CN111079170B - Control method and control device of solid state disk - Google Patents
Control method and control device of solid state disk Download PDFInfo
- Publication number
- CN111079170B CN111079170B CN201911065696.5A CN201911065696A CN111079170B CN 111079170 B CN111079170 B CN 111079170B CN 201911065696 A CN201911065696 A CN 201911065696A CN 111079170 B CN111079170 B CN 111079170B
- Authority
- CN
- China
- Prior art keywords
- user
- verification
- key
- access
- solid state
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a control method and a control device of a solid state disk, wherein the method comprises the following steps: hiding an access area of the solid state disk; when detecting that a user initiates an access request to the solid state disk, acquiring user identity information in the access request; displaying the selectable access area on a display interface; acquiring a request access area selected in the selectable access area; judging whether the access request area is a secret-related area or not; if so, generating decryption request information according to the user identity information and the access request area and sending the decryption request information to a decryption unit; determining the current confidentiality grade corresponding to the access request area through a decryption unit, and judging whether the user belongs to an authorized user corresponding to the current confidentiality grade; and if so, generating a verification key and sending the verification key to a setting receiving terminal associated with the user. The technical scheme of the invention aims to improve the secrecy performance of the solid state disk.
Description
Technical Field
The invention relates to the technical field of solid state disks, in particular to a control method of a solid state disk and a control device applying the control method of the solid state disk.
Background
A Solid State Drive (SSD), commonly referred to as a Solid State Disk, is a hard Disk made of an array of Solid State electronic memory chips. The SSD is composed of a control unit and a storage unit (FLASH chip, DRAM chip). The specification, definition, function and use method of the interface of the solid state disk are completely the same as those of a common hard disk, and the appearance and size of the product are also completely consistent with those of the common hard disk. The method is widely applied to the fields of military affairs, vehicle-mounted, industrial control, video monitoring, network terminals, electric power, medical treatment, aviation, navigation equipment and the like.
The solid state disk usually stores important data of a user, the leakage of the data may bring loss to the user, and the current solid state disk has low security performance on the data and is difficult to meet the security requirement of the user.
Disclosure of Invention
The invention mainly aims to provide a control method of a solid state disk, and aims to solve the problem that the secrecy performance of the solid state disk is not high in the prior art.
In order to achieve the above object, in the control method of a solid state disk provided in the present invention, the solid state disk is in signal connection with a controller, and the controller is further in signal connection with an input unit, a display interface, a server, and a decryption unit, respectively, and the control method of a solid state disk includes the following steps:
acquiring a region division instruction of the solid state disk, dividing the solid state disk into a plurality of access regions with different access authority types according to the region division instruction, and hiding the access regions;
when detecting that a user initiates an access request to the solid state disk, acquiring user identity information in the access request;
determining a selectable access area and an unselected access area corresponding to the user identity information, displaying the selectable access area on the display interface, and controlling the unselected access area to continuously keep a hidden state;
acquiring a request access area selected by a user in the selectable access area;
judging whether the access request area is a secret-involved area;
if not, displaying the file stored in the access request area, and sending user access information to a server, wherein the user access information comprises the user identity information, browsing file information and access time;
if so, generating decryption request information according to the user identity information and the access request area and sending the decryption request information to a decryption unit;
determining the current secret grade corresponding to the access request area through the decryption unit, and judging whether the user belongs to an authorized user corresponding to the current secret grade;
and if so, generating a verification key and sending the verification key to the setting receiving terminal associated with the user.
Preferably, after the step of generating the verification key and sending the verification key to the setting receiving terminal associated with the user, the method further includes:
acquiring verification information input by a user through the input unit through the decryption unit, and judging whether the verification passes according to whether the verification information is a verification key;
when the verification is passed, judging whether a first secret key is acquired;
if not, sending a prompt for inputting the first key on the display interface;
and decrypting the access request area through the decryption unit according to the acquired first key and the acquired verification key.
Preferably, the step of generating the verification key and sending the verification key to the setting receiving terminal associated with the user includes:
generating a verification key at the server according to a set password generation rule;
acquiring a first secret key corresponding to the user identity information stored in the server;
encrypting the verification key according to a preset first key to generate a cipher ciphertext;
and sending the password ciphertext to a setting receiving terminal associated with the user.
Preferably, the step of acquiring, by the decryption unit, the verification information input by the user through the input unit, and determining whether the verification is passed according to whether the verification information is a verification key includes:
providing a first receiving window for a user, and acquiring first verification information input to the first receiving window by the user through the input unit;
when the verification information is the first key, providing a second receiving window for the user, and acquiring second verification information input to the second receiving window by the user through the input unit;
when the second verification information is the password ciphertext, decrypting the password ciphertext through the decryption unit to obtain a verification key, and sending the verification key to a user;
providing a third receiving window for the user, and acquiring third verification data input to the second receiving window by the user through the input unit;
and determining whether the third verification data is the verification key or not.
Preferably, the step of encrypting the verification key according to the preset first key to generate a cipher text includes:
judging whether the current confidentiality grade corresponding to the access request area exceeds a preset confidentiality grade or not;
if yes, acquiring a truncation position number of the verification key;
truncating the verification key according to the truncation position number to generate each verification key segment;
encrypting each verification key segment according to a preset first key to generate a plurality of cipher segment ciphertexts named according to segment sequence numbers;
the step of sending the cipher text to a set receiving terminal associated with the user includes:
and sending each cipher fragment cipher text to a plurality of associated setting receiving terminals of the user.
Preferably, the step of acquiring the verification information input by the user and determining whether the verification passes according to whether the verification information is a verification key includes:
providing a first receiving window for a user, and acquiring first verification information input to the first receiving window by the user through the input unit;
when the verification information is the first key, providing a second receiving window for the user, and acquiring a data sequence formed by a plurality of data segments input to the second receiving window by the user according to the input sequence through the input unit;
judging whether the data sequence is a cipher segment ciphertext formed by splicing all the cipher segments according to the segment sequence numbers;
if so, decrypting all the cipher segment ciphertexts spliced according to the segment serial numbers through the decryption unit to obtain a verification key, and sending the verification key to a user;
providing a third receiving window for the user, and acquiring third verification data input to the second receiving window by the user through the input unit;
and determining whether the third verification data is the verification key or not.
Preferably, the authentication key and the first key are generated by:
acquiring first data and second data according to a preset rule, wherein the first data and the second data are prime numbers respectively;
calculating a product of the first data and the second data;
determining a first difference of the first data from 1 and determining a second difference of the second data from 1;
determining an upper limit value of the verification key according to the first difference value and the second difference value;
acquiring a set lower limit value and a verification key value-taking rule of the verification key, and determining the verification key according to the upper limit value, the lower limit value and the value-taking rule;
and determining the first key according to the verification key and the upper limit value of the verification key.
Preferably, after the step of determining, by the decryption unit, a current secret level corresponding to the requested access area and determining whether the user belongs to an authorized user corresponding to the current secret level, the method further includes:
if not, sending the decryption request information to a preset authority auditor;
obtaining an auditing result of the authority auditor;
when the verification result is authorized access, executing the step of generating the verification key and sending the verification key to a set receiving terminal associated with the user;
and when the auditing result is that the access is denied, sending an access denial prompt to the user and hiding the access request area.
Preferably, the method for controlling a solid state disk further includes:
when detecting that the decryption operation sent by a user to an access area without access authority exceeds a preset number of times, uploading a local file stored in the access area to the server, and deleting the local file stored in the access area.
In addition, to achieve the above object, the present invention further provides a control apparatus for a solid state disk, including: a memory, a controller, and a computer program stored on the memory and executable on the controller; the controller is respectively in signal connection with the input unit, the solid state disk, the display interface, the server and the decryption unit; the computer program, when executed by the controller, implements the steps of the method for controlling a solid state disk according to any one of the above.
In the technical scheme of the invention, each access area of the solid state disk after being divided into the access areas is firstly hidden, and then, according to the identity information of the access user, part or all of the access areas are selectively displayed for the access user, so that the access user can be prevented from viewing the file storage area which does not belong to the viewing range of the access user, and a first layer of security function is achieved; and further, acquiring a request access area selected by the user in the visible access area, judging whether the request access area is a secret-related area, and if so, generating decryption request information according to the user identity information and the request access area and sending the decryption request information to a decryption unit. The decryption calculation process is completed by the independent decryption unit, the calculation amount of the controller is reduced, and the independent decryption unit only processes decryption work items independently, so that the decryption speed is improved, and the access request is responded quickly. And determining the current secret grade corresponding to the access requesting area through the decryption unit, judging whether the user belongs to an authorized user corresponding to the current secret grade, if so, generating a verification key and sending the verification key to a setting receiving terminal associated with the user, so that the user can obtain the reading permission of the access requesting area by inputting the verification key. The access area is not directly opened to the authorized user, and the user can only obtain the verification key through the receiving terminal which is set in the system in a correlated manner, so that the condition that other people steal the identity information of the user to steal the files in the confidential area is avoided. Therefore, the technical scheme of the invention is provided with layer-by-layer security function, which is beneficial to solving the problem of low security performance of the solid state disk in the prior art.
Drawings
Fig. 1 is a schematic flowchart of a control method for a solid state disk according to a first embodiment of the present invention;
fig. 2 is a flowchart illustrating a control method for a solid state disk according to a second embodiment of the present invention;
fig. 3 is a schematic flowchart of a control method for a solid state disk according to a third embodiment of the present invention;
fig. 4 is a schematic block diagram of a control apparatus of a solid state disk according to an embodiment of the present invention.
The objects, features and advantages of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no specific meaning in itself. Thus, "module", "component" or "unit" may be used mixedly.
Referring to fig. 1, to achieve the above object, a first embodiment of the present invention provides a method for controlling a solid state disk, where the solid state disk is in signal connection with a controller, the controller is further in signal connection with a display interface, a server, and a decryption unit, and the method for controlling the solid state disk includes the following steps:
step S10, obtaining an area division instruction of the solid state disk, dividing the solid state disk into a plurality of access areas with different access authority types according to the area division instruction, and hiding the access areas;
step S20, when detecting that a user initiates an access request to the solid state disk, acquiring user identity information in the access request;
step S30, determining a selectable access area and an unselected access area corresponding to the user identity information, displaying the selectable access area on the display interface, and controlling the unselected access area to continuously keep a hidden state;
step S40, obtaining the access request area selected by the user in the selectable access area;
step S50, judging whether the access request area is a secret-related area;
if not, go to step 60: displaying the files stored in the access request area, and sending user access information to a server, wherein the user access information comprises the user identity information, browsing file information and access time;
if yes, go to step 70: generating decryption request information according to the user identity information and the request access area and sending the decryption request information to a decryption unit;
step S80, determining, by the decryption unit, a current secret level corresponding to the requested access area, and determining whether the user belongs to an authorized user corresponding to the current secret level;
if yes, go to step 90: and generating a verification key and sending the verification key to the setting receiving terminal associated with the user.
In the technical scheme of the invention, each access area of the solid state disk after being divided into the access areas is firstly hidden, and then, according to the identity information of the access user, part or all of the access areas are selectively displayed for the access user, so that the access user can be prevented from viewing the file storage area which does not belong to the viewing range of the access user, and a first layer of security function is achieved; and further, acquiring a request access area selected by the user in the visible access area, judging whether the request access area is a secret-related area, and if so, generating decryption request information according to the user identity information and the request access area and sending the decryption request information to a decryption unit. The decryption calculation process is completed by the independent decryption unit, the calculation amount of the controller is reduced, and the independent decryption unit only processes decryption work items independently, so that the decryption speed is improved, and the access request is responded quickly. And determining the current secret grade corresponding to the access requesting area through the decryption unit, judging whether the user belongs to an authorized user corresponding to the current secret grade, if so, generating a verification key and sending the verification key to a setting receiving terminal associated with the user, so that the user can obtain the reading permission of the access requesting area by inputting the verification key. The access area is not directly opened to the authorized user, and the user can only obtain the verification key through the receiving terminal which is set in the system in a correlated manner, so that the condition that other people steal the identity information of the user to steal the files in the confidential area is avoided. Therefore, the technical scheme of the invention is provided with layer-by-layer security function, which is beneficial to solving the problem of low security performance of the solid state disk in the prior art.
Specifically, the user identity information may be identity card information, fingerprint information, avatar information, employee password information, and the like.
In one embodiment, not all access areas of the solid state disk need to be hidden. For example, at least one access area of the solid state disk may be set as a public area and at least another access area may be set as a hidden area, and the public area may be directly displayed.
When it is detected that a user initiates an access request to the solid state disk, acquiring user identity information in the access request, which may specifically be: when a user selects the storage area of the solid state disk to perform double-click or opening operation, a prompt for providing user identity information pops up on the display interface, and the user identity information is acquired through the input unit. The input unit includes an input keypad and an identity information receiving device (e.g., a fingerprint reader, an identification card sensor, an employee card sensor, or a camera).
And determining a selectable access area and an unselected access area corresponding to the user identity information according to the received user identity information through a controller, displaying the selectable access area on the display interface, and controlling the unselected access area to continuously keep a hidden state.
Referring to fig. 2, based on the first embodiment of the method for controlling a solid state disk of the present invention, and the second embodiment of the method for controlling a solid state disk of the present invention, after the step S90, the method further includes:
step S100, obtaining the verification information input by the user through the input unit through the decryption unit, and judging whether the verification passes according to whether the verification information is a verification key;
when the verification is passed, step S110 is executed to determine whether the first key is acquired;
if not, go to step S120: sending a prompt for inputting a first key on the display interface;
step S130, decrypting, by the decryption unit, the requested access area according to the acquired first key and the authentication key.
The decryption unit may be a separate data processing unit, and in a specific embodiment, after acquiring the verification key from the setting receiving terminal, the user inputs the verification key and then passes the verification. Then, the first key privately held by the user needs to be further combined to realize the decryption of the requested access area. The verification key is sent to the set receiving terminal from the server through the network, and the first key is not transmitted through the network, so that the first key can be prevented from being intercepted maliciously, and the data security performance of the solid state disk is improved. Further, the user may be prompted to enter the first key after the user is authenticated by the authentication key. In order to improve the decryption efficiency, when the user identity information in the access request is obtained, the user may be prompted to input the first key through the input unit, and the first key is used as the user identity information, at this time, in step S110, when the authentication is passed, it may be directly determined that the first key is obtained.
Referring to fig. 3, based on the second embodiment of the method for controlling a solid state disk of the present invention, in a third embodiment of the method for controlling a solid state disk of the present invention, the step S90 includes:
step S901, generating a verification key in the server according to a set password generation rule;
step S902, obtaining a first key corresponding to the user identity information stored in the server;
step S903, encrypting the verification key according to the preset first key to generate a cipher text;
step S904, sending the password ciphertext to a setting receiving terminal associated with the user.
In this embodiment, the setting of the password generation rule may be: randomly extracting a password length value from a set password length value set, determining the password length value, and extracting any password element in the password value set for each password position in the password length from the set password value set to be used as the password value of the password position so as to combine into an authentication key.
The verification key is encrypted through the first key, so that even if the cipher ciphertext is intercepted, other people cannot know the first key to decrypt the verification key because the first key is owned by the user and is not transmitted on the network. And the data security performance is further improved.
Based on the third embodiment of the method for controlling a solid state disk of the present invention, in a fourth embodiment of the method for controlling a solid state disk of the present invention, the step S100 includes:
step S101, providing a first receiving window for a user, and acquiring first verification information input to the first receiving window by the user through the input unit;
step S102, when the verification information is the first key, providing a second receiving window for the user, and acquiring second verification information input to the second receiving window by the user through the input unit;
step S103, when the second verification information is the password ciphertext, decrypting the password ciphertext through the decryption unit to obtain a verification key, and sending the verification key to a user;
step S104, providing a third receiving window for the user, and acquiring third verification data input to the second receiving window by the user through the input unit;
step S105, determining whether the third verification data is the verification key, and determining whether the third verification data passes the verification.
The present embodiment provides a decryption method for the encryption method of the third embodiment. Specifically, in this embodiment, each receiving window is displayed on the display interface. After the user inputs the first key to the first receiving window, the user is indicated to have the decryption authority for the verification key encrypted by the first key, so that after the user inputs the password ciphertext to the second receiving window, the decryption unit directly decrypts the password ciphertext by using the first key. The authentication key is then sent to the user. The authentication key may be sent to the user in a predetermined manner. For example, the message is sent to a private mobile phone terminal of the user, a mailbox or directly displayed on a display interface.
When the user inputs the authentication key to the third receiving window, the authentication process is passed.
Based on the third embodiment of the method for controlling a solid state disk of the present invention, in a fifth embodiment of the method for controlling a solid state disk of the present invention, the step S903 includes:
step S905, judging whether the current confidentiality grade corresponding to the access request area exceeds a preset confidentiality grade or not;
if yes, go to step S906: acquiring a truncation position number of the verification key;
step S907, truncating the verification key according to the truncation position number to generate each verification key segment;
step S908, encrypting each verification key segment according to a preset first key, and generating a plurality of cipher segment ciphertexts named according to segment sequence numbers;
the step S904 includes:
step S909, sending each of the cipher-segment ciphertexts to a plurality of associated setting receiving terminals of the user.
In this embodiment, in order to further improve the security performance, when the current secret level exceeds the preset level, the verification key generated in the foregoing manner is truncated, and the truncated password fragments are respectively encrypted by using the first key and then respectively sent to the associated plurality of set receiving terminals. Each receiving terminal is equivalent to one key, and all keys can be decrypted when being collected.
Specifically, in step S906, according to the password length value, a value is randomly taken from a data range determined by a preset minimum truncation position number and the password length value to determine the truncation position number.
For example, when the password length value is 6 and the minimum truncation position number is 1, the truncation position number may be any integer from 1 to 5. When the authentication key is ABCDEF and the truncation position number is 3, the truncated authentication key segment 1 is ABC and the authentication key segment 2 is DEF.
The number of the cutoff positions is not limited to one, and may be two or more. When the verification key is ABCDEF, and the truncation position numbers are 2 and 4, the truncated verification key segment 1 is AB, the verification key segment 2 is CD, and the verification key segment 3 is EF.
In one embodiment, the cipher fragment ciphertexts named according to the fragment sequence numbers may be named in any manner that the names include the fragment sequence numbers. Further, the name of each cipher segment ciphertext can be determined according to the segment sequence number and the total number of the segments. For example, the name: the first of the two cryptographic segments.
Based on the fifth embodiment of the method for controlling a solid state disk of the present invention, in the sixth embodiment of the method for controlling a solid state disk of the present invention, the step S100 includes:
step S106, providing a first receiving window for a user, and acquiring first verification information input to the first receiving window by the user through the input unit;
step S107, when the verification information is the first key, providing a second receiving window for the user, and acquiring a data sequence formed by a plurality of data segments input to the second receiving window by the user according to the input sequence through the input unit;
step S108, judging whether the data sequence is a cipher segment ciphertext formed by splicing the segment serial numbers or not;
if yes, executing step S109, decrypting all the cipher segment ciphertexts spliced according to the segment sequence numbers by the decryption unit to obtain a verification key, and sending the verification key to the user;
step S110, providing a third receiving window for a user, and acquiring third verification data input to the second receiving window by the user through the input unit;
step S111, determining whether the third verification data is the verification key, and determining whether the third verification data passes the verification.
This embodiment provides a decryption method for the encryption method of the fifth embodiment. Specifically, in this embodiment, each receiving window is displayed on the display interface. After the user inputs the first key to the first receiving window, the user is indicated to have decryption authority over each cipher segment ciphertext encrypted by the first key, therefore, after the user inputs each cipher segment ciphertext to the second receiving window according to the segment sequence, the decryption unit directly decrypts each cipher segment ciphertext by using the first key, and a complete verification key is obtained. The authentication key is then sent to the user. The authentication key may be sent to the user in a predetermined manner. For example, the message is sent to a private mobile phone terminal of the user, a mailbox or directly displayed on a display interface.
When the user inputs the authentication key to the third receiving window, the authentication process is passed.
Based on the second to sixth embodiments of the method for controlling a solid state disk of the present invention, in a seventh embodiment of the method for controlling a solid state disk of the present invention, the verification key and the first key are generated as follows:
step S911, acquiring first data and second data according to a preset rule, wherein the first data and the second data are prime numbers respectively;
step S912, calculating a product of the first data and the second data;
step S913, determining a first difference between the first data and 1, and determining a second difference between the second data and 1;
step S914, determining an upper limit value of the verification key according to the first difference and the second difference;
step S915, acquiring a set lower limit value and a verification key value-taking rule of the verification key, and determining the verification key according to the upper limit value, the lower limit value and the value-taking rule;
step S916, determining the first key according to the verification key and the upper limit value of the verification key.
The embodiment provides a generation mode of the verification key and the first key. Wherein the lower limit value is set to 1.
Wherein the upper limit value of the verification key is determined by a product of the first difference and the second difference.
Based on the first embodiment to the seventh embodiment of the method for controlling a solid state disk of the present invention, in the eighth embodiment of the method for controlling a solid state disk of the present invention, after the step S80, the method includes:
if not, go to step S140: sending the decryption request information to a preset authority auditor;
step S150, obtaining the auditing result of the authority auditor;
step S160, when the audit result is authorized access, executing step S90;
step S170, when the verification result is access denial, sending an access denial prompt to the user, and hiding the access request area.
Further, if the user does not belong to the authorized user corresponding to the current confidentiality level, the decryption request may be forwarded to manual processing, and the result of the verification may be determined manually.
When the verification result is authorized access, the step of generating the verification key and sending the verification key to the setting receiving terminal associated with the user is executed, and the subsequent steps can be executed by the related embodiments.
And when the auditing result is that access is denied, an access denial prompt is sent to the user, and the access request area is hidden, so that the user can not start a subsequent decryption prompt window through double-click or opening operation, and can not continue to initiate decryption on the hidden access area.
Based on the first embodiment to the eighth embodiment of the method for controlling a solid state disk of the present invention, in a ninth embodiment of the method for controlling a solid state disk of the present invention, the method for controlling a solid state disk further includes:
step S180, when it is detected that the decryption operation sent by the user to the access area without the access authority exceeds the preset times, uploading the local file stored in the access area to the server, and deleting the local file stored in the access area.
The local file stored in the access area is uploaded to the server, and the local file stored in the access area is deleted, so that the situation that other people can successfully decrypt from the local and steal file information under the unauthorized condition can be prevented.
In addition, to achieve the above object, the present invention further provides a control apparatus for a solid state disk, including: a memory, a controller, and a computer program stored on the memory and executable on the controller; the controller is respectively in signal connection with the input unit, the solid state disk, the display interface, the server and the decryption unit; the computer program, when executed by the controller, implements the steps of the method for controlling a solid state disk according to any one of the above.
Since the technical solution of the control apparatus for a solid state disk in this embodiment at least includes all the technical solutions of the above embodiments of the control method for a solid state disk, at least all the technical effects of the above embodiments are achieved, and details are not repeated here.
Referring to fig. 4, in some embodiments, the control device of the solid state disk may include: a controller 1001, a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002, and a network share module 1006. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the front end acquires data through the user interface 1003. The network interface 1004 comprises a standard wired interface and may optionally comprise a standard wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a storage device separate from the controller 1001 described above.
Those skilled in the art will appreciate that the control device architecture of the solid state disk shown in fig. 4 does not constitute a limitation of the control device of the solid state disk, and may include more or fewer components than those shown, or combine certain components, or a different arrangement of components.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a computer-readable storage medium (such as ROM/RAM, magnetic disk, optical disk) as described above, and includes several instructions for causing a control device apparatus of a solid state disk to enter the method according to the embodiments of the present invention.
In the description herein, references to the description of the term "one embodiment," "another embodiment," or "first through xth embodiments," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, method steps, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (8)
1. A control method of a solid state disk is characterized in that the solid state disk is in signal connection with a controller, the controller is also in signal connection with an input unit, a display interface, a server and a decryption unit respectively, and the control method of the solid state disk comprises the following steps:
acquiring a region division instruction of the solid state disk, dividing the solid state disk into a plurality of access regions with different access authority types according to the region division instruction, and hiding the access regions;
when detecting that a user initiates an access request to the solid state disk, acquiring user identity information in the access request;
determining a selectable access area and an unselected access area corresponding to the user identity information, displaying the selectable access area on the display interface, and controlling the unselected access area to continuously keep a hidden state;
acquiring a request access area selected by a user in the selectable access area;
judging whether the access request area is a secret-involved area;
if not, displaying the file stored in the access request area, and sending user access information to a server, wherein the user access information comprises the user identity information, browsing file information and access time;
if so, generating decryption request information according to the user identity information and the access request area and sending the decryption request information to a decryption unit;
determining the current secret grade corresponding to the access request area through the decryption unit, and judging whether the user belongs to an authorized user corresponding to the current secret grade;
if yes, generating a verification key and sending the verification key to a setting receiving terminal associated with the user, wherein the verification key comprises the following steps: generating a verification key at the server according to a set password generation rule; acquiring a first secret key corresponding to the user identity information stored in the server; encrypting the verification key according to a preset first key to generate a cipher ciphertext; sending the password ciphertext to a set receiving terminal associated with the user;
after the step of generating the verification key and sending the verification key to the setting receiving terminal associated with the user, the method further includes:
acquiring verification information input by a user through the input unit through the decryption unit, and judging whether the verification passes according to whether the verification information is a verification key;
when the verification is passed, judging whether a first secret key is acquired;
if not, sending a prompt for inputting the first key on the display interface;
and decrypting the access request area through the decryption unit according to the acquired first key and the acquired verification key.
2. The method for controlling the solid state disk according to claim 1, wherein the step of obtaining the verification information input by the user through the input unit through the decryption unit and determining whether the verification passes according to whether the verification information is a verification key comprises:
providing a first receiving window for a user, and acquiring first verification information input to the first receiving window by the user through the input unit;
when the verification information is the first key, providing a second receiving window for the user, and acquiring second verification information input to the second receiving window by the user through the input unit;
when the second verification information is the password ciphertext, decrypting the password ciphertext through the decryption unit to obtain a verification key, and sending the verification key to a user;
providing a third receiving window for the user, and acquiring third verification data input to the second receiving window by the user through the input unit;
and determining whether the third verification data is the verification key or not.
3. The method for controlling the solid state disk according to claim 1, wherein the step of encrypting the verification key according to the preset first key to generate a cipher text comprises:
judging whether the current confidentiality grade corresponding to the access request area exceeds a preset confidentiality grade or not;
if yes, acquiring a truncation position number of the verification key;
truncating the verification key according to the truncation position number to generate each verification key segment;
encrypting each verification key segment according to a preset first key to generate a plurality of cipher segment ciphertexts named according to segment sequence numbers;
the step of sending the cipher text to a set receiving terminal associated with the user includes:
and sending each cipher fragment cipher text to a plurality of associated setting receiving terminals of the user.
4. The method for controlling the solid state disk according to claim 3, wherein the step of obtaining the authentication information input by the user and determining whether the authentication passes according to whether the authentication information is an authentication key comprises:
providing a first receiving window for a user, and acquiring first verification information input to the first receiving window by the user through the input unit;
when the verification information is the first key, providing a second receiving window for the user, and acquiring a data sequence formed by a plurality of data segments input to the second receiving window by the user according to the input sequence through the input unit;
judging whether the data sequence is a cipher segment ciphertext formed by splicing all the cipher segments according to the segment sequence numbers;
if so, decrypting all the cipher segment ciphertexts spliced according to the segment serial numbers through the decryption unit to obtain a verification key, and sending the verification key to a user;
providing a third receiving window for the user, and acquiring third verification data input to the second receiving window by the user through the input unit;
and determining whether the third verification data is the verification key or not.
5. The method for controlling the solid state disk according to any one of claims 1 to 4, wherein the authentication key and the first key are generated by:
acquiring first data and second data according to a preset rule, wherein the first data and the second data are prime numbers respectively;
calculating a product of the first data and the second data;
determining a first difference of the first data from 1 and determining a second difference of the second data from 1;
determining an upper limit value of the verification key according to the first difference value and the second difference value;
acquiring a set lower limit value and a verification key value-taking rule of the verification key, and determining the verification key according to the upper limit value, the lower limit value and the value-taking rule;
and determining the first key according to the verification key and the upper limit value of the verification key.
6. The method for controlling a solid state disk according to any one of claims 1 to 4, wherein after the step of determining, by the decryption unit, a current confidentiality rating corresponding to the requested access area and determining whether the user belongs to an authorized user corresponding to the current confidentiality rating, the method further comprises:
if not, sending the decryption request information to a preset authority auditor;
obtaining an auditing result of the authority auditor;
when the verification result is authorized access, executing the step of generating the verification key and sending the verification key to a set receiving terminal associated with the user;
and when the auditing result is that the access is denied, sending an access denial prompt to the user and hiding the access request area.
7. The method for controlling the solid state disk according to any one of claims 1 to 4, further comprising:
when detecting that the decryption operation sent by a user to an access area without access authority exceeds a preset number of times, uploading a local file stored in the access area to the server, and deleting the local file stored in the access area.
8. A control device of a solid state disk is characterized by comprising: a memory, a controller, and a computer program stored on the memory and executable on the controller; the controller is respectively in signal connection with the input unit, the solid state disk, the display interface, the server and the decryption unit; the computer program, when executed by the controller, implements the steps of the method of controlling a solid state disk of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911065696.5A CN111079170B (en) | 2019-11-04 | 2019-11-04 | Control method and control device of solid state disk |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911065696.5A CN111079170B (en) | 2019-11-04 | 2019-11-04 | Control method and control device of solid state disk |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111079170A CN111079170A (en) | 2020-04-28 |
| CN111079170B true CN111079170B (en) | 2021-11-23 |
Family
ID=70310757
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911065696.5A Active CN111079170B (en) | 2019-11-04 | 2019-11-04 | Control method and control device of solid state disk |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111079170B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111539034B (en) * | 2020-06-21 | 2020-10-23 | 深圳市安信达存储技术有限公司 | Solid state disk dual-protocol encryption method and device and solid state disk encryption chip |
| CN112836221B (en) * | 2021-01-13 | 2024-02-06 | 深圳安捷丽新技术有限公司 | Multi-security-level partition portable solid state disk and design method thereof |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008033892A2 (en) * | 2006-09-12 | 2008-03-20 | Kiosk Information Systems, Inc. | Age verification system for self-service content access terminal |
| CN101441604A (en) * | 2008-12-12 | 2009-05-27 | 成都市华为赛门铁克科技有限公司 | Solid hard disk and access protection method of the same |
| CN101788959A (en) * | 2010-02-03 | 2010-07-28 | 武汉固捷联讯科技有限公司 | Solid state hard disk secure encryption system |
| CN102236766A (en) * | 2011-05-10 | 2011-11-09 | 桂林电子科技大学 | Security data item level database encryption system |
| CN103109510A (en) * | 2012-10-16 | 2013-05-15 | 华为技术有限公司 | Resource safety access method and device |
| CN103558994A (en) * | 2013-09-29 | 2014-02-05 | 记忆科技(深圳)有限公司 | Method for encrypting solid state disk partitions and solid state disk |
| CN103701611A (en) * | 2013-12-30 | 2014-04-02 | 天地融科技股份有限公司 | Method for accessing and uploading data in data storage system |
| CN106503994A (en) * | 2016-11-02 | 2017-03-15 | 西安电子科技大学 | Block chain private data access control method based on encryption attribute |
| CN107222483A (en) * | 2017-06-07 | 2017-09-29 | 中山大学 | A kind of method of the electronic document network memory management of many access levels |
| CN109521965A (en) * | 2018-11-15 | 2019-03-26 | 苏州韦科韬信息技术有限公司 | A kind of method of solid state hard disk encrypted partition |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2008299852B2 (en) * | 2007-09-14 | 2014-04-03 | Security First Corp. | Systems and methods for managing cryptographic keys |
| US20150086018A1 (en) * | 2013-09-23 | 2015-03-26 | Venafi, Inc. | Centralized key discovery and management |
-
2019
- 2019-11-04 CN CN201911065696.5A patent/CN111079170B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008033892A2 (en) * | 2006-09-12 | 2008-03-20 | Kiosk Information Systems, Inc. | Age verification system for self-service content access terminal |
| CN101441604A (en) * | 2008-12-12 | 2009-05-27 | 成都市华为赛门铁克科技有限公司 | Solid hard disk and access protection method of the same |
| CN101788959A (en) * | 2010-02-03 | 2010-07-28 | 武汉固捷联讯科技有限公司 | Solid state hard disk secure encryption system |
| CN102236766A (en) * | 2011-05-10 | 2011-11-09 | 桂林电子科技大学 | Security data item level database encryption system |
| CN103109510A (en) * | 2012-10-16 | 2013-05-15 | 华为技术有限公司 | Resource safety access method and device |
| CN103558994A (en) * | 2013-09-29 | 2014-02-05 | 记忆科技(深圳)有限公司 | Method for encrypting solid state disk partitions and solid state disk |
| CN103701611A (en) * | 2013-12-30 | 2014-04-02 | 天地融科技股份有限公司 | Method for accessing and uploading data in data storage system |
| CN106503994A (en) * | 2016-11-02 | 2017-03-15 | 西安电子科技大学 | Block chain private data access control method based on encryption attribute |
| CN107222483A (en) * | 2017-06-07 | 2017-09-29 | 中山大学 | A kind of method of the electronic document network memory management of many access levels |
| CN109521965A (en) * | 2018-11-15 | 2019-03-26 | 苏州韦科韬信息技术有限公司 | A kind of method of solid state hard disk encrypted partition |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111079170A (en) | 2020-04-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9166971B1 (en) | Authentication using an external device | |
| CN1939028B (en) | Accessing protected data on network storage from multiple devices | |
| EP2442601B1 (en) | Method and system for automatically logging in client | |
| US9729540B2 (en) | System and method for user authentication | |
| JP4597784B2 (en) | Data processing device | |
| CN104662870A (en) | Data security management system | |
| US20080098214A1 (en) | Encryption/decryption method, method for safe data transfer across a network, computer program products and computer readable media | |
| CN110677382A (en) | Data security processing method, device, computer system and storage medium | |
| US20220158829A1 (en) | Computer system, device, and method for securing sensitive data in the cloud | |
| CN111143474B (en) | One-key binding changing method for mobile phone number based on block chain technology | |
| CN111079170B (en) | Control method and control device of solid state disk | |
| CN101833625A (en) | File and folder safety protection method based on dynamic password and system thereof | |
| CN101296349A (en) | Video file enciphering/deciphering system and method | |
| JP2020524864A (en) | Controlling access to data | |
| CN109075972B (en) | System and method for password anti-theft authentication and encryption | |
| US7587051B2 (en) | System and method for securing information, including a system and method for setting up a correspondent pairing | |
| CN105022965A (en) | Data encryption method and apparatus | |
| CN116204903A (en) | Financial data security management method and device, electronic equipment and storage medium | |
| CN110830252B (en) | Data encryption method, device, equipment and storage medium | |
| CN114079568B (en) | Information transmission encryption protection method and implementation system thereof | |
| CN101009878A (en) | Data secrecy system and method | |
| KR101624394B1 (en) | Device for authenticating password and operating method thereof | |
| JP4338185B2 (en) | How to encrypt / decrypt files | |
| JP4813278B2 (en) | TERMINAL DEVICE, HISTORY SERVICE USING METHOD, HISTORY SERVICE USING PROGRAM, SERVER DEVICE, AND HISTORY SERVICE PROVIDING SYSTEM | |
| CN110263553B (en) | Database access control method and device based on public key verification and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |