CN108171086B - Hard disk partition encryption method based on hardware encryption card - Google Patents
Hard disk partition encryption method based on hardware encryption card Download PDFInfo
- Publication number
- CN108171086B CN108171086B CN201711436595.5A CN201711436595A CN108171086B CN 108171086 B CN108171086 B CN 108171086B CN 201711436595 A CN201711436595 A CN 201711436595A CN 108171086 B CN108171086 B CN 108171086B
- Authority
- CN
- China
- Prior art keywords
- encryption
- card
- hard disk
- key
- disk partition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The invention discloses a hard disk partition encryption method based on a hardware encryption card, which belongs to the technology of the field of computer security and comprises the following steps: step S1, the login module identifies the IC card connected with the login module, and if the IC card meets a first preset condition, the step S2 is carried out; step S2, the hardware encryption card generates a first key and a second key, and stores the first key and the second key in the hardware encryption card; step S3, the encryption module sends an encryption instruction to an encryption framework module, and the encryption framework module forms encryption information according to the first key and the second key and by adopting a preset first encryption strategy; step S4, the encryption information is set in the block header of each hard disk partition. The technical scheme has the beneficial effects that: the invention controls the hardware encryption card to generate the key and encrypt the hard disk partition by inserting the IC card, thereby improving the system security and ensuring the security of the hard disk partition data.
Description
Technical Field
The invention relates to a technology in the field of computer security, in particular to a hard disk partition encryption method based on a hardware encryption card.
Background
The existing hard disk partition encryption technology is based on software to realize an encryption algorithm, common partition encryption tools and file encryption tools, and the technology is quite mature, but if a high-risk vulnerability is exposed or a user password is stolen, a common user is difficult to remedy at the first time, and the rights and interests of the user are easy to be damaged by lawbreakers.
Although the security of the system is improved by the hardware encryption card, the use steps are complicated, one operator is needed to be added for three administrators, when a used key needs to be generated, more than half of the administrators need to be logged in to have the authority of key operation, and when the key is used, the operator card is needed to obtain the use authority of the key, so that the labor cost is increased.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a hard disk partition encryption method based on a hardware encryption card. The invention controls the hardware encryption card to generate the key and encrypt the hard disk partition by inserting the IC card, thereby improving the system security and ensuring the security of the hard disk partition data.
The invention is realized by the following technical scheme:
the invention relates to a hard disk partition encryption method based on a hardware encryption card, wherein a hard disk to be encrypted is divided into a plurality of hard disk partitions, a login module for identifying an IC card is arranged, and the login module is connected with an encryption module;
the method also comprises a process of encrypting the hard disk partition, and specifically comprises the following steps:
step S1, the login module identifies the IC card connected with the login module, and if the IC card meets a first preset condition, the step S2 is carried out;
step S2, the hardware encryption card generates a first key and a second key, and stores the first key and the second key in the hardware encryption card;
step S3, the encryption module sends an encryption instruction to an encryption framework module, and the encryption framework module forms encryption information according to the first key and the second key and by adopting a preset first encryption strategy;
step S4, the encryption information is set in the block header of each hard disk partition.
Preferably, the hard disk partition encryption method based on the hardware encryption card further comprises a process of reading the hard disk partition, and specifically comprises the following steps:
step S51, the login module identifies the IC card connected with the login module, and if the IC card meets a second preset condition, the step S52 is carried out;
step S52, the encryption module sends a read instruction to the encryption framework module, and the encryption framework module extracts the first key and the second key;
step S53, the encryption framework module decrypts the encrypted information according to the first key and the second key and by using the first encryption policy;
step S54, the encryption module verifies the decrypted encryption information and mounts the corresponding hard disk partition, so as to decrypt the hard disk partition and read the data in the hard disk partition.
Preferably, in the hard disk partition encryption method based on the hardware encryption card, in step S1, the first preset condition is: the type of the IC card is an administrator card, the number of the IC cards connected with the login module is more than M, and the IC card comprises: n > M > N/2, N being the total number of said IC cards of the type of said supervisor card.
Preferably, in the hard disk partition encryption method based on the hardware encryption card, in step S51, the second preset condition is: the type of the IC card is an administrator card or an operator card.
Preferably, in the hard disk partition encryption method based on the hardware encryption card, in the step S2, the first key and/or the second key are encrypted by using a preset second encryption policy and then stored in the hardware encryption card.
Preferably, the hard disk partition encryption method based on the hardware encryption card, wherein the second encryption policy is an AES encryption algorithm, a DES encryption algorithm, or an RSA encryption algorithm.
Preferably, the hard disk partition encryption method based on the hardware encryption card, wherein the first encryption policy is an AES encryption algorithm, a DES encryption algorithm, or an RSA encryption algorithm.
Preferably, in the hard disk partition encryption method based on the hardware encryption card, in step S2, the first key and/or the second key is a 256-bit binary random number.
Preferably, the hardware encryption card-based hard disk partition encryption method is implemented by running the encryption module in a user mode of the operating system and running the encryption framework module in a kernel mode of the operating system.
The beneficial effects of the above technical scheme are: the invention controls the hardware encryption card to generate the key and encrypt the hard disk partition by inserting the IC card, thereby improving the system security and ensuring the security of the hard disk partition data.
Drawings
FIG. 1 is a flow chart of a hard disk partition encryption method based on a hardware encryption card according to a preferred embodiment of the present invention;
fig. 2 is a flowchart illustrating a hard disk partition encryption method based on a hardware encryption card according to a preferred embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
The invention is further described with reference to the following drawings and specific examples, which are not intended to be limiting.
As shown in fig. 1, the present embodiment relates to a hard disk partition encryption method based on a hardware encryption card, which divides a hard disk to be encrypted into a plurality of hard disk partitions, and sets a login module for identifying an IC card, where the login module is connected with an encryption module.
The hard disk partition encryption method also comprises a process of encrypting the hard disk partition, and specifically comprises the following steps:
in step S1, the login module identifies the IC card connected to the login module, and if the IC card satisfies the first predetermined condition, the process goes to step S2.
The first preset condition is as follows: the type of the IC card is an administrator card, and the number of the IC cards connected with the login module is more than M, wherein: n > M > N/2, N being the total number of IC cards of the type of the supervisor card.
There are two types of IC cards, i.e., a manager card and an operator card, and the number of IC cards of the type of the manager card is M.
In step S2, the hardware-encryption card generates a first key and a second key, and stores the first key and the second key in the hardware-encryption card.
In step S2, the first key and/or the second key are encrypted by a preset second encryption policy and then stored in the hardware encryption card.
The second encryption strategy is an AES encryption algorithm or a DES encryption algorithm or an RSA encryption algorithm.
The encryption module calls the encryption card library file, is connected with the hardware encryption card through the encryption card library file, and controls the hardware encryption card to generate a first secret key and/or a second secret key.
In step S2, the first key and/or the second key is a 256-bit binary random number.
And step S3, the encryption module sends an encryption instruction to an encryption framework module, and the encryption framework module forms encryption information according to the first key and the second key and by adopting a preset first encryption strategy.
The first Encryption policy is an AES (Advanced Encryption Standard) Encryption algorithm or a DES (Data Encryption Standard) Encryption algorithm or an RSA Encryption algorithm.
In step S4, encryption information is set to the block header of each hard disk partition.
The encryption module runs in an operating system user mode, and the encryption framework module runs in an operating system kernel mode.
The process of reading the hard disk partition specifically comprises the following steps:
step S51, the login module identifies the IC card connected with the login module, if the IC card meets a second preset condition, the step S52 is carried out;
step S52, the encryption module sends a reading instruction to the encryption frame module, and the encryption frame module extracts a first key and a second key;
step S53, the encryption framework module decrypts the encrypted information according to the first key and the second key and by adopting a first encryption strategy;
and step S54, the encryption module verifies the decrypted encryption information and mounts the corresponding hard disk partition so as to decrypt the hard disk partition and read the data in the hard disk partition.
The second preset condition is as follows: the type of the IC card is an administrator card or an operator card.
When the hard disk is partitioned, the login module actively identifies the IC card connected with the login module, and if the IC card is an administrator card and the number of the administrator card exceeds half of the total number, the encryption module controls the hardware encryption card to generate a first key and a second key and stores the first key and the second key with the hardware encryption card. The encryption module controls the encryption framework module, and the encryption framework module extracts the first key and the second key from the hardware encryption card. And generating encryption information by adopting an AES encryption algorithm, a DES encryption algorithm or an RSA encryption algorithm according to the first key and the second key, and writing the encryption information into the block heads of the hard disk partitions, thereby completing the encryption of the hard disk partitions.
When the hard disk is read, the login module identifies the IC card connected with the login module, if the IC card is an administrator card or an operator card, the encryption module sends a reading instruction to the encryption frame module, and the encryption frame module extracts the first secret key and the second secret key. And the encryption framework module decrypts the encrypted information by adopting a first encryption strategy according to the first key and the second key. And the encryption module verifies the decrypted encryption information and mounts the corresponding hard disk partition.
Compared with the prior art, the hard disk partition encryption method based on the hardware encryption card of the invention comprises the following steps: the invention controls the hardware encryption card to generate the key and encrypt the hard disk partition by inserting the IC card, thereby improving the system security and ensuring the security of the hard disk partition data.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention.
Claims (8)
1. A hard disk partition encryption method based on a hardware encryption card is characterized in that a hard disk to be encrypted is divided into a plurality of hard disk partitions, a login module for identifying an IC card is arranged, and the login module is connected with an encryption module;
the method also comprises a process of encrypting the hard disk partition, and specifically comprises the following steps:
step S1, the login module identifies the IC card connected with the login module, and if the IC card meets a first preset condition, the step S2 is carried out;
step S2, the hardware encryption card generates a first key and a second key, and stores the first key and the second key in the hardware encryption card;
step S3, the encryption module sends an encryption instruction to an encryption framework module, and the encryption framework module forms encryption information according to the first key and the second key and by adopting a preset first encryption strategy;
step S4, setting the encryption information in the block header of each hard disk partition;
in step S1, the first preset condition is: the type of the IC card is an administrator card, the number of the IC cards connected with the login module is more than M, and the IC card comprises: n > M > N/2, N being the total number of said IC cards of the type of said supervisor card.
2. The hard disk partition encryption method based on the hardware encryption card as claimed in claim 1, further comprising a process of reading the hard disk partition, specifically comprising the steps of:
step S51, the login module identifies the IC card connected with the login module, and if the IC card meets a second preset condition, the step S52 is carried out;
step S52, the encryption module sends a read instruction to the encryption framework module, and the encryption framework module extracts the first key and the second key;
step S53, the encryption framework module decrypts the encrypted information according to the first key and the second key and by using the first encryption policy;
step S54, the encryption module verifies the decrypted encryption information and mounts the corresponding hard disk partition, so as to decrypt the hard disk partition and read the data in the hard disk partition.
3. The hardware encryption card based hard disk partition encryption method according to claim 2, wherein in said step S51, said second preset condition is: the type of the IC card is an administrator card or an operator card.
4. The method for encrypting the hard disk partition based on the hardware encryption card of claim 1, wherein in the step S2, the first key and/or the second key are encrypted by a predetermined second encryption policy and then stored in the hardware encryption card.
5. The hard disk partition encryption method based on the hardware encryption card as claimed in claim 4, wherein the second encryption policy is AES encryption algorithm or DES encryption algorithm or RSA encryption algorithm.
6. The hard disk partition encryption method based on the hardware encryption card as claimed in claim 1, wherein the first encryption policy is an AES encryption algorithm, a DES encryption algorithm, or an RSA encryption algorithm.
7. The hardware encryption card-based hard disk partition encryption method of claim 1, wherein in the step S2, the first key and/or the second key is a 256-bit binary random number.
8. The hardware encryption card-based hard disk partition encryption method according to claim 1, wherein the encryption module runs in a user mode of an operating system, and the encryption framework module runs in a kernel mode of the operating system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711436595.5A CN108171086B (en) | 2017-12-26 | 2017-12-26 | Hard disk partition encryption method based on hardware encryption card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711436595.5A CN108171086B (en) | 2017-12-26 | 2017-12-26 | Hard disk partition encryption method based on hardware encryption card |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108171086A CN108171086A (en) | 2018-06-15 |
| CN108171086B true CN108171086B (en) | 2021-08-10 |
Family
ID=62521434
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711436595.5A Active CN108171086B (en) | 2017-12-26 | 2017-12-26 | Hard disk partition encryption method based on hardware encryption card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108171086B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100915615B1 (en) * | 2008-09-10 | 2009-09-03 | (주)셀런에스엔 | Encryption and decryption module for hardisk having partitioning function with user card |
| CN101562040A (en) * | 2008-04-15 | 2009-10-21 | 航天信息股份有限公司 | High-security mobile memory and data processing method thereof |
| CN105740717A (en) * | 2016-01-29 | 2016-07-06 | 四川效率源信息安全技术股份有限公司 | Method and apparatus for performing electronic data file protection based on encrypted partition |
| CN106169041A (en) * | 2016-07-06 | 2016-11-30 | 北京天芯微鸿科技有限公司 | A kind of safety encryption portable hard drive based on USBKEY authentication and data transmission method thereof |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101650693B (en) * | 2009-08-11 | 2011-05-25 | 刘鸣宇 | Security control method for mobile hard disk and security mobile hard disk |
| CN102508791B (en) * | 2011-09-28 | 2015-05-13 | 辽源环宇佳讯通讯技术有限公司 | Method and device for encrypting hard disk partition |
| CN104951409B (en) * | 2015-06-12 | 2019-03-08 | 中国科学院信息工程研究所 | A kind of hardware based full disk encryption system and encryption method |
-
2017
- 2017-12-26 CN CN201711436595.5A patent/CN108171086B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101562040A (en) * | 2008-04-15 | 2009-10-21 | 航天信息股份有限公司 | High-security mobile memory and data processing method thereof |
| KR100915615B1 (en) * | 2008-09-10 | 2009-09-03 | (주)셀런에스엔 | Encryption and decryption module for hardisk having partitioning function with user card |
| CN105740717A (en) * | 2016-01-29 | 2016-07-06 | 四川效率源信息安全技术股份有限公司 | Method and apparatus for performing electronic data file protection based on encrypted partition |
| CN106169041A (en) * | 2016-07-06 | 2016-11-30 | 北京天芯微鸿科技有限公司 | A kind of safety encryption portable hard drive based on USBKEY authentication and data transmission method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108171086A (en) | 2018-06-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107959567B (en) | Data storage method, data acquisition method, device and system | |
| US8462955B2 (en) | Key protectors based on online keys | |
| CN100487715C (en) | Date safety storing system, device and method | |
| CN107908574B (en) | Safety protection method for solid-state disk data storage | |
| CN104618096B (en) | Protect method, equipment and the TPM key administrative center of key authorization data | |
| CN112560058B (en) | SSD partition encryption storage system based on intelligent password key and implementation method thereof | |
| US11042652B2 (en) | Techniques for multi-domain memory encryption | |
| CN110059458B (en) | User password encryption authentication method, device and system | |
| CN105468940B (en) | Method for protecting software and device | |
| CN108833440B (en) | Block chain-based network security audit system and network security audit method | |
| CN105450620A (en) | Information processing method and device | |
| EP3457309A1 (en) | Processing method for presenting copy attack, and server and client | |
| CN103020537A (en) | Data encrypting method, data encrypting device, data deciphering method and data deciphering device | |
| US20100095132A1 (en) | Protecting secrets in an untrusted recipient | |
| US20170046530A1 (en) | Distributed Cloud Storage System (DCSS) for secure, reliable storage and retrieval of data and computing objects | |
| CN108537048B (en) | Security association method and system for encrypted solid state disk and authorized computer | |
| CN107092836A (en) | A kind of data guard method and device based on system encryption | |
| CN102930223A (en) | Method and system for protecting disk data | |
| CN112507296A (en) | User login verification method and system based on block chain | |
| CN111008390A (en) | Root key generation protection method and device, solid state disk and storage medium | |
| US8798261B2 (en) | Data protection using distributed security key | |
| CN114221927A (en) | Mail encryption service system and method based on national encryption algorithm | |
| US10235218B2 (en) | Automatic correction of cryptographic application program interfaces | |
| CN103577771A (en) | Virtual desktop data leakage-preventive protection technology on basis of disk encryption | |
| CN108171086B (en) | Hard disk partition encryption method based on hardware encryption card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |