[go: up one dir, main page]

CN114741716A - Industrial control system-oriented configuration engineering file protection method and suite - Google Patents

Industrial control system-oriented configuration engineering file protection method and suite Download PDF

Info

Publication number
CN114741716A
CN114741716A CN202210549817.9A CN202210549817A CN114741716A CN 114741716 A CN114741716 A CN 114741716A CN 202210549817 A CN202210549817 A CN 202210549817A CN 114741716 A CN114741716 A CN 114741716A
Authority
CN
China
Prior art keywords
control system
industrial control
system configuration
encryption
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210549817.9A
Other languages
Chinese (zh)
Inventor
郑强
杨维永
刘寅
罗黎明
朱世顺
魏兴慎
齐敬
郭于鹏
李宽合
陈忱
栾国强
丁晓玉
徐杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Nari Network Security Technology Co ltd
NARI Information and Communication Technology Co
Original Assignee
NARI Information and Communication Technology Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NARI Information and Communication Technology Co filed Critical NARI Information and Communication Technology Co
Priority to CN202210549817.9A priority Critical patent/CN114741716A/en
Publication of CN114741716A publication Critical patent/CN114741716A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了网络安全技术领域的一种面向工控系统组态工程文件的保护方法及套件,方法包括:对编写好的工控系统组态工程文件进行加解密,获得第一工控系统组态工程文件和加解密密钥,加解密密钥包括密码和salt值;对密码进行再次加解密,并保存在第一工控系统组态工程文件中,生成第二工控系统组态工程文件;收到忘记密码的用户发送的第二工控系统组态工程文件的厂商通过私钥解密出密码。本发明提高了组态工程文件的加密强度,可以防止常规的暴力破解攻击,降低了组态工程的泄密风险。

Figure 202210549817

The invention discloses a protection method and a kit for industrial control system configuration engineering files in the technical field of network security. The method includes: encrypting and decrypting a prepared industrial control system configuration engineering file to obtain a first industrial control system configuration engineering file and encryption/decryption key, which includes password and salt value; encrypt and decrypt the password again, and save it in the first industrial control system configuration project file to generate the second industrial control system configuration project file; receive the forgotten password The manufacturer of the second industrial control system configuration project file sent by the user decrypts the password through the private key. The invention improves the encryption strength of the configuration engineering file, can prevent conventional brute force cracking attacks, and reduces the leakage risk of the configuration engineering.

Figure 202210549817

Description

Industrial control system-oriented configuration engineering file protection method and suite
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a protection method and a kit for an industrial control system configuration engineering file.
Background
At present, in an industrial control system, each large manufacturer has own configuration software, and configuration engineering files are programmed through the configuration software. Normally, when the configuration project file is opened through the configuration software, a password is required to be input, and due to the design problem of the configuration software, the encryption and decryption of the configuration project are in a risk of being bypassed. Once the industrial control system is broken, the encryption and decryption of the configuration project are bypassed, and the encryption and decryption are carried out on the configuration project, so that the prefabricated backdoor program can damage the operating system of the industrial control system. Due to the high real-time performance and low cpu computing power of the industrial control system, the industrial control system cannot use the forced decryption technology. At the beginning of designing an encryption and decryption algorithm, a manufacturer can consider the requirement that a user forgets a password, and part of manufacturers send a decrypted configuration engineering file to the user in a reserved backdoor mode, and once the reserved backdoor mode is internally disclosed, huge risks are introduced to an operating industrial control system.
The configuration software runs in an upper computer, and the configuration engineering file runs in a plc and other lower computers. At present, the attack and defense of the industrial control system are already deep into the lower computer, so that the configuration engineering files are protected, and the stable operation of the lower computer in the industrial control system can be protected.
Disclosure of Invention
The invention aims to provide a protection method and a kit for configuration engineering files of an industrial control system, which aim to solve the technical problems that the industrial control system in the prior art is difficult to use an imposition decryption technology and the configuration engineering has a divulgence risk.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
in a first aspect, a method for protecting a configuration engineering file for an industrial control system is provided, including: encrypting and decrypting the well-written configuration engineering file of the industrial control system to obtain a first configuration engineering file of the industrial control system and an encryption and decryption key, wherein the encryption and decryption key comprises a password and a salt value; encrypting and decrypting the password again, storing the password in the first industrial control system configuration project file, and generating a second industrial control system configuration project file; and the manufacturer of the second industrial control system configuration engineering file sent by the user who receives the forgotten password decrypts the password through the private key.
Further, a DES symmetric encryption and decryption mode is adopted to encrypt and decrypt the well-written configuration engineering files of the industrial control system, and the DES symmetric encryption and decryption mode comprises but is not limited to an aes symmetric encryption and decryption algorithm and a DES symmetric encryption and decryption algorithm.
Further, the openssl encryption and decryption component is used for encrypting and decrypting the password again to generate a public key and a private key.
Further, the salt value is a value greater than 8 bits, which is preset or generated by a random algorithm.
In a second aspect, a protective sleeve for an industrial control system configuration engineering file is provided, which includes: the first encryption and decryption module is configured in the configuration software and used for encrypting and decrypting the well-written configuration engineering file of the industrial control system to obtain a first configuration engineering file of the industrial control system and an encryption and decryption key, wherein the encryption and decryption key comprises a password and a salt value; the second encryption and decryption module is configured in the configuration software and used for encrypting and decrypting the password again, storing the password in the first industrial control system configuration project file and generating a second industrial control system configuration project file; and the manufacturer of the second industrial control system configuration engineering file sent by the user who receives the forgotten password decrypts the password through the private key.
Further, the first encryption and decryption module encrypts and decrypts the well-written configuration engineering file of the industrial control system by adopting a DES (data encryption standard) symmetric encryption and decryption mode, wherein the DES symmetric encryption and decryption mode comprises but is not limited to an aes symmetric encryption and decryption algorithm and a DES symmetric encryption and decryption algorithm.
Further, the second encryption and decryption module encrypts and decrypts the password again by using the openssl encryption and decryption component to generate a public key and a private key.
Further, the salt value is a value greater than 8 bits, which is preset or generated by a random algorithm.
Further, the configuration software is configured with a DPAPI interface function and a gcry _ malloc _ secure interface function.
Compared with the prior art, the invention has the following beneficial effects:
(1) the method comprises the steps of encrypting and decrypting a well-written configuration engineering file of the industrial control system to obtain a first configuration engineering file of the industrial control system and an encryption and decryption key, wherein the encryption and decryption key comprises a password and a salt value; encrypting and decrypting the password again, storing the password in the first industrial control system configuration project file, and generating a second industrial control system configuration project file; the manufacturer of the second industrial control system configuration engineering file, which receives the password forgotten user, decrypts the password through the private key; the encryption strength of the configuration engineering file is improved, the conventional brute force attack can be prevented, and the leakage risk of the configuration engineering is reduced;
(2) the invention is purposefully added into the DPAPI interface function in windows and the gcry _ malloc _ secure interface function design in linux, so that the problem that the password is stolen in the memory can be avoided;
(3) in the invention, the password can be found back to a manufacturer after the user forgets the password, the password is encrypted and decrypted by openssl, and the user stores the private key of the public key manufacturer;
(4) according to the invention, by means of encrypting and decrypting the configuration engineering file body, a safe encryption and decryption mode can be realized under the condition that no authentication server exists, and the problems that the industrial control environment is relatively closed, the calculation force of a CPU (central processing unit) and a memory of the industrial control equipment is low, and the forced decryption technology is difficult to use are solved.
Drawings
FIG. 1 is a schematic diagram of an embodiment of the present invention;
FIG. 2 is a process flow diagram of an embodiment of the invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
The first embodiment is as follows:
a protection method for industrial control system configuration engineering files comprises the steps of encrypting and decrypting written industrial control system configuration engineering files to obtain first industrial control system configuration engineering files and encryption and decryption keys, wherein the encryption and decryption keys comprise passwords and salt values; encrypting and decrypting the password again, storing the password in the first industrial control system configuration project file, and generating a second industrial control system configuration project file; and the manufacturer of the second industrial control system configuration engineering file sent by the user who receives the forgotten password decrypts the password through the private key.
In this embodiment, a DES symmetric encryption and decryption manner is adopted to encrypt and decrypt the configuration engineering files of the programmed industrial control system, and the DES symmetric encryption and decryption manner includes, but is not limited to, an aes symmetric encryption and decryption algorithm, a DES symmetric encryption and decryption algorithm, and a customized encryption and decryption suite.
Encrypting and decrypting the password again by adopting an openssl encryption and decryption component to generate a public key and a private key; and a safer salt value is preset, wherein the salt value is a value which is preset or generated by a random algorithm and is larger than 8 bits. The salt value is added to prevent malicious brute force attacks.
The method comprises the steps of encrypting and decrypting a well-written configuration engineering file of the industrial control system to obtain a first configuration engineering file of the industrial control system and an encryption and decryption key, wherein the encryption and decryption key comprises a password and a salt value; encrypting and decrypting the password again, storing the password in the first industrial control system configuration project file, and generating a second industrial control system configuration project file; the manufacturer of the second industrial control system configuration engineering file sent by the user who forgets the password decrypts the password through the private key; the encryption strength of the configuration engineering file is improved, the conventional brute force attack can be prevented, and the leakage risk of the configuration engineering is reduced.
Example two:
as shown in fig. 1 and fig. 2, based on the protection method for the configuration engineering file of the industrial control system according to the first embodiment, the present embodiment provides a protection kit for the configuration engineering file of the industrial control system, including a first encryption and decryption module configured in configuration software, and configured to encrypt and decrypt the written configuration engineering file of the industrial control system to obtain a first configuration engineering file of the industrial control system and an encryption and decryption key, where the encryption and decryption key includes a password and a salt value; the second encryption and decryption module is configured in the configuration software and used for encrypting and decrypting the password again, storing the password in the first industrial control system configuration project file and generating a second industrial control system configuration project file; and the manufacturer of the second industrial control system configuration engineering file sent by the user who receives the forgotten password decrypts the password through the private key.
The specific configuration process of the protective sleeve oriented to the industrial control system configuration engineering file in this embodiment is as follows.
The method comprises the following steps: designing configuration software, adding an encryption and decryption module (a first encryption and decryption module) into the configuration software, and selecting a mature symmetric encryption and decryption mode DES; the symmetric encryption and decryption mode includes but is not limited to known symmetric encryption and decryption algorithms such as aes and des, and also includes a customized encryption and decryption suite.
Step two: an openssl encryption and decryption component (a second encryption and decryption module) is added into the configuration software, and a public key and a private key are generated by adopting openssl. And prefabricate a safer salt value, wherein the salt value is more than 8 bits. Salt values may also be generated using a random algorithm. The salt value is added to prevent malicious brute force attacks.
Step three: adding a DPAPI interface function and a gcry _ malloc _ secure interface function into configuration software; in order to adapt to different types of industrial control terminals, windows CE is protected by a DPAPI interface function, and class linux is protected by a gcry _ malloc _ secure interface function, so that a memory is prevented from being read. Used for protecting the password from being read in the memory.
The configuration engineering file is normally decrypted through the password, the decrypted configuration engineering file starts to execute the programmed program, and the password is left in the memory at the moment. The configuration software can call a DPAPI interface when running in windows and call a gcry _ malloc _ secure interface when running in linux, and then the password in the memory can be protected.
Step four: and encrypting and decrypting the compiled configuration engineering file through DES (data encryption standard) by configuration software to obtain a first industrial control system configuration engineering file and an encryption and decryption key, wherein the encryption and decryption key is (password + salt value). When the DES encrypted and decrypted configuration engineering file is stolen for reverse analysis, the real function code cannot be seen, and the safety of the configuration engineering file body is protected.
Step five: and (4) encrypting and decrypting the password through the openssl component, storing the password in the encrypted and decrypted configuration engineering file (the first industrial control system configuration engineering file) in the step four, and generating a new configuration engineering file (the second industrial control system configuration engineering file).
Step six: and (4) the user forgets the password, the new configuration engineering file is sent to the manufacturer, and the manufacturer decrypts the private key through the openssl component to obtain the password.
The openssl component encryption and decryption is realized by encrypting and decrypting a private key by using a public key, encrypting and decrypting a password by using the public key, and storing the private key in a manufacturer to prevent a user from forgetting the password. After the user forgets the password, the configuration engineering file is sent to a manufacturer, the manufacturer extracts the encrypted and decrypted password, the password is decrypted by using the private key, and the decrypted configuration engineering file is sent to the user.
According to the invention, a DES (password + salt) encryption and decryption mode is adopted for the configuration engineering file, so that the conventional brute force cracking attack can be prevented; the DPAPI interface function in windows and the gcry _ malloc _ secure interface function in linux are added in a targeted mode, and the risk that the password is stolen in a memory can be avoided. In consideration of the fact that the user can find the password back to the manufacturer after forgetting the password, opennssl encryption and decryption is carried out on the password, and the user stores the private key of the public key manufacturer. Because the industrial control environment is relatively closed, and the calculation force of the CPU and the memory of the industrial control equipment is low. The method for encrypting and decrypting the configuration engineering file body can realize a safe encryption and decryption method under the condition that an authentication server is not available.
The specific treatment flow of this embodiment is shown in fig. 2:
defining DES encryption function of DESUTil. Defining DES decryption function of DESULTI, and realizing DES decryption of the configuration file by the function through key;
defining a ReadPrj () function, wherein the function is used for reading the content of the configuration engineering file and storing the read content in a PrjData variable;
inputting a password for encryption, calling a DES encryption suite, DESUTil. The PrjData is the content of the configuration engineering file, and the key is the set password + the prefabricated salt value, namely key = password + salt; obtaining an encrypted configuration file PrjData _ encrypt;
inputting a password to decrypt the configuration engineering file, and calling a DES decryption suite, namely secret. The PrjData is the content of the configuration engineering file, and the key is the set password + the prefabricated salt value, namely key = password + salt; obtaining the decrypted configuration file PrjData;
defining an OPENSL public key encryption function of RSAEncrypt. Defining an OPENSL private key decryption function of RSAEncrypt.decrypt, and decrypting the user password by the generated private key by the function;
after Openssl generates a public key and installs Openssl, generating a public key command Openssl-out rsa _ public _ key.pem 2048 by adopting a standard, and storing the public key in rsa _ public _ key.pem file; generating a private key command openssl-in rsa _ private _ key-term-output rsa _ public _ key-term according to a private key generation public key rsa _ public _ key.term by adopting a standard, wherein the private key is stored in a rsa _ private _ key.term file;
encrypting the password by using RSAEncrypt (password) to obtain the encrypt key; and storing the configuration file into a configuration file encrypted by the DES.
When the user forgets the password, the configuration engineering file is sent to the manufacturer, the manufacturer finds the encrypted and decrypted password stored in the configuration engineering file, and the manufacturer decrypts the password by using RSAEncrypt. After the key is input, the file can be normally decrypted; and sending the decrypted configuration engineering file to the client.
And the user decrypts the configuration engineering file, the correct password is always stored in the memory, and the DPAPI interface or the gcry _ malloc _ secure function is called to protect the password in the memory.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.

Claims (9)

1.一种面向工控系统组态工程文件的保护方法,其特征在于,包括:1. a protection method for industrial control system configuration engineering file, is characterized in that, comprises: 对编写好的工控系统组态工程文件进行加解密,获得第一工控系统组态工程文件和加解密密钥,加解密密钥包括密码和salt值;Encrypt and decrypt the prepared industrial control system configuration project file to obtain the first industrial control system configuration project file and encryption and decryption key, the encryption and decryption key includes password and salt value; 对密码进行再次加解密,并保存在第一工控系统组态工程文件中,生成第二工控系统组态工程文件;收到忘记密码的用户发送的第二工控系统组态工程文件的厂商通过私钥解密出密码。Re-encrypt and decrypt the password, save it in the first industrial control system configuration project file, and generate the second industrial control system configuration project file; the manufacturer who receives the second industrial control system configuration project file sent by the user who has forgotten the password through the private key to decrypt the password. 2.根据权利要求1所述的面向工控系统组态工程文件的保护方法,其特征在于,采用DES对称加解密方式对编写好的工控系统组态工程文件进行加解密,DES对称加解密方式包括但不限于aes对称加解密算法和des对称加解密算法。2. the protection method for industrial control system configuration engineering file according to claim 1, is characterized in that, adopts DES symmetrical encryption and decryption mode to encrypt and decrypt the written industrial control system configuration engineering file, and DES symmetrical encryption and decryption mode includes But not limited to aes symmetric encryption and decryption algorithm and des symmetric encryption and decryption algorithm. 3.根据权利要求1所述的面向工控系统组态工程文件的保护方法,其特征在于,采用openssl加解密组件对密码进行再次加解密,生成公钥和私钥。3. The protection method for industrial control system configuration engineering files according to claim 1, characterized in that, using openssl encryption and decryption components to encrypt and decrypt the password again to generate a public key and a private key. 4.根据权利要求1所述的面向工控系统组态工程文件的保护方法,其特征在于,所述salt值是预置的或通过随机算法生成的大于8位的值。4 . The protection method for industrial control system configuration engineering files according to claim 1 , wherein the salt value is a preset value or a value greater than 8 bits generated by a random algorithm. 5 . 5.一种面向工控系统组态工程文件的保护套件,其特征在于,包括:5. a protection kit for industrial control system configuration engineering file, is characterized in that, comprises: 配置在组态软件中的第一加解密模块,用于对编写好的工控系统组态工程文件进行加解密,获得第一工控系统组态工程文件和加解密密钥,加解密密钥包括密码和salt值;The first encryption and decryption module configured in the configuration software is used to encrypt and decrypt the prepared industrial control system configuration project file to obtain the first industrial control system configuration project file and the encryption and decryption key. The encryption and decryption key includes the password. and the salt value; 配置在组态软件中的第二加解密模块,用于对密码进行再次加解密,并保存在第一工控系统组态工程文件中,生成第二工控系统组态工程文件;收到忘记密码的用户发送的第二工控系统组态工程文件的厂商通过私钥解密出密码。The second encryption and decryption module configured in the configuration software is used to encrypt and decrypt the password again, and save it in the first industrial control system configuration project file to generate the second industrial control system configuration project file; The manufacturer of the second industrial control system configuration project file sent by the user decrypts the password through the private key. 6.根据权利要求5所述的面向工控系统组态工程文件的保护套件,其特征在于,所述第一加解密模块采用DES对称加解密方式对编写好的工控系统组态工程文件进行加解密,DES对称加解密方式包括但不限于aes对称加解密算法和des对称加解密算法。6. the protection suite for industrial control system configuration engineering file according to claim 5, is characterized in that, described first encryption and decryption module adopts DES symmetrical encryption and decryption mode to encrypt and decrypt the written industrial control system configuration engineering file , DES symmetric encryption and decryption methods include but are not limited to aes symmetric encryption and decryption algorithm and des symmetric encryption and decryption algorithm. 7.根据权利要求5所述的面向工控系统组态工程文件的保护套件,其特征在于,所述第二加解密模块采用openssl加解密组件对密码进行再次加解密,生成公钥和私钥。7. The protection suite for industrial control system configuration engineering files according to claim 5, wherein the second encryption and decryption module adopts openssl encryption and decryption components to encrypt and decrypt the password again to generate a public key and a private key. 8.根据权利要求5所述的面向工控系统组态工程文件的保护套件,其特征在于,所述salt值是预置的或通过随机算法生成的大于8位的值。8 . The protection suite for industrial control system configuration engineering files according to claim 5 , wherein the salt value is a preset value or a value greater than 8 bits generated by a random algorithm. 9 . 9.根据权利要求5所述的面向工控系统组态工程文件的保护套件,其特征在于,所述组态软件中配置有DPAPI接口函数和gcry_malloc_secure接口函数。9 . The protection suite for industrial control system configuration engineering files according to claim 5 , wherein the configuration software is configured with a DPAPI interface function and a gcry_malloc_secure interface function. 10 .
CN202210549817.9A 2022-05-20 2022-05-20 Industrial control system-oriented configuration engineering file protection method and suite Pending CN114741716A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210549817.9A CN114741716A (en) 2022-05-20 2022-05-20 Industrial control system-oriented configuration engineering file protection method and suite

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210549817.9A CN114741716A (en) 2022-05-20 2022-05-20 Industrial control system-oriented configuration engineering file protection method and suite

Publications (1)

Publication Number Publication Date
CN114741716A true CN114741716A (en) 2022-07-12

Family

ID=82287372

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210549817.9A Pending CN114741716A (en) 2022-05-20 2022-05-20 Industrial control system-oriented configuration engineering file protection method and suite

Country Status (1)

Country Link
CN (1) CN114741716A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024111822A1 (en) * 2022-11-25 2024-05-30 국민대학교산학협력단 Apparatus and method for obtaining cloud data through dpapi-based data regeneration

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130145447A1 (en) * 2011-12-01 2013-06-06 Dashlane SAS Cloud-based data backup and sync with secure local storage of access keys
US20130291080A1 (en) * 2012-04-26 2013-10-31 Appsense Limited Systems and methods for data access protection
CN107911343A (en) * 2017-10-27 2018-04-13 深圳英飞拓科技股份有限公司 The password storage verification method and device of safety
CN109495255A (en) * 2018-12-11 2019-03-19 中新金桥数字科技(北京)有限公司 Digital cryptographic key protection method and its system based on android system
CN112165490A (en) * 2020-09-29 2021-01-01 鹏元征信有限公司 Encryption method, decryption method, storage medium and terminal equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130145447A1 (en) * 2011-12-01 2013-06-06 Dashlane SAS Cloud-based data backup and sync with secure local storage of access keys
US20130291080A1 (en) * 2012-04-26 2013-10-31 Appsense Limited Systems and methods for data access protection
CN107911343A (en) * 2017-10-27 2018-04-13 深圳英飞拓科技股份有限公司 The password storage verification method and device of safety
CN109495255A (en) * 2018-12-11 2019-03-19 中新金桥数字科技(北京)有限公司 Digital cryptographic key protection method and its system based on android system
CN112165490A (en) * 2020-09-29 2021-01-01 鹏元征信有限公司 Encryption method, decryption method, storage medium and terminal equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024111822A1 (en) * 2022-11-25 2024-05-30 국민대학교산학협력단 Apparatus and method for obtaining cloud data through dpapi-based data regeneration

Similar Documents

Publication Publication Date Title
CN108471352B (en) Processing method, system, computer equipment and storage medium based on distributed private key
CN104704501B (en) securely generate and store passwords in computer systems
CN107453880B (en) Cloud data security storage method and system
JP2024511236A (en) Computer file security encryption method, decryption method and readable storage medium
CN111614467B (en) System backdoor defense method and device, computer equipment and storage medium
CN103440462A (en) Embedded control method for improving security and secrecy performance of security microprocessor
CN104866784A (en) BIOS encryption-based safety hard disk, and data encryption and decryption method
CN112738064A (en) Method for improving security of SSH protocol based on SM2 and SM4 cryptographic algorithm
CN111949999A (en) Apparatus and method for managing data
US11232219B1 (en) Protection of electronic designs
CN118761107A (en) A security management method for solid state hard disk and solid state hard disk
CN108537048B (en) Security association method and system for encrypted solid state disk and authorized computer
CN114741716A (en) Industrial control system-oriented configuration engineering file protection method and suite
CN1607511B (en) Data protection method and system
CN114491481B (en) Safety calculation method and device based on FPGA
CN118821104A (en) Data authorization management method and related equipment applied to trusted data space
CN114866228B (en) A method, system, storage medium and terminal for implementing soft password module
CN115809459A (en) Data protection and decryption method, system, device and medium for software cryptographic module
CN111523127B (en) A kind of authority authentication method and system for cryptographic equipment
CN116432220A (en) Numerical control system host access control method, device, equipment and storage medium
CN100566239C (en) The key transmission method of multi-stage intelligent key apparatus and system
CN107423627A (en) The time slot scrambling and electronic equipment of a kind of electronic equipment
KR102916302B1 (en) Computer file security encryption method, decryption method and readable storage medium
CN113691530B (en) Symmetric key generation management system, method, equipment and medium based on SGX
CN118747385B (en) A secure key-value storage bucket system protected by a trusted cryptographic module

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20230901

Address after: Nan Shui Road Gulou District of Nanjing city of Jiangsu Province, No. 8 210003

Applicant after: NARI INFORMATION & COMMUNICATION TECHNOLOGY Co.

Applicant after: Nanjing NARI Network Security Technology Co.,Ltd.

Address before: Nan Shui Road Gulou District of Nanjing city of Jiangsu Province, No. 8 210003

Applicant before: NARI INFORMATION & COMMUNICATION TECHNOLOGY Co.