CN117828641A

CN117828641A - User password protection method, medium encryption key protection method and storage device

Info

Publication number: CN117828641A
Application number: CN202311865396.1A
Authority: CN
Inventors: 秦龙华; 王朋飞; 徐悠悠
Original assignee: Beijing Memblaze Technology Co Ltd
Current assignee: Beijing Memblaze Technology Co Ltd
Priority date: 2023-12-29
Filing date: 2023-12-29
Publication date: 2024-04-05

Abstract

The disclosure relates to a user password protection method, a medium encryption key protection method and storage equipment. In at least one embodiment of the present disclosure, the storage device does not directly store the cipher text, but first performs key derivation on the cipher text to obtain a key, then encrypts the cipher text by using the key to obtain a cipher text, and the storage device only stores the cipher text, deletes both the cipher text and the derived key, thereby improving the security of the cipher; in addition, since the storage device only stores the cipher text, the storage device can correctly decrypt the cipher text only when the user inputs the cipher text again, the user does not input the cipher text, and the storage device cannot correctly decrypt the cipher text, so that the cipher protection forms a closed loop: the method comprises the steps of inputting a password plaintext by a user, generating a password ciphertext, storing the password ciphertext, inputting the password plaintext by the user and decrypting the password ciphertext, so that the correct password plaintext cannot be obtained by external attack even if the firmware is attacked, and the password security is improved.

Description

User password protection method, medium encryption key protection method and storage device

Technical Field

The embodiment of the disclosure relates to the technical field of storage, in particular to a user password protection method, a medium encryption key protection method and storage equipment.

Background

With the development of storage technology, a user may define a series of areas called Locking ranges (Locking ranges) on a storage device, each of which may be independently set to a locked or unlocked state. When the lock range is locked, any read or write operation to it will be denied, thereby ensuring the security of the data. The locking and unlocking of these locking ranges needs to be done by the user assigned the relevant rights. These users need to pass authentication before they can unlock or unlock the lock range.

The current authentication mode is authentication through password (password), but the protection of the password does not prescribe a specific implementation mode, and if the password plaintext is stored in a nonvolatile memory, the password is easy to steal. In addition, each locking range is allocated a separate media encryption key (Media Encryption Key, MEK) to encrypt user data in the locking range, so that the security and confidentiality of the data are ensured. Only authenticated users can replace or delete MEK, but the protection of MEK does not specify a specific implementation, and if MEK is exposed in the clear, user data is at risk of being tampered with or revealed.

Disclosure of Invention

At least one embodiment of the present disclosure provides a user password protection method, a medium encryption key protection method, and a storage device, which improve security of a user password and security of a medium encryption key.

In a first aspect, an embodiment of the present disclosure proposes a user password protection method, applied to a storage device, including: acquiring a first password plaintext to be protected; carrying out key derivation on the first cipher text to obtain a first key corresponding to the first cipher text; encrypting the first cipher text based on the first key to obtain a first cipher text corresponding to the first cipher text; the first cipher text is stored and the first cipher text and the first key are deleted.

In some embodiments, the user password protection method further comprises: receiving a password authentication request, wherein the password authentication request carries a second password plaintext to be authenticated; carrying out key derivation on the second cipher text to obtain a second key corresponding to the second cipher text; decrypting the first cipher text based on the second key to obtain a third cipher text; if the third cipher text is the same as the second cipher text, determining that the cipher authentication is passed.

In a second aspect, an embodiment of the present disclosure further proposes a method for protecting a media encryption key, applied to a storage device, where the method includes:

Receiving a permission allocation request of a target locking range, wherein the permission allocation request carries a password plaintext of a preset user, and the preset user is a user with allocation permission; performing key derivation on a password plaintext of a preset user to obtain a key encryption key KEK corresponding to the password plaintext of the preset user; obtaining a MEK ciphertext corresponding to a preset user based on a medium encryption key MEK plaintext of a KEK encryption target locking range; and storing MEK ciphertext corresponding to the preset user, and deleting the MEK plaintext and the KEK in the target locking range.

In some embodiments, the method for protecting a media encryption key further comprises:

receiving a data encryption/decryption request of a target locking range, wherein the data encryption/decryption request carries a password plaintext of a user initiating the request; carrying out key derivation on the password plaintext of the user initiating the request to obtain the KEK corresponding to the password plaintext of the user initiating the request; decrypting the MEK ciphertext corresponding to the user initiating the request based on the KEK corresponding to the password plaintext of the user initiating the request to obtain the MEK plaintext of the target locking range; the data of the target lock range is encrypted/decrypted based on the MEK plaintext.

In some embodiments, after encrypting/decrypting the data of the target lock range based on the MEK plaintext, the protection method of the media encryption key further includes:

And deleting the KEK corresponding to the password plaintext of the user initiating the request, and deleting the MEK plaintext obtained by decryption based on the KEK corresponding to the password plaintext of the user initiating the request.

receiving a password modification request, wherein the password modification request carries old password plaintext and new password plaintext of a user authenticated by the old password; respectively carrying out key derivation on the old cipher plaintext and the new cipher plaintext to obtain an old KEK corresponding to the old cipher plaintext and a new KEK corresponding to the new cipher plaintext; decrypting the MEK old ciphertext corresponding to the user authenticated by the old password based on the old KEK to obtain an MEK plaintext in a target locking range; and encrypting the MEK plaintext in the target locking range based on the new KEK to obtain the MEK new ciphertext corresponding to the user authenticated by the old password.

receiving an MEK replacement request, wherein the MEK replacement request carries a password plaintext of a management user; generating a new MEK plaintext of the target locking range; performing key derivation on the password plaintext of the management user to obtain the KEK corresponding to the password plaintext of the management user; and encrypting the new MEK plaintext based on the KEK corresponding to the password plaintext of the management user to obtain the new MEK ciphertext corresponding to the management user.

In some embodiments, after receiving the MEK replacement request, the method for protecting the media encryption key further comprises:

performing key derivation on a key pre-stored in a one-time programmable memory to obtain a temporary KEK;

encrypting a new MEK plaintext based on the temporary KEK to obtain an MEK temporary ciphertext corresponding to the temporary KEK;

all old MEK ciphertext of the target lock range is deleted.

In some embodiments, after obtaining the MEK temporary ciphertext of the target locking range, the protection method of the media encryption key further includes:

if any management user in the target locking range passes the password authentication, decrypting the MEK temporary ciphertext based on the temporary KEK to obtain a new MEK plaintext in the target locking range; carrying out key derivation on a plaintext password of a management user passing through password authentication to obtain a KEK corresponding to the management user passing through password authentication; and encrypting the new MEK plaintext in the target locking range based on the KEK corresponding to the management user passing the password authentication, and obtaining the new MEK ciphertext corresponding to the management user passing the password authentication.

In some embodiments, after obtaining the new MEK ciphertext corresponding to the administrative user authenticated by the password, the method for protecting the media encryption key further includes:

and if each management user in the target locking range obtains a corresponding new MEK ciphertext, deleting the MEK temporary ciphertext.

In a third aspect, an embodiment of the present disclosure further provides a method for protecting a media encryption key, which is applied to a storage device, where the method includes:

distributing random keys for users of the same kind; deriving a key encryption key KEK corresponding to the target locking range based on the unique identification information of the target locking range and the random key; encrypting the MEK plaintext of the medium encryption key in the target locking range based on the KEK to obtain the MEK ciphertext in the target locking range, and deleting the MEK plaintext.

In some embodiments, the unique identification information of the targeting range is determined by:

taking the number of the target locking range or the hash value of the number as the unique identification information of the target locking range; alternatively, the number of MEK of the target lock range or the hash value of the number is used as the unique identification information of the target lock range.

In some embodiments, after assigning the random key to the homogeneous user, the method for protecting the media encryption key further comprises:

encrypting the random key based on the password plaintext of the management user aiming at any management user in the target locking range to obtain a random key ciphertext corresponding to the management user; and deleting the random key after obtaining the random key ciphertext corresponding to each management user in the target locking range.

receiving an MEK decryption request, wherein the MEK decryption request carries unique identification information of a target locking range and a password plaintext of a management user; decrypting the random key ciphertext corresponding to the management user based on the password plaintext of the management user to obtain a random key; deriving a key encryption key KEK corresponding to the target locking range based on the unique identification information of the target locking range and the random key; and decrypting the MEK ciphertext of the target locking range based on the KEK to obtain the MEK plaintext of the target locking range.

receiving a password modification request, wherein the password modification request carries an old password plaintext and a new password plaintext of a management user; decrypting the random key ciphertext corresponding to the management user based on the old password plaintext of the management user to obtain a random key; and encrypting the random key based on the new cipher text of the management user to obtain a new cipher text of the random key corresponding to the management user.

receiving an MEK replacement request, wherein the MEK replacement request carries a password plaintext of a management user, unique identification information of a target locking range and a new MEK of the target locking range; decrypting the random key ciphertext corresponding to the management user based on the password plaintext of the management user to obtain a random key; deriving a KEK corresponding to the target locking range based on the unique identification information of the target locking range and the random key; and encrypting the new MEK in the target locking range based on the KEK to obtain a new MEK ciphertext in the target locking range, and deleting the random key and the old MEK ciphertext in the target locking range.

In a fourth aspect, an embodiment of the present disclosure further proposes a user password protection apparatus, applied to a storage device, including:

the first unit is used for acquiring a first cipher text to be protected; the second unit is used for carrying out key derivation on the first cipher text to obtain a first key corresponding to the first cipher text; the third unit is used for encrypting the first cipher plaintext based on the first key to obtain a first cipher text corresponding to the first cipher plaintext; and the fourth unit is used for storing the first cipher text and deleting the first cipher text and the first secret key.

In a fifth aspect, an embodiment of the present disclosure further proposes a protection apparatus for a media encryption key, applied to a storage device, where the apparatus includes:

the first unit is used for receiving a permission allocation request of a target locking range, wherein the permission allocation request carries a password plaintext of a preset user, and the preset user is a user with allocation permission; the second unit is used for carrying out key derivation on the password plaintext of the preset user to obtain a key encryption key KEK corresponding to the password plaintext of the preset user; a third unit, configured to encrypt a MEK plaintext of the target locking range based on the KEK, and obtain a MEK ciphertext corresponding to the preset user; and the fourth unit is used for storing MEK ciphertext corresponding to a preset user and deleting MEK plaintext and KEK in the target locking range.

In a sixth aspect, an embodiment of the present disclosure further proposes a protection apparatus for a media encryption key, applied to a storage device, where the apparatus includes:

a first unit for assigning random keys to users of the same class; a second unit for deriving a key encryption key KEK corresponding to the target locking range based on the unique identification information of the target locking range and the random key; and the third unit is used for encrypting the MEK plaintext of the medium encryption key in the target locking range based on the KEK to obtain the MEK ciphertext in the target locking range, and deleting the MEK plaintext.

In a seventh aspect, embodiments of the present disclosure further provide a storage device, including: the control unit performs the user password protection method according to any of the embodiments of the first aspect, or performs the protection method of the media encryption key according to any of the embodiments of the second aspect, or performs the protection method of the media encryption key according to any of the embodiments of the third aspect, with the NVM chip.

In an eighth aspect, an embodiment of the present disclosure further proposes an electronic device, including a memory, a processor, and a computer program stored on the memory, where the processor executes the computer program to perform the user password protection method according to any embodiment of the first aspect, or to perform the protection method of the media encryption key according to any embodiment of the second aspect, or to perform the protection method of the media encryption key according to any embodiment of the third aspect.

In a ninth aspect, the embodiments of the present disclosure further provide a computer-readable storage medium, where the computer-readable storage medium stores a program or instructions that cause a computer to perform the user password protection method according to any embodiment of the first aspect, or to perform the protection method of a media encryption key according to any embodiment of the second aspect, or to perform the protection method of a media encryption key according to any embodiment of the third aspect.

It can be seen that, in at least one embodiment of the present disclosure, the storage device does not directly store the cipher plaintext, but first performs key derivation on the cipher plaintext to obtain a key, then encrypts the cipher plaintext by using the key to obtain the cipher text, and the storage device only stores the cipher text, deletes both the cipher plaintext and the derived key, thereby improving the security of the cipher; in addition, since the storage device only stores the cipher text, the storage device can correctly decrypt the cipher text only when the user inputs the cipher text again, the user does not input the cipher text, and the storage device cannot correctly decrypt the cipher text, so that the cipher protection forms a closed loop: the method comprises the steps of inputting a password plaintext by a user, generating a password ciphertext, storing the password ciphertext, inputting the password plaintext by the user and decrypting the password ciphertext, so that the correct password plaintext cannot be obtained by external attack even if the firmware is attacked, and the password security is improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings used in the description of the embodiments or the prior art will be briefly described below.

Fig. 1 is a flow chart of a user password protection method according to an embodiment of the disclosure;

fig. 2 is a schematic diagram of a password authentication flow provided in an embodiment of the disclosure;

fig. 3 is a flow chart of a method for protecting a media encryption key according to an embodiment of the present disclosure;

FIG. 4 is a schematic diagram of a direct derivation of a KEK from a user's cryptographic plaintext, provided in an embodiment of the present disclosure;

fig. 5 is a schematic diagram of a data encryption/decryption flow provided in an embodiment of the disclosure;

FIG. 6 is a schematic diagram of a password modification process according to an embodiment of the present disclosure;

FIG. 7 is a schematic diagram of a password modification provided by an embodiment of the present disclosure;

fig. 8 is a schematic diagram of a MEK replacement flow provided in an embodiment of the disclosure;

fig. 9 is a schematic diagram of MEK replacement provided by an embodiment of the present disclosure;

fig. 10 is a schematic flow chart of encrypting a new MEK plaintext by using a MEK temporary ciphertext according to an embodiment of the present disclosure;

fig. 11 is a schematic diagram of encrypting a new MEK plaintext using a MEK temporary ciphertext according to an embodiment of the present disclosure;

FIG. 12 is a flowchart illustrating another method for protecting a media encryption key according to an embodiment of the present disclosure;

FIG. 13 is a schematic diagram of encrypting different MEK plaintext using a random key according to an embodiment of the present disclosure;

fig. 14 is a schematic diagram of a MEK decryption flow provided in an embodiment of the disclosure;

FIG. 15 is a schematic diagram of another password modification process according to an embodiment of the present disclosure;

FIG. 16 is a schematic diagram of another password modification provided by an embodiment of the present disclosure;

fig. 17 is a schematic diagram of another MEK replacement flow provided in an embodiment of the present disclosure;

fig. 18 is an exemplary block diagram of an electronic device provided by an embodiment of the present disclosure.

Detailed Description

The following description of the technical solutions in the embodiments of the present disclosure is made clearly and completely with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are some embodiments of the present disclosure, but not all embodiments. Based on the embodiments in this disclosure, all other embodiments that a person skilled in the art would obtain without making any inventive effort are within the scope of protection of this disclosure. The following detailed description is provided to assist the reader in obtaining a thorough understanding of the methods, apparatus, and/or systems described herein. However, various changes, modifications, and equivalents of the methods, apparatuses, and/or systems described herein will be apparent after an understanding of the present disclosure.

It should be noted that in this document, relational terms such as "first" and "second" and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.

Current media encryption keys (Media Encryption Key, MEK) are protected with key encryption keys (Key Encryption Key, KEK), e.g., MEK is directly encrypted with a KEK stored in one-time programmable (One Time Programmable, OTP). But this approach does not prevent the firmware from opening the backdoor, resulting in decrypting the user data without authorization from the user. If the storage device is attacked, such as loaded with targeted attack firmware, there is a risk of leakage of the user data. To achieve that only the user can encrypt and decrypt the MEK, the user password can generate the KEK through the key derivation function to encrypt and decrypt the MEK, but other problems exist: the locking or unlocking authority of the locking range may be assigned to a plurality of users, it is uncertain which user password is used for deriving the KEK, and if the KEK is derived based on a certain user password, after authentication of other users is successful, it is uncertain how to derive the KEK to encrypt and decrypt MEK. The expression "encryption or decryption using a password" hereinafter is similar to the expression that a key is derived based essentially on a password and then encrypted or decrypted using the derived key.

Fig. 1 is a flow chart of a user password protection method according to an embodiment of the present disclosure, where an execution body of the user password protection method is a storage device (e.g., a solid state disk, a flash memory device, etc.). As shown in fig. 1, the user password protection method may include, but is not limited to, steps 101 to 104:

in step 101, a first ciphertext to be protected is obtained. For example, a user inputs the plaintext of the user's password in a storage device interface presented by the host, and marks the plaintext as the first plaintext of the password. The storage device may then obtain the first ciphertext from the host.

In step 102, key derivation is performed on the first cipher text, so as to obtain a first key corresponding to the first cipher text. For example, the storage device performs key derivation on the first cipher text by using a key derivation function, and generates a first key corresponding to the first cipher text by using the key derivation function. The key derivation function may be a key derivation function commonly used in the art, and will not be described in detail.

In step 103, the first cipher text is encrypted based on the first key, and a first cipher text corresponding to the first cipher text is obtained. For example, the storage device encrypts the first cipher text by an encryption function based on the first key, and generates a first cipher text corresponding to the first cipher text by the encryption function. The encryption function may be an encryption function commonly used in the art, and will not be described in detail.

In step 104, the first cipher text is stored and the first cipher text and the first key are deleted. For example, the storage device stores the first ciphertext into a flash memory or other non-volatile storage medium. The storage device deletes the cached first secret key and the first password plaintext input by the user, so that the first secret key and the first password plaintext cannot be obtained by an external attack even if the firmware is attacked, the first password ciphertext cannot be decrypted correctly, and the password security is improved.

In this embodiment, the storage device does not directly store the cipher text, but firstly carries out key derivation on the cipher text to obtain a key, then uses the key to encrypt the cipher text to obtain the cipher text, and the storage device only stores the cipher text, deletes both the cipher text and the derived key, thereby improving the cipher security; in addition, since the storage device only stores the cipher text, the storage device can correctly decrypt the cipher text only when the user inputs the cipher text again, the user does not input the cipher text, and the storage device cannot correctly decrypt the cipher text, so that the cipher protection forms a closed loop: the method comprises the steps of inputting a password plaintext by a user, generating a password ciphertext, storing the password ciphertext, inputting the password plaintext by the user and decrypting the password ciphertext, so that the correct password plaintext cannot be obtained by external attack even if the firmware is attacked, and the password security is improved.

Fig. 2 is a schematic diagram of a password authentication process according to an embodiment of the present disclosure, where the password authentication process shown in fig. 2 is based on the password authentication process shown in fig. 1. As shown in fig. 2, the password authentication procedure includes, but is not limited to, the following steps 201 to 204:

in step 201, a password authentication request is received, where the password authentication request carries a second password plaintext to be authenticated.

For example, the user inputs the password plaintext (recorded as the second password plaintext) of the user in the storage device interface displayed by the host and clicks the password authentication button in the storage device interface, and the storage device may receive a password authentication request sent by the host, where the password authentication request carries the second password plaintext to be authenticated.

In some embodiments, after the user clicks the password authentication button, the host may derive another password from the password plaintext input by the user and send the derived another password to the storage device, that is, the password authentication request carries another password derived by the host, instead of the password plaintext input by the user. However, for the storage device, the storage device uses the password carried in the received password authentication request as the password plaintext input by the user.

In step 202, a second secret key corresponding to the second plaintext is obtained by deriving a secret key from the second plaintext.

For example, after the storage device extracts the second plaintext password from the password authentication request, the second plaintext is subjected to key derivation by using the key derivation function, and the second key corresponding to the second plaintext is generated by using the key derivation function. The key derivation function may be a key derivation function commonly used in the art, and will not be described in detail.

In step 203, the first cipher text is decrypted based on the second key, resulting in a third cipher text.

For example, after the storage device obtains the second key corresponding to the second cipher text, the storage device searches the flash memory or other nonvolatile memory for the first cipher text of the same user corresponding to the second cipher text. The storage device decrypts the first cipher text through a decryption function based on the second key, and generates a third cipher text corresponding to the first cipher text through the decryption function. Wherein the decryption function is an inverse of the encryption function that generated the first cipher text.

In some embodiments, if decrypting the first cipher text based on the second key fails, then a determination is made that the cipher authentication failed. And deleting the second key if the first cipher text is successfully decrypted based on the second key.

In step 204, if the third plaintext is identical to the second plaintext, it is determined that the password authentication is passed.

In this embodiment, if the password authentication is determined to pass, the second password plaintext is cached for the protection process of the subsequent medium encryption key MEK.

Fig. 3 is a flow chart of a method for protecting a media encryption key according to an embodiment of the present disclosure, where an execution body of the method for protecting a media encryption key is a storage device (e.g., a solid state disk, a flash memory device, etc.). As shown in fig. 3, the protection method of the media encryption key may include, but is not limited to, steps 301 to 304:

in step 301, a permission allocation request of a target locking range is received, where the permission allocation request carries a password plaintext of a preset user.

The preset user is a user with allocation authority. After the password plaintext authentication of the storage device to the preset user is passed, the preset user can initiate a permission allocation request of the target locking range.

In step 302, key derivation is performed on the cipher text of the preset user, so as to obtain a key encryption key KEK corresponding to the cipher text of the preset user.

For example, the storage device performs key derivation on the cipher text of the preset user by using a key derivation function, and generates a KEK corresponding to the cipher text of the preset user by using the key derivation function. The key derivation function may be a key derivation function commonly used in the art, and will not be described in detail.

In step 303, a MEK ciphertext corresponding to the preset user is obtained based on the MEK plaintext, which is a media encryption key of the KEK encryption target locking range.

For example, the storage device encrypts the MEK plaintext in the target locking range through an encryption function based on the KEK corresponding to the password plaintext of the preset user, and generates the MEK ciphertext corresponding to the preset user through the encryption function. The encryption function may be an encryption function commonly used in the art, and will not be described in detail.

In step 304, MEK ciphertext corresponding to the preset user is stored, and MEK plaintext and KEK in the target lock range are deleted.

In this embodiment, since the cipher text of each preset user is different, the derived KEKs are different, so that different KEKs encrypt the same MEK plaintext, different MEK ciphers of the same MEK plaintext can be obtained, the storage device stores different MEK ciphers of the same MEK plaintext, and the different MEK ciphers correspond to different preset users.

For example, fig. 4 is a schematic diagram of a directly derived KEK from a cipher text of a user according to an embodiment of the present disclosure, in fig. 4, an administrator of a target locking range may assign rights to n users, a KEK1 derived from a cipher text of a user 1, a KEK2, … … derived from a cipher text of a user 2, and a KEKn derived from a cipher text of a user n, so that MEK plaintext of the target locking range is encrypted by using the KEKs 1, the KEKs 2, … …, and the KEKn, respectively, to obtain MEK ciphertext 1, MEK ciphertext 2, … …, and MEK ciphertext n. The storage device stores different MEK ciphers of the same MEK plaintext, and MEK ciphertext 1 corresponds to user 1, MEK ciphertext 2 corresponds to user 2, … …, and MEK ciphertext n corresponds to user n.

Therefore, in this embodiment, the storage device directly uses the password plaintext of the user to derive the KEK, and further uses the KEK to encrypt the MEK plaintext, so as to obtain the MEK ciphertext corresponding to the user. Therefore, the storage device can obtain MEK ciphertext corresponding to different users aiming at different users. The storage device stores a plurality of different MEK ciphertexts of the same MEK plaintext, deletes the MEK plaintext and the KEK, and improves the MEK security.

In some embodiments, if there are multiple lock ranges, the authority of each lock range is unique to a certain user, and the number of MEK ciphertexts stored in the storage device is equal to the number of lock ranges; if the authority of each locking range is shared by all users, the number of MEK ciphertext stored by the storage device is the number of the locking ranges multiplied by the number of the users. After any administrative user unlocks the lock range, other users (including administrative users and general users) can access the data of the lock range.

Fig. 5 is a schematic diagram of a data encryption/decryption flow provided in an embodiment of the disclosure, and the data encryption/decryption flow shown in fig. 5 is a flow based on fig. 3. As shown in fig. 5, the data encryption/decryption flow includes, but is not limited to, the following steps 501 to 504:

in step 501, a data encryption/decryption request of a target lock range is received, where the data encryption/decryption request carries a plaintext of a password of a user who initiates the request.

The plaintext of the password of the user who initiates the request is the plaintext of the password which passes the authentication by the password authentication flow shown in fig. 2.

In step 502, key derivation is performed on the cipher text of the user initiating the request, so as to obtain the KEK corresponding to the cipher text of the user initiating the request.

For example, the storage device performs key derivation on the plaintext of the password of the user that initiates the request by using a key derivation function, and generates a KEK corresponding to the plaintext of the password of the user that initiates the request by using the key derivation function. The key derivation function may be a key derivation function commonly used in the art, and will not be described in detail.

In step 503, the MEK ciphertext corresponding to the user initiating the request is decrypted based on the KEK corresponding to the ciphertext of the user initiating the request, to obtain the MEK plaintext of the target lock range.

For example, after the storage device obtains the KEK corresponding to the plaintext of the password of the user that initiated the request, the MEK ciphertext corresponding to the user that initiated the request is looked up from the flash memory or other non-volatile memory. And the storage equipment decrypts the MEK ciphertext corresponding to the user initiating the request through a decryption function based on the KEK corresponding to the password plaintext of the user initiating the request, and the MEK plaintext in the target locking range is generated through the decryption function. Wherein the decryption function is the inverse of the encryption function that generated the MEK ciphertext corresponding to the user that initiated the request.

In step 504, the data for the target lock range is encrypted/decrypted based on the MEK plaintext.

In this embodiment, the storage device sets the MEK plaintext into the encryption/decryption hardware module, and then the storage device encrypts/decrypts the data belonging to the target locking range by using the MEK plaintext through the encryption/decryption hardware module. How to protect the MEK plaintext in the encryption and decryption hardware module is not the focus of the present invention and will not be described.

Therefore, in this embodiment, after the password plaintext of the user who initiates the data encryption/decryption request passes the password authentication, the KEK is derived by using the password plaintext, and then the MEK ciphertext corresponding to the user is decrypted by using the KEK, so as to obtain the MEK plaintext in the target locking range. The MEK plaintext is provided by the memory device to the encryption and decryption hardware module. The storage device encrypts/decrypts the data belonging to the target locking range by using the MEK plaintext through the encryption/decryption hardware module.

In some embodiments, after encrypting/decrypting the data in the target locking range based on the MEK plaintext in step 504, deleting the KEK corresponding to the password plaintext of the user who initiates the request, and deleting the MEK plaintext obtained by decrypting the KEK corresponding to the password plaintext of the user who initiates the request, so as to reduce the risk of leakage.

Fig. 6 is a schematic diagram of a password modification process according to an embodiment of the present disclosure, and the password modification process shown in fig. 6 is a process based on fig. 3. As shown in fig. 6, the password modification procedure includes, but is not limited to, the following steps 601 to 604:

in step 601, a password modification request is received, where the password modification request carries old password plaintext and new password plaintext of a user authenticated by an old password.

Wherein, the old password authentication adopts the password authentication flow shown in fig. 2 for authentication.

In step 602, key derivation is performed on the old cipher text and the new cipher text, respectively, to obtain an old KEK corresponding to the old cipher text and a new KEK corresponding to the new cipher text.

For example, the storage device performs key derivation on the old cipher text by using a key derivation function, and generates an old KEK corresponding to the old cipher text by using the key derivation function. The storage device carries out key derivation on the new cipher text by using the key derivation function, and a new KEK corresponding to the new cipher text is generated by the key derivation function. The key derivation function may be a key derivation function commonly used in the art, and will not be described in detail.

In step 603, the old MEK ciphertext corresponding to the user authenticated by the old password is decrypted based on the old KEK to obtain the MEK plaintext of the target lock range.

For example, after the storage device obtains the old KEK corresponding to the old cipher text, the old MEK cipher text corresponding to the user authenticated by the old cipher is searched from the flash memory or other nonvolatile memory. And the storage device decrypts the MEK old ciphertext corresponding to the user authenticated by the old password through a decryption function based on the old KEK corresponding to the old password plaintext, and the MEK plaintext in the target locking range is generated through the decryption function. Wherein the decryption function is the inverse of the encryption function that generated the old ciphertext of the MEK.

In step 604, the MEK plaintext of the target lock range is encrypted based on the new KEK, and the MEK new ciphertext corresponding to the user authenticated by the old password is obtained.

For example, the storage device encrypts the MEK plaintext of the target lock range by an encryption function based on a new KEK corresponding to the new cipher plaintext, and generates a MEK new ciphertext corresponding to the user authenticated by the old cipher by the encryption function. The encryption function may be an encryption function commonly used in the art, and will not be described in detail.

Fig. 7 is a schematic diagram of a password modification provided by an embodiment of the present disclosure on the basis of fig. 6, in fig. 7, a user 1 initiates a password modification request, where the password modification request carries old password plaintext and new password plaintext of the user 1. Carrying out key derivation on the old password plaintext of the user 1 to obtain an old KEK; decrypting the MEK old ciphertext corresponding to the user 1 by using the old KEK to obtain an MEK plaintext; carrying out key derivation on a new cipher text of the user 1 to obtain a new KEK; and encrypting the MEK plaintext by using the new KEK to obtain a MEK new ciphertext corresponding to the user 1.

It can be seen that fig. 7 uses the new KEK derived from the new cipher text to re-encrypt the MEK plaintext (i.e., re-encrypt the MEK plaintext, the first encryption is the old KEK encrypting the MEK plaintext), so as to obtain the MEK new ciphertext, so that the user 1 can decrypt the MEK new ciphertext using the new cipher plaintext. In addition, since MEK plaintext is different for each lock range of the authority of the user 1, when the user 1 modifies the password, it is necessary to re-encrypt MEK plaintext for all lock ranges of the authority of the user 1.

Fig. 8 is a schematic diagram of a MEK replacement process according to an embodiment of the present disclosure, where the MEK replacement process shown in fig. 8 is a process based on fig. 3. As shown in fig. 8, the MEK replacement procedure includes, but is not limited to, steps 801 to 804 as follows:

in step 801, a MEK replacement request is received, where the MEK replacement request carries a password plaintext for a management user.

Wherein the administrative user can be understood as a user having locking authority for the target locking range. The MEK replacement request is a request for managing a user-initiated replacement of the MEK of the target lock range. The management user initiates an MEK replacement request after the password plaintext authentication is passed.

In step 802, a new MEK plaintext for the target lock range is generated.

For example, the storage device randomly generates new MEK plaintext for the target lock range in response to a MEK replacement request.

In step 803, key derivation is performed on the encrypted plaintext of the management user, so as to obtain the KEK corresponding to the encrypted plaintext of the management user.

In step 804, the new MEK plaintext is encrypted based on the KEK corresponding to the encrypted plaintext of the administrative user, so as to obtain the new MEK ciphertext corresponding to the administrative user.

In some embodiments, after receiving the MEK change request in step 801, the storage device may also key derive a key pre-stored in one-time programmable (One Time Programmable, OTP) memory to obtain a temporary KEK; encrypting a new MEK plaintext based on the temporary KEK to obtain an MEK temporary ciphertext corresponding to the temporary KEK; all old MEK ciphertext of the target lock range is deleted.

For example, on the basis of fig. 8, fig. 9 is a schematic diagram of MEK replacement provided in an embodiment of the present disclosure, and in fig. 9, a MEK replacement request is initiated by a user 1, where the MEK replacement request carries a plaintext of a password of the user 1. And after receiving the MEK replacement request, the storage device randomly generates a new MEK plaintext. The storage device derives a key from the cipher text of the user 1 to obtain the KEK1. And the storage equipment encrypts a new MEK plaintext by using the KEK1 to obtain a new MEK ciphertext corresponding to the user 1. The storage device carries out key derivation on a key stored in the OTP memory in advance to obtain a temporary KEK; encrypting a new MEK plaintext based on the temporary KEK to obtain an MEK temporary ciphertext corresponding to the temporary KEK; after obtaining the MEK temporary ciphertext, deleting all old MEK ciphertext of the target locking range.

Therefore, after the storage device receives the MEK replacement request, a new MEK plaintext in the target locking range is generated, so that all old MEK ciphertext in the target locking range is invalid, if all old MEK ciphertext is directly deleted, the password plaintext of other users with the permission of the target locking range cannot be authenticated, and further the password plaintext of other users cannot be used for encrypting the new MEK plaintext. Therefore, in this embodiment, all old MEK ciphertext is not deleted directly, but after the MEK temporary ciphertext is obtained, all old MEK ciphertext in the target locking range is deleted again, and other users with the authority of the target locking range can complete new MEK plaintext encryption by using the MEK temporary ciphertext, so that the problem that other users cannot complete new MEK plaintext encryption due to the direct deletion of all old MEK ciphertext is solved.

For example, fig. 10 is a schematic flow chart of encrypting a new MEK plaintext by using a MEK temporary ciphertext according to an embodiment of the present disclosure, as shown in fig. 10, the flow of encrypting a new MEK plaintext by using a MEK temporary ciphertext includes, but is not limited to, steps 1001 to 1003:

in step 1001, after obtaining the MEK temporary ciphertext of the target lock range, if any management user of the target lock range passes the password authentication, the MEK temporary ciphertext is decrypted based on the temporary KEK to obtain a new MEK plaintext of the target lock range.

For example, the storage device derives a key from a key pre-stored in the OTP memory to obtain the temporary KEK. The storage device decrypts the MEK temporary ciphertext through a decryption function based on the temporary KEK, and generates a new MEK plaintext in the target locking range through the decryption function. Wherein the decryption function is the inverse of the encryption function that generated the MEK temporary ciphertext.

In step 1002, a plaintext password of a managed user authenticated by a password is subjected to key derivation, so as to obtain a KEK corresponding to the managed user authenticated by the password.

In step 1003, a new MEK ciphertext corresponding to the administrative user through password authentication is obtained by encrypting a new MEK plaintext of the target lock range based on the KEK corresponding to the administrative user through password authentication.

Fig. 11 is a schematic diagram of encrypting a new MEK plaintext by using a temporary MEK ciphertext according to an embodiment of the present disclosure on the basis of fig. 10, where in fig. 11, a storage device performs key derivation on a key stored in advance in an OTP memory to obtain a temporary KEK. The storage device decrypts the MEK temporary ciphertext using the temporary KEK to obtain a new MEK plaintext. The storage device carries out key derivation on the password plaintext of the user 2 passing through the password authentication to obtain KEK2. The storage device encrypts a new MEK plaintext by using the KEK2 to obtain a new MEK ciphertext corresponding to the user 2. If all users with the authority of the target locking range (namely, all management users of the target locking range) obtain the corresponding MEK new ciphertext, deleting the MEK temporary ciphertext.

Fig. 12 is a flowchart of another method for protecting a media encryption key according to an embodiment of the present disclosure, where an execution body of the method for protecting a media encryption key is a storage device (e.g., a solid state disk, a flash memory device, etc.). As shown in fig. 12, the protection method of the media encryption key may include, but is not limited to, steps 1201 to 1203:

in step 1201, a random key is assigned to the same class of users.

Among them, users of the same class are divided into two classes: the management user is a user with locking authority, and the common user is a user without locking authority. The same class of users can also be: users who have the same locking authority (i.e., lock the same locking range) are the same class of users.

In this embodiment, the storage device randomly allocates a key, i.e., a random key, to users of the same class, i.e., users of the same class share the same random key.

In step 1202, a key encryption key KEK corresponding to the target lock range is derived based on the unique identification information of the target lock range and the random key.

Wherein the unique identification information of the target lock range is determined by: taking the number of the target locking range or the hash value of the number as the unique identification information of the target locking range; alternatively, the number of MEK of the target lock range or the hash value of the number is used as the unique identification information of the target lock range.

In this embodiment, the KEK is derived using a random key shared by the same type of user, and the KEK is derived without directly using the user's cryptographic plaintext.

In this embodiment, if the same kind of user can lock different locking ranges, the KEKs corresponding to the locking ranges are derived from the same random key, so that the unique identification information of the locking ranges participates in the derivation of the KEKs, so that the KEKs corresponding to the locking ranges are different, the condition that the medium encryption key MEK plaintext of the locking ranges is encrypted by adopting the same KEK is avoided, and the MEK security is improved.

In step 1203, the media encryption key MEK plaintext of the target lock range is encrypted based on the KEK to obtain the MEK ciphertext of the target lock range, and the MEK plaintext is deleted.

It can be seen that, unlike the method shown in fig. 3, in this embodiment, the storage device does not directly derive the KEK by using the cipher text of the user, but derives the KEK by using the random key shared by the users of the same type, and the number of MEK ciphers stored in the storage device is equal to the number of locking ranges (the number of MEK ciphers stored in the embodiment of fig. 3 is the number of locking ranges multiplied by the number of users), so that in this embodiment, the storage resource can be saved while the MEK security is improved.

In some embodiments, based on fig. 12, for any management user in the target locking range, the random key plaintext is encrypted based on the password plaintext of the management user, so as to obtain the random key ciphertext corresponding to the management user. And if the storage device obtains the random key ciphertext corresponding to each management user in the target locking range, deleting the random key plaintext by the storage device.

Therefore, the storage device only stores the MEK ciphertext, so that the storage device can correctly decrypt the MEK ciphertext only when the user inputs the password plaintext again, the user does not input the password plaintext, and the storage device cannot correctly decrypt the MEK ciphertext, so that the MEK protection forms a closed loop, the external attack can not acquire the correct MEK plaintext even if the firmware is attacked, and the MEK security is improved.

For example, fig. 13 is a schematic diagram of encrypting different MEK plaintext using a random key according to an embodiment of the present disclosure, and in fig. 13, the same kind of user is user 1, user 2, … …, and user n, and the same kind of user may lock different locking ranges (m locking ranges), where the MEK plaintext of m locking ranges is recorded as: MEK1 plaintext, MEK2 plaintext, … …, MEKm plaintext.

In fig. 13, the storage device assigns the same random key to user 1, user 2, … …, user n. The storage device encrypts the same random key by using the cipher text of the user 1, the cipher text of the user 2, the cipher text of the … … and the cipher text of the user n to obtain a random key ciphertext 1 corresponding to the user 1, a random key ciphertext 2 corresponding to the user 2, … … and a random key ciphertext n corresponding to the user n.

In FIG. 13, the storage device derives m KEKs corresponding to m lock ranges using the unique identification information of each of the m lock ranges and the same random key, denoted as: KEK1, KEK2, … …, KEKm. The storage device uses KEK1. The storage equipment encrypts MEK1 plaintext of a locking range 1 by using KEK1 to obtain MEK1 ciphertext of the locking range 1; encrypting MEK2 plaintext of the locking range 2 by using KEK2 to obtain MEK2 ciphertext of the locking range 2; … …; and encrypting the MEKm plaintext of the locking range m by using the KEKm to obtain the MEKm ciphertext of the locking range m.

It can be seen that the storage device does not directly derive the KEK by using the cipher plaintext of the user, but derives the KEK by using the random key shared by the users of the same type, and the number of MEK ciphers stored in the storage device is equal to the number of locking ranges (the number of MEK ciphers stored in the embodiment of fig. 3 is the number of locking ranges multiplied by the number of users), so that the embodiment can save storage resources while improving MEK security.

Fig. 14 is a schematic diagram of a MEK decryption process according to an embodiment of the present disclosure, and the MEK decryption process shown in fig. 14 is a process based on fig. 12. As shown in fig. 14, the MEK decryption process includes, but is not limited to, steps 1401 to 1404 as follows:

in step 1401, a MEK decryption request is received, where the MEK decryption request carries unique identification information of the target lock range and a password plaintext of the management user.

For example, user 1 initiates a MEK decryption request, where the MEK decryption request carries unique identification information of locking range 1 and the plaintext of the password of user 1. The storage device receives a MEK decryption request initiated by user 1.

In step 1402, a random key ciphertext corresponding to the management user is decrypted based on the management user's ciphertext to obtain a random key.

For example, the storage device decrypts the random key ciphertext 1 corresponding to the user 1 based on the cipher plaintext of the user 1, to obtain the random key.

In step 1403, a key encryption key KEK corresponding to the target lock range is derived based on the unique identification information of the target lock range and the random key.

For example, the storage device derives a KEK1 corresponding to lock range 1 based on the unique identification information of lock range 1 and the random key.

In step 1404, the MEK ciphertext for the target lock range is decrypted based on the KEK, resulting in MEK plaintext for the target lock range.

For example, the storage device decrypts the MEK1 ciphertext of lock range 1 based on KEK1, resulting in the MEK1 plaintext of lock range 1.

In this embodiment, the storage device may set the MEK1 plaintext into the encryption/decryption hardware module, so that the storage device encrypts/decrypts the data belonging to the lock range 1 by using the MEK1 plaintext through the encryption/decryption hardware module. How to protect the clear text of MEK1 in the encryption and decryption hardware module is not the key point of the text, and is not described.

In this embodiment, after obtaining the plaintext of MEK1 in the locking range 1, the storage device deletes the KEK1 and the random key corresponding to the locking range 1, thereby improving MEK security.

Fig. 15 is a schematic diagram of another password modification process according to an embodiment of the present disclosure, where the password modification process shown in fig. 15 is a process based on fig. 12. As shown in fig. 15, the password modification flow includes, but is not limited to, steps 1501 to 1503 as follows:

in step 1501, a password modification request is received, the password modification request carrying old and new password plaintext for a administrative user.

For example, after the old password plaintext of the user 1 passes the authentication, the user 1 initiates a password modification request, where the password modification request carries the old password plaintext and the new password plaintext of the user 1. The storage device receives a password modification request initiated by user 1.

In step 1502, the random key ciphertext corresponding to the administrative user is decrypted based on the administrative user's old cryptographic plaintext, resulting in a random key.

In step 1503, the random key is encrypted based on the new cipher text of the management user, to obtain the new cipher text of the random key corresponding to the management user.

As can be seen, compared with the password modification flow shown in fig. 6, in this embodiment, only the random key needs to be re-encrypted (i.e. re-encrypted, the first encryption is that the old password plaintext of the user 1 encrypts the random key), and it is not necessary to re-encrypt the MEK plaintext of all locking ranges of the user 1 having the authority, thereby improving the password modification efficiency.

Fig. 16 is a schematic diagram of another password modification provided in the embodiment of the present disclosure on the basis of fig. 15, in fig. 16, after the old password plaintext of the user 1 passes the authentication, the user 1 initiates a password modification request, where the password modification request carries the old password plaintext and the new password plaintext of the user 1. The storage device decrypts the old cipher text of the random key corresponding to the user 1 based on the old cipher text of the user 1 to obtain the random key plaintext. The storage device encrypts the random key plaintext again by using the key based on the new cipher plaintext derivative key of the user 1 to obtain a new random key ciphertext corresponding to the user 1. After obtaining the new ciphertext of the random key corresponding to the user 1, the storage device deletes the random key plaintext and the key derived from the new ciphertext of the user 1.

Fig. 17 is a schematic diagram of another MEK replacement process provided in an embodiment of the present disclosure, where the MEK replacement process shown in fig. 17 is a process based on fig. 12, and as shown in fig. 17, the MEK replacement process includes, but is not limited to, the following steps 1701 to 1704:

in step 1701, a MEK replacement request is received, where the MEK replacement request carries a password plaintext of a management user, unique identification information of a target lock range, and a new MEK of the target lock range.

In step 1702, the random key ciphertext corresponding to the management user is decrypted based on the password plaintext of the management user, to obtain the random key plaintext.

In step 1703, the KEK corresponding to the target lock range is derived based on the unique identification information of the target lock range and the random key plaintext.

In step 1704, the new MEK for the target lock range is encrypted based on the KEK to obtain a new MEK ciphertext for the target lock range, and the random key plaintext and the old MEK ciphertext for the target lock range are deleted.

In this embodiment, after obtaining the MEK new ciphertext of the target locking range, the storage device stores the MEK new ciphertext in the flash memory or other nonvolatile storage media, and then the flash memory deletes the random key plaintext and the MEK old ciphertext of the target locking range, thereby improving MEK security.

In this embodiment, since different management users of the target lock range share the unique identification information of the target lock range and the random key plaintext, the different management users of the target lock range share the KEK derived in step 1703, that is, the different management users of the target lock range share the same KEK, so that the KEK encrypts the new MEK to obtain only one new ciphertext of the MEK. In the MEK modification process shown in fig. 8, since the KEKs corresponding to different management users are different, the management users do not need to correspond to different MEK new ciphertexts. Therefore, compared with the embodiment shown in fig. 8, the embodiment only needs to store one MEK new ciphertext, and does not need to store a plurality of MEK new ciphertexts, so that the EMK security is improved, and meanwhile, the storage resource can be saved.

It should be noted that, for simplicity of description, the foregoing method embodiments are all expressed as a series of combinations of actions, but those skilled in the art can appreciate that the disclosed embodiments are not limited by the order of actions described, as some steps may occur in other orders or concurrently in accordance with the disclosed embodiments. In addition, those skilled in the art will appreciate that the embodiments described in the specification are all alternatives.

The embodiment of the disclosure provides a user password protection device, which is applied to storage equipment (such as a solid state disk, a flash memory device and the like). The user password protection device provided by the embodiment of the disclosure can execute the processing flow provided by each embodiment of the user password protection method. User password protection devices include, but are not limited to: a first unit, a second unit, a third unit and a fourth unit. The functions of each unit are described as follows:

the first unit is used for acquiring a first cipher text to be protected;

the second unit is used for carrying out key derivation on the first cipher text to obtain a first key corresponding to the first cipher text;

the third unit is used for encrypting the first cipher plaintext based on the first key to obtain a first cipher text corresponding to the first cipher plaintext;

and the fourth unit is used for storing the first cipher text and deleting the first cipher text and the first secret key.

In some embodiments, the user password protection apparatus further comprises a fifth unit for:

receiving a password authentication request, wherein the password authentication request carries a second password plaintext to be authenticated;

performing key derivation on the second cipher text to obtain a second key corresponding to the second cipher text;

Decrypting the first cipher text based on the second key to obtain a third cipher text;

and if the third password plaintext is the same as the second password plaintext, determining that the password authentication is passed.

Details of the above embodiments of the user password protection device refer to the embodiments of the user password protection method, and are not described herein.

The embodiment of the disclosure provides a protection device for a medium encryption key, which is applied to storage equipment (such as a solid state disk, a flash memory device and the like). The protection device for the media encryption key provided in the embodiment of the present disclosure may execute the protection method flow of the media encryption key in fig. 3 and related embodiments. Protection means for the media encryption key include, but are not limited to: a first unit, a second unit, a third unit and a fourth unit. The functions of each unit are described as follows:

the first unit is used for receiving a permission allocation request of a target locking range, wherein the permission allocation request carries a password plaintext of a preset user, and the preset user is a user with allocation permission;

a second unit, configured to derive a key from the plaintext of the preset user, and obtain a key encryption key KEK corresponding to the plaintext of the preset user;

A third unit, configured to encrypt a MEK plaintext of the media encryption key in the target locking range based on the KEK, to obtain a MEK ciphertext corresponding to the preset user;

and a fourth unit, configured to store the MEK ciphertext corresponding to the preset user, and delete the MEK plaintext and the KEK in the target locking range.

In some embodiments, the protection device for a media encryption key further includes a fifth unit for:

In some embodiments, the fifth unit is further configured to delete a KEK corresponding to the password plaintext of the user who initiates the request after encrypting/decrypting the data in the target lock range based on the MEK plaintext, and delete a MEK plaintext decrypted based on the KEK corresponding to the password plaintext of the user who initiates the request.

In some embodiments, the protection device for a media encryption key further includes a sixth unit for:

In some embodiments, the protection device of the media encryption key further includes a seventh unit for:

In some embodiments, the seventh unit is further configured to derive a temporary KEK from a key stored in the otp memory in advance after receiving the MEK replacement request; encrypting a new MEK plaintext based on the temporary KEK to obtain an MEK temporary ciphertext corresponding to the temporary KEK; all old MEK ciphertext of the target lock range is deleted.

In some embodiments, after obtaining the MEK temporary ciphertext of the target locking range, if any administrative user of the target locking range passes the password authentication, the seventh unit decrypts the MEK temporary ciphertext based on the temporary KEK to obtain a new MEK plaintext of the target locking range; carrying out key derivation on a plaintext password of a management user passing through password authentication to obtain a KEK corresponding to the management user passing through password authentication; and encrypting the new MEK plaintext in the target locking range based on the KEK corresponding to the management user passing the password authentication, and obtaining the new MEK ciphertext corresponding to the management user passing the password authentication.

In some embodiments, the seventh unit is further configured to delete the MEK temporary ciphertext after obtaining the new MEK ciphertext corresponding to the cryptographically authenticated management user if each management user in the target lock range obtains the corresponding new MEK ciphertext.

The details of the above embodiments of the protection device for the media encryption key refer to fig. 3 and the protection method for the media encryption key of the related embodiments, which are not described herein.

The embodiment of the disclosure provides another protection device for a medium encryption key, which is applied to storage equipment (such as a solid state disk, a flash memory device and the like). The protection device for the media encryption key provided in the embodiment of the present disclosure may execute the protection method flow of the media encryption key in fig. 12 and related embodiments. Protection means for the media encryption key include, but are not limited to: a first unit, a second unit and a third unit. The functions of each unit are described as follows:

A first unit for assigning random keys to users of the same class;

a second unit for deriving a key encryption key KEK corresponding to the target locking range based on the unique identification information of the target locking range and the random key;

and the third unit is used for encrypting the MEK plaintext of the medium encryption key in the target locking range based on the KEK to obtain the MEK ciphertext in the target locking range, and deleting the MEK plaintext.

In some embodiments, the protection device of the media encryption key further comprises a fourth unit for:

The details of the above embodiments of the protection device for the media encryption key refer to fig. 12 and the protection method for the media encryption key of the related embodiments, which are not described herein.

In an embodiment of the present disclosure, there is also provided a storage device (or solid state storage device, etc.), including: the control unit and an NVM (Non-Volatile Memory) chip, the control unit performs a user password protection method or a protection method of a media encryption key.

Fig. 18 is an exemplary block diagram of an electronic device provided by an embodiment of the present disclosure. As shown in fig. 18, the electronic device includes: a memory 1801, a processor 1802, and a computer program stored on the memory 1801. It is to be understood that the memory 1801 in the present embodiment may be a volatile memory or a nonvolatile memory, or may include both volatile and nonvolatile memories. Memory 1801 stores the following elements, executable modules or data structures, or a subset thereof, or an extended set thereof: an operating system and application programs.

The operating system includes various system programs, such as a framework layer, a core library layer, a driving layer, and the like, and is used for realizing various basic tasks and processing hardware-based tasks. Applications, including various applications such as Media players (Media players), browsers (browses), etc., are used to implement various application tasks. A program implementing the user password protection method provided by the embodiment of the present disclosure, or the protection method of the media encryption key, may be included in the application program.

In the embodiment of the present disclosure, the at least one processor 1802 is configured to execute the steps of the user password protection method or the embodiments of the protection method of the media encryption key provided in the embodiment of the present disclosure by calling a program or an instruction stored in the at least one memory 1801, specifically, a program or an instruction stored in an application program.

The user password protection method, or the protection method of the media encryption key, provided by the embodiments of the present disclosure may be applied to the processor 1802, or implemented by the processor 1802. The processor 1802 may be an integrated circuit chip with signal processing capabilities. In implementation, the steps of the methods described above may be performed by integrated logic circuitry in hardware or instructions in software in the processor 1802. The processor 1802 described above may be a general purpose processor, a digital signal processor (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a field programmable gate array (Field Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

The steps of the user password protection method or the protection method of the medium encryption key provided by the embodiment of the disclosure may be directly embodied as execution completion of the hardware decoding processor or execution completion of the combination execution of the hardware and software modules in the decoding processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in memory 1801 and processor 1802 reads the information in memory 1801, and performs the steps of the method in combination with its hardware.

The embodiments of the present disclosure further provide a computer readable storage medium storing a program or instructions for causing a computer to execute steps of each embodiment of the method for protecting a user password or the method for protecting a medium encryption key, which are not described herein in detail for avoiding repetition of description. Wherein the computer readable storage medium may be a non-transitory computer readable storage medium.

The disclosed embodiments also provide a computer program product comprising a computer program stored in a computer readable storage medium, which may be a non-transitory computer readable storage medium. At least one processor of the computer reads and executes the computer program from the computer-readable storage medium, so that the computer performs the steps of the method embodiments, such as the user password protection method or the medium encryption key protection method, which are not described herein in detail for the sake of avoiding repetition of the description.

The apparatus or device embodiments described above are merely illustrative, in which the unit modules illustrated as separate components may or may not be physically separate, and the components shown as unit modules may or may not be physical units, may be located in one place, or may be distributed over multiple network module units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

Finally, it should be noted that: the above embodiments are merely for illustrating the technical solution of the present disclosure, and are not limiting thereof; the technical features of the above embodiments or in different embodiments may also be combined under the idea of the present disclosure, the steps may be implemented in any order, and there are many other variations of the different aspects of the present disclosure as above, which are not provided in details for the sake of brevity; although the present disclosure has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present disclosure.

Claims

1. A user password protection method applied to a storage device, the method comprising:

acquiring a first password plaintext to be protected;

performing key derivation on the first cipher text to obtain a first key corresponding to the first cipher text;

encrypting the first cipher text based on the first key to obtain a first cipher text corresponding to the first cipher text;

and storing the first cipher text, and deleting the first cipher text and the first secret key.

2. The method of claim 1, wherein the method further comprises:

3. A method for protecting a media encryption key, applied to a storage device, the method comprising:

receiving a permission allocation request of a target locking range, wherein the permission allocation request carries a password plaintext of a preset user, and the preset user is a user with allocation permission;

Performing key derivation on the cipher text of the preset user to obtain a key encryption key KEK corresponding to the cipher text of the preset user;

encrypting a medium encryption key MEK plaintext of the target locking range based on the KEK to obtain an MEK ciphertext corresponding to the preset user;

and storing the MEK ciphertext corresponding to the preset user, and deleting the MEK plaintext and the KEK in the target locking range.

4. A method according to claim 3, wherein the method further comprises:

receiving a data encryption/decryption request of the target locking range, wherein the data encryption/decryption request carries a password plaintext of a user initiating the request;

carrying out key derivation on the password plaintext of the user initiating the request to obtain a KEK corresponding to the password plaintext of the user initiating the request;

decrypting MEK ciphertext corresponding to the user initiating the request based on KEK corresponding to the password plaintext of the user initiating the request to obtain MEK plaintext of the target locking range;

encrypting/decrypting the data of the target lock range based on the MEK plaintext.

5. The method of claim 4, wherein after the encrypting/decrypting the target-locked range of data based on the MEK plaintext, the method further comprises:

Deleting the KEK corresponding to the password plaintext of the user initiating the request, and deleting the MEK plaintext obtained by decryption based on the KEK corresponding to the password plaintext of the user initiating the request.

6. A method according to claim 3, wherein the method further comprises:

receiving a password modification request, wherein the password modification request carries old password plaintext and new password plaintext of a user authenticated by the old password;

respectively carrying out key derivation on the old cipher plaintext and the new cipher plaintext to obtain an old KEK corresponding to the old cipher plaintext and a new KEK corresponding to the new cipher plaintext;

decrypting the MEK old ciphertext corresponding to the user authenticated by the old password based on the old KEK to obtain an MEK plaintext in the target locking range;

and encrypting the MEK plaintext in the target locking range based on the new KEK to obtain the MEK new ciphertext corresponding to the user authenticated by the old password.

7. A method according to claim 3, wherein the method further comprises:

receiving an MEK replacement request, wherein the MEK replacement request carries a password plaintext of a management user;

generating a new MEK plaintext of the target locking range;

carrying out key derivation on the password plaintext of the management user to obtain a KEK corresponding to the password plaintext of the management user;

And encrypting the new MEK plaintext based on the KEK corresponding to the password plaintext of the management user to obtain the new MEK ciphertext corresponding to the management user.

8. The method of claim 7, wherein after the receiving a MEK change request, the method further comprises:

encrypting the new MEK plaintext based on the temporary KEK to obtain an MEK temporary ciphertext corresponding to the temporary KEK;

and deleting all old MEK ciphertext of the target locking range.

9. A method for protecting a media encryption key, applied to a storage device, the method comprising:

distributing random keys for users of the same kind;

deriving a key encryption key KEK corresponding to the target locking range based on the unique identification information of the target locking range and the random key;

encrypting the MEK plaintext of the medium encryption key of the target locking range based on the KEK to obtain the MEK ciphertext of the target locking range, and deleting the MEK plaintext.

10. A memory device, comprising: control means and NVM chip, the control means performing the user password protection method according to claim 1 or 2, or performing the protection method of the media encryption key according to any one of claims 3 to 8, or performing the protection method of the media encryption key according to claim 9.