing a user program according to an embodiment of the present invention;

[0044] Figure 8 is a structural schematic diagram of a cryptographic device provided in an embodiment of the present invention;

[0045] Figure 9 is a schematic diagram illustrating the implementation process of a cryptographic device executing a key management request according to an embodiment of the present invention;

[0046] Figure 10 is a schematic diagram illustrating the implementation process of a cryptographic device executing a key encryption request according to an embodiment of the present invention;

[0047] Figure 11 is a schematic diagram of an implementation process of a cryptographic device executing a data encryption request according to an embodiment of the present invention;

[0048] Figure 12 is a schematic diagram of another implementation process of a cryptographic device executing a data encryption request provided in an embodiment of the present invention. Detailed Implementation

[0049] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0050] With the widespread use of computer networks, it has become increasingly important to connect internal networks in different regions securely and conveniently to achieve resource sharing, and to provide convenient and quick access to these internal networks. VPN technology can meet these needs. VPN technology establishes a private network over a public network, thereby allowing secure connections between two or more private networks on a public network.

[0051] IPsec (Internet Protocol Security) is a type of VPN technology. It's a framework architecture composed of two types of protocols: the AH (Authentication Header) protocol and the ESP (Encapsulated Security Payload) protocol. The purpose of IPsec is to provide high security features for IP (Internet Protocol), including data encryption, authentication, and data tamper protection. VPNs are solutions developed to achieve these security features.

[0052] In other words, IPsec is a technical means of implementing VPN, while VPN is a way of applying IPsec.

[0053] IPSec is a suite of protocols that provides confidentiality, data integrity, authentication, and protection against replay attacks for network communications. It ensures secure data transmission over the insecure public internet by encrypting and / or verifying packets at the IP layer. IPSec is widely used to build Virtual Private Networks (VPNs), protect data transmission between data centers, and support secure access for remote users. To enable automatic negotiation of IPSec protection parameters and tunnels, the Internet Key Exchange (IKE) protocol is required. IKE is the signaling protocol for IPSec, providing services for automatically negotiating and exchanging keys and establishing security associations, simplifying the use and management of IPSec, and streamlining its configuration and maintenance.

[0054] Therefore, ensuring the security of the execution results (e.g., key keys) of encryption and decryption programs such as IKE is essential. Based on this, embodiments of the present invention provide a key management method to improve the security of the execution results of encryption and decryption programs.

[0055] Please refer to Figure 1A, which is a flowchart illustrating a key management method provided in an embodiment of the present invention. The method is applied to a cryptographic module built into a processor.

[0056] As shown in Figure 1A, the method includes the following steps:

[0057] Step S101: Receive a key management request. The key management request is used to request the management of a target key and includes key management requirement information.

[0058] The target key is used at least to encrypt the application key, which is a key key for secure data transmission in a virtual private network.

[0059] During the encryption / decryption process executed by the cryptographic module, there are some high-security key keys. The target key can be used to encrypt at least these high-security key keys (application keys), thereby improving the security of the application keys.

[0060] For example, when the encryption / decryption program is the aforementioned IKE program, the application key can be the initiator's private key (priv_i) in the step during the execution of the IKE program where "the initiator in the communication uses its own private key to perform non-paired encryption on the responder's key, one-time random number, identity information, and encrypted certificate".

[0061] In some implementations, the application key with a higher security level can also be the SKEYID_e key during the execution of the IKE program, also known as the IEK key (IPsec Encryption Key) and the ISK key (IPsec Security Key), also known as SKEYID_d.

[0062] The ISK key is the material used to generate encryption for IPsec. It is generated based on the shared key (DH value) and nonce value (random number) calculated by the Diffie-Hellman algorithm, and is used for the subsequent establishment of IPsec SA (Security Association) and key generation.

[0063] The IEK key is used to encrypt subsequent messages in the IKE protocol. It is also calculated using the Diffie-Hellman algorithm and a nonce value, ensuring the security of subsequent IKE protocol messages.

[0064] Step S102: Using the root key of the cryptographic module, generate the target key ciphertext corresponding to the target key.

[0065] The root key is a unique key generated internally by the cryptographic module at the factory. The generated root key is stored in a dedicated memory, which is managed only by the cryptographic module. The contents stored in this dedicated memory are visible only within the cryptographic module and are not visible to other programs stored in the processor, thus providing a high degree of privacy.

[0066] The dedicated memory can be NV non-volatile random access memory (NVRAM), located inside the processor and managed by the cryptographic module.

[0067] Step S103: Combine the target key ciphertext and the target key authentication information in the key management requirement information and save them to the dedicated storage for storing the root key.

[0068] The contents stored in the dedicated memory are managed by the cryptographic module, and when the contents are used, the cryptographic module loads the contents into the processor's secure memory.

[0069] The processor's secure memory is physically isolated from the processor's regular memory. Therefore, loading stored content into secure memory can ensure the security of using the stored content (such as the target key ciphertext stored above).

[0070] In one implementation, to facilitate determining the storage location of the target key ciphertext and target key authentication information, the key management requirement information may further include: target key index information; step S103 may include:

[0071] The target key ciphertext and the target key authentication information in the key management requirement information are merged and saved to the corresponding location in the dedicated memory indicated by the target key index information, so that the target key index information is used as the returned index information.

[0072] The target key authentication information (which can be any 32-bit unsigned integer) is included in the key management requirements. Since the target key ciphertext is stored in a dedicated memory in this embodiment of the invention and the returned information is index information, the target key authentication information can be used to verify the usage rights of the target key when the target key is obtained based on the target key ciphertext, thereby ensuring the secure use of the target key.

[0073] Step S104: Return the index information, which is used to index the storage location of the target key ciphertext and the target key authentication information.

[0074] Since the target key is generated and stored internally within the processor and is not returned to the user program, it can also be called an internal key.

[0075] The user program can be a program that requires encryption and decryption operations, such as the IKE program, Boxcryptor, Gpg4win program for signing and encrypting files and emails, etc.

[0076] When the program performing encryption and decryption operations is the aforementioned IKE program, the target key can be a KEK (Key Encryption Key), an ISK key, or an IEK (IPsec Encryption Key).

[0077] It should be noted that while the ISK and IEK keys used as target keys (internal keys) share the same generation principle as the ISK and IEK keys used as application keys, their functions differ. The ISK and IEK keys used as application keys can be used in the second phase of IKE program execution and are protected by the target key. The ISK and IEK keys used as internal keys are employed in the process of using other non-encrypted application keys.

[0078] The execution of the IKE program consists of two phases:

[0079] The first phase (also known as IKE_SA_INIT or Main Mode) is primarily used to establish a secure channel, namely ISAKMP SA (Internet Security Association and Key Management Protocol Security Association), and in the process, generate key materials for subsequent communication. These key materials include a key for authentication (SKEYID_a), a key for encryption (SKEYID_e), and key materials for generating IPsec SA keys (SKEYID_d).

[0080] The second phase (also known as Quick Mode or IPSec SA negotiation phase) involves negotiating the IPsec SA, which determines the security parameters and keys used to protect actual data transmission.

[0081] In the second phase, the key material generated in the first phase is used to derive a key SKEYID_e for encryption to encrypt messages during the negotiation process, ensuring that only the communicating parties can understand the content of the negotiation, thereby protecting the IPsec SA negotiation process from being eavesdropped on or tampered with by unauthorized third parties.

[0082] Furthermore, the SKEYID_a derived from the key material generated in the first phase is used to verify message integrity and authentication. In the second phase, the fast mode uses SKEYID_a to ensure data integrity and verify the identity of the data source, ensuring that the message has not been tampered with during transmission.

[0083] Furthermore, using the SKEYID_d (i.e., the ISK key) generated in the first phase, key material for generating the IPsec SA is derived from it. In the second phase, the fast mode needs to derive keys from SKEYID_d for generating the IPsec SA; these keys will be used in the actual IPsec encryption and authentication process.

[0084] The encryption keys SKEYID_e (i.e., IEK key) and SKEYID_d (i.e., ISK key) can be the application keys with higher security levels described above; the keys that can encrypt and protect these application keys with higher security levels are the target keys described in the embodiments of the present invention.

[0085] As can be seen, the technical solution provided by this embodiment of the invention encrypts the target key using the root key of the cryptographic module according to the key management request. Since the root key of the cryptographic module is a unique root key generated internally by the cryptographic module and stored in the processor's dedicated memory, the content of the dedicated memory is visible within the cryptographic module but not visible to other modules. That is, it is managed by the cryptographic module and inaccessible to other modules. Therefore, after encrypting the target key using the root key, further storing the target key ciphertext and target key authentication information in the dedicated memory ensures the security of the target key encryption process and the security of the target key ciphertext. Simultaneously, since the content stored in the dedicated memory is loaded into secure memory for use, and the target key is used at least to encrypt the application key, which is a key key for secure data transmission in a virtual private network, the security of the target key ciphertext and the subsequent use of the target key to encrypt the application key can be effectively protected, thereby improving the security of the application key and the security of the execution result of the encryption program.

[0086] To ensure the security of the root key and the accurate generation of the target key, in one embodiment, the key management request further includes root key authentication information and target key generation type indication information.

[0087] Please refer to Figure 1B, which is another schematic flowchart of the key management method provided in an embodiment of the present invention. As shown in Figure 1B, the method further includes the following steps before step S102:

[0088] Step S110: Verify the root key usage rights of the cryptographic module using the root key authentication information.

[0089] The root key authentication code refers to a mechanism used in a key management system to verify the identity and integrity of the root key. The root key is at the top level of a hierarchical symmetric key structure and is used for the generation or protection of smart card-level subkeys and subkeys of lower-level organizations.

[0090] By verifying the root key authentication information, the secure use of the root key is ensured.

[0091] Step S111: If the verification is successful, generate a random number.

[0092] After the cryptographic module verifies the root key authentication information and determines that the user (e.g., the user program that issued the key management request: the IKE program) has the right to use the root key, the cryptographic module can use the random number generated by the true random number generator to produce the target key.

[0093] A True Random Number Generator (TRNG) is a device that generates random numbers through physical processes rather than computer programs. This generator utilizes inherent randomness in nature, such as atmospheric noise and radioactive decay, to produce completely unpredictable random numbers. The key to a true random number generator lies in the uncertainty of the physical process and the authenticity of the noise source. Through proper design and implementation, it can generate high-quality, unpredictable, and confidential random numbers.

[0094] Step S112: Generate a target key of the corresponding type using the random number according to the type of target key indicated by the generation type indication information.

[0095] As mentioned above, the keys generated during the execution of the IKE program for secure data transmission over a virtual private network include various types. Therefore, a target key of the corresponding type can be generated based on the generation type of the target key indicated in the key management request (i.e., the generation type indication information).

[0096] In one implementation, the target key type includes an encryption type, and the target key of the encryption type is an encryption key; step S112 may include:

[0097] The random number is used as an encryption key, which is used to encrypt the application key.

[0098] The encryption key can be a KEK key.

[0099] When the generation type indication information indicates that a KEK key should be generated, the generated random number can be directly used as the KEK key.

[0100] In other embodiments, the target key type includes an authentication type, and the target key of the authentication type is an authentication key; step S112 may include:

[0101] The random number is used as a private key, which is also a verification key. The verification key is used to enable secure data transmission within the virtual private network.

[0102] The target key for enabling secure data transmission over a dedicated network can be either the IKE key or the ISK key, which are described above as internal keys.

[0103] When the generation type indication information indicates that an IEK key or an ISK key should be generated, the random number is used as the private key, which is the target key for securely transmitting data in the Virtual Private Network.

[0104] When the target key is the key used to securely transmit data within a Virtual Private Network (VPN) network, the generated private key also includes:

[0105] Perform cryptographic operations on the private key to generate a public key; and return the public key according to the public key usage request indicated by the key management requirement information.

[0106] When generating a public key from a private key through cryptographic operations, the SM2 elliptic curve cryptography algorithm can be used.

[0107] When using the SM2 elliptic curve cryptography algorithm to generate a public key, the first step is to generate a private key: select a random number d as the private key (such as the random number generated by the true random number generator mentioned above). This private key is a random integer less than n.

[0108] The second step is to calculate the public key: the public key Q is calculated by multiplying the private key d with the base point G (under the group operation of elliptic curves).

[0109] The public key computation formula can be expressed as:

[0110] The public key Q = d·G, where G is the base point and d is the private key.

[0111] When the key management requirement information instructs the user program to use the public key, the plaintext of the public key can be returned directly.

[0112] This invention also provides a key encryption method applied to a cryptographic module built into a processor. The method generates an application key and, based on the target key in the key management method provided in the foregoing embodiments, implements encrypted protection of the application key.

[0113] Please refer to Figure 2A, which is a flowchart of a key encryption method provided in an embodiment of the present invention.

[0114] As shown in Figure 2A, the method may include the following steps:

[0115] Step S201: Receive a key encryption request, wherein the key encryption request includes at least index information and target key authentication information.

[0116] The index information is obtained based on the key management method described in any of the foregoing embodiments.

[0117] The key encryption request can be issued by the user program to request the cryptographic module to encrypt the application key.

[0118] Step S202: Based on the index information, retrieve the saved target key ciphertext and target key authentication information from the processor's dedicated memory.

[0119] In the key management method described in the foregoing embodiments, the target key ciphertext and target key authentication information have been stored in the processor's dedicated memory, so the decryption process of the target key ciphertext and the use process of the target key are secure.

[0120] Therefore, when encrypting the application key, the target key ciphertext and target key authentication information stored in the dedicated memory can be retrieved based on the index information. Since the content stored in the dedicated memory is managed by the cryptographic module and is loaded into the processor's secure memory for use, the target key ciphertext and target key authentication information retrieved from the dedicated memory are loaded into secure memory during key encryption (application key encryption), further ensuring security during use, i.e., security when encrypting the application key.

[0121] The application key is a high-security critical key in the user program, such as the aforementioned SKEYID_e key or priv_i key. Therefore, by decrypting the target key ciphertext stored in the dedicated memory in the aforementioned key management method, and then using the target key to encrypt and protect the application key, the security of the application key can be improved, thus meeting the security requirements of the application key.

[0122] Step S203: When the received target key authentication information and the saved target key authentication information are successfully verified, the saved target key ciphertext is decrypted using the root key of the cryptographic module to obtain the target key.

[0123] The target key is used at least to encrypt the application key.

[0124] Verification of the received target key authentication information and the saved target key authentication information can ensure that the use of the target key is secure, that is, the user program that currently issues the key encryption request to perform application key encryption has the right to use the target key.

[0125] As can be seen from the aforementioned key management method, the encryption process of the target key is implemented using the root key of the cryptographic module. The root key is also stored in a dedicated memory. Therefore, the root key can be used to decrypt the target key ciphertext to obtain the target key (target key plaintext).

[0126] It is understood that in the key (application key) encryption process, the target key is mainly used to encrypt the application key. Therefore, the target key can be an encryption key, such as a KEK key. Correspondingly, the target key authentication information can be encryption key authentication information, such as a KEK key authentication code.

[0127] Step S204: Encrypt the application key determined by the key encryption request using the target key to obtain the application key ciphertext and application key integrity verification information.

[0128] The application key integrity verification information can be used to verify the application key during subsequent use. The application key integrity verification information can be the hash value generated during the encryption process of the target key and the application key.

[0129] Step S205: Return the application key ciphertext and application key integrity verification information.

[0130] Since the application key is a critical key with a high security level, in this embodiment of the invention, the target key obtained by decrypting the target key ciphertext stored in a dedicated memory is used to encrypt the application key, and the application key ciphertext and application key integrity verification information are returned to the user program to ensure the security of the application key.

[0131] As can be seen, the technical solution provided in this embodiment of the invention, when processing a key encryption request, retrieves the stored target key ciphertext and target key authentication information from the dedicated storage based on the index information returned by the cryptographic module when executing the key management request. Since the contents of the dedicated storage are only visible within the cryptographic module (i.e., managed by the cryptographic module and inaccessible to other modules), and the root key of the cryptographic module is a unique root key generated internally and also stored in the dedicated storage, after obtaining the target key ciphertext, the root key can be used to decrypt the target key to obtain the target key. Furthermore, the target key can be used to encrypt the application key, and the application key ciphertext and application key integrity verification information are returned. Therefore, the security of the application key can be effectively protected, improving the security of the application key and enhancing the security of the encryption / decryption process execution results.

[0132] To ensure the security of the root key, the key generation request may also include root key authentication information.

[0133] Please refer to Figure 2B, which is another flowchart of the key encryption method provided in an embodiment of the present invention.

[0134] As shown in Figure 2B, before step S203, the method may further include:

[0135] Step S210: Verify whether you have permission to use the root key of the cryptographic module using the root key authentication information. If yes, proceed to step S203; otherwise, proceed to step S211.

[0136] If the verification is successful, it means that the root key can be used. Then, the root key of the cryptographic module can be used to decrypt the target key ciphertext that has been verified by the target key authentication information to obtain the target key.

[0137] Step S211: Stop executing the step of decrypting the saved target key ciphertext using the root key of the cryptographic module to obtain the target key when the verification of the received target key authentication information and the saved target key authentication information is successful.

[0138] To fully meet the encryption protection requirements of application keys with high security levels, in one implementation, the application key generation step during the application key encryption process can be determined based on the specific key encryption request.

[0139] Please refer to Figure 3, which is another flowchart of the key encryption method provided in an embodiment of the present invention.

[0140] As shown in Figure 3, the method includes:

[0141] Step S301: Determine the application key loading information, which includes target key authentication information, index information, application key ciphertext, and application key integrity verification information.

[0142] Step S302: Use the index information to obtain the encrypted key ciphertext and encrypted key authentication information stored in the private storage.

[0143] Since the application key is encrypted and protected using a target key, the target key can be an encryption key, such as the aforementioned KEK key, and the target key authentication information can be encryption key authentication information.

[0144] Step S303: Verify whether you have permission to use the root key using the root key authentication information. If yes, proceed to step S304; otherwise, proceed to step S308.

[0145] Step S304: Verify using the received encryption key authentication information and the saved encryption key authentication information, and determine whether the verification result is successful. If yes, proceed to step S305; otherwise, proceed to step S308.

[0146] Step S305: Use the root key to decrypt the saved encryption key ciphertext to obtain the encryption key.

[0147] Step S306: Based on the source indication information of the application key provider, obtain the application key determined by the key encryption request.

[0148] The application key provider source indication information is used to indicate the source of the application key and corresponds to the security level of the application key.

[0149] Because application keys come in different types and have different security levels, even among application keys with the same high security level, there are further security level distinctions. Application keys with different security levels also have different sources of provision; therefore, the application key can be accurately determined based on the source indication information.

[0150] Step S307: Encrypt the application key using the encryption key to obtain the application key ciphertext and application key integrity verification information.

[0151] In step S308, the cryptographic module stops executing the key encryption request.

[0152] In one implementation, the application key provider indication information indicates that the application key provider is a cryptographic module, and step S306 may include:

[0153] Generate random numbers;

[0154] The random number is used as the application key.

[0155] When the source indication information of the application key indicates that the cryptographic module provides the source, it means that this type of application key has a higher security level than the key key with a higher security level. At this time, the cryptographic module can use a true random number generator to generate a random number, and then use the random number as the application key.

[0156] The application key generated using the random number can be a symmetric or asymmetric key such as an ISK key / IEK key / KEK key generated using the same method used in the aforementioned key management method when generating the target key (ISK / IEK / KEK key).

[0157] It should be noted that in the key management method, the encryption key is used to encrypt the application key, while the verification key is used to process keys other than the application key. Although both the target key and the application key generate ISK, KEK, and IEK keys, their application scenarios are different.

[0158] After the cryptographic module generates the application key, it uses the decrypted encryption key (e.g., a KEK key) to perform encryption calculations on the generated application key to obtain the application key ciphertext (for asymmetric keys, only the private key is encrypted). At the same time, it uses the encryption key to perform HMAC (Hash-based Message Authentication Code) operations on the application key to obtain a hash value (application key integrity verification information). The application key ciphertext and application key hash value are then returned to the user program for subsequent use of the application key.

[0159] In other embodiments, the application key provider indication information indicates that the application key provider is a user program.

[0160] Application keys that can be directly provided by user programs have a lower security level than application keys generated by the aforementioned cryptographic modules.

[0161] The application key provided by the user can be, for example, the SKEYID_e key mentioned above. The SKEYID_e key can be used in the second phase of IKE program execution: negotiation protection. Therefore, SKEYID_e is relatively important; it is a high-security application key, and enhanced protection can be achieved using encryption keys.

[0162] Since the user program directly provides the application key, this application key can be directly included in the key encryption request. At this point, the cryptographic module can directly use the already decrypted encryption key to perform encryption calculations on the application key provided by the user program, obtaining the application key ciphertext (for asymmetric keys, only the private key is encrypted). Simultaneously, using the encryption key, an HMAC operation is performed on the application key to obtain its hash value (application key integrity verification information). The application key ciphertext and application key hash value are then returned to the user program.

[0163] At this point, the application key encryption protection is complete. The user program can obtain the application key ciphertext and application key integrity verification information returned by the cryptographic module, thus preventing the application key itself from being leaked. When the application key corresponding to the application key ciphertext needs to be used again in the future, the application key ciphertext and application key integrity verification information can be used to decrypt the application key ciphertext using the cryptographic module, and the application key can be used indirectly through the cryptographic module, thereby achieving application key encryption protection.

[0164] This invention also provides a data encryption method, which uses at least the application key ciphertext provided in the foregoing embodiments to decrypt and obtain an application key, and then uses the decrypted application key to encrypt the data.

[0165] Please refer to Figure 4, which is a flowchart of a data encryption method provided in an embodiment of the present invention.

[0166] As shown in Figure 4, the method includes:

[0167] Step S401: Receive a data encryption request, wherein the data encryption request includes the data to be encrypted and encryption requirement information.

[0168] Step S402: Obtain the data encryption key according to the encryption requirement information, wherein the data encryption key is at least an application key.

[0169] The application key is obtained by decrypting the application key ciphertext returned by the key encryption method described in any of the foregoing embodiments.

[0170] The application key is encrypted and protected by the target key (primarily the encryption key), thus ensuring the security of the application key. This, in turn, enhances the security of the data encryption process when using the application key to encrypt data.

[0171] Step S403: Encrypt the data to be encrypted using the data encryption key to obtain the encrypted data ciphertext.

[0172] Step S404: Return the encrypted data ciphertext.

[0173] As can be seen, the technical solution provided by this embodiment of the invention, when processing a data encryption request, at least utilizes the application key ciphertext returned by the cryptographic module when executing the key encryption request. The application key obtained after decryption is then used as the data encryption key to encrypt the data to be encrypted. Since the application key ciphertext is obtained by encrypting with the target key, and the target key is obtained by decrypting the target key ciphertext, which is obtained from the index information returned by the cryptographic module when executing the key management request; and since the contents of the dedicated memory are only visible within the cryptographic module (i.e., managed by the cryptographic module and inaccessible to other modules), and the root key of the cryptographic module is a unique root key generated internally and also stored in the dedicated memory, the decryption of the target key ciphertext is secure. Consequently, the implementation of decrypting the application key using the decrypted target key is also secure, effectively protecting the security of the application key and thus improving the security of encrypting the data to be encrypted using the application key.

[0174] To ensure the security of the application key, in one embodiment, when the data encryption key is an application key, before the step of obtaining the data encryption key according to the encryption requirement information, the method further includes:

[0175] Determine the application key loading information, which includes target key authentication information, index information, application key ciphertext, and application key integrity verification information;

[0176] The target key ciphertext and target key authentication information stored in the processor's dedicated memory are obtained using the index information.

[0177] At least when the received target key authentication information and the saved target key authentication information are successfully verified, the root key of the cryptographic module is used to decrypt the saved target key ciphertext to obtain the target key.

[0178] The application key is obtained by decrypting the application key ciphertext using the target key.

[0179] When the integrity verification information of the received application key is successfully verified, the application key is loaded into the secure memory of the processor as the data encryption key.

[0180] When the application key is used, it can be loaded into secure memory using the cryptographic module.

[0181] The application key ciphertext and application key integrity verification information are generated using the key encryption method described in the foregoing embodiments. Therefore, when using the application key, the user program can provide the application key ciphertext and application key integrity verification information (e.g., a hash value) to decrypt and use the application key ciphertext through the cryptographic module.

[0182] Based on the key encryption method provided in the foregoing embodiments, it is known that when generating the application key ciphertext, the target key ciphertext and target key authentication information stored in the dedicated memory are used. Therefore, when using the application key, the encryption requirement information includes target key authentication information and index information. The target key ciphertext and target key authentication information already stored in the dedicated memory are obtained through the index information, and then the received target key authentication information is used to verify the stored target key authentication information.

[0183] When the target key authentication information is successfully verified, it indicates that the user has permission to use the target key. At this point, the root key can be used to decrypt the obtained target key ciphertext to obtain the target key. Then, the target key can be used to decrypt the application key ciphertext to obtain the application key. After verifying the application key integrity verification information in the encryption requirement information, the application key is loaded into the processor's secure memory as the data encryption key for the data to be encrypted.

[0184] In other embodiments, the application key loading request further includes: root key authentication information; the step of decrypting the saved target key ciphertext using the root key of the cryptographic module to obtain the target key, at least when the verification of the received target key authentication information and the saved target key authentication information is successful, includes:

[0185] When the root key authentication information is successfully verified, and the received target key authentication information and the saved target key authentication information are successfully verified, the root key of the cryptographic module is used to decrypt the saved target key ciphertext to obtain the target key.

[0186] Root key authentication information is used to verify the user rights of the root key and ensure the security of decrypting the target key ciphertext.

[0187] With both the root key authentication information and the target key authentication information successfully verified, the security of the target key ciphertext decryption is fully ensured. At this point, the root key can be used to decrypt the target key ciphertext.

[0188] To ensure reliable use of the application key in secure memory, in one embodiment, the encryption requirement information further includes: application key authentication information; after the step of decrypting the saved target key ciphertext using the root key of the cryptographic module to obtain the target key when the root key authentication information is successfully verified, and the received target key authentication information and the saved target key authentication information are successfully verified, and before the step of encrypting the data to be encrypted using the data encryption key to obtain the encrypted data ciphertext, the method further includes:

[0189] The application key and the application key authentication information are merged and stored in the processor's secure memory;

[0190] Return the application key index information, which is used to index the storage location of the application key and the application key authentication information in the secure memory.

[0191] The application key authentication information is used to verify the usage rights of the application key during its actual use, ensuring that the use of the application key is secure and reliable.

[0192] The application key index information serves as the index information when using the application key. The application key index information can be a handle.

[0193] After the application key index information is returned, the user program can use the application key for encryption. When using the application key, the data encryption request also includes application key index information and application key authentication information; step S403 includes:

[0194] Based on the application key index information, obtain the application key and application key authentication information already stored in the secure memory;

[0195] The application key authentication information is used to verify the stored application key authentication information;

[0196] Upon successful verification, the application key is used to encrypt the data to be encrypted, resulting in encrypted ciphertext.

[0197] As can be seen, when using the application key as a data encryption key, the application key is first loaded into secure memory and stored, and then the application key index information is returned. In actual use of the application key, the user program actually uses the application key index, and the cryptographic module uses the application key to encrypt the data on its behalf.

[0198] Therefore, the security of the application key can be ensured, thereby ensuring the security of data encryption.

[0199] In other embodiments, the data encryption key may also include an external key provided by the user program; the encryption requirement information may also include encryption algorithm information for encrypting the data to be encrypted;

[0200] Step S403 includes:

[0201] The encryption algorithm indicated by the encryption algorithm information is run, and the data to be encrypted is encrypted using the external key to obtain the encrypted ciphertext.

[0202] In certain steps of key negotiation in user programs, there are scenarios where encryption can be performed directly using an external key. For example, when using an asymmetric public key provided by one of the communicating parties for encryption, the cryptographic module can also support directly using the external key to encrypt the data without needing to perform operations such as pre-loading the application key into secure memory.

[0203] This invention also provides a processor for implementing the key management method, key encryption method, and data encryption method described in the foregoing embodiments.

[0204] Please refer to Figure 5, which is a schematic diagram of the structure of a processor provided in an embodiment of the present invention.

[0205] As shown in Figure 5, the processor 1 may include: a built-in cryptographic module 11;

[0206] The cryptographic module 11 includes:

[0207] Key management module 12 is used to receive key management requests, which are used to request the management of target keys and include key management requirement information; the target key is used at least to encrypt application keys, which are key keys for achieving secure data transmission in the virtual private network;

[0208] The algorithm operation module 13 is used to generate target key ciphertext corresponding to the target key using the root key of the cryptographic module 11;

[0209] The key management module 12 is further configured to merge and save the target key ciphertext and the target key authentication information in the key management requirement information into a dedicated storage for storing the root key; and to return index information, which is used to index the storage location of the target key ciphertext and the target key authentication information.

[0210] The contents stored in the dedicated memory are managed by the cryptographic module, and when the contents are used, the cryptographic module loads the contents into the processor's secure memory.

[0211] The cryptographic module 11 built into processor 1 is encapsulated inside processor 1 and consists of two parts:

[0212] The first is a cryptographic coprocessor, which is responsible for cryptographic operations, namely the "algorithm operation module 13" mentioned above;

[0213] Second, there is a security processor and firmware, which is responsible for key management, namely the "key management module 12".

[0214] Cryptographic module 11 is a dedicated module that provides services for key generation, key management, and encryption / decryption acceleration. Since encryption and decryption-related operations are implemented in hardware and integrated with processor 1, it plays a crucial role in scenarios with high security requirements and high-performance encryption / decryption operations.

[0215] IPSec VPN technology commonly uses a combination of user-space IKE program and kernel-space XFRM based on the Linux system. Please refer to Figure 6, which is a schematic diagram of the implementation process of the user-space IKE program based on the Linux system provided in the embodiment of the present invention.

[0216] As shown in Figure 6, the user-space IKE program (supported by commonly used Swan-like apps such as libswan and strongswan) is responsible for negotiating the IKE SA and IPSec SA. It then interacts with the XFRM (eXtensible Flow Representation and Marking, a framework for implementing IPsec) framework to configure the IPsec policy. XFRM handles packet encryption and decryption. The IKE program performs either IKEv1 or IKEv2 negotiation.

[0217] The following problems exist in the execution and use of the results of the IKE program shown in Figure 6:

[0218] (1) Among the PSec key types, working keys and session keys are used to protect the negotiation process and encrypt business data. They have mandatory requirements for periodic updates or updates based on traffic conditions. Moreover, for ease of use, they can be placed in volatile storage devices and destroyed when the device is powered off or the network connection is lost, so they are relatively secure. However, device keys are asymmetric keys and are the initial dependency for the entire device to conduct key negotiations. They are generally held for a long time and will not be changed periodically, so they must be able to be saved after power failure. The IKE program manages device keys by default by storing them directly in plaintext in memory, or even on the hard drive, which will cause security risks. Therefore, the security level of the execution results of the IKE program (device keys, session keys, working keys) is not high enough.

[0219] Among them, device key: public and private key pair used for asymmetric algorithms, including signature key pair and encryption key pair, used for verification and digital signature.

[0220] Working key: The key obtained in the first phase of key exchange, used for protection during the session key exchange process.

[0221] Session key: The key obtained in the second phase of key exchange, used for encrypting data packets and message MAC addresses.

[0222] (2) The IKE key negotiation process extensively uses asymmetric, symmetric, and verification algorithms for signature / verification, encryption / decryption, and data verification. The native code of IKE programs (libswan, strongswan, etc.) uses software to perform cryptographic operations. Software algorithm computation consumes significant processor power, thus impacting the performance improvement of IPSec VPN products in terms of the number of new connections per second. Therefore, using software to execute cryptographic algorithms during IKE key negotiation results in low performance.

[0223] Therefore, in this embodiment of the invention, the processor 1 with built-in cryptographic module 11 can realize the function of executing encryption and decryption programs by means of cryptographic module 11. On the basis of improving the performance of executing cryptographic algorithms, the root key of key management module 12 of cryptographic module 11 is further used as device key to encrypt and protect key keys (application keys) with high security level such as session keys and working keys.

[0224] Since the root key is stored in a dedicated memory, which is non-volatile and whose contents are inaccessible except by the cryptographic module 11 (key management module 12), the security of the root key as the device key and the security of the target key encrypted based on the root key can be ensured, thereby improving the security of the application key during the process of using the target key to encrypt and protect the application key.

[0225] The dedicated memory is located in the processor 1, and it can exist inside the cryptographic module 11 or outside the cryptographic module 11.

[0226] The key management module 12 and the algorithm operation module 13 can execute the key management request described in the foregoing embodiments.

[0227] The key management module 12 is used to parse and split the received key management request, generate various control instructions, such as storage, generation, import, export, use, and destruction control instructions; then, it sends the various control instructions and the information carried in the key management request (such as key management requirement information) to the algorithm operation module 13, controls the algorithm operation module 13 to execute the various control instructions, and returns the execution result to the key management module 12, which then returns the final result to the user program (such as the IKE program) to complete the execution of the key management request.

[0228] As can be seen, the technical solution provided by this embodiment of the invention encrypts the target key using the root key of the cryptographic module according to the key management request. Since the root key of the cryptographic module is a unique root key generated internally by the cryptographic module and stored in the processor's dedicated memory, the content of the dedicated memory is visible within the cryptographic module but not visible to other modules. That is, it is managed by the cryptographic module and inaccessible to other modules. Therefore, after encrypting the target key using the root key, further storing the target key ciphertext and target key authentication information in the dedicated memory ensures the security of the target key encryption process and the security of the target key ciphertext. Simultaneously, since the content stored in the dedicated memory is loaded into secure memory for use, and the target key is used at least to encrypt the application key, which is a key key for secure data transmission in a virtual private network, the security of the target key ciphertext and the subsequent use of the target key to encrypt the application key can be effectively protected, thereby improving the security of the application key and the security of the execution result of the encryption program.

[0229] In other embodiments, the key management module 12 is further configured to receive a key encryption request, the key encryption request including at least the index information and the target key authentication information; and to retrieve the stored target key ciphertext and target key authentication information from the processor's dedicated memory based on the index information.

[0230] The algorithm operation module 13 is further configured to, when the received target key authentication information and the saved target key authentication information are successfully verified, use the root key of the cryptographic module to decrypt the saved target key ciphertext to obtain the target key, the target key being used at least to encrypt the application key; and use the target key to encrypt the application key determined by the key encryption request to obtain the application key ciphertext and the application key integrity verification information.

[0231] The key management module 12 is also used to return the application key ciphertext and application key integrity verification information.

[0232] The key management module 12 and the algorithm operation module 13 can also execute key encryption requests to generate application key ciphertext and application key integrity verification information.

[0233] In other embodiments, the key management module 12 is further configured to receive a data encryption request, the data encryption request including data to be encrypted and encryption requirement information; and to obtain a data encryption key based on the encryption requirement information, the data encryption key including at least an application key, the application key being obtained by decrypting the application key ciphertext.

[0234] The algorithm operation module 13 is also used to encrypt the data to be encrypted using the data encryption key to obtain encrypted data ciphertext;

[0235] The key management module 12 is also used to return the encrypted data ciphertext.

[0236] The key management module 12 and the algorithm operation module 13 can also execute data encryption requests to encrypt the data to be encrypted using at least the application key.

[0237] Optionally, the key management request, the key encryption request, and the data encryption request received by the key management module 12 are generated based on the execution process of the user program executed by the cryptographic module 11.

[0238] To facilitate understanding of the generation of each request (key management request, key encryption request, and data encryption request), we will use the IKE program as an example for explanation.

[0239] Please refer to Figure 7, which is a schematic diagram of the process of a processor executing a user program according to an embodiment of the present invention. Figure 7 illustrates the user program as an example of the IKE program.

[0240] As shown in Figure 7, the initiator is represented by "i" and the receiver is represented by "r".

[0241] “HDR” represents an ISAKMP (Internet Security Association and Key Management Protocol) header;

[0242] “SA” represents a payload that contains one or more security alliance proposals;

[0243] “HDR*” indicates that the payload following the ISAKMP header is encrypted;

[0244] “CERT_sig_r” represents the responder’s signed certificate payload;

[0245] “CERT_enc_r” represents the encrypted certificate payload of the responder;

[0246] “HASH_i” represents the initiator's hash payload;

[0247] “HASH_r” represents the response hash payload;

[0248] “Ni” represents the nonce payload of the initiator;

[0249] “Nr” represents the nonce load of the responder;

[0250] “Idi” represents the identifier payload of the initiator;

[0251] "IDr" represents the identifier payload of the responder;

[0252] “prv_i” represents the initiator’s private key;

[0253] “prv_r” represents the responder’s private key;

[0254] “pub_i” represents the initiator's public key;

[0255] “pub_r” represents the responder’s public key;

[0256] “ "_b" represents the load. The main body is the remaining payload without the ISAKMP universal header.

[0257] During the execution of the IKE program, the interaction between the initiator and receiver in the processor's cryptographic module mainly includes:

[0258] Message 1: The initiator sends a Secure Union payload encapsulated with the proposed payload to the responder;

[0259] Message 2: The responder sends a Security Association payload along with the responder’s signing and encryption certificates, indicating that it accepts the SA proposal sent by the initiator;

[0260] Messages 3 and 4: The initiator and responder exchange data, including a nonce, an identity identifier (ID), and other payloads. The nonce is a necessary parameter for generating the encryption and verification keys, and the ID is the identifier of the initiator or responder. This data is encrypted using a temporary key Sk (Sk is generated by the IKE program; SKi, as mentioned below, represents the temporary key generated by the initiator). Sk is encrypted using the public key from the other party's encryption certificate, and both parties digitally sign the data.

[0261] In messages 3 and 4, "XCH_i" and "XCH_r" have similar structures, as do "SIG_i" and "SIG_r". For ease of explanation, the following explanation will only take the initiator (i) as an example:

[0262] The expression for "XCH_i" can be:

[0263] XCH_i=asym_encrypt(Ski, pub_r)|sym_encrypt(Ni, Ski)|sym_encrypt(IDi, Ski)|CERT_sig_i|CERT_enc_i;

[0264] The expression for "SIG_r" can be:

[0265] SIG_i_b=asym_encrypt(Ski_b|Ni_b|IDi_b|CERT_enc_i_b, priv_i);

[0266] Here, `asym_encrypt(x, y)` represents asymmetric encryption of `x` using key `y`, and `sym_encrypt(x, y)` represents symmetric encryption of `x` using key `y`; `IDi` is the initiator's identity identifier, and `priv_i` is the initiator's private key. The asymmetric and symmetric cryptographic algorithms used in the above process are determined through negotiation between message 1 and message 2. The temporary key `Sk` and the random number `N` are randomly generated by the initiator and responder, respectively. The key management request can be generated after message 1 and message 2, or it can be generated simultaneously.

[0267] In the above process, the `asym_encrypt(Ski, pub_r)` operation uses "pub_r" as the responder's public key, obtained from the responder's encryption certificate. Therefore, the `asym_encrypt(Ski, pub_r)` operation simply uses "pub_r" as the external key and calls the encryption process using the external key. Similarly, in the `sym_encrypt(Ni, Ski)` and `sym_encrypt(IDi, Ski)` operations, Ski is the symmetric encryption key, which is used as the external key to directly call the encryption process.

[0268] The "priv_i" involved in the "asym_encrypt(Ski_b|Ni_b|IDi_b|CERT_enc_i_b, priv_i)" operation serves as the initiator's private encryption key. Due to its high security level, it cannot exist in plaintext. Therefore, it requires the execution of the previous steps of "internal key generation" -> "application key generation" -> "application key loading" before using "priv_i" through the "handle" to complete subsequent encryption operations. Thus, the key management request can also be generated during messages 3 and 4.

[0269] After messages 3 and 4 are completed, a basic key parameter SKEYID is generated for each message. This SKEYID is used to generate subsequent keys, including the SKEYID_e key used to protect messages 5 and 6, as well as the second-phase negotiation process. The key encryption request and data encryption request can be generated during messages 5 and 6.

[0270] Messages 5 and 6 use the key "SKEYID_e" for symmetric encryption. This is to allow the initiator and responder to mutually authenticate the preceding exchange process; the specific process will not be elaborated further. "SKEYID_e" is also used for protection during the subsequent IKE Phase 2 negotiation. Therefore, "SKEYID_e" is crucial and requires enhanced protection. This can be achieved by providing the plaintext of the application key (as mentioned above, where the source is a user program), executing the "Application Key Generation" -> "Application Key Loading" process to encrypt "SKEYID_e" into ciphertext and immediately destroy the plaintext. When needed, the "Use Application Key" process is executed, importing "SKEYID_e" into the key management module of the cryptographic module. Simultaneously, encryption algorithm information and the data to be encrypted are provided. The algorithm calculation module executes the encryption algorithm, using SKEYID_e to encrypt the ciphertext. This includes messages 5 and 6, as well as the IKE Phase 2 (fast mode) negotiation; all can utilize the handle corresponding to SKEYID_e for computation.

[0271] The Fast Mode exchange relies on the SKEYID key parameter and its derived keys generated during the Phase 1 Main Mode exchange to negotiate the IPSec SA security policy and derive the IPSec session key. Information exchanged in Fast Mode is protected by symmetric encryption; all payloads except the ISAKMP header are encrypted. In Fast Mode, a hash payload item immediately follows the ISAKMP header; this hash is used for message integrity verification and data source authentication.

[0272] In the above-described main mode + fast mode negotiation process, the key is used several times and corresponding encryption / decryption / hash operations are performed. Using the steps described in this method, the capabilities of the processor's built-in cryptographic module can be fully utilized to improve the security level of key usage and the powerful cryptographic computing performance of the cryptographic module hardware.

[0273] This invention also provides a cryptographic device to support the functionality of the aforementioned processor.

[0274] Please refer to Figure 8, which is a structural schematic diagram of a cryptographic device provided in an embodiment of the present invention.

[0275] As shown in Figure 8, the cryptographic device includes:

[0276] Processor 1;

[0277] The cryptographic device may further include:

[0278] The cryptographic module interface 2 is used to interact with the user program and the cryptographic module 11 of the processor 1, and to provide the cryptographic module 11 with requests issued by the user program, the requests including at least one of key management requests, key encryption requests, and data encryption requests.

[0279] The cryptographic module interface 2 can be an abstract API (Application Programming Interface) interface, allowing different software components to interact in a unified manner. For example, it can be a cryptographic library that provides user programs with the ability to use the cryptographic module 11 of processor 1 through a standard SDF (Smart / Secure Device Function) interface (a fixed function name), including user-mode drivers and encapsulation of hardware algorithm capabilities.

[0280] As can be seen, the technical solution provided by this embodiment of the invention encrypts the target key using the root key of the cryptographic module according to the key management request. Since the root key of the cryptographic module is a unique root key generated internally by the cryptographic module and stored in the processor's dedicated memory, the content of the dedicated memory is visible within the cryptographic module but not visible to other modules. That is, it is managed by the cryptographic module and inaccessible to other modules. Therefore, after encrypting the target key using the root key, further storing the target key ciphertext and target key authentication information in the dedicated memory ensures the security of the target key encryption process and the security of the target key ciphertext. Simultaneously, since the content stored in the dedicated memory is loaded into secure memory for use, and the target key is used at least to encrypt the application key, which is a key key for secure data transmission in a virtual private network, the security of the target key ciphertext and the subsequent use of the target key to encrypt the application key can be effectively protected, thereby improving the security of the application key and the security of the execution result of the encryption program.

[0281] The process of executing the IKE program using the cryptographic device to fulfill the aforementioned requests is described below.

[0282] Please refer to Figure 9, which is a schematic diagram of the implementation process of a cryptographic device executing a key management request provided in an embodiment of the present invention.

[0283] In Figure 9, the user program sends a key management request to the cryptographic module interface (Figure 9 shows the cryptographic library as an example). The key management request may include root key authentication information and key management requirement information (target key index information (IDX) and target key authentication information).

[0284] The cryptographic library sends a key management request to the key management module 12. The key management module 12 verifies whether the user program has the right to use the root key based on the root key authentication information in the key management request.

[0285] After the root key authentication information is successfully verified, the key management module 12 uses a random number generated by a true random number generator to generate the target key.

[0286] The key management module 12 sends the target key and the root key to the algorithm operation module 13, and also sends a control command to encrypt the target key; then the algorithm operation module 13 executes the control command to encrypt the target key, uses the root key to encrypt the target key to generate the target key ciphertext, and returns the target key ciphertext to the key management module 12.

[0287] The key management module 12 merges the target key ciphertext and target key authentication information into the corresponding location in the processor's dedicated memory according to the target key index information, and returns the index information (target key index information) to the cryptographic library, which then returns the index information to the user program.

[0288] Once the target key (e.g., ISK / IEK / KEK key) is generated and encrypted, it is stored together with the root key in a dedicated memory. The user program does not need to obtain the target key; it only needs to call the index information (IDX) and provide the target key authentication information to apply to the key management module 12 for the use of the corresponding target key.

[0289] Please refer to Figure 10, which is a schematic diagram of the implementation process of a cryptographic device executing a key encryption request provided in an embodiment of the present invention.

[0290] As shown in Figure 10, the process by which a cryptographic device executes a key encryption request may include:

[0291] The user program calls the cryptographic module 11 through the cryptographic library to process the key encryption request.

[0292] The key encryption request issued by the user program includes root key authentication information, index information (mainly encryption key index information: KEK key index information), target key authentication information (mainly encryption key authentication information: KEK authentication information), application key ciphertext, and application key.

[0293] The cryptographic library sends a key encryption request to the key management module 12. The key management module 12 retrieves the target key ciphertext (mainly KEK key ciphertext) and target key authentication information (mainly KEK key authentication information) already stored in the dedicated storage based on the index information. Then, it verifies the root key authentication information, the received KEK key authentication information, and the stored KEK key authentication information.

[0294] After the received KEK key authentication information and root key authentication information are successfully verified, the saved KEK key ciphertext and root key are sent to the algorithm operation module 13. There may also be KEK key decryption control commands. The algorithm operation module 13 executes the KEK key decryption control commands, uses the root key to decrypt the KEK key ciphertext, obtains the KEK key, and returns the KEK key (KEK key plaintext) to the key management module 12.

[0295] The key management module 12 generates an application key (e.g., KEK key / IEK key / ISK key) by generating random numbers using a true random number generator, and sends the application key and KEK key to the algorithm operation module 13. Of course, there can also be control commands for encrypting the application key.

[0296] The algorithm operation module 13 executes the control command for application key encryption, encrypts the application key using the KEK key, generates application key ciphertext, and calculates application key integrity verification information (hash value) using the KEK key; and returns the application key integrity verification information and application key ciphertext to the key management module 12.

[0297] The key management module 12 returns the application key ciphertext and application key integrity verification information to the user program through the cryptographic library, thus completing the encryption protection of the application key.

[0298] Once the application key is generated and encrypted, the user program receives the encrypted application key and will not leak the plaintext application key. When the user program needs to use the application key, it first loads the application key into the key management module 12, and then can use the application key indirectly through the key management module 12.

[0299] Please refer to Figure 11, which is a schematic diagram of an implementation process of a cryptographic device executing a data encryption request provided in an embodiment of the present invention.

[0300] Figure 11 shows a schematic diagram of the implementation process when the data encryption key is the application key.

[0301] When using the application key as the data encryption key, the application key is first loaded and then used. As shown in Figure 11, the user program calls the cryptographic module 11 through the cryptographic library to execute the data encryption request.

[0302] Before executing the data encryption request, the application key is first loaded into secure memory. Therefore, the application key loading information is first determined. The application key loading information includes root key authentication information, target key authentication information, index information, application key ciphertext, and application key integrity verification information.

[0303] The user program first sends application key loading information to the cryptographic library. The application key loading information includes the application key ciphertext and application key integrity verification information returned by the key management module 12 through the cryptographic library. At the same time, in order to enable application key decryption and secure use of application key, the application key loading information also includes root key authentication information, target key authentication information (mainly KEK key authentication information), index information (mainly KEK index information for indexing KEK key ciphertext), and application key authentication information.

[0304] The cryptographic library sends the application key loading information to the key management module 12. The key management module 12 uses the index information to obtain the KEK key ciphertext and KEK key authentication information stored in the dedicated storage. It then uses the stored KEK key authentication information and the received KEK key authentication information to perform verification, as well as verify the root key authentication information. After successful verification, it sends the root key and the obtained stored KEK key ciphertext to the algorithm operation module 13, and simultaneously sends the control command for KEK key decryption.

[0305] The algorithm operation module 13 executes the control command for KEK key decryption, uses the root key to decrypt the KEK key ciphertext, obtains the KEK key, and returns the KEK key to the key management module 12.

[0306] The key management module 12 sends the KEK key and application key ciphertext, application key integrity verification information, application key decryption control command, and integrity verification information generation control command to the algorithm operation module 13.

[0307] The algorithm operation module 13 first executes the control command for decrypting the application key, using the KEK key to decrypt the application key ciphertext and obtain the application key. Then, it executes the control command for generating integrity verification information, verifying the received application key integrity verification information. During the verification process, the KEK key can be used to recalculate the hash value of the decrypted application key. The recalculated application key integrity verification information is then compared with the received application key integrity verification information; if the comparison results match, the verification is successful. At this point, the algorithm operation module 13 returns the application key to the key management module 12.

[0308] The key management module 12 merges and saves the application key and application key authentication information into the secure memory of the processor 1, and returns the application key index information to the cryptographic library, such as returning a handle.

[0309] Then, when using the application key to encrypt data, the data encryption request issued by the user program may also include application key index information, application key authentication information, and the data to be encrypted.

[0310] The key management module 12 receives the application key index information in the data encryption request by calling the cryptographic module 11 through the cryptographic library, and obtains the application key and application key authentication information stored in the secure memory; it compares and verifies the stored application key authentication information using the application key authentication information; after successful verification, it sends the application key, the data to be encrypted, and the data encryption control command to the algorithm operation module 13.

[0311] The algorithm operation module 13 executes the control instructions for data encryption, uses the application key to encrypt the data to be encrypted, generates encrypted data ciphertext, and returns the encrypted data ciphertext to the key management module 12.

[0312] The key management module 12 returns the encrypted data ciphertext to the user program through the cryptographic library.

[0313] As can be seen, the user program does not need to obtain the plaintext of the application key when using it, and the relevant cryptographic operations are performed internally within the cryptographic module 11, protecting the security of the application key and data encryption operations. As long as the application key is not destroyed, it only needs to be loaded once. Subsequent uses of the application key only require providing the correct application key index information (handle) and application key authentication information to the key management module 12. This improves both the execution efficiency of the encryption / decryption program and the security of its execution results.

[0314] Please refer to Figure 12, which is a schematic diagram of another implementation process of a cryptographic device executing a data encryption request provided in an embodiment of the present invention.

[0315] Figure 12 shows a schematic diagram of the implementation process when the data encryption key is an external key.

[0316] When using an external key as a data encryption key, the encryption request issued by the user program may include encryption algorithm information for encrypting the data to be encrypted.

[0317] The user program sends a data encryption request to the cryptographic library, which then calls cryptographic module 11 to execute the data encryption request.

[0318] A data encryption request may include the data to be encrypted, encryption algorithm information, and an external key.

[0319] The key management module 12 sends the external key, encryption algorithm information, external key and data encryption control command to the algorithm operation module 13.

[0320] The algorithm operation module 13 executes the control instructions for data encryption, runs the encryption algorithm, and uses an external key to encrypt the data to be encrypted, thereby obtaining the encrypted ciphertext.

[0321] The algorithm operation module 13 returns the encrypted data ciphertext to the key management module 12, and the key management module 12 returns the encrypted data ciphertext to the user program through the cryptographic library.

[0322] The foregoing describes multiple embodiments of the present invention. The optional methods described in each embodiment can be combined and cross-referenced without conflict, thereby extending to a variety of possible embodiments. These can all be considered as embodiments disclosed or made public by the present invention.

[0323] While the embodiments of the present invention have been disclosed above, the present invention is not limited thereto. Any person skilled in the art can make various modifications and alterations without departing from the spirit and scope of the present invention; therefore, the scope of protection of the present invention should be determined by the scope defined in the claims.

Claims

A key management method, applied to a cryptographic module built into a processor, the method comprising: Receive a key management request, the key management request being used to request the management of a target key, the key management request including key management requirement information; The target key is used at least to encrypt the application key, which is a key key for secure data transmission in a virtual private network. Using the root key of the cryptographic module, generate the target key ciphertext corresponding to the target key; The target key ciphertext and the target key authentication information in the key management requirement information are merged and saved into a dedicated storage device that stores the root key. The contents stored in the dedicated memory are managed by the cryptographic module, and when the contents are used, the cryptographic module loads the contents into the processor's secure memory. In addition, the index information is returned, which is used to index the storage location of the target key ciphertext and the target key authentication information. The key management method as described in claim 1, wherein, The key management request also includes root key authentication information and target key generation type indication information; Before the step of generating the target key ciphertext corresponding to the target key using the root key of the cryptographic module, the method further includes: The root key authentication information is used to verify the access rights of the root key of the cryptographic module; Upon successful verification, a random number is generated. Based on the type of the target key indicated by the generation type indication information, a target key of the corresponding type is generated using the random number. The key management method as described in claim 2, wherein, The key management requirement information further includes: target key index information; the step of merging and saving the target key ciphertext and the target key authentication information in the key management requirement information into a dedicated storage device for storing the root key includes: The target key ciphertext and the target key authentication information in the key management requirement information are merged and saved to the corresponding location in the dedicated memory indicated by the target key index information, so that the target key index information is used as the returned index information. The key management method as described in claim 2, wherein, The target key type includes encryption type, and the target key of encryption type is an encryption key; The step of generating a target key of the corresponding type using the random number according to the type of the target key indicated by the generation type indication information includes: The random number is used as an encryption key, which is used to encrypt the application key. The key management method as described in claim 2, wherein, The target key type includes verification type, and the target key of the verification type is a verification key; The step of generating a target key of the corresponding type using the random number according to the type of the target key indicated by the generation type indication information includes: The random number is used as a private key, which is also a verification key. The verification key is used to enable secure data transmission within the virtual private network. The key management method as described in claim 5, wherein, Also includes: Perform cryptographic operations on the private key to generate a public key; And, based on the public key usage request indicated by the key management requirement information, return the public key. A key encryption method, applied to a cryptographic module built into a processor, the method comprising: Receive a key encryption request, the key encryption request including at least index information and target key authentication information; The index information is obtained based on the key management method according to any one of claims 1-6; Based on the index information, the stored target key ciphertext and target key authentication information are retrieved from the processor's dedicated memory. When the received target key authentication information and the saved target key authentication information are successfully verified, the root key of the cryptographic module is used to decrypt the saved target key ciphertext to obtain the target key, which is used at least to encrypt the application key. The application key determined by the key encryption request is encrypted using the target key to obtain the application key ciphertext and application key integrity verification information. Return the encrypted application key and application key integrity verification information. The key encryption method as described in claim 7, wherein, The key encryption request further includes root key authentication information; before the step of decrypting the saved target key ciphertext using the root key of the cryptographic module to obtain the target key upon successful verification of the received target key authentication information and the saved target key authentication information, the method further includes: The root key authentication information is used to verify the access rights of the root key of the cryptographic module; Upon successful verification, the step of decrypting the saved target key ciphertext using the root key of the cryptographic module to obtain the target key is performed. The key encryption method as described in claim 8, wherein, The key encryption request also includes source indication information for providing the application key; Before the step of encrypting the application key determined by the key encryption request using the target key to obtain the application key ciphertext and application key integrity verification information, the method further includes: Based on the source indication information of the application key, the application key determined by the key encryption request is obtained. The key encryption method as described in claim 9, wherein, The application key provider indication information indicates that the application key provider is a cryptographic module. The process of obtaining the application key determined by the key encryption request based on the application key provider indication information includes: Generate random numbers; The random number is used as the application key. The key encryption method as described in claim 9, wherein, The source indication information for the application key indicates that the source of the application key is the user program. The key encryption method according to any one of claims 7-10, wherein, The target key includes an encryption key of the encryption type, and the target key authentication information includes encryption key authentication information. A data encryption method, applied to a cryptographic module built into a processor, the method comprising: Receive a data encryption request, the data encryption request including the data to be encrypted and encryption requirement information; The data encryption key is obtained according to the encryption requirement information. The data encryption key includes at least an application key. The application key is obtained by decrypting the application key ciphertext returned by the key encryption method according to any one of claims 7-12. The data to be encrypted is encrypted using the data encryption key to obtain encrypted data ciphertext. Return the encrypted data ciphertext. The data encryption method as described in claim 13, wherein, When the data encryption key is an application key, the method further includes, before the step of obtaining the data encryption key based on the encryption requirement information: Determine the application key loading information, which includes target key authentication information, index information, application key ciphertext, and application key integrity verification information; The target key ciphertext and target key authentication information stored in the processor's dedicated memory are obtained using the index information. At least when the received target key authentication information and the saved target key authentication information are successfully verified, the root key of the cryptographic module is used to decrypt the saved target key ciphertext to obtain the target key. The application key is obtained by decrypting the application key ciphertext using the target key. When the integrity verification information of the received application key is successfully verified, the application key is loaded into the secure memory of the processor as the data encryption key. The data encryption method as described in claim 14, wherein, The application key loading information further includes: root key authentication information; the step of decrypting the stored target key ciphertext using the root key of the cryptographic module to obtain the target key at least when the received target key authentication information and the stored target key authentication information are successfully verified includes: When the root key authentication information is successfully verified, and the received target key authentication information and the saved target key authentication information are successfully verified, the root key of the cryptographic module is used to decrypt the saved target key ciphertext to obtain the target key. The data encryption method as described in claim 15, wherein, The encryption requirement information further includes: application key authentication information; after the step of decrypting the saved target key ciphertext using the root key of the cryptographic module to obtain the target key when the root key authentication information is successfully verified, and the received target key authentication information and the saved target key authentication information are successfully verified, and before the step of encrypting the data to be encrypted using the data encryption key to obtain the encrypted data ciphertext, the method further includes: The application key and the application key authentication information are merged and stored in the processor's secure memory; Return the application key index information, which is used to index the storage location of the application key and the application key authentication information in the secure memory. The data encryption method as described in claim 16, wherein, The data encryption request further includes application key index information and application key authentication information; the step of encrypting the data to be encrypted using the data encryption key to obtain encrypted ciphertext includes: Based on the application key index information, obtain the application key and application key authentication information already stored in the secure memory; The application key authentication information is used to verify the stored application key authentication information; Upon successful verification, the application key is used to encrypt the data to be encrypted, resulting in encrypted ciphertext. The data encryption method as described in claim 13, wherein, The data encryption key also includes an external key provided by the user program; the encryption requirement information includes encryption algorithm information for encrypting the data to be encrypted. The step of encrypting the data to be encrypted using the data encryption key to obtain the encrypted ciphertext includes: The encryption algorithm indicated by the encryption algorithm information is run, and the data to be encrypted is encrypted using the external key to obtain the encrypted ciphertext. A processor, comprising: Built-in cryptographic module; The cryptographic module includes: A key management module is used to receive a key management request, which requests the management of a target key and includes key management requirement information. The target key is used at least to encrypt an application key, which is a key key for secure data transmission in a virtual private network. The algorithm operation module is used to generate target key ciphertext corresponding to the target key using the root key of the cryptographic module; The key management module is further configured to merge and save the target key ciphertext and the target key authentication information in the key management requirement information into a dedicated storage for storing the root key; and to return index information, which is used to index the storage location of the target key ciphertext and the target key authentication information. The contents stored in the dedicated memory are managed by the cryptographic module, and when the contents are used, the cryptographic module loads the contents into the processor's secure memory. The processor as claimed in claim 19, wherein, The key management module is further configured to receive a key encryption request, the key encryption request including at least the index information and the target key authentication information; and to retrieve the stored target key ciphertext and target key authentication information from the processor's dedicated memory based on the index information. The algorithm operation module is further configured to, upon successful verification of the received target key authentication information and the saved target key authentication information, decrypt the saved target key ciphertext using the root key of the cryptographic module to obtain the target key, the target key being used at least to encrypt the application key; and encrypt the application key determined by the key encryption request using the target key to obtain the application key ciphertext and the application key integrity verification information. The key management module is also used to return the application key ciphertext and application key integrity verification information. The processor of claim 20, wherein, The key management module is also configured to receive a data encryption request, the data encryption request including data to be encrypted and encryption requirement information; and to obtain a data encryption key based on the encryption requirement information, the data encryption key including at least an application key, the application key being obtained by decrypting the application key ciphertext. The algorithm operation module is also used to encrypt the data to be encrypted using the data encryption key to obtain encrypted data ciphertext; The key management module is also used to return the encrypted data ciphertext. The processor of claim 21, wherein, The key management module receives the key management request, the key encryption request, and the data encryption request, which are generated based on the execution process of the user program executed by the cryptographic module. A cryptographic device, comprising: The processor as described in any one of claims 19-22. The cryptographic device as described in claim 23, wherein, Also includes: A cryptographic module interface is used to interact with the user program and the cryptographic module of the processor, and to provide the cryptographic module with requests issued by the user program, the requests including at least one of key management requests, key encryption requests, and data encryption requests.

Images