公开(公告)号：US20150117640A1

公开(公告)日：2015-04-30

申请号：US14243093

申请日：2014-04-02

Applicant: Electronics and Telecommunications Research Institute

Inventor： Jong-Yeon PARK ,  Young-Ho Kim ,  Yun-Kyung Lee ,  Jae-Deok Lim ,  Jeong-Nyeo Kim

IPC: H04L9/08

CPC classification number: H04L9/0869

Abstract: Provided are an apparatus and method for guaranteeing the safety of a computing device by separating a closed domain from an open domain in the computing device and allowing the closed domain to perform key derivation that is required for encryption/decryption of data. The computing device includes a hypervisor, the open domain and the closed domain isolated from the open domain without being open to a user, the open domain and the closed domain managed by the hypervisor, and a key derivation executable code configured to generate an encryption key needed to perform encryption in the open domain, from a seed value, the key derivation executable code being executed in the closed domain, wherein the encryption key generated by the key derivation executable code is transferred to the open domain, and is automatically discarded after being used for encryption of data in the open domain.

Abstract translation: 提供了一种用于通过将计算设备中的闭合域与开放域分离并允许封闭域执行数据加密/解密所需的密钥导出来保证计算设备的安全性的装置和方法。 所述计算设备包括管理程序，所述开放域和所述关闭域与所述开放域隔离，而不被所述用户打开，所述开放域和所述管理程序管理的所述关闭域以及被配置为生成加密密钥的密钥导出可执行代码 需要在开放域中执行加密，从种子值，密钥导出可执行代码在封闭域中执行，其中由密钥导出可执行代码生成的加密密钥被传送到开放域，并且被放弃后被自动丢弃 用于开放域中的数据加密。

公开(公告)号：US20160211970A1

公开(公告)日：2016-07-21

申请号：US14925872

申请日：2015-10-28

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jong-Yeon PARK

IPC: H04L9/00 ,  H04L29/06

CPC classification number: H04L63/0428 ,  H04L9/002 ,  H04L2209/16

Abstract: An encryption apparatus comprises a memory configured to store a predetermined program on a general domain and a security domain; and a processor configured to perform an encryption process based on the program, wherein the program is configured to: generate encoding data by encoding input data on the security domain, generate encryption data by performing encryption for the encoding data through a whitebox encryption module on the general domain, and generate output data by encoding the encryption data on the security domain.

Abstract translation: 加密装置包括被配置为在一般域和安全域上存储预定程序的存储器; 以及处理器，其被配置为基于所述程序执行加密处理，其中所述程序被配置为：通过对所述安全域上的输入数据进行编码来生成编码数据，通过对所述编码数据进行加密来生成加密数据，所述加密数据通过所述白盒加密模块 并通过对安全域上的加密数据进行编码来生成输出数据。