KR-20260067057-A - APPARATUS AND METHOD FOR DATA ENCRYPTION

Abstract

The present specification discloses a data encryption device and a method. A data encryption device according to the present specification comprises: a hardware processor; and a memory connected to the processor and configured to store at least one computer program configured to perform a data encryption method. The data encryption method may include a data storage step of loading at least one encryption key from a key storage device while a key storage device storing at least one encryption key is connected, and encrypting and storing data using any one of the loaded encryption keys.

Inventors

• 심상국

Assignees

• (주)티엔젠

Dates

Publication Date

20260512

Application Date

20241105

Claims (4)

1. Hardware processor; and A data encryption device comprising: a memory that stores at least one computer program connected to the above processor and configured to perform a data encryption method; The above data encryption method is, A data encryption device comprising: a data storage step of loading at least one encryption key from the key storage device while the key storage device storing at least one encryption key is connected, and encrypting and storing data using any one of the loaded encryption keys.
2. In claim 1, The above data encryption method is, A data encryption device further comprising: a decryption step of decrypting and outputting the encrypted data using the encryption key used for encryption when a request to read encrypted stored data is received while the key storage device is connected.
3. In claim 1, The above data storage step is, A data encryption device further comprising storing data without encryption when the connection of the above-mentioned key storage device is disconnected.
4. Data encryption device according to claims 1 to 3; and A data encryption system comprising: a key storage device which is a hardware security module (HSM) in the form of a USB (Universal Serial Bus) flash drive connected to the data encryption device and storing at least one encryption key.

Description

Apparatus and Method for Data Encryption The present invention relates to a data encryption device and method, and more specifically, to a data encryption device and method using a key storage device. The content described in this section merely provides background information regarding the embodiments described in this specification and does not necessarily constitute prior art. Data encryption methods using conventional Digital Rights Management (DRM) solutions reveal several limitations in terms of software installation, encryption methods, operation, and security. Conventional encryption software has complex installation and post-installation configuration processes. Furthermore, the software has the disadvantage that encrypted data may be lost due to software errors and/or OS (Operating System) errors, and the software must be reinstalled if it becomes inoperable upon OS reinstallation. Furthermore, the aforementioned encryption software limits the scope of encryption to specific areas of the storage device or file formats, and entails the inconvenience of requiring direct user intervention for file encryption and decryption. Additionally, encryption software using asymmetric keys takes a long time to encrypt and decrypt data, which limits its ability to perform real-time encryption and decryption. Furthermore, in the case of encryption software accessible via passwords, there is a security vulnerability that allows an attacker to steal information from passwords and encrypted data through a backdoor. Accordingly, there is a need for a data encryption method that is simpler, faster, and has fewer security vulnerabilities than conventional encryption software. FIG. 1 illustrates the configuration of a data encryption system according to one embodiment of the present specification. FIG. 2 is a flowchart of a data encryption method according to one embodiment of the present specification. FIG. 3 is a flowchart of a data encryption method according to another embodiment of the present specification. FIG. 4 is a flowchart of a data encryption method according to another embodiment of the present specification. FIG. 5 is a flowchart of a data encryption method according to another embodiment of the present specification. FIG. 6 is a flowchart of a data encryption method according to another embodiment of the present specification. FIG. 7 is a flowchart of a data encryption method according to another embodiment of the present specification. FIG. 8 is a flowchart of a data encryption method according to another embodiment of the present specification. FIG. 9 is a flowchart of a data encryption method according to another embodiment of the present specification. FIG. 10 is a flowchart of a data encryption method according to another embodiment of the present specification. The advantages and features of the invention disclosed herein, and the methods for achieving them, will become clear by referring to the embodiments described below in detail together with the accompanying drawings. However, this specification is not limited to the embodiments disclosed below and may be implemented in various different forms. These embodiments are provided merely to ensure that the disclosure of this specification is complete and to fully inform those skilled in the art (hereinafter referred to as "skilled in the art") of the scope of this specification, and the scope of rights of this specification is defined only by the scope of the claims. The terms used herein are for describing the embodiments and are not intended to limit the scope of the claims herein. In this specification, the singular form includes the plural form unless specifically stated otherwise in the text. As used herein, "comprises" and/or "comprising" do not exclude the presence or addition of one or more other components in addition to the components mentioned. Throughout the specification, the same reference numerals refer to the same components, and "and/or" includes each of the mentioned components and all combinations of one or more thereof. Although terms such as "first," "second," etc., are used to describe various components, they are not limited by these terms. These terms are used merely to distinguish one component from another. Accordingly, the first component mentioned below may be the second component within the scope of the technical concept of the present invention. Unless otherwise defined, all terms used herein (including technical and scientific terms) may be used in a meaning commonly understood by a person skilled in the art to which this specification pertains. Additionally, terms defined in commonly used dictionaries are not to be interpreted ideally or excessively unless explicitly and specifically defined otherwise. Hereinafter, embodiments of the present invention will be described in detail with reference to the attached drawings. FIG. 1 illustrates the configuration of a data encryption system according to one embodiment of the