CN108650271A - A kind of method for managing user right and system - Google Patents
A kind of method for managing user right and system Download PDFInfo
- Publication number
- CN108650271A CN108650271A CN201810472288.0A CN201810472288A CN108650271A CN 108650271 A CN108650271 A CN 108650271A CN 201810472288 A CN201810472288 A CN 201810472288A CN 108650271 A CN108650271 A CN 108650271A
- Authority
- CN
- China
- Prior art keywords
- user
- host side
- storage device
- order
- device end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The embodiment of the invention discloses a kind of method for managing user right and systems.The function of digital signature authentication based on physical message, biological information is realized at storage device end, the safety of data can be effectively improved, ensures the interests of authorized user, enhances the protection to Information Security.Present invention method includes:Host side triggering peripheral hardware is acquired preset physical message and biological information;Host side generates private key according to the collected physical message and biological information;Host side issues the order for opening user's corresponding authority to storage device end;Host side is signed by the order that private key sends out the user, and the order signed is sent to the storage device end;The order signed is verified at storage device end, normal to execute if being verified.
Description
Technical field
The present invention relates to computer security technique field more particularly to a kind of method for managing user right and systems.
Background technology
Current computer safety system generally comprise it is following two, when pass through software carry out access privilege pipe
Control;Second is that the data in solid state disk are encrypted.The method letter of the management control of access privilege is carried out by software
It is single, it easily cracks, confidentiality is poor, and therefore, most computers security system is using the data in solid state disk are encrypted, i.e.,
Solid state hard disk secure encryption system.
Such as a kind of existing solid state hard disk secure encryption system, it includes host, the solid state disk that is arranged on host, close
Key and identity authorization system;Solid state disk includes encryption/decryption module, solid state disk control module, memory module;Authentication system
System storage is in a storage module;It is characterized in that:Key storage is in the key storage media other than solid state disk.
However, the access rights management of above-mentioned solid state hard disk secure encryption system is realized in operating system level, storing
Equipment end does not have safety, the guarantee of information integrity;After host equipment (operating system) is invaded, storage device is completely sudden and violent
It is exposed to attacker, security performance is low.
Invention content
An embodiment of the present invention provides a kind of method for managing user right and systems, will be based on physical message, biological characteristic
The function of the digital signature authentication of information is realized at storage device end, and the safety of data can be effectively improved, and ensures to authorize
The interests of user enhance the protection to Information Security.
The first aspect of the embodiment of the present invention provides a kind of method for managing user right, including:
Host side triggering peripheral hardware is acquired preset physical message and biological information;
Host side generates private key according to the collected physical message and biological information;
Host side issues the order for opening user's corresponding authority to storage device end;
Host side is signed by the order that private key sends out the user, and the order signed is sent to described
Storage device end;
The order signed is verified at storage device end, normal to execute if being verified.
Optionally, the host side includes according to the collected physical message and biological information generation private key:
The host side presses superuser default rule, uses the collected physical message and biological information
As seed, private key is generated, and the private key is stored in the driving of the host side.
Optionally, the storage device end, which to the order signed verify, includes:
The storage device by the preset public key corresponding with the user of superuser to the order signed into
Row verification.
Optionally, the method further includes:
During the permission of the user is opened, the host side periodically verifies the physical message and biological characteristic
The inspection rule of information closes the permission of the user if verification does not pass through.
Optionally, the order signed is verified at the storage device end, normal to execute if being verified
Later, further include:
The storage device end obtains implementing result;
The implementing result is returned into the host side.
Second aspect of the embodiment of the present invention provides a kind of user authority management system, including:
The system comprises host sides and storage device end, wherein the host side, for triggering peripheral hardware to preset object
Reason information and biological information are acquired;Private key is generated according to the collected physical message and biological information;
The order for opening user's corresponding authority is issued to storage device end;The order sent out to the user by private key is signed,
And the order signed is sent to the storage device end;The storage device end is used to carry out the order signed
Verification is normal to execute if being verified.
Optionally, the host side is specifically used for pressing superuser default rule, is believed using the collected physics
Breath and biological information generate private key, and the private key is stored in the driving of the host side as seed.
Optionally, the storage device end is specifically used for by the preset public key corresponding with the user of superuser to institute
The order signed is stated to be verified.
Optionally, the host side is additionally operable to during the permission of the user is opened, and the host side is periodically tested
The inspection rule for demonstrate,proving the physical message and biological information closes the permission of the user if verification does not pass through.
Optionally, the storage device end is additionally operable to obtain implementing result;The implementing result is returned into the host
End.
As can be seen from the above technical solutions, the embodiment of the present invention has the following advantages:The present invention solves order execution
Information integrity in the process and user identity identification problem, and corresponding rights management policy is provided, it is effective to improve
The security intensity of storage device, reduces the possibility and success rate of attacker and virus attack storage device.
Description of the drawings
Fig. 1 is method for managing user right one embodiment schematic diagram in the embodiment of the present invention;
Fig. 2 is the interactive process schematic diagram that user provided in an embodiment of the present invention uses storage device;
Fig. 3 is periodical Proactive authentication flow diagram provided in an embodiment of the present invention;
Fig. 4 is the systematic procedure schematic diagram provided in an embodiment of the present invention periodically actively checked;
Fig. 5 is user authority management system one embodiment schematic diagram in the embodiment of the present invention.
Specific implementation mode
An embodiment of the present invention provides a kind of method for managing user right and systems.It will be based on physical message, biological characteristic
The function of the digital signature authentication of information is realized at storage device end, and the safety of data can be effectively improved, and ensures to authorize
The interests of user enhance the protection to Information Security.
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, the every other implementation that those skilled in the art are obtained without creative efforts
Example, shall fall within the protection scope of the present invention.
Term " first " in description and claims of this specification and above-mentioned attached drawing, " second " are for distinguishing class
As object, without being used to describe specific sequence or precedence.It should be appreciated that the data used in this way are in appropriate situation
Under can be interchanged, so that the embodiments described herein can be real with the sequence other than the content for illustrating or describing herein
It applies.In addition, term " comprising " and " having " and their any deformation, it is intended that cover it is non-exclusive include, for example, packet
Contained series of steps or unit process, method, system, product or equipment those of be not necessarily limited to clearly to list step or
Unit, but may include not listing clearly or for the intrinsic other steps of these processes, method, product or equipment or
Unit.
Digital signature is exactly others the hop count word string that can not forge that the private key of only information transmitter could generate,
This hop count word string is also the valid certificates that information authenticity is sent to the sender of information simultaneously.
Digital signature is the application of non-symetric key cryptography and digital digest technology.Its main function is to ensure information
The integrality of transmission, prevents the denial in transaction from occurring at the authentication of sender.
Digital signature technology is the private key encryption with sender by summary info, sends recipient to together with original text.It connects
Receipts person could only decrypt encrypted summary info with the public key of sender, then be generated with the original text that HASH function pairs receive
One summary info is compared with the summary info of decryption.If identical, illustrate that the information received is complete, be transmitted across
It is not changed in journey, otherwise illustrates that information is modified, therefore digital signature is able to verify that the integrality of information.
Digital signature is an encrypted process, and digital signature authentication is a process for decryption.
Digital Signature Algorithm should at least meet three conditions:
1. recipient can verify signature of the sender to message;
2. sender cannot deny the signature to its message afterwards;
3. recipient can not forge the signature to message.
For hash function, identical input will obtain identical output;But according to drawer principle, to different defeated
Enter to have probability and obtain identical output, this situation is known as conflicting;In real life, avoid conflict key be selection and
Design effectively avoids the one-way cipher hash function of conflict.
Storage device access rights management is typically to defer to the agreement of response, such as SATA/AHCI, PCIE/NVME etc..It is depositing
Storage facility level has no information integrity, the functions such as user identity verification.Current identity recognition function is mainly in operating system
Upper realization.Meanwhile digital signature could carry out authentication, therefore encryption technology in terms of rights management and is not suitable for.
The method for managing user right of the present invention is illustrated below by specific embodiment:
Referring to Fig.1, one embodiment of method for managing user right for proposing the present invention, the described method comprises the following steps:
S11, host side triggering peripheral hardware are acquired preset physical message and biological information;
S12, host side generate private key according to the collected physical message and biological information;
S13, host side issue the order for opening user's corresponding authority to storage device end;
S14, host side are signed by the order that private key sends out the user, and the order signed is sent to
The storage device end;
The order signed is verified at S15, storage device end, normal to execute if being verified.
In some possible embodiments, the host side is according to the collected physical message and biological information
Generating private key includes:
The host side presses superuser default rule, uses the collected physical message and biological information
As seed, private key is generated, and the private key is stored in the driving of the host side.
In some possible embodiments, the storage device end carries out verification to the order signed and includes:
The storage device by the preset public key corresponding with the user of superuser to the order signed into
Row verification.
In some possible embodiments, further include:
During the permission of the user is opened, the host side periodically verifies the physical message and biological characteristic
The inspection rule of information closes the permission of the user if verification does not pass through.
In the present embodiment, after the permission to authorized user is activated, storage device periodically actively checks (by obtaining
Taking the peripheral hardware of physics, biological information) the corresponding physical message of current grant user, whether biological information continues has
Effect.When corresponding informance fails, the corresponding permission of current grant user is closed immediately.Even if continuing to issue at this time (passes through host
The driving at end) user's signature order, which is also considered as unauthorized order by storage device end.
The rule of periodic test is set by superuser, including but not limited to
A. the period detected;
B. whether equipment works in given environment (such as carries out working environment background by camera and compares confirmation;It is logical
It crosses camera and is relatively confirmed whether have excessive personnel in Administrative Area;By bluetooth, WIFI, ZigBee etc. into row distance
Calculate etc.);
C. whether the biological information of user effectively (can also detect correct biological information, in this way
It is no to be scanned correct face, iris etc.).
In some possible embodiments, the order signed is verified at the storage device end, if verification
Pass through, then after normal execution, further includes:
The storage device end obtains implementing result;
The implementing result is returned into the host side.
It remarks additionally below to above-described embodiment related content:
In step s 11, when user attempts to operate storage device, the preset physical message of superuser will be triggered first
And biological information inspection, do not pass through if checking, abnormality processing, passes through if checking, trigger peripheral hardware to preset physics
Information and biological information are acquired.
Physical message used in the present embodiment include but not limited to space index, distance, temperature, light, sound, humidity,
Magnetic force, pressure, electric field, magnetic field etc.;Biological information include but not limited to sound, smell, color, behavior, face, fingerprint,
Palmmprint etc..
In step s 12, the physical message and biological information of user is obtained by peripheral hardware, with physical message, biology
Characteristic information is seed, generates private key based on one-way cipher hash function (cryptographic hash), private key is stored in
In the driving of host side;Based on digital signature technology, public key corresponding with above-mentioned private key is generated, and the public key is loaded into storage
Equipment end.
By one-way cipher hash function, contacting for biological information and private key is isolated, prevents biological information etc.
Privacy is leaked.
In step s 13, the permission of all authorized users, by superuser behind the authentication by storage device end
It is configured.The corresponding public key of authorized user is issued to storage device end by superuser.
The proof rule of authorized user is preset by superuser, including but not limited to:1, the composition of the seed of private key is generated,
Such as fingerprint+iris, bluetooth equipment ID+ sound, USB Key+ passwords.Private key is only used for digital signature, by storage device end
Public key verified.2, user and the physical distance of detection peripheral hardware are less than certain distance (such as 3m), working environment background+behavior
Etc..If the physical inspection of authorized user does not pass through, the driving of host side will not generate private key, will not issue and open user's power
The order of limit.
In step S14, when needing to send command information, the driving of host side carries out the order of user using private key
Signature, and the order signed is sent to storage device end.It should be noted that the order that authorized user issues is both needed to it
Distinctive private key is signed;Storage device end can be with the identity of corresponding public key verifications authorized user, and confirms that it corresponds to power
Limit.But if user fails the physical verification driven by host side, and the driving of host side will not open the user at storage device end
Permission;If user right is unopened, even if if private key is correct (the case where private key leakage such as occur) storage device end not
The order of user's corresponding authority can be executed.
In step S15, storage device is preset by using superuser, public key pair corresponding with current grant user
Order is verified, with the identity of confirmation message authorized user and the integrality of command information.If being verified, according to mandate
User's has opened corresponding permission, executes corresponding order.
After step S15, it is based on the above process, public key is safeguarded by storage device;Private key is generated when each user logs in,
And it is stored in the driver of host side;When each user exits, the private key preserved in host side driving also can be destroyed.
With reference to Fig. 2, proposes that the user of the present invention uses the interactive process schematic diagram of storage device, be related to host side and hard disk
It holds at (storage device end), wherein hard disk end includes two big modules, and one of module includes logical physical mapping, agreement branch
It holds, functions, another module such as garbage reclamation, load balancing, flow control, access scheduling, abnormality processing include signature verification work(
Energy.Interactive process is as follows:(1), user enters working condition, and triggering is acquired information;(2), the letter by collecting
Breath generates private key, and is stored in driving;(3), user right is first opened;Subsequently with private key to command signature, and issue;(4)、
It is signed with public key verifications.Wherein, normal to execute if passing through, return to implementing result to host side;If not passing through, abnormality processing.
With reference to Fig. 3, propose that the periodical Proactive authentication flow diagram of the present invention, flow are as follows:S21, periodic triggers
Peripheral hardware is acquired preset physical message and biological information;S22, in host side using collected information as defeated
Enter, private key b is generated by one-way cipher hash function;S23, compared with the private key a being stored in host side driver;Or it will
Physical message is not met such as compared with preset value, then executes S24, if meeting, executes S26;S24, driver are to storage device
End issues exit instruction, and destroys private key a;The user right is closed at S25, storage device end, i.e., the order subsequently issued after
It is continuous to be signed using private key a, it is considered as illegal command;S26, end.
With reference to Fig. 4, proposes the systematic procedure schematic diagram of the present invention periodically actively checked, be related to host side and hard disk end
(storage device end), wherein hard disk end include two big modules, one of module include logical physical mapping, agreement support,
The functions such as garbage reclamation, load balancing, flow control, access scheduling, abnormality processing, another module include signature verification function.
Flow is as follows:(1), triggering is acquired information;(2), private key is generated by the information collected;(3), and it is stored in drive
Private key a (and physical message rule) in dynamic compares, if unanimously, returning;If inconsistent, the user right is closed;(4)、
User is issued to exit command;(5), user right is closed.
As it can be seen that the present invention solves the problems, such as the information integrity in order implementation procedure and user identity identification, and carry
Corresponding rights management policy has been supplied, the security intensity of storage device is effectively raised, has reduced attacker and virus attack
The possibility and success rate of storage device.
The embodiment of the present invention additionally provides a kind of user authority management system, as shown in figure 5, the user authority management system
Including:
Host side 10 and storage device end 20, wherein the host side 10, for triggering peripheral hardware to preset physical message
And biological information is acquired;Private key is generated according to the collected physical message and biological information;To storage
Equipment end 20 issues the order for opening user's corresponding authority;The order sent out to the user by private key is signed, and will
The order signed is sent to the storage device end 20;The storage device end 20 is used to carry out the order signed
Verification is normal to execute if being verified.
Optionally, the host side 10 is specifically used for pressing superuser default rule, uses the collected physics
Information and biological information generate private key, and the private key is stored in the driving of the host side 10 as seed.
Optionally, the storage device end 20 is specifically used for pressing the preset public key pair corresponding with the user of superuser
The order signed is verified.
Optionally, the host side 10 is additionally operable to during the permission of the user is opened, and the host side 10 is periodically
The physical message is verified on ground and the inspection rule of biological information closes the permission of the user if verification does not pass through.
Optionally, the storage device end 20 is additionally operable to obtain implementing result;The implementing result is returned into the master
Generator terminal 10.
It should be noted that the method for managing user right and user authority management system that are provided in above-described embodiment are
Based on identical inventive concept.Therefore, it is referred to the step of each specific embodiment in user authority management system aforementioned
Embodiment of the method, details are not described herein.
As it can be seen that the present invention solves the problems, such as the information integrity in order implementation procedure and user identity identification, and carry
Corresponding rights management policy has been supplied, the security intensity of storage device is effectively raised, has reduced attacker and virus attack
The possibility and success rate of storage device.
Also, system embodiment described above is only schematical, illustrates as separating component wherein described
Unit may or may not be physically separated, and the component shown as unit may or may not be object
Manage unit, you can be located at a place, or may be distributed over multiple network units.It can select according to the actual needs
Some or all of module therein is selected to achieve the purpose of the solution of this embodiment.
Through the above description of the embodiments, those of ordinary skill in the art can be understood that each embodiment
The mode of general hardware platform can be added to realize by software, naturally it is also possible to pass through hardware.Based on this understanding, of the invention
Technical solution substantially all or part of the part that contributes to existing technology or the technical solution can be in other words
It is expressed in the form of software products, which is stored in a storage medium, including some instructions are used
So that a computer equipment (can be personal computer, server or the network equipment etc.) executes each reality of the present invention
Apply all or part of step of the method.And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory
(Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disc or CD
Etc. the various media that can store program code.
The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to the foregoing embodiments
Invention is explained in detail, it will be understood by those of ordinary skill in the art that:It still can be to aforementioned each implementation
Technical solution recorded in example is modified or equivalent replacement of some of the technical features;And these modification or
It replaces, the spirit and scope for various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution.
Claims (10)
1. a kind of method for managing user right, which is characterized in that including:
Host side triggering peripheral hardware is acquired preset physical message and biological information;
Host side generates private key according to the collected physical message and biological information;
Host side issues the order for opening user's corresponding authority to storage device end;
Host side is signed by the order that private key sends out the user, and the order signed is sent to the storage
Equipment end;
The order signed is verified at storage device end, normal to execute if being verified.
2. the method as described in claim 1, which is characterized in that the host side is according to the collected physical message and life
Object characteristic information generates private key:
The host side presses superuser default rule, using the collected physical message and biological information as
Seed generates private key, and the private key is stored in the driving of the host side.
3. the method as described in claim 1, which is characterized in that the order signed is tested at the storage device end
Card includes:
The storage device tests the order signed by the preset public key corresponding with the user of superuser
Card.
4. the method as described in claim 1, which is characterized in that the method further includes:
During the permission of the user is opened, the host side periodically verifies the physical message and biological information
Inspection rule, if verification do not pass through, close the permission of the user.
5. method according to any one of claims 1-4, which is characterized in that the storage device end is to the life signed
Order is verified, if being verified, after normal execution, further includes:
The storage device end obtains implementing result;
The implementing result is returned into the host side.
6. a kind of user authority management system, which is characterized in that the system comprises host sides and storage device end, wherein institute
Host side is stated, preset physical message and biological information are acquired for triggering peripheral hardware;According to collected described
Physical message and biological information generate private key;The order for opening user's corresponding authority is issued to storage device end;Pass through private
The order that key sends out the user is signed, and the order signed is sent to the storage device end;The storage
Equipment end is for verifying the order signed, normal to execute if being verified.
7. system as claimed in claim 6, which is characterized in that the host side is specifically used for pressing the preset rule of superuser
Then, using the collected physical message and biological information as seed, private key is generated, and the private key is stored in
In the driving of the host side.
8. system as claimed in claim 6, which is characterized in that the storage device end is specifically used for preset by superuser
Public key corresponding with the user verifies the order signed.
9. system as claimed in claim 6, which is characterized in that the host side is additionally operable to open the phase in the permission of the user
Between, the host side periodically verifies the physical message and the inspection rule of biological information, if verification does not pass through,
Close the permission of the user.
10. system as claimed in claim 6, which is characterized in that the storage device end is additionally operable to obtain implementing result;By institute
It states implementing result and returns to the host side.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810472288.0A CN108650271A (en) | 2018-05-17 | 2018-05-17 | A kind of method for managing user right and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810472288.0A CN108650271A (en) | 2018-05-17 | 2018-05-17 | A kind of method for managing user right and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108650271A true CN108650271A (en) | 2018-10-12 |
Family
ID=63756280
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810472288.0A Pending CN108650271A (en) | 2018-05-17 | 2018-05-17 | A kind of method for managing user right and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108650271A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109542340A (en) * | 2018-10-26 | 2019-03-29 | 深圳大普微电子科技有限公司 | Storage method, device and device at host machine end with hidden partition |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101340285A (en) * | 2007-07-05 | 2009-01-07 | 杭州中正生物认证技术有限公司 | Method and system for identity authentication by finger print USBkey |
CN101631020A (en) * | 2008-07-16 | 2010-01-20 | 上海方立数码科技有限公司 | Identity authentication system combining fingerprint identification and PKI system |
CN101686128A (en) * | 2008-09-24 | 2010-03-31 | 北京创原天地科技有限公司 | Novel usbkey external authentication method and Usbkey device |
CN101960493A (en) * | 2008-01-25 | 2011-01-26 | 高通股份有限公司 | Biometric smart card for mobile devices |
CN101986641A (en) * | 2010-10-20 | 2011-03-16 | 杭州晟元芯片技术有限公司 | Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof |
CN102629403A (en) * | 2012-03-14 | 2012-08-08 | 深圳市紫金支点技术股份有限公司 | USB (Universal Serial Bus) flash disk authorization method and system based on ATM (Automatic Teller Machine) equipment |
CN105263051A (en) * | 2014-04-22 | 2016-01-20 | 美国博通公司 | Portable authorization device |
CN106296197A (en) * | 2015-06-25 | 2017-01-04 | 深圳市中兴微电子技术有限公司 | A kind of method, apparatus and system of payment |
CN106452721A (en) * | 2016-10-14 | 2017-02-22 | 牛毅 | Method and system for instruction identification of intelligent device based on identification public key |
US9647847B2 (en) * | 2008-01-18 | 2017-05-09 | Microsoft Technology Licensing, Llc | Tamper evidence per device protected identity |
CN106980800A (en) * | 2017-03-29 | 2017-07-25 | 山东超越数控电子有限公司 | A kind of measure and system for encrypting solid state hard disc certification subregion |
CN107370601A (en) * | 2017-09-18 | 2017-11-21 | 山东确信信息产业股份有限公司 | A kind of intelligent terminal, system and method for integrating a variety of safety certifications |
-
2018
- 2018-05-17 CN CN201810472288.0A patent/CN108650271A/en active Pending
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101340285A (en) * | 2007-07-05 | 2009-01-07 | 杭州中正生物认证技术有限公司 | Method and system for identity authentication by finger print USBkey |
US9647847B2 (en) * | 2008-01-18 | 2017-05-09 | Microsoft Technology Licensing, Llc | Tamper evidence per device protected identity |
CN101960493A (en) * | 2008-01-25 | 2011-01-26 | 高通股份有限公司 | Biometric smart card for mobile devices |
CN101631020A (en) * | 2008-07-16 | 2010-01-20 | 上海方立数码科技有限公司 | Identity authentication system combining fingerprint identification and PKI system |
CN101686128A (en) * | 2008-09-24 | 2010-03-31 | 北京创原天地科技有限公司 | Novel usbkey external authentication method and Usbkey device |
CN101986641A (en) * | 2010-10-20 | 2011-03-16 | 杭州晟元芯片技术有限公司 | Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof |
CN102629403A (en) * | 2012-03-14 | 2012-08-08 | 深圳市紫金支点技术股份有限公司 | USB (Universal Serial Bus) flash disk authorization method and system based on ATM (Automatic Teller Machine) equipment |
CN105263051A (en) * | 2014-04-22 | 2016-01-20 | 美国博通公司 | Portable authorization device |
CN106296197A (en) * | 2015-06-25 | 2017-01-04 | 深圳市中兴微电子技术有限公司 | A kind of method, apparatus and system of payment |
CN106452721A (en) * | 2016-10-14 | 2017-02-22 | 牛毅 | Method and system for instruction identification of intelligent device based on identification public key |
CN106980800A (en) * | 2017-03-29 | 2017-07-25 | 山东超越数控电子有限公司 | A kind of measure and system for encrypting solid state hard disc certification subregion |
CN107370601A (en) * | 2017-09-18 | 2017-11-21 | 山东确信信息产业股份有限公司 | A kind of intelligent terminal, system and method for integrating a variety of safety certifications |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109542340A (en) * | 2018-10-26 | 2019-03-29 | 深圳大普微电子科技有限公司 | Storage method, device and device at host machine end with hidden partition |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103502992B (en) | For the system and method for anti-tamper guiding | |
CN100583117C (en) | Control method of versatile content with partitioning | |
US7526654B2 (en) | Method and system for detecting a secure state of a computer system | |
CN103455763B (en) | A kind of internet log record system and method protecting individual subscriber privacy | |
CN106416123B (en) | Certification based on password | |
CN101202762B (en) | Methods and system for storing and retrieving identity mapping information | |
CN106888084B (en) | Quantum fort machine system and authentication method thereof | |
CN104756127A (en) | Secure data handling by a virtual machine | |
WO1999024895A1 (en) | Tamper resistant method and apparatus | |
CN102948114A (en) | Single-use authentication methods for accessing encrypted data | |
Lee et al. | Reverse‐safe authentication protocol for secure USB memories | |
CN107196932A (en) | Managing and control system in a kind of document sets based on virtualization | |
CN109462572B (en) | Multi-factor authentication method, system, storage medium and security gateway based on encryption card and UsbKey | |
Kumar | Cloud computing security issues and its challenges: a comprehensive research | |
CN104363093B (en) | The method encrypted by dynamic authorization code to file data | |
Houy et al. | Security aspects of cryptocurrency wallets—a systematic literature review | |
EP2709333A1 (en) | Method and devices for data leak protection | |
Cavoukian et al. | Keynote paper: Biometric encryption: Technology for strong authentication, security and privacy | |
CN108650271A (en) | A kind of method for managing user right and system | |
Said et al. | A multi-factor authentication-based framework for identity management in cloud applications | |
CN107273725A (en) | A kind of data back up method and system for classified information | |
KR20030097550A (en) | Authorization Key Escrow Service System and Method | |
CN110166240B (en) | Network isolation password board card | |
CN111555857A (en) | Edge network and network transmission method | |
Sheik et al. | Considerations for secure mosip deployment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181012 |