CN108650271A - A kind of method for managing user right and system - Google Patents

A kind of method for managing user right and system Download PDF

Info

Publication number
CN108650271A
CN108650271A CN201810472288.0A CN201810472288A CN108650271A CN 108650271 A CN108650271 A CN 108650271A CN 201810472288 A CN201810472288 A CN 201810472288A CN 108650271 A CN108650271 A CN 108650271A
Authority
CN
China
Prior art keywords
user
host side
storage device
order
device end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810472288.0A
Other languages
Chinese (zh)
Inventor
黎剑坤
尚宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Dapu Microelectronics Co Ltd
Original Assignee
Shenzhen Dapu Microelectronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Dapu Microelectronics Co Ltd filed Critical Shenzhen Dapu Microelectronics Co Ltd
Priority to CN201810472288.0A priority Critical patent/CN108650271A/en
Publication of CN108650271A publication Critical patent/CN108650271A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The embodiment of the invention discloses a kind of method for managing user right and systems.The function of digital signature authentication based on physical message, biological information is realized at storage device end, the safety of data can be effectively improved, ensures the interests of authorized user, enhances the protection to Information Security.Present invention method includes:Host side triggering peripheral hardware is acquired preset physical message and biological information;Host side generates private key according to the collected physical message and biological information;Host side issues the order for opening user's corresponding authority to storage device end;Host side is signed by the order that private key sends out the user, and the order signed is sent to the storage device end;The order signed is verified at storage device end, normal to execute if being verified.

Description

A kind of method for managing user right and system
Technical field
The present invention relates to computer security technique field more particularly to a kind of method for managing user right and systems.
Background technology
Current computer safety system generally comprise it is following two, when pass through software carry out access privilege pipe Control;Second is that the data in solid state disk are encrypted.The method letter of the management control of access privilege is carried out by software It is single, it easily cracks, confidentiality is poor, and therefore, most computers security system is using the data in solid state disk are encrypted, i.e., Solid state hard disk secure encryption system.
Such as a kind of existing solid state hard disk secure encryption system, it includes host, the solid state disk that is arranged on host, close Key and identity authorization system;Solid state disk includes encryption/decryption module, solid state disk control module, memory module;Authentication system System storage is in a storage module;It is characterized in that:Key storage is in the key storage media other than solid state disk.
However, the access rights management of above-mentioned solid state hard disk secure encryption system is realized in operating system level, storing Equipment end does not have safety, the guarantee of information integrity;After host equipment (operating system) is invaded, storage device is completely sudden and violent It is exposed to attacker, security performance is low.
Invention content
An embodiment of the present invention provides a kind of method for managing user right and systems, will be based on physical message, biological characteristic The function of the digital signature authentication of information is realized at storage device end, and the safety of data can be effectively improved, and ensures to authorize The interests of user enhance the protection to Information Security.
The first aspect of the embodiment of the present invention provides a kind of method for managing user right, including:
Host side triggering peripheral hardware is acquired preset physical message and biological information;
Host side generates private key according to the collected physical message and biological information;
Host side issues the order for opening user's corresponding authority to storage device end;
Host side is signed by the order that private key sends out the user, and the order signed is sent to described Storage device end;
The order signed is verified at storage device end, normal to execute if being verified.
Optionally, the host side includes according to the collected physical message and biological information generation private key:
The host side presses superuser default rule, uses the collected physical message and biological information As seed, private key is generated, and the private key is stored in the driving of the host side.
Optionally, the storage device end, which to the order signed verify, includes:
The storage device by the preset public key corresponding with the user of superuser to the order signed into Row verification.
Optionally, the method further includes:
During the permission of the user is opened, the host side periodically verifies the physical message and biological characteristic The inspection rule of information closes the permission of the user if verification does not pass through.
Optionally, the order signed is verified at the storage device end, normal to execute if being verified Later, further include:
The storage device end obtains implementing result;
The implementing result is returned into the host side.
Second aspect of the embodiment of the present invention provides a kind of user authority management system, including:
The system comprises host sides and storage device end, wherein the host side, for triggering peripheral hardware to preset object Reason information and biological information are acquired;Private key is generated according to the collected physical message and biological information; The order for opening user's corresponding authority is issued to storage device end;The order sent out to the user by private key is signed, And the order signed is sent to the storage device end;The storage device end is used to carry out the order signed Verification is normal to execute if being verified.
Optionally, the host side is specifically used for pressing superuser default rule, is believed using the collected physics Breath and biological information generate private key, and the private key is stored in the driving of the host side as seed.
Optionally, the storage device end is specifically used for by the preset public key corresponding with the user of superuser to institute The order signed is stated to be verified.
Optionally, the host side is additionally operable to during the permission of the user is opened, and the host side is periodically tested The inspection rule for demonstrate,proving the physical message and biological information closes the permission of the user if verification does not pass through.
Optionally, the storage device end is additionally operable to obtain implementing result;The implementing result is returned into the host End.
As can be seen from the above technical solutions, the embodiment of the present invention has the following advantages:The present invention solves order execution Information integrity in the process and user identity identification problem, and corresponding rights management policy is provided, it is effective to improve The security intensity of storage device, reduces the possibility and success rate of attacker and virus attack storage device.
Description of the drawings
Fig. 1 is method for managing user right one embodiment schematic diagram in the embodiment of the present invention;
Fig. 2 is the interactive process schematic diagram that user provided in an embodiment of the present invention uses storage device;
Fig. 3 is periodical Proactive authentication flow diagram provided in an embodiment of the present invention;
Fig. 4 is the systematic procedure schematic diagram provided in an embodiment of the present invention periodically actively checked;
Fig. 5 is user authority management system one embodiment schematic diagram in the embodiment of the present invention.
Specific implementation mode
An embodiment of the present invention provides a kind of method for managing user right and systems.It will be based on physical message, biological characteristic The function of the digital signature authentication of information is realized at storage device end, and the safety of data can be effectively improved, and ensures to authorize The interests of user enhance the protection to Information Security.
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, the every other implementation that those skilled in the art are obtained without creative efforts Example, shall fall within the protection scope of the present invention.
Term " first " in description and claims of this specification and above-mentioned attached drawing, " second " are for distinguishing class As object, without being used to describe specific sequence or precedence.It should be appreciated that the data used in this way are in appropriate situation Under can be interchanged, so that the embodiments described herein can be real with the sequence other than the content for illustrating or describing herein It applies.In addition, term " comprising " and " having " and their any deformation, it is intended that cover it is non-exclusive include, for example, packet Contained series of steps or unit process, method, system, product or equipment those of be not necessarily limited to clearly to list step or Unit, but may include not listing clearly or for the intrinsic other steps of these processes, method, product or equipment or Unit.
Digital signature is exactly others the hop count word string that can not forge that the private key of only information transmitter could generate, This hop count word string is also the valid certificates that information authenticity is sent to the sender of information simultaneously.
Digital signature is the application of non-symetric key cryptography and digital digest technology.Its main function is to ensure information The integrality of transmission, prevents the denial in transaction from occurring at the authentication of sender.
Digital signature technology is the private key encryption with sender by summary info, sends recipient to together with original text.It connects Receipts person could only decrypt encrypted summary info with the public key of sender, then be generated with the original text that HASH function pairs receive One summary info is compared with the summary info of decryption.If identical, illustrate that the information received is complete, be transmitted across It is not changed in journey, otherwise illustrates that information is modified, therefore digital signature is able to verify that the integrality of information.
Digital signature is an encrypted process, and digital signature authentication is a process for decryption.
Digital Signature Algorithm should at least meet three conditions:
1. recipient can verify signature of the sender to message;
2. sender cannot deny the signature to its message afterwards;
3. recipient can not forge the signature to message.
For hash function, identical input will obtain identical output;But according to drawer principle, to different defeated Enter to have probability and obtain identical output, this situation is known as conflicting;In real life, avoid conflict key be selection and Design effectively avoids the one-way cipher hash function of conflict.
Storage device access rights management is typically to defer to the agreement of response, such as SATA/AHCI, PCIE/NVME etc..It is depositing Storage facility level has no information integrity, the functions such as user identity verification.Current identity recognition function is mainly in operating system Upper realization.Meanwhile digital signature could carry out authentication, therefore encryption technology in terms of rights management and is not suitable for.
The method for managing user right of the present invention is illustrated below by specific embodiment:
Referring to Fig.1, one embodiment of method for managing user right for proposing the present invention, the described method comprises the following steps:
S11, host side triggering peripheral hardware are acquired preset physical message and biological information;
S12, host side generate private key according to the collected physical message and biological information;
S13, host side issue the order for opening user's corresponding authority to storage device end;
S14, host side are signed by the order that private key sends out the user, and the order signed is sent to The storage device end;
The order signed is verified at S15, storage device end, normal to execute if being verified.
In some possible embodiments, the host side is according to the collected physical message and biological information Generating private key includes:
The host side presses superuser default rule, uses the collected physical message and biological information As seed, private key is generated, and the private key is stored in the driving of the host side.
In some possible embodiments, the storage device end carries out verification to the order signed and includes:
The storage device by the preset public key corresponding with the user of superuser to the order signed into Row verification.
In some possible embodiments, further include:
During the permission of the user is opened, the host side periodically verifies the physical message and biological characteristic The inspection rule of information closes the permission of the user if verification does not pass through.
In the present embodiment, after the permission to authorized user is activated, storage device periodically actively checks (by obtaining Taking the peripheral hardware of physics, biological information) the corresponding physical message of current grant user, whether biological information continues has Effect.When corresponding informance fails, the corresponding permission of current grant user is closed immediately.Even if continuing to issue at this time (passes through host The driving at end) user's signature order, which is also considered as unauthorized order by storage device end.
The rule of periodic test is set by superuser, including but not limited to
A. the period detected;
B. whether equipment works in given environment (such as carries out working environment background by camera and compares confirmation;It is logical It crosses camera and is relatively confirmed whether have excessive personnel in Administrative Area;By bluetooth, WIFI, ZigBee etc. into row distance Calculate etc.);
C. whether the biological information of user effectively (can also detect correct biological information, in this way It is no to be scanned correct face, iris etc.).
In some possible embodiments, the order signed is verified at the storage device end, if verification Pass through, then after normal execution, further includes:
The storage device end obtains implementing result;
The implementing result is returned into the host side.
It remarks additionally below to above-described embodiment related content:
In step s 11, when user attempts to operate storage device, the preset physical message of superuser will be triggered first And biological information inspection, do not pass through if checking, abnormality processing, passes through if checking, trigger peripheral hardware to preset physics Information and biological information are acquired.
Physical message used in the present embodiment include but not limited to space index, distance, temperature, light, sound, humidity, Magnetic force, pressure, electric field, magnetic field etc.;Biological information include but not limited to sound, smell, color, behavior, face, fingerprint, Palmmprint etc..
In step s 12, the physical message and biological information of user is obtained by peripheral hardware, with physical message, biology Characteristic information is seed, generates private key based on one-way cipher hash function (cryptographic hash), private key is stored in In the driving of host side;Based on digital signature technology, public key corresponding with above-mentioned private key is generated, and the public key is loaded into storage Equipment end.
By one-way cipher hash function, contacting for biological information and private key is isolated, prevents biological information etc. Privacy is leaked.
In step s 13, the permission of all authorized users, by superuser behind the authentication by storage device end It is configured.The corresponding public key of authorized user is issued to storage device end by superuser.
The proof rule of authorized user is preset by superuser, including but not limited to:1, the composition of the seed of private key is generated, Such as fingerprint+iris, bluetooth equipment ID+ sound, USB Key+ passwords.Private key is only used for digital signature, by storage device end Public key verified.2, user and the physical distance of detection peripheral hardware are less than certain distance (such as 3m), working environment background+behavior Etc..If the physical inspection of authorized user does not pass through, the driving of host side will not generate private key, will not issue and open user's power The order of limit.
In step S14, when needing to send command information, the driving of host side carries out the order of user using private key Signature, and the order signed is sent to storage device end.It should be noted that the order that authorized user issues is both needed to it Distinctive private key is signed;Storage device end can be with the identity of corresponding public key verifications authorized user, and confirms that it corresponds to power Limit.But if user fails the physical verification driven by host side, and the driving of host side will not open the user at storage device end Permission;If user right is unopened, even if if private key is correct (the case where private key leakage such as occur) storage device end not The order of user's corresponding authority can be executed.
In step S15, storage device is preset by using superuser, public key pair corresponding with current grant user Order is verified, with the identity of confirmation message authorized user and the integrality of command information.If being verified, according to mandate User's has opened corresponding permission, executes corresponding order.
After step S15, it is based on the above process, public key is safeguarded by storage device;Private key is generated when each user logs in, And it is stored in the driver of host side;When each user exits, the private key preserved in host side driving also can be destroyed.
With reference to Fig. 2, proposes that the user of the present invention uses the interactive process schematic diagram of storage device, be related to host side and hard disk It holds at (storage device end), wherein hard disk end includes two big modules, and one of module includes logical physical mapping, agreement branch It holds, functions, another module such as garbage reclamation, load balancing, flow control, access scheduling, abnormality processing include signature verification work( Energy.Interactive process is as follows:(1), user enters working condition, and triggering is acquired information;(2), the letter by collecting Breath generates private key, and is stored in driving;(3), user right is first opened;Subsequently with private key to command signature, and issue;(4)、 It is signed with public key verifications.Wherein, normal to execute if passing through, return to implementing result to host side;If not passing through, abnormality processing.
With reference to Fig. 3, propose that the periodical Proactive authentication flow diagram of the present invention, flow are as follows:S21, periodic triggers Peripheral hardware is acquired preset physical message and biological information;S22, in host side using collected information as defeated Enter, private key b is generated by one-way cipher hash function;S23, compared with the private key a being stored in host side driver;Or it will Physical message is not met such as compared with preset value, then executes S24, if meeting, executes S26;S24, driver are to storage device End issues exit instruction, and destroys private key a;The user right is closed at S25, storage device end, i.e., the order subsequently issued after It is continuous to be signed using private key a, it is considered as illegal command;S26, end.
With reference to Fig. 4, proposes the systematic procedure schematic diagram of the present invention periodically actively checked, be related to host side and hard disk end (storage device end), wherein hard disk end include two big modules, one of module include logical physical mapping, agreement support, The functions such as garbage reclamation, load balancing, flow control, access scheduling, abnormality processing, another module include signature verification function. Flow is as follows:(1), triggering is acquired information;(2), private key is generated by the information collected;(3), and it is stored in drive Private key a (and physical message rule) in dynamic compares, if unanimously, returning;If inconsistent, the user right is closed;(4)、 User is issued to exit command;(5), user right is closed.
As it can be seen that the present invention solves the problems, such as the information integrity in order implementation procedure and user identity identification, and carry Corresponding rights management policy has been supplied, the security intensity of storage device is effectively raised, has reduced attacker and virus attack The possibility and success rate of storage device.
The embodiment of the present invention additionally provides a kind of user authority management system, as shown in figure 5, the user authority management system Including:
Host side 10 and storage device end 20, wherein the host side 10, for triggering peripheral hardware to preset physical message And biological information is acquired;Private key is generated according to the collected physical message and biological information;To storage Equipment end 20 issues the order for opening user's corresponding authority;The order sent out to the user by private key is signed, and will The order signed is sent to the storage device end 20;The storage device end 20 is used to carry out the order signed Verification is normal to execute if being verified.
Optionally, the host side 10 is specifically used for pressing superuser default rule, uses the collected physics Information and biological information generate private key, and the private key is stored in the driving of the host side 10 as seed.
Optionally, the storage device end 20 is specifically used for pressing the preset public key pair corresponding with the user of superuser The order signed is verified.
Optionally, the host side 10 is additionally operable to during the permission of the user is opened, and the host side 10 is periodically The physical message is verified on ground and the inspection rule of biological information closes the permission of the user if verification does not pass through.
Optionally, the storage device end 20 is additionally operable to obtain implementing result;The implementing result is returned into the master Generator terminal 10.
It should be noted that the method for managing user right and user authority management system that are provided in above-described embodiment are Based on identical inventive concept.Therefore, it is referred to the step of each specific embodiment in user authority management system aforementioned Embodiment of the method, details are not described herein.
As it can be seen that the present invention solves the problems, such as the information integrity in order implementation procedure and user identity identification, and carry Corresponding rights management policy has been supplied, the security intensity of storage device is effectively raised, has reduced attacker and virus attack The possibility and success rate of storage device.
Also, system embodiment described above is only schematical, illustrates as separating component wherein described Unit may or may not be physically separated, and the component shown as unit may or may not be object Manage unit, you can be located at a place, or may be distributed over multiple network units.It can select according to the actual needs Some or all of module therein is selected to achieve the purpose of the solution of this embodiment.
Through the above description of the embodiments, those of ordinary skill in the art can be understood that each embodiment The mode of general hardware platform can be added to realize by software, naturally it is also possible to pass through hardware.Based on this understanding, of the invention Technical solution substantially all or part of the part that contributes to existing technology or the technical solution can be in other words It is expressed in the form of software products, which is stored in a storage medium, including some instructions are used So that a computer equipment (can be personal computer, server or the network equipment etc.) executes each reality of the present invention Apply all or part of step of the method.And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disc or CD Etc. the various media that can store program code.
The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to the foregoing embodiments Invention is explained in detail, it will be understood by those of ordinary skill in the art that:It still can be to aforementioned each implementation Technical solution recorded in example is modified or equivalent replacement of some of the technical features;And these modification or It replaces, the spirit and scope for various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution.

Claims (10)

1. a kind of method for managing user right, which is characterized in that including:
Host side triggering peripheral hardware is acquired preset physical message and biological information;
Host side generates private key according to the collected physical message and biological information;
Host side issues the order for opening user's corresponding authority to storage device end;
Host side is signed by the order that private key sends out the user, and the order signed is sent to the storage Equipment end;
The order signed is verified at storage device end, normal to execute if being verified.
2. the method as described in claim 1, which is characterized in that the host side is according to the collected physical message and life Object characteristic information generates private key:
The host side presses superuser default rule, using the collected physical message and biological information as Seed generates private key, and the private key is stored in the driving of the host side.
3. the method as described in claim 1, which is characterized in that the order signed is tested at the storage device end Card includes:
The storage device tests the order signed by the preset public key corresponding with the user of superuser Card.
4. the method as described in claim 1, which is characterized in that the method further includes:
During the permission of the user is opened, the host side periodically verifies the physical message and biological information Inspection rule, if verification do not pass through, close the permission of the user.
5. method according to any one of claims 1-4, which is characterized in that the storage device end is to the life signed Order is verified, if being verified, after normal execution, further includes:
The storage device end obtains implementing result;
The implementing result is returned into the host side.
6. a kind of user authority management system, which is characterized in that the system comprises host sides and storage device end, wherein institute Host side is stated, preset physical message and biological information are acquired for triggering peripheral hardware;According to collected described Physical message and biological information generate private key;The order for opening user's corresponding authority is issued to storage device end;Pass through private The order that key sends out the user is signed, and the order signed is sent to the storage device end;The storage Equipment end is for verifying the order signed, normal to execute if being verified.
7. system as claimed in claim 6, which is characterized in that the host side is specifically used for pressing the preset rule of superuser Then, using the collected physical message and biological information as seed, private key is generated, and the private key is stored in In the driving of the host side.
8. system as claimed in claim 6, which is characterized in that the storage device end is specifically used for preset by superuser Public key corresponding with the user verifies the order signed.
9. system as claimed in claim 6, which is characterized in that the host side is additionally operable to open the phase in the permission of the user Between, the host side periodically verifies the physical message and the inspection rule of biological information, if verification does not pass through, Close the permission of the user.
10. system as claimed in claim 6, which is characterized in that the storage device end is additionally operable to obtain implementing result;By institute It states implementing result and returns to the host side.
CN201810472288.0A 2018-05-17 2018-05-17 A kind of method for managing user right and system Pending CN108650271A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810472288.0A CN108650271A (en) 2018-05-17 2018-05-17 A kind of method for managing user right and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810472288.0A CN108650271A (en) 2018-05-17 2018-05-17 A kind of method for managing user right and system

Publications (1)

Publication Number Publication Date
CN108650271A true CN108650271A (en) 2018-10-12

Family

ID=63756280

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810472288.0A Pending CN108650271A (en) 2018-05-17 2018-05-17 A kind of method for managing user right and system

Country Status (1)

Country Link
CN (1) CN108650271A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109542340A (en) * 2018-10-26 2019-03-29 深圳大普微电子科技有限公司 Storage method, device and device at host machine end with hidden partition

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101340285A (en) * 2007-07-05 2009-01-07 杭州中正生物认证技术有限公司 Method and system for identity authentication by finger print USBkey
CN101631020A (en) * 2008-07-16 2010-01-20 上海方立数码科技有限公司 Identity authentication system combining fingerprint identification and PKI system
CN101686128A (en) * 2008-09-24 2010-03-31 北京创原天地科技有限公司 Novel usbkey external authentication method and Usbkey device
CN101960493A (en) * 2008-01-25 2011-01-26 高通股份有限公司 Biometric smart card for mobile devices
CN101986641A (en) * 2010-10-20 2011-03-16 杭州晟元芯片技术有限公司 Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof
CN102629403A (en) * 2012-03-14 2012-08-08 深圳市紫金支点技术股份有限公司 USB (Universal Serial Bus) flash disk authorization method and system based on ATM (Automatic Teller Machine) equipment
CN105263051A (en) * 2014-04-22 2016-01-20 美国博通公司 Portable authorization device
CN106296197A (en) * 2015-06-25 2017-01-04 深圳市中兴微电子技术有限公司 A kind of method, apparatus and system of payment
CN106452721A (en) * 2016-10-14 2017-02-22 牛毅 Method and system for instruction identification of intelligent device based on identification public key
US9647847B2 (en) * 2008-01-18 2017-05-09 Microsoft Technology Licensing, Llc Tamper evidence per device protected identity
CN106980800A (en) * 2017-03-29 2017-07-25 山东超越数控电子有限公司 A kind of measure and system for encrypting solid state hard disc certification subregion
CN107370601A (en) * 2017-09-18 2017-11-21 山东确信信息产业股份有限公司 A kind of intelligent terminal, system and method for integrating a variety of safety certifications

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101340285A (en) * 2007-07-05 2009-01-07 杭州中正生物认证技术有限公司 Method and system for identity authentication by finger print USBkey
US9647847B2 (en) * 2008-01-18 2017-05-09 Microsoft Technology Licensing, Llc Tamper evidence per device protected identity
CN101960493A (en) * 2008-01-25 2011-01-26 高通股份有限公司 Biometric smart card for mobile devices
CN101631020A (en) * 2008-07-16 2010-01-20 上海方立数码科技有限公司 Identity authentication system combining fingerprint identification and PKI system
CN101686128A (en) * 2008-09-24 2010-03-31 北京创原天地科技有限公司 Novel usbkey external authentication method and Usbkey device
CN101986641A (en) * 2010-10-20 2011-03-16 杭州晟元芯片技术有限公司 Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof
CN102629403A (en) * 2012-03-14 2012-08-08 深圳市紫金支点技术股份有限公司 USB (Universal Serial Bus) flash disk authorization method and system based on ATM (Automatic Teller Machine) equipment
CN105263051A (en) * 2014-04-22 2016-01-20 美国博通公司 Portable authorization device
CN106296197A (en) * 2015-06-25 2017-01-04 深圳市中兴微电子技术有限公司 A kind of method, apparatus and system of payment
CN106452721A (en) * 2016-10-14 2017-02-22 牛毅 Method and system for instruction identification of intelligent device based on identification public key
CN106980800A (en) * 2017-03-29 2017-07-25 山东超越数控电子有限公司 A kind of measure and system for encrypting solid state hard disc certification subregion
CN107370601A (en) * 2017-09-18 2017-11-21 山东确信信息产业股份有限公司 A kind of intelligent terminal, system and method for integrating a variety of safety certifications

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109542340A (en) * 2018-10-26 2019-03-29 深圳大普微电子科技有限公司 Storage method, device and device at host machine end with hidden partition

Similar Documents

Publication Publication Date Title
CN103502992B (en) For the system and method for anti-tamper guiding
CN100583117C (en) Control method of versatile content with partitioning
US7526654B2 (en) Method and system for detecting a secure state of a computer system
CN103455763B (en) A kind of internet log record system and method protecting individual subscriber privacy
CN106416123B (en) Certification based on password
CN101202762B (en) Methods and system for storing and retrieving identity mapping information
CN106888084B (en) Quantum fort machine system and authentication method thereof
CN104756127A (en) Secure data handling by a virtual machine
WO1999024895A1 (en) Tamper resistant method and apparatus
CN102948114A (en) Single-use authentication methods for accessing encrypted data
Lee et al. Reverse‐safe authentication protocol for secure USB memories
CN107196932A (en) Managing and control system in a kind of document sets based on virtualization
CN109462572B (en) Multi-factor authentication method, system, storage medium and security gateway based on encryption card and UsbKey
Kumar Cloud computing security issues and its challenges: a comprehensive research
CN104363093B (en) The method encrypted by dynamic authorization code to file data
Houy et al. Security aspects of cryptocurrency wallets—a systematic literature review
EP2709333A1 (en) Method and devices for data leak protection
Cavoukian et al. Keynote paper: Biometric encryption: Technology for strong authentication, security and privacy
CN108650271A (en) A kind of method for managing user right and system
Said et al. A multi-factor authentication-based framework for identity management in cloud applications
CN107273725A (en) A kind of data back up method and system for classified information
KR20030097550A (en) Authorization Key Escrow Service System and Method
CN110166240B (en) Network isolation password board card
CN111555857A (en) Edge network and network transmission method
Sheik et al. Considerations for secure mosip deployment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181012