CN111046441A - Management method, equipment and medium for encrypted hard disk key - Google Patents
Management method, equipment and medium for encrypted hard disk key Download PDFInfo
- Publication number
- CN111046441A CN111046441A CN201911050137.7A CN201911050137A CN111046441A CN 111046441 A CN111046441 A CN 111046441A CN 201911050137 A CN201911050137 A CN 201911050137A CN 111046441 A CN111046441 A CN 111046441A
- Authority
- CN
- China
- Prior art keywords
- key
- file
- hard disk
- signature
- research
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims abstract description 66
- 238000004519 manufacturing process Methods 0.000 claims abstract description 60
- 238000012827 research and development Methods 0.000 claims abstract description 60
- 238000012795 verification Methods 0.000 claims abstract description 60
- 238000013475 authorization Methods 0.000 claims abstract description 57
- 230000004044 response Effects 0.000 claims abstract description 10
- 238000000034 method Methods 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 8
- 238000011161 development Methods 0.000 claims 1
- 230000006870 function Effects 0.000 description 6
- 238000004806 packaging method and process Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a management method of an encrypted hard disk key, which comprises the following steps: the research and development server packs the second private key and the verification signature algorithm to the hard disk encryption software and issues the key file and the signature file to the production line operating machine; the production line operating machine applies for an authorization file from the research and development server to carry out equipment authorization verification; in response to the passing of the equipment authorization verification, the production line operating machine leads the key file and the signature file into the key management server; running hard disk encryption software to request a signature file and a key file from a key management server, decrypting the key file based on a second private key to obtain a first public key, and verifying the signature file based on a verification signature algorithm; and encrypting the hard disk based on the first public key in response to the signature file passing the verification. The invention distributes the hard disk encryption key through the key management server, improves the production efficiency and effectively protects the security of the hard disk encryption key.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method, an apparatus, and a readable medium for managing an encrypted hard disk key.
Background
In order to maintain stable and reliable operation of a storage system and improve customer experience, each storage manufacturer can carry out strict quality inspection and test on a storage device shipment hard disk, and then encrypts and locks the hard disk, so that the storage device can only use the hard disk authorized by the manufacturer.
The first public key used by the hard disk encryption needs to be issued to a production link, and the hard disk is encrypted through a hard disk encryption tool. If the management is not proper, the first public key is revealed to a third party manufacturer for illegal hard disk production, which will cause huge loss to storage manufacturers and storage equipment users.
Disclosure of Invention
In view of this, an object of the embodiments of the present invention is to provide a method, an apparatus, and a medium for managing an encrypted hard disk key, which ensure that the key is not leaked in the links of key transmission and key use.
Based on the above object, an aspect of the embodiments of the present invention provides a management method for an encrypted hard disk key, including the following steps: the research and development server packs the second private key and the verification signature algorithm to the hard disk encryption software and issues the key file and the signature file to the production line operating machine; the production line operating machine applies for an authorization file from the research and development server to carry out equipment authorization verification; in response to the passing of the equipment authorization verification, the production line operating machine leads the key file and the signature file into the key management server; running hard disk encryption software to request a signature file and a key file from a key management server, decrypting the key file based on a second private key to obtain a first public key, and verifying the signature file based on a verification signature algorithm; and encrypting the hard disk based on the first public key in response to the signature file passing the verification.
In some embodiments, the step of packaging the second private key and the verification signature algorithm into the hard disk encryption software by the research and development server, and issuing the key file and the signature file to the production line manipulator includes: the research and development server encrypts the first public key by using a second public key to obtain a key file; the research and development server signs the first public key by using a signature generation algorithm to obtain a signature file; and the research and development server packages the second private key and the verification signature algorithm into the hard disk encryption software.
In some embodiments, the applying, by the production line manipulator, the authorization file to the research and development server for device authorization verification includes: the production line operating machine submits the equipment information of the key management server to a research and development server, and the research and development server generates an authorization file according to the equipment information of the key management server; the research and development server sends an authorization file to a production line operating machine; and the production line operating machine leads the authorization file into the key management server to carry out equipment authorization verification.
In some embodiments, running the hard disk encryption software to request the signature file and the key file from the key management server comprises: the production line operating machine starts a hard disk encryption tool and runs hard disk encryption software, and the hard disk encryption software requests a signature file and a key file from a key management server through an encryption communication link; and the key management server issues the signature file and the key file to the hard disk encryption software.
In some embodiments, further comprising: and regularly and synchronously updating the generated signature algorithm, the verified signature algorithm, the second public key and the second private key.
In another aspect of the embodiments of the present invention, there is also provided a computer device, including: at least one processor; and a memory storing computer instructions executable on the processor, the instructions being executable by the processor to perform the steps of: the research and development server packs the second private key and the verification signature algorithm to the hard disk encryption software and issues the key file and the signature file to the production line operating machine; the production line operating machine applies for an authorization file from the research and development server to carry out equipment authorization verification; in response to the passing of the equipment authorization verification, the production line operating machine leads the key file and the signature file into the key management server; running hard disk encryption software to request a signature file and a key file from a key management server, decrypting the key file based on a second private key to obtain a first public key, and verifying the signature file based on a verification signature algorithm; and encrypting the hard disk based on the first public key in response to the signature file passing the verification.
In some embodiments, the step of packaging the second private key and the verification signature algorithm into the hard disk encryption software by the research and development server, and issuing the key file and the signature file to the production line manipulator includes: the research and development server encrypts the first public key by using a second public key to obtain a key file; the research and development server signs the first public key by using a signature generation algorithm to obtain a signature file; and the research and development server packages the second private key and the verification signature algorithm into the hard disk encryption software.
In some embodiments, the applying, by the production line manipulator, the authorization file to the research and development server for device authorization verification includes: the production line operating machine submits the equipment information of the key management server to a research and development server, and the research and development server generates an authorization file according to the equipment information of the key management server; the research and development server sends an authorization file to a production line operating machine; and the production line operating machine leads the authorization file into the key management server to carry out equipment authorization verification.
In some embodiments, running the hard disk encryption software to request the signature file and the key file from the key management server comprises: the production line operating machine starts a hard disk encryption tool and runs hard disk encryption software, and the hard disk encryption software requests a signature file and a key file from a key management server through an encryption communication link; and the key management server issues the signature file and the key file to the hard disk encryption software.
In a further aspect of the embodiments of the present invention, a computer-readable storage medium is also provided, in which a computer program for implementing the above method steps is stored when the computer program is executed by a processor.
The invention has the following beneficial technical effects: the hard disk encryption key is distributed through the key management server, and the production efficiency is improved. The hard disk encryption key is encrypted through an asymmetric encryption algorithm, so that the safety of the hard disk encryption key is effectively protected. The extra workload brought by the key updating is effectively simplified.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other embodiments can be obtained by using the drawings without creative efforts.
Fig. 1 is a schematic diagram of an embodiment of a management method for an encrypted hard disk key provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.
It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used for distinguishing two entities with the same name but different names or different parameters, and it should be noted that "first" and "second" are merely for convenience of description and should not be construed as limitations of the embodiments of the present invention, and they are not described in any more detail in the following embodiments.
In view of the above object, a first aspect of the embodiments of the present invention provides an embodiment of a management method for an encrypted hard disk key. Fig. 1 is a schematic diagram illustrating an embodiment of a management method for an encrypted hard disk key provided by the present invention. As shown in fig. 1, the embodiment of the present invention includes the following steps:
s1, the research and development server packages the second private key and the verification signature algorithm into the hard disk encryption software, and issues the key file and the signature file to the production line operating machine;
s2, the production line operating machine applies for an authorization file from the research and development server to carry out equipment authorization verification;
s3, in response to the passing of the equipment authorization verification, the production line operating machine leads the key file and the signature file into a key management server;
s4, running the hard disk encryption software to request a signature file and a key file from the key management server, decrypting the key file based on the second private key to obtain a first public key, and verifying the signature file based on a verification signature algorithm; and
and S5, responding to the signature file to verify that the signature file passes, and encrypting the hard disk based on the first public key.
In some embodiments of the invention, asymmetric keys refer to two different keys used for encryption and decryption, where the public key is used for encryption and the private key is used for decryption; the hard disk encryption tool refers to equipment for encrypting a hard disk by using an asymmetric key and a carrier for running a hard disk encryption tool.
The first public key is a hard disk encryption key lockdrive _ pub _ key and is used for encrypting the hard disk identification information; the first private key is a hard disk decryption key lockdrive _ private _ key and is used for decrypting hard disk identification information; the second public key pack _ pub _ key is used for encrypting the key of the first public key; the second private key pack _ private _ key is used for decrypting the key of the first public key; generating a signature algorithm sign _ private _ key for generating a signed key; and the signature verification algorithm sign _ pub _ key is used for verifying the signed key.
According to some embodiments of the present invention, the step of packaging the second private key and the verification signature algorithm into the hard disk encryption software by the research and development server, and issuing the key file and the signature file to the production line operating machine includes: the research and development server encrypts the first public key by using a second public key to obtain a key file; the research and development server signs the first public key by using a signature generation algorithm to obtain a signature file; the research and development server packs the second private key and the verification signature algorithm into the hard disk encryption software during construction, and the two key files cannot be acquired from the outside.
According to some embodiments of the present invention, the applying, by the production line operator, the authorization file to the research and development server for device authorization verification includes: the production line operating machine submits the equipment information of the key management server to a research and development server, and the research and development server generates an authorization file according to the equipment information of the key management server; the research and development server sends an authorization file to a production line operating machine; and the production line operating machine leads the authorization file into the key management server to carry out equipment authorization verification.
According to some embodiments of the invention, running the hard disk encryption software to request the signature file and the key file from the key management server comprises: the production line operating machine starts a hard disk encryption tool and runs hard disk encryption software, and the hard disk encryption software requests a signature file and a key file from a key management server through an encryption communication link; and the key management server issues the signature file and the key file to the hard disk encryption software.
In some embodiments of the present invention, the encrypted communication link is an HTTP channel targeted for security, and the security of the transmission process is ensured by transmission encryption and identity authentication on the basis of HTTP; the hard disk encryption software runs on the independent linux namespace, other processes cannot access the key content, and the system swap partition is closed to avoid key information remaining in the hard disk when the hard disk is encrypted.
According to some embodiments of the invention, the steps further comprise: and the signature algorithm, the verification signature algorithm, the second public key and the second private key are periodically and synchronously updated, so that the security of the key is enhanced.
It should be particularly noted that, the steps in the embodiments of the management method for encrypted hard disk keys described above may be mutually intersected, replaced, added, and deleted, so that these methods for file protection based on soft link that are reasonably transformed by permutation and combination also belong to the scope of the present invention, and the scope of the present invention should not be limited to the embodiments.
In view of the above object, a second aspect of the embodiments of the present invention provides a computer device, including: at least one processor; and a memory storing computer instructions executable on the processor, the instructions being executable by the processor to perform the steps of: s1, the research and development server packages the second private key and the verification signature algorithm into the hard disk encryption software, and issues the key file and the signature file to the production line operating machine; s2, the production line operating machine applies for an authorization file from the research and development server to carry out equipment authorization verification; s3, in response to the passing of the equipment authorization verification, the production line operating machine leads the key file and the signature file into a key management server; s4, running the hard disk encryption software to request a signature file and a key file from the key management server, decrypting the key file based on the second private key to obtain a first public key, and verifying the signature file based on a verification signature algorithm; and S5, responding to the signature file to verify, and encrypting the hard disk based on the first public key.
In some embodiments, the step of packaging the second private key and the verification signature algorithm into the hard disk encryption software by the research and development server, and issuing the key file and the signature file to the production line manipulator includes: the research and development server encrypts the first public key by using a second public key to obtain a key file; the research and development server signs the first public key by using a signature generation algorithm to obtain a signature file; and packaging the second private key and the verification signature algorithm into the hard disk encryption software by research personnel.
In some embodiments, the applying, by the production line manipulator, the authorization file to the research and development server for device authorization verification includes: the production line operating machine submits the equipment information of the key management server to a research and development server, and the research and development server generates an authorization file according to the equipment information of the key management server; the research and development server sends an authorization file to a production line operating machine; and the production line operating machine leads the authorization file into the key management server to carry out equipment authorization verification.
In some embodiments, running the hard disk encryption software to request the signature file and the key file from the key management server comprises: the production line operating machine starts a hard disk encryption tool and runs hard disk encryption software, and the hard disk encryption software requests a signature file and a key file from a key management server through an encryption communication link; and the key management server issues the signature file and the key file to the hard disk encryption software.
The invention also provides a computer readable storage medium storing a computer program which, when executed by a processor, performs the method as above.
Finally, it should be noted that, as one of ordinary skill in the art can appreciate that all or part of the processes of the methods of the above embodiments can be implemented by a computer program to instruct related hardware, and the program of the method for file protection based on soft link can be stored in a computer readable storage medium, and when executed, the program can include the processes of the embodiments of the methods as described above. The storage medium of the program may be a magnetic disk, an optical disk, a Read Only Memory (ROM), a Random Access Memory (RAM), or the like. The embodiments of the computer program may achieve the same or similar effects as any of the above-described method embodiments.
Furthermore, the methods disclosed according to embodiments of the present invention may also be implemented as a computer program executed by a processor, which may be stored in a computer-readable storage medium. Which when executed by a processor performs the above-described functions defined in the methods disclosed in embodiments of the invention.
Further, the above method steps and system elements may also be implemented using a controller and a computer readable storage medium for storing a computer program for causing the controller to implement the functions of the above steps or elements.
Further, it should be appreciated that the computer-readable storage media (e.g., memory) herein can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. By way of example, and not limitation, nonvolatile memory can include Read Only Memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM), which can act as external cache memory. By way of example and not limitation, RAM is available in a variety of forms such as synchronous RAM (DRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), and Direct Rambus RAM (DRRAM). The storage devices of the disclosed aspects are intended to comprise, without being limited to, these and other suitable types of memory.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as software or hardware depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the disclosed embodiments of the present invention.
The various illustrative logical blocks, modules, and circuits described in connection with the disclosure herein may be implemented or performed with the following components designed to perform the functions herein: a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination of these components. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP, and/or any other such configuration.
The steps of a method or algorithm described in connection with the disclosure herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.
In one or more exemplary designs, the functions may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a general-purpose or special-purpose computer, or a general-purpose or special-purpose processor. Also, any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk and disc, as used herein, includes Compact Disc (CD), laser disc, optical disc, Digital Versatile Disc (DVD), floppy disk, blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
The foregoing is an exemplary embodiment of the present disclosure, but it should be noted that various changes and modifications could be made herein without departing from the scope of the present disclosure as defined by the appended claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. Furthermore, although elements of the disclosed embodiments of the invention may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated.
It should be understood that, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly supports the exception. It should also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items.
The numbers of the embodiments disclosed in the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, and the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, of embodiments of the invention is limited to these examples; within the idea of an embodiment of the invention, also technical features in the above embodiment or in different embodiments may be combined and there are many other variations of the different aspects of the embodiments of the invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present invention are intended to be included within the scope of the embodiments of the present invention.
Claims (10)
1. A management method for encrypting a hard disk key is characterized by comprising the following steps:
the research and development server packs the second private key and the verification signature algorithm to the hard disk encryption software and issues the key file and the signature file to the production line operating machine;
the production line operating machine applies for an authorization file from the research and development server to carry out equipment authorization verification;
in response to the passing of the equipment authorization verification, the production line operating machine leads the key file and the signature file into a key management server;
running the hard disk encryption software to request the signature file and the key file from the key management server, decrypting the key file based on the second private key to obtain a first public key, and verifying the signature file based on the verification signature algorithm; and
and responding to the signature file to pass verification, and encrypting the hard disk based on the first public key.
2. The management method of claim 1, wherein the research and development server packages the second private key and the verification signature algorithm into the hard disk encryption software, and issues the key file and the signature file to the production line manipulator, and the method comprises:
the research and development server encrypts the first public key by using a second public key to obtain the key file;
the research and development server signs the first public key by using a signature generation algorithm to obtain the signature file;
and the research and development server packages the second private key and the verification signature algorithm into the hard disk encryption software.
3. The management method according to claim 1, wherein the line handler applying an authorization file to the development server for device authorization verification includes:
the production line operating machine submits the equipment information of the key management server to the research and development server, and the research and development server generates the authorization file according to the equipment information of the key management server;
the research and development server sends the authorization file to the production line operating machine;
and the production line operating machine leads the authorization file into the key management server to carry out equipment authorization verification.
4. The management method according to claim 1, wherein the step of running the hard disk encryption software to request the signature file and the key file from the key management server comprises:
a production line operating machine starts a hard disk encryption tool and runs the hard disk encryption software, and the hard disk encryption software requests the signature file and the key file from the key management server through an encryption communication link;
and the key management server issues the signature file and the key file to the hard disk encryption software.
5. The management method according to claim 2, further comprising:
and regularly and synchronously updating the generation signature algorithm, the verification signature algorithm, the second public key and the second private key.
6. A computer device, comprising:
at least one processor; and
a memory storing computer instructions executable on the processor, the instructions when executed by the processor implementing the steps of:
the research and development server packs the second private key and the verification signature algorithm to the hard disk encryption software and issues the key file and the signature file to the production line operating machine;
the production line operating machine applies for an authorization file from the research and development server to carry out equipment authorization verification;
in response to the passing of the equipment authorization verification, the production line operating machine leads the key file and the signature file into a key management server;
running the hard disk encryption software to request the signature file and the key file from the key management server, decrypting the key file based on the second private key to obtain a first public key, and verifying the signature file based on the verification signature algorithm; and
and responding to the signature file to pass verification, and encrypting the hard disk based on the first public key.
7. The computer device of claim 6, wherein the research and development server packages the second private key and the verification signature algorithm into the hard disk encryption software, and issues the key file and the signature file to the production line manipulator, comprising:
the research and development server encrypts the first public key by using a second public key to obtain the key file;
the research and development server signs the first public key by using a signature generation algorithm to obtain the signature file;
and the research and development server packages the second private key and the verification signature algorithm into the hard disk encryption software.
8. The computer device of claim 6, wherein the production line manipulator applying an authorization file to the research and development server for device authorization verification comprises:
the production line operating machine submits the equipment information of the key management server to the research and development server, and the research and development server generates the authorization file according to the equipment information of the key management server;
the research and development server sends the authorization file to the production line operating machine;
and the production line operating machine leads the authorization file into the key management server to carry out equipment authorization verification.
9. The computer device of claim 6, wherein running the hard disk encryption software to request the signature file and the key file from the key management server comprises:
a production line operating machine starts a hard disk encryption tool and runs the hard disk encryption software, and the hard disk encryption software requests the signature file and the key file from the key management server through an encryption communication link;
and the key management server issues the signature file and the key file to the hard disk encryption software.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911050137.7A CN111046441B (en) | 2019-10-31 | 2019-10-31 | Management method, equipment and medium for encrypted hard disk key |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911050137.7A CN111046441B (en) | 2019-10-31 | 2019-10-31 | Management method, equipment and medium for encrypted hard disk key |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111046441A true CN111046441A (en) | 2020-04-21 |
CN111046441B CN111046441B (en) | 2022-07-12 |
Family
ID=70232777
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911050137.7A Active CN111046441B (en) | 2019-10-31 | 2019-10-31 | Management method, equipment and medium for encrypted hard disk key |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111046441B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112632586A (en) * | 2020-12-30 | 2021-04-09 | 浪潮电子信息产业股份有限公司 | BIOS hard disk password retrieving method, device, equipment and readable storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106936797A (en) * | 2015-12-31 | 2017-07-07 | 北京网御星云信息技术有限公司 | The management method and system of magnetic disk of virtual machine and file encryption key in a kind of cloud |
CN108199847A (en) * | 2017-12-29 | 2018-06-22 | 数安时代科技股份有限公司 | Security processing method, computer equipment and storage medium |
CN109684790A (en) * | 2018-12-26 | 2019-04-26 | 佛山市瑞德物联科技有限公司 | Software start-up method, soft ware authorization verification method, equipment and storage medium |
-
2019
- 2019-10-31 CN CN201911050137.7A patent/CN111046441B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106936797A (en) * | 2015-12-31 | 2017-07-07 | 北京网御星云信息技术有限公司 | The management method and system of magnetic disk of virtual machine and file encryption key in a kind of cloud |
CN108199847A (en) * | 2017-12-29 | 2018-06-22 | 数安时代科技股份有限公司 | Security processing method, computer equipment and storage medium |
CN109684790A (en) * | 2018-12-26 | 2019-04-26 | 佛山市瑞德物联科技有限公司 | Software start-up method, soft ware authorization verification method, equipment and storage medium |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112632586A (en) * | 2020-12-30 | 2021-04-09 | 浪潮电子信息产业股份有限公司 | BIOS hard disk password retrieving method, device, equipment and readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN111046441B (en) | 2022-07-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108737374B (en) | Privacy protection method for data storage in block chain | |
US11070542B2 (en) | Systems and methods for certificate chain validation of secure elements | |
WO2021120683A1 (en) | Method and apparatus for secure communication based on identity authentication | |
US8495383B2 (en) | Method for the secure storing of program state data in an electronic device | |
US20100257370A1 (en) | Apparatus And Method for Supporting Content Exchange Between Different DRM Domains | |
JP2013514587A (en) | Content management method using certificate revocation list | |
US11206134B2 (en) | System and method for protection of multipart system applications using a cryptographically protected package, a package map and a package object store for decryption and verification at runtime on the target device platform | |
CN102859929A (en) | Online secure device provisioning with updated offline identity data generation and offline device binding | |
KR20110055510A (en) | Backing up digital content that is stored in a secured storage device | |
CN103946858A (en) | Decryption and encryption of application data | |
JP2016520265A (en) | Generation of working security keys based on security parameters | |
CN110765449A (en) | Identity authentication method, equipment and medium based on security chip | |
CN111611593A (en) | Secure data processing apparatus | |
CN111125725A (en) | Encryption and decryption method, equipment and medium for mirror image verification | |
CN113497709A (en) | Trusted data source management method based on block chain, signature device and verification device | |
CN109450620A (en) | The method and mobile terminal of security application are shared in a kind of mobile terminal | |
JP5178716B2 (en) | Content management system and method using certificate revocation list | |
JP2009543208A (en) | Content management system and method using certificate chain | |
CN111079157A (en) | Secret fragmentation trusteeship platform based on block chain, equipment and medium | |
US20120213370A1 (en) | Secure management and personalization of unique code signing keys | |
US8745375B2 (en) | Handling of the usage of software in a disconnected computing environment | |
CN111046441B (en) | Management method, equipment and medium for encrypted hard disk key | |
JP2015104020A (en) | Communication terminal device, communication terminal association system, communication terminal association method and computer program | |
CN113326522A (en) | Data processing method, device, equipment and computer storage medium | |
KR102559101B1 (en) | Power metering apparatus, power metering server and, power metering method base on block chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |