CN110659522B - Storage medium security authentication method and device, computer equipment and storage medium - Google Patents
Storage medium security authentication method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN110659522B CN110659522B CN201910832815.9A CN201910832815A CN110659522B CN 110659522 B CN110659522 B CN 110659522B CN 201910832815 A CN201910832815 A CN 201910832815A CN 110659522 B CN110659522 B CN 110659522B
- Authority
- CN
- China
- Prior art keywords
- authentication
- storage medium
- abstract data
- registration
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to a storage medium security authentication method and device, computer equipment and a storage medium. The method comprises the following steps: receiving an access request of a storage medium to be authenticated, acquiring an authentication password and an equipment identifier of the storage medium to be authenticated, reading registration information in a hidden partition of the storage medium to be authenticated, decrypting encrypted abstract data in the registration information to obtain registration abstract data, acquiring combination parameters in the registration information, combining the authentication password and the equipment identifier according to the combination parameters to generate authentication abstract data, and performing security authentication according to the registration abstract data and the authentication abstract data to obtain a security authentication result. The process of the security authentication needs three conditions of authentication password, equipment identification and decryption of the encrypted abstract data to be simultaneously satisfied to realize the security authentication of the storage medium, thereby ensuring the authentication reliability of the storage medium and the security of the storage data.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a storage medium security authentication method and apparatus, a computer device, and a storage medium.
Background
With the development of computer technology, due to the convenience and universality of mobile devices, the mobile storage medium has the characteristics of small volume and large capacity as a convenient medium for information exchange, is widely applied nowadays, is an essential tool in daily work and life, and is basically used when data interaction is involved in daily work and life. Such as a usb disk, a removable hard disk, a floppy disk, an optical disk, a memory card, etc., people usually interact with each other on different host systems through a removable storage medium.
In the interaction process, because the safety consciousness of the operating personnel is not strong or the operating personnel actively attacks, the mobile storage equipment is connected with the host computer and can read and write data at will, information leakage is easily caused, and the security risk is high.
Disclosure of Invention
In view of the above, it is necessary to provide a storage medium security authentication method, apparatus, computer device and storage medium capable of improving the security of the storage medium.
A storage medium security authentication method, the method comprising:
receiving an access request of a storage medium to be authenticated, and acquiring an authentication password and an equipment identifier of the storage medium to be authenticated;
reading registration information in a hidden partition of the storage medium to be authenticated, and decrypting encrypted abstract data in the registration information to obtain registered abstract data;
acquiring a combination parameter in the registration information, and combining the authentication password and the equipment identifier according to the combination parameter to generate authentication abstract data;
and performing security authentication according to the registration abstract data and the authentication abstract data to obtain a security authentication result.
In one embodiment, the decrypting the encrypted digest data in the registration information to obtain the registration digest data includes:
acquiring an asymmetric encryption algorithm and signature digest data in the registration information, wherein the signature digest data is obtained by signing the registration digest data by using a private key based on the asymmetric encryption algorithm;
and checking the signature of the signature abstract data based on the asymmetric encryption algorithm according to a public key acquired in advance to obtain registration abstract data.
In one embodiment, the acquiring a combination parameter in the registration information, and combining the authentication password and the device identifier according to the combination parameter to generate authentication digest data includes:
acquiring a password hash function associated with the authentication abstract data in the registration information;
and combining the authentication password and the equipment identification, and performing hash operation on a combined result based on the password hash function to generate authentication abstract data.
In one embodiment, before the receiving an access request of a storage medium to be authenticated and acquiring an authentication password and a device identifier of the storage medium to be authenticated, the method further includes:
determining a hidden partition of a storage medium to be authenticated, and registering;
and writing the registration information into the hidden partition.
In one embodiment, the determining and registering a hidden partition of a storage medium to be authenticated includes:
carrying out formatting partitioning on a storage medium to be authenticated to obtain a hidden partition;
acquiring a registration password and an equipment identifier of the storage medium to be authenticated;
combining the registration password and the equipment identification based on a password hash function to generate registration abstract data;
based on an asymmetric encryption algorithm, signing the registration digest data by using a private key to obtain signature digest data;
the writing of registration information to the hidden partition comprises:
and writing the signature abstract data, the asymmetric encryption algorithm and the password hash function into the hidden partition.
In one embodiment, after the signing the registration digest data with the private key based on the asymmetric cryptographic algorithm to obtain the signature digest data, the method further includes:
determining a public key corresponding to the private key;
and sending the public key to storage medium reading equipment corresponding to the management and control equipment identification according to a preset management and control equipment identification.
In one embodiment, after performing security authentication according to the registration digest data and the authentication digest data and obtaining a security authentication result, the method further includes:
when the safety authentication result is that the authentication is passed, accessing a storage medium which is passed by the authentication;
and when the safety authentication result is authentication failure, the storage medium with authentication failure is not accessed, and an authentication failure prompt is pushed.
A storage media security authentication apparatus, the apparatus comprising:
the device identification acquisition module is used for receiving an access request of a storage medium to be authenticated and acquiring an authentication password and a device identification of the storage medium to be authenticated;
the registration abstract data acquisition module is used for reading the registration information in the hidden partition of the storage medium to be authenticated and decrypting the encrypted abstract data in the registration information to obtain the registration abstract data;
the authentication abstract data generation module is used for acquiring the combination parameters in the registration information, and combining the authentication password and the equipment identifier according to the combination parameters to generate authentication abstract data;
and the safety authentication module is used for carrying out safety authentication according to the registration abstract data and the authentication abstract data to obtain a safety authentication result.
A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program:
receiving an access request of a storage medium to be authenticated, and acquiring an authentication password and an equipment identifier of the storage medium to be authenticated;
reading registration information in a hidden partition of the storage medium to be authenticated, and decrypting encrypted abstract data in the registration information to obtain registered abstract data;
acquiring a combination parameter in the registration information, and combining the authentication password and the equipment identifier according to the combination parameter to generate authentication abstract data;
and performing security authentication according to the registration abstract data and the authentication abstract data to obtain a security authentication result.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
receiving an access request of a storage medium to be authenticated, and acquiring an authentication password and an equipment identifier of the storage medium to be authenticated;
reading registration information in a hidden partition of the storage medium to be authenticated, and decrypting encrypted abstract data in the registration information to obtain registered abstract data;
acquiring a combination parameter in the registration information, and combining the authentication password and the equipment identifier according to the combination parameter to generate authentication abstract data;
and performing security authentication according to the registration abstract data and the authentication abstract data to obtain a security authentication result.
According to the storage medium security authentication method, the storage medium security authentication device, the computer equipment and the storage medium, the authentication password is obtained by receiving the access request of the storage medium to be authenticated, the equipment identification of the storage medium to be authenticated is combined, the authentication abstract data is obtained based on the combination parameters in the registration information, meanwhile, the encrypted abstract data in the registration information is decrypted by obtaining the registration information in the hidden partition, the registration abstract data is obtained, so that the security authentication is carried out based on the registration abstract data and the authentication abstract data, the security authentication flow needs the authentication password, the equipment identification and the decryption condition of the encrypted abstract data to simultaneously meet the requirements for realizing the security authentication, and the authentication reliability of the storage medium and the security of the storage data are ensured.
Drawings
FIG. 1 is a diagram of an application environment of a method for secure authentication of a storage medium in one embodiment;
FIG. 2 is a flow diagram illustrating a method for secure authentication of a storage medium in one embodiment;
FIG. 3 is a schematic flow chart illustrating the substeps of step S204 in FIG. 2 in one embodiment;
FIG. 4 is a schematic flow chart illustrating the substeps of step S206 in FIG. 2 in one embodiment;
FIG. 5 is a flow chart illustrating a method for secure authentication of a storage medium in another embodiment;
FIG. 6 is a flow chart illustrating a method for secure authentication of a storage medium in another embodiment;
FIG. 7 is a flow chart illustrating a process of secure registration of a storage medium in an application example;
FIG. 8 is a flow chart illustrating a process of security authentication of a storage medium according to an exemplary embodiment;
FIG. 9 is a block diagram showing the structure of a storage medium security authentication apparatus according to an embodiment;
FIG. 10 is a diagram showing an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The storage medium security authentication method provided by the application can be applied to the application environment shown in fig. 1. The user accesses the storage medium 102 to be authenticated to the processor 104, the processor 104 receives an access request of the storage medium 102 to be authenticated, acquires an authentication password and an equipment identifier of the storage medium 102 to be authenticated, then reads registration information in a hidden partition of the storage medium 102 to be authenticated, decrypts encrypted abstract data in the registration information to obtain registration abstract data, acquires combination parameters in the registration information, combines the authentication password and the equipment identifier according to the combination parameters to generate authentication abstract data, and performs security authentication according to the registration abstract data and the authentication abstract data to obtain a security authentication result of the storage medium 102 to be authenticated. In one embodiment, the processor 104 may be disposed in a server having a storage medium interface, and the server may be implemented by a stand-alone server or a server cluster composed of a plurality of servers. In another embodiment, the processor 104 may be disposed in a terminal, which may be, but not limited to, various terminal devices with storage medium interfaces, such as personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices. For example, when the storage medium 102 to be authenticated is a USB flash disk (USB flash drive), the processor 104 may be a processor in a host computer having a USB (Universal Serial Bus) interface, and the USB flash disk may be connected to the processor in the host computer through the USB interface of the host computer.
In one embodiment, as shown in fig. 2, a storage medium security authentication method is provided, which is described by taking the method as an example applied to the processor in fig. 1, and includes steps S202 to S208.
S202, receiving an access request of the storage medium to be authenticated, and acquiring an authentication password and an equipment identifier of the storage medium to be authenticated.
Storage medium refers to a carrier that stores data. Such as a floppy disk, an optical disk, a DVD (Digital Video Disc), a hard disk, a flash Memory, a U-disk, a cf (compact flash) Card, an SD (Secure Digital Memory Card), an MMC (multimedia Card), an sm (smart media) Card, a Memory Stick (Memory Stick), etc. In order to avoid the storage information leakage of the storage medium, before accessing the storage medium, the storage medium needs to be subjected to security authentication, and when the security authentication passes, the storage medium can be subjected to normal read-write operation, and the storage medium to be authenticated refers to the storage medium which is inserted into the host and has not been subjected to security authentication. When receiving an access request of a storage medium to be authenticated, a processor sends authentication password input prompt information to a display terminal through a display interface and receives an authentication password input by a user. The device identification of the storage medium to be authenticated refers to the hardware ID of the storage medium, the hardware ID is the identity identification of the storage medium, and different storage media have different hardware IDs.
And S204, reading the registration information in the hidden partition of the storage medium to be authenticated, and decrypting the encrypted abstract data in the registration information to obtain the registration abstract data.
The hidden partition is obtained by dividing the storage medium in advance when the storage medium is registered, and the processor and the third-party server can write registration information in the hidden partition. Specifically, the device identifier and the login password of the storage medium may be encrypted and calculated by a preset encryption algorithm and then written into the hidden partition. And the processor reads the registration information written in the hidden partition of the storage medium to be authenticated through the data reading interface. The registration information is used for security authentication. The encrypted abstract data is obtained by carrying out encryption calculation on the equipment identification and the registration password through a preset encryption algorithm in the registration process of the storage medium. The storage medium is registered by a host computer, namely a registration machine, which is provided with a storage medium registration flow, and the registration machine encrypts the abstract data in the registration process to obtain a key pair. The user can read and authorize other hosts according to actual needs, and the specific processing process comprises the steps of selecting hosts to be authorized according to actual needs from all hosts which are in a link relation with the registry, uploading key information and the identification corresponding to the selected hosts to the server by the registry, sending the key information to the selected hosts by the server, and determining the management and control machine capable of reading the registered storage media. And only the control machine receiving the key information can decrypt the encrypted abstract data of the storage medium to be authenticated according to the key information to obtain the registration abstract data. In an embodiment, the registrar may be one of management controllers, that is, the registrar may perform registration of the storage medium, and may also perform security authentication and reading of the storage medium.
S206, acquiring the combination parameters in the registration information, and combining the authentication password and the equipment identification according to the combination parameters to generate authentication abstract data.
The combination parameter is a combination mode basis for combining the authentication password and the device identification. The combination parameter between the registration password and the equipment identification is the same as that between the authentication password and the equipment identification, so as to ensure that the obtained registration abstract data is the same as the authentication abstract data under the condition that the authentication password is the same as the registration password. In the embodiment, the combination parameter may be a cryptographic hash algorithm, which is a function that changes an input message string of any length into an output string of a fixed length, and outputs the input data into a short fixed-length hash value, and this process is unidirectional, and the reverse operation is difficult to complete, and a collision occurs, i.e., the probability that two different inputs generate the same hash value is very small, and the two inputs are not easy to be tampered and attacked, thereby ensuring the reliability of the security authentication and the security of the stored data.
And S208, performing security authentication according to the registration abstract data and the authentication abstract data to obtain a security authentication result.
The method comprises the steps that registration abstract data are obtained through decryption processing, authentication abstract data are obtained through real-time combination, security authentication is conducted through comparison of the registration abstract data and the authentication abstract data, when the registration abstract data are the same as the authentication abstract data, a security authentication result is that authentication is passed, access of a storage medium passing the authentication is allowed, data reading and writing are conducted, and when the registration abstract data are different from the authentication abstract data, the security authentication result is that the authentication fails, and access of the storage medium failing the authentication is not allowed.
The storage medium security authentication method obtains the authentication password by receiving the access request of the storage medium to be authenticated, combines the equipment identification of the storage medium to be authenticated, and obtains the authentication abstract data based on the combination parameters in the registration information, and simultaneously decrypts the encrypted abstract data in the registration information by obtaining the registration information in the hidden partition to obtain the registration abstract data, thereby performing security authentication based on the registration abstract data and the authentication abstract data, wherein the security authentication process needs the authentication password, the equipment identification and the decryption of the encrypted abstract data to simultaneously meet the three conditions, and the security authentication reliability of the storage medium and the security of the storage data can be ensured.
In one embodiment, as shown in fig. 3, decrypting the encrypted digest data in the registration information to obtain the registration digest data includes steps S302 to S304.
S302, acquiring the asymmetric encryption algorithm and the signature abstract data in the registration information, wherein the signature abstract data is obtained by signing the registration abstract data by using a private key based on the asymmetric encryption algorithm.
And S304, according to the public key acquired in advance, based on the asymmetric encryption algorithm, checking the signature abstract data to obtain the registration abstract data.
The asymmetric encryption algorithm refers to a secret key security method, and the asymmetric encryption algorithm needs two keys: public keys (public keys for short) and private keys (private keys for short). The public key and the private key are a pair, and if data is encrypted by the public key, the data can be decrypted only by the corresponding private key. This algorithm is called asymmetric encryption algorithm because two different keys are used for encryption and decryption. The basic process of realizing confidential information exchange by the asymmetric encryption algorithm is as follows: the first party generates a pair of secret keys and discloses the public keys, and other roles (the second party) needing to send information to the first party encrypt the confidential information by using the secret keys (the public keys of the first party) and then send the encrypted confidential information to the first party; the first party decrypts the encrypted information by using the private key of the first party. The first party can use the private key of the first party to sign the confidential information and then send the information to the second party, and the second party uses the public key sent by the first party to check and sign the data sent by the first party. In the embodiment, the registry is used as a first party, the management and control machine is used as a second party, and when the registry registers the storage medium, a key pair is established, the key pair comprises a private key and a public key, and the public key is sent to the management and control machine, so that the management and control machine can check and sign the signature abstract data in the registered storage medium according to the received public key and the asymmetric encryption algorithm in the registration information to obtain the registration abstract data. In an embodiment, the asymmetric encryption algorithm may be the cryptographic SM2 algorithm or the RSA algorithm.
In one embodiment, as shown in fig. 4, step S206, acquiring a combination parameter in the registration information, and combining the authentication password with the device identifier according to the combination parameter to generate the authentication digest data includes steps S402 to S404.
S402, obtaining a password hash function associated with the authentication abstract data in the registration information.
S404, the authentication password and the equipment identification are combined, and the combination result is subjected to hash operation based on a password hash function to generate authentication abstract data.
The cryptographic hash function is a one-way function, and it is difficult to push back the input data as a result of the output of the cryptographic hash function. The registration data written in the hidden area includes a device identifier, authentication digest data, a cryptographic hash function for generating the authentication digest data, that is, associated with the authentication digest data, and an asymmetric encryption algorithm for signing the authentication digest data. And combining the authentication password and the equipment identifier based on a password hash function to obtain authentication digest data, wherein in the embodiment, the password hash function can be selected from a secret SM3 algorithm or a SHA-256 algorithm.
In an embodiment, as shown in fig. 5, taking the management controller as a registrar as an example, before receiving an access request of a storage medium to be authenticated and acquiring an authentication password and a device identifier of the storage medium to be authenticated, steps S110 to S120 are further included.
S110, determining the hidden partition of the storage medium to be authenticated, and registering.
And S120, writing the registration information into the hidden partition.
The storage medium for performing the security authentication needs to perform a registration process. The registration may be performed by connecting the storage medium to a registrar. When registering, firstly, a hidden partition is divided in the storage space of the storage medium for reading and writing the registration information.
Specifically, as shown in fig. 6, S110, determining the hidden partition of the storage medium to be authenticated, and registering includes steps S112 to S118.
And S112, carrying out formatting partition on the storage medium to be authenticated to obtain a hidden partition.
S114, acquiring the registration password and the equipment identification of the storage medium to be authenticated.
And S116, combining the authentication password and the equipment identifier, and performing hash operation on a combination result based on a password hash function to generate authentication abstract data.
And S118, signing the registration digest data by using the private key based on the asymmetric encryption algorithm to obtain signature digest data.
S120, writing the registration information into the hidden partition includes:
and S122, writing the signature abstract data, the asymmetric encryption algorithm and the password hash function into the hidden partition.
Formatting refers to an operation that initializes a disk or a partition (partition) in a disk, which typically results in the removal of all files in an existing disk or partition. Database files can be written in the hidden partition and used for storing registration information. In the embodiment, only the registration machine can perform formatting processing on the hidden partition, so that the safety of the registration information is ensured. For example, the identifier of the storage medium and the registration password are encrypted and calculated by a preset encryption algorithm and then written into the hidden partition. Taking the registration process of the storage medium to be authenticated as an example, when the registration process is started, the processor pushes prompt information through the display device of the registration machine to prompt a user to input a registration password and identify the device identifier of the storage medium, and performs calculation processing based on a predetermined password hash function and the registration password and the device identifier as input through the device identifier and the registration password to obtain registration abstract data. And then based on a preselected asymmetric encryption algorithm, signing the registration digest data by using the private key to obtain signature digest data and a corresponding public key, and sending the public key to a selected control machine so that the control machine can verify the signature of the signature digest data based on the received public key. The registry writes the signature abstract data, the asymmetric encryption algorithm and the password hash function into the hidden partition to complete the registration of the storage medium.
In one embodiment, after signing the registration digest data using the private key based on the asymmetric cryptographic algorithm to obtain the signature digest data, the method further includes:
a public key corresponding to the private key is determined.
And sending the public key to the storage medium reading equipment corresponding to the management and control equipment identification according to the preset management and control equipment identification.
When the asymmetric encryption algorithm is used for encryption processing, a key pair is generated, a private key corresponding to the signature digest data is a public key corresponding to the private key, and a preset control device identifier is a device identifier which is authorized by a user and used for reading each device of the storage medium.
In one embodiment, after performing security authentication according to the registration digest data and the authentication digest data and obtaining a security authentication result, the method further includes:
and when the security authentication result is that the authentication is passed, accessing the storage medium which is passed by the authentication.
And when the security authentication result is authentication failure, the storage medium with authentication failure is not accessed, and an authentication failure prompt is pushed.
When the storage medium is accessed to the host for use, the U disk is determined to be the safe U disk passing the authentication through the safety authentication process, the safety of the authentication process is ensured through the password hash function and the asymmetric encryption algorithm, and misoperation or hacker attack is prevented.
In an application example, taking a storage device as a usb disk as an example, a registrar is responsible for a process of registering and authenticating the usb disk, and after successful registration, an authenticated device is considered to be an unauthenticated device. Fig. 7 shows a process of registering and authenticating a usb disk, which includes the following specific steps: when the USB flash disk is detected to be inserted into the registry, the authentication registration module reads basic information of the USB flash disk, such as the hardware ID of the USB flash disk, whether the hidden partition is divided or not, whether a registration information file exists or not and the used encryption algorithm. And if the hidden partition is not divided, the hidden partition is divided in the U disk and is used for reading and writing the registration information. If no registration information exists, the registration processing is carried out, firstly, a new registration password P is filled, after the P is combined with the hardware ID of the U disk, the password hashing algorithm is used for calculating and generating the abstract D. The cryptographic hash algorithm can be selected from a national secret SM3 algorithm or a SHA-256 algorithm, then the digest D is signed through an asymmetric algorithm, the asymmetric algorithm can be selected from a national secret SM2 algorithm or an RSA algorithm, the signature and the used algorithm information including the cryptographic hash algorithm and the asymmetric algorithm are used as registration information, the registration information is written into a hidden partition of the U disk, and authentication registration is completed.
The management and control machine is responsible for the process of verifying and authenticating the USB flash disk, and the authenticated equipment can be allowed to access the host through verification. Fig. 7 shows a process of verifying and authenticating a usb flash disk, which includes the following specific steps: and detecting that the U disk is inserted into the management control machine, and reading basic information of the U disk, such as whether the hidden partition is divided or not, whether a registration information file exists or not, the used encryption algorithm and the hardware ID of the U disk. If a hidden partition and registration information file already exists, then a password P0 is required to be entered for verification of the registration information. After the received user input password P0 is combined with the hardware ID of the USB flash disk, a digest D0 is generated by calculation through a cryptographic hash algorithm. And then, the signature in the registration information file is checked through an asymmetric algorithm to obtain a digest D during registration. Comparing the values of D0 and D, if the values are the same, the authentication is completed through the verification. The authentication process needs to be consistent in password, consistent in U disk hardware ID and capable of correctly verifying the signature by using an asymmetric algorithm used in signature, if one of the three is wrong, the authentication process cannot be passed, and the safety of the whole authentication method is guaranteed.
It should be understood that although the various steps in the flow charts of fig. 2-8 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-8 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least some of the sub-steps or stages of other steps.
In one embodiment, as shown in fig. 9, there is provided a storage medium security authentication apparatus including:
an equipment identifier obtaining module 902, configured to receive an access request of a storage medium to be authenticated, and obtain an authentication password and an equipment identifier of the storage medium to be authenticated;
a registration abstract data obtaining module 904, configured to read registration information in a hidden partition of the storage medium to be authenticated, and decrypt encrypted abstract data in the registration information to obtain registration abstract data;
an authentication abstract data generation module 906, configured to acquire a combination parameter in the registration information, and combine the authentication password with the device identifier according to the combination parameter to generate authentication abstract data;
and a security authentication module 908, configured to perform security authentication according to the registration digest data and the authentication digest data to obtain a security authentication result.
In one embodiment, the registration digest data obtaining module 904 is further configured to obtain an asymmetric encryption algorithm and signature digest data in the registration information, where the signature digest data is obtained by signing the registration digest data with a private key based on the asymmetric encryption algorithm, and the signature verification is performed on the signature digest data based on the asymmetric encryption algorithm according to a public key obtained in advance, so as to obtain the registration digest data.
In one embodiment, the authentication digest data generation module 906 is further configured to obtain a cryptographic hash function associated with the authentication digest data in the registration information, combine the authentication password with the device identifier, and perform a hash operation on a combination result based on the cryptographic hash function to generate the authentication digest data.
In one embodiment, the storage medium security authentication apparatus further includes a registration module, configured to determine a hidden partition of the storage medium to be authenticated, perform registration, and write registration information into the hidden partition.
In one embodiment, the registration module is further configured to perform formatting partitioning on the storage medium to be authenticated to obtain a hidden partition, obtain a registration password and an equipment identifier of the storage medium to be authenticated, combine the registration password and the equipment identifier based on a cryptographic hash function to generate registration digest data, perform signature on the registration digest data by using a private key based on an asymmetric encryption algorithm to obtain signature digest data, and write the signature digest data, the asymmetric encryption algorithm, and the cryptographic hash function into the hidden partition.
In one embodiment, the storage medium security authentication apparatus further includes a public key sending module, configured to determine a public key corresponding to the private key, and send the public key to the storage medium reading device corresponding to the management and control device identifier according to a preset management and control device identifier.
In one embodiment, the security authentication module 908 is further configured to access the storage medium that passes the authentication when the security authentication result is authentication pass, and not access the storage medium that fails the authentication when the security authentication result is authentication failure, and push the authentication failure prompt.
The storage medium security authentication device obtains the authentication password by receiving the access request of the storage medium to be authenticated, combines the equipment identification of the storage medium to be authenticated, and obtains the authentication abstract data based on the combination parameters in the registration information, and simultaneously decrypts the encrypted abstract data in the registration information by obtaining the registration information in the hidden partition to obtain the registration abstract data, thereby performing security authentication based on the registration abstract data and the authentication abstract data.
For specific limitations of the storage medium security authentication device, reference may be made to the above limitations of the storage medium security authentication method, which are not described herein again. The modules in the storage medium security authentication device may be implemented in whole or in part by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 10. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a storage medium security authentication method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the architecture shown in fig. 10 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program:
receiving an access request of a storage medium to be authenticated, and acquiring an authentication password and an equipment identifier of the storage medium to be authenticated;
reading registration information in a hidden partition of a storage medium to be authenticated, and decrypting encrypted abstract data in the registration information to obtain registration abstract data;
acquiring a combination parameter in the registration information, and combining the authentication password with the equipment identifier according to the combination parameter to generate authentication abstract data;
and performing security authentication according to the registration abstract data and the authentication abstract data to obtain a security authentication result.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
acquiring an asymmetric encryption algorithm and signature digest data in the registration information, wherein the signature digest data are obtained by signing the registration digest data by using a private key based on the asymmetric encryption algorithm;
and checking the signature of the signature abstract data based on an asymmetric encryption algorithm according to a public key acquired in advance to obtain registration abstract data.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
acquiring a password hash function associated with the authentication abstract data in the registration information;
and combining the authentication password with the equipment identifier, and performing hash operation on a combined result based on a password hash function to generate authentication abstract data.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
determining a hidden partition of a storage medium to be authenticated, and registering;
the registration information is written to the hidden partition.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
carrying out formatting partitioning on a storage medium to be authenticated to obtain a hidden partition;
acquiring a registration password and an equipment identifier of a storage medium to be authenticated;
combining the registration password and the equipment identification based on a password hash function to generate registration abstract data;
based on an asymmetric encryption algorithm, signing the registration digest data by using a private key to obtain signature digest data;
and writing the signature abstract data, the asymmetric encryption algorithm and the password hash function into the hidden partition.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
determining a public key corresponding to the private key;
and sending the public key to the storage medium reading equipment corresponding to the management and control equipment identification according to the preset management and control equipment identification.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
when the safety authentication result is that the authentication is passed, accessing the storage medium which is passed by the authentication;
and when the security authentication result is authentication failure, the storage medium with authentication failure is not accessed, and an authentication failure prompt is pushed.
The computer equipment for realizing the storage medium security authentication method obtains the authentication password by receiving the access request of the storage medium to be authenticated, combines the equipment identification of the storage medium to be authenticated, obtains the authentication abstract data based on the combination parameters in the registration information, and simultaneously decrypts the encrypted abstract data in the registration information by obtaining the registration information in the hidden partition to obtain the registration abstract data, thereby carrying out security authentication based on the registration abstract data and the authentication abstract data.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
receiving an access request of a storage medium to be authenticated, and acquiring an authentication password and an equipment identifier of the storage medium to be authenticated;
reading registration information in a hidden partition of a storage medium to be authenticated, and decrypting encrypted abstract data in the registration information to obtain registration abstract data;
acquiring a combination parameter in the registration information, and combining the authentication password with the equipment identifier according to the combination parameter to generate authentication abstract data;
and performing security authentication according to the registration abstract data and the authentication abstract data to obtain a security authentication result.
In one embodiment, the computer program when executed by the processor further performs the steps of:
acquiring an asymmetric encryption algorithm and signature digest data in the registration information, wherein the signature digest data are obtained by signing the registration digest data by using a private key based on the asymmetric encryption algorithm;
and checking the signature of the signature abstract data based on an asymmetric encryption algorithm according to a public key acquired in advance to obtain registration abstract data.
In one embodiment, the computer program when executed by the processor further performs the steps of:
acquiring a password hash function associated with the authentication abstract data in the registration information;
and combining the authentication password with the equipment identifier, and performing hash operation on a combined result based on a password hash function to generate authentication abstract data.
In one embodiment, the computer program when executed by the processor further performs the steps of:
determining a hidden partition of a storage medium to be authenticated, and registering;
the registration information is written to the hidden partition.
In one embodiment, the computer program when executed by the processor further performs the steps of:
carrying out formatting partitioning on a storage medium to be authenticated to obtain a hidden partition;
acquiring a registration password and an equipment identifier of a storage medium to be authenticated;
combining the registration password and the equipment identification based on a password hash function to generate registration abstract data;
based on an asymmetric encryption algorithm, signing the registration digest data by using a private key to obtain signature digest data;
and writing the signature abstract data, the asymmetric encryption algorithm and the password hash function into the hidden partition.
In one embodiment, the computer program when executed by the processor further performs the steps of:
determining a public key corresponding to the private key;
and sending the public key to the storage medium reading equipment corresponding to the management and control equipment identification according to the preset management and control equipment identification.
In one embodiment, the computer program when executed by the processor further performs the steps of:
when the safety authentication result is that the authentication is passed, accessing the storage medium which is passed by the authentication;
and when the security authentication result is authentication failure, the storage medium with authentication failure is not accessed, and an authentication failure prompt is pushed.
The computer-readable storage medium for implementing the storage medium security authentication method obtains the authentication password by receiving the access request of the storage medium to be authenticated, combines the equipment identifier of the storage medium to be authenticated, and obtains the authentication abstract data based on the combination parameters in the registration information, and at the same time, decrypts the encrypted abstract data in the registration information by obtaining the registration information in the hidden partition to obtain the registration abstract data, thereby implementing the security authentication based on the registration abstract data and the authentication abstract data.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware related to instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, the computer program can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above examples only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A storage medium security authentication method, the method comprising:
receiving an access request of a storage medium to be authenticated, and acquiring an authentication password and an equipment identifier of the storage medium to be authenticated;
reading registration information in a hidden partition of the storage medium to be authenticated, and decrypting encrypted abstract data in the registration information to obtain registered abstract data;
acquiring a combination parameter in the registration information, and combining the acquired authentication password with the acquired equipment identification according to the combination parameter to generate authentication abstract data;
performing security authentication according to the registration abstract data and the authentication abstract data to obtain a security authentication result;
the decrypting the encrypted digest data in the registration information to obtain the registration digest data includes:
acquiring an asymmetric encryption algorithm and signature digest data in the registration information, wherein the signature digest data is obtained by signing the registration digest data by using a private key based on the asymmetric encryption algorithm;
according to a public key corresponding to the private key obtained in advance, based on the asymmetric encryption algorithm, performing signature verification on the signature abstract data to obtain registration abstract data;
the acquiring the combination parameters in the registration information, and combining the acquired authentication password with the acquired device identifier according to the combination parameters to generate the authentication abstract data includes:
acquiring a password hash function associated with the authentication abstract data in the registration information;
and combining the acquired authentication password with the acquired equipment identification, and performing hash operation on a combination result based on the password hash function to generate authentication abstract data.
2. The method of claim 1, wherein the cryptographic hash function comprises the cryptographic SM3 algorithm or SHA-256 algorithm.
3. The method according to claim 1, wherein before receiving the access request of the storage medium to be authenticated and obtaining the authentication password and the device identification of the storage medium to be authenticated, the method further comprises:
determining a hidden partition of a storage medium to be authenticated, and registering;
and writing the registration information into the hidden partition.
4. The method of claim 3, wherein determining and registering the hidden partition of the storage medium to be authenticated comprises:
carrying out formatting partitioning on a storage medium to be authenticated to obtain a hidden partition;
acquiring a registration password and an equipment identifier of the storage medium to be authenticated;
combining the registration password and the equipment identification based on a password hash function to generate registration abstract data;
based on an asymmetric encryption algorithm, signing the registration digest data by using a private key to obtain signature digest data;
the writing of registration information to the hidden partition comprises:
and writing the signature abstract data, the asymmetric encryption algorithm and the password hash function into the hidden partition.
5. The method according to claim 4, wherein the signing the registration digest data with the private key based on the asymmetric cryptographic algorithm further comprises, after obtaining the signature digest data:
determining a public key corresponding to the private key;
and sending the public key to storage medium reading equipment corresponding to the management and control equipment identification according to a preset management and control equipment identification.
6. The method according to claim 1, wherein after performing security authentication according to the registration digest data and the authentication digest data to obtain a security authentication result, the method further comprises:
when the safety authentication result is that the authentication is passed, accessing a storage medium which is passed by the authentication;
and when the safety authentication result is authentication failure, the storage medium with authentication failure is not accessed, and an authentication failure prompt is pushed.
7. A storage medium security authentication apparatus, the apparatus comprising:
the device identification acquisition module is used for receiving an access request of a storage medium to be authenticated and acquiring an authentication password and a device identification of the storage medium to be authenticated;
the registration abstract data acquisition module is used for reading the registration information in the hidden partition of the storage medium to be authenticated and decrypting the encrypted abstract data in the registration information to obtain the registration abstract data;
the authentication abstract data generation module is used for acquiring the combination parameters in the registration information, and combining the acquired authentication password with the acquired equipment identification according to the combination parameters to generate authentication abstract data;
the security authentication module is used for performing security authentication according to the registration abstract data and the authentication abstract data to obtain a security authentication result;
the registration abstract data obtaining module is further configured to obtain an asymmetric encryption algorithm and signature abstract data in the registration information, where the signature abstract data is obtained by signing the registration abstract data with a private key based on the asymmetric encryption algorithm; according to a public key corresponding to the private key obtained in advance, based on the asymmetric encryption algorithm, performing signature verification on the signature abstract data to obtain registration abstract data;
the authentication abstract data generation module is further used for acquiring a password hash function associated with the authentication abstract data in the registration information; and combining the acquired authentication password with the acquired equipment identification, and performing hash operation on a combination result based on the password hash function to generate authentication abstract data.
8. The apparatus according to claim 7, wherein the security authentication module is further configured to access an authenticated storage medium when the security authentication result is authentication pass; and when the safety authentication result is authentication failure, the storage medium with authentication failure is not accessed, and an authentication failure prompt is pushed.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 6 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910832815.9A CN110659522B (en) | 2019-09-04 | 2019-09-04 | Storage medium security authentication method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910832815.9A CN110659522B (en) | 2019-09-04 | 2019-09-04 | Storage medium security authentication method and device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110659522A CN110659522A (en) | 2020-01-07 |
| CN110659522B true CN110659522B (en) | 2020-11-10 |
Family
ID=69037869
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910832815.9A Active CN110659522B (en) | 2019-09-04 | 2019-09-04 | Storage medium security authentication method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110659522B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112231678A (en) * | 2020-09-02 | 2021-01-15 | 网神信息技术(北京)股份有限公司 | Storage device permission processing method and device, electronic device and storage medium |
| CN112613011B (en) * | 2020-12-29 | 2024-01-23 | 北京天融信网络安全技术有限公司 | USB flash disk system authentication method and device, electronic equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102750496A (en) * | 2012-06-12 | 2012-10-24 | 南京师范大学 | Secure access authentication method for removable storage media |
| CN106341372A (en) * | 2015-07-08 | 2017-01-18 | 阿里巴巴集团控股有限公司 | Terminal authentication processing method and device, and terminal authentication method, device and system |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100594504C (en) * | 2007-08-09 | 2010-03-17 | 上海格尔软件股份有限公司 | Mobile medium divulgence-proof method based on concealed encrypted partition and PKI technology |
| US8209744B2 (en) * | 2008-05-16 | 2012-06-26 | Microsoft Corporation | Mobile device assisted secure computer network communication |
| KR101615646B1 (en) * | 2009-08-25 | 2016-04-27 | 삼성전자 주식회사 | Computer system, control method thereof and recording medium storing computer program thereof |
| US9565169B2 (en) * | 2015-03-30 | 2017-02-07 | Microsoft Technology Licensing, Llc | Device theft protection associating a device identifier and a user identifier |
| CN108021816B (en) * | 2017-12-05 | 2021-01-26 | Oppo广东移动通信有限公司 | Electronic device test method and device, storage medium and electronic device |
| CN108537048B (en) * | 2018-03-13 | 2021-08-17 | 超越科技股份有限公司 | Security association method and system for encrypted solid state disk and authorized computer |
| CN110071799A (en) * | 2019-04-09 | 2019-07-30 | 山东超越数控电子股份有限公司 | A kind of generation guard method of encryption storage key, system, terminating machine and readable storage medium storing program for executing |
-
2019
- 2019-09-04 CN CN201910832815.9A patent/CN110659522B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102750496A (en) * | 2012-06-12 | 2012-10-24 | 南京师范大学 | Secure access authentication method for removable storage media |
| CN106341372A (en) * | 2015-07-08 | 2017-01-18 | 阿里巴巴集团控股有限公司 | Terminal authentication processing method and device, and terminal authentication method, device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110659522A (en) | 2020-01-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109684790B (en) | Software starting method, software authorization verification method, device and storage medium | |
| TWI740409B (en) | Verification of identity using a secret key | |
| US8997198B1 (en) | Techniques for securing a centralized metadata distributed filesystem | |
| CN111723383B (en) | Data storage and verification method and device | |
| CN102508791B (en) | Method and device for encrypting hard disk partition | |
| EP2628133B1 (en) | Authenticate a fingerprint image | |
| WO2013107362A1 (en) | Method and system for protecting data | |
| TWI724684B (en) | Method, system and device for performing cryptographic operations subject to identity verification | |
| CN109766731B (en) | Encrypted data processing method and device based on solid state disk and computer equipment | |
| CN103888429A (en) | Virtual machine starting method, correlation devices and systems | |
| CN110659522B (en) | Storage medium security authentication method and device, computer equipment and storage medium | |
| CN111401901A (en) | Authentication method and device of biological payment device, computer device and storage medium | |
| CN116420145A (en) | Endpoint verification based on boot time binding of multiple components | |
| US20210334416A1 (en) | Storage device providing function of securely discarding data and operating method thereof | |
| JP2023542099A (en) | Wireless terminal and interface access authentication method in Uboot mode of wireless terminal | |
| CN105873043B (en) | Method and system for generating and applying network private key for mobile terminal | |
| US11610026B2 (en) | Module and method for authenticating data transfer between a storage device and a host device | |
| CN115766192A (en) | UKEY-based offline security authentication method, device, equipment and medium | |
| US11601285B2 (en) | Securely authorizing service level access to a backup system using a specialized access key | |
| CN114547592A (en) | Data processing method and device and electronic equipment | |
| CN108985079B (en) | Data verification method and verification system | |
| WO2021141622A1 (en) | Secure logging of data storage device events | |
| CN110401535B (en) | Digital certificate generation, secure communication and identity authentication method and device | |
| CN116305330B (en) | Safety management method for CPU hardware | |
| CN116647413B (en) | Application login method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |