CN111758243A - Mobile storage device, storage system and storage method - Google Patents
Mobile storage device, storage system and storage method Download PDFInfo
- Publication number
- CN111758243A CN111758243A CN201980014556.7A CN201980014556A CN111758243A CN 111758243 A CN111758243 A CN 111758243A CN 201980014556 A CN201980014556 A CN 201980014556A CN 111758243 A CN111758243 A CN 111758243A
- Authority
- CN
- China
- Prior art keywords
- security
- storage device
- mobile storage
- key
- mobile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000004891 communication Methods 0.000 claims abstract description 46
- 238000012795 verification Methods 0.000 claims description 11
- 239000000126 substance Substances 0.000 claims description 2
- 238000009434 installation Methods 0.000 abstract description 5
- 230000010354 integration Effects 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 5
- 238000004590 computer program Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 2
- 230000001737 promoting effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 210000004556 brain Anatomy 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000004984 smart glass Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 210000003462 vein Anatomy 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
Abstract
The embodiment of the application provides a mobile storage device, a storage system and a storage method, wherein a security key input interface is arranged on an external security device, so that the installation of specific software on a host device or the integration of a security key input device on the mobile storage device is avoided, the universality of a security function in the mobile storage device is improved, and the size of the mobile storage device is reduced. The mobile storage device includes: a security module, a wireless communication module, a control module, and a storage medium; the control module is configured to receive, by the wireless communication module, a security key sent by a security device, control the security module to store the security key, and control the mobile storage device to send a first instruction to a host device, where the security key is used to access data in the storage medium, and the first instruction indicates that the mobile storage device can mount to a file system of the host device.
Description
Technical Field
The embodiment of the application relates to the field of storage, and more particularly relates to a mobile storage device, a storage system and a storage method.
Background
As a common external storage device, a mobile memory has been widely used in various fields to realize data storage function. In order to realize data security, the mobile memory can encrypt data in the following mode A and mode B. In the method a, after the mobile storage is connected to a host (such as a computer), specific software is installed on the host and is run, and a user can access data on the mobile storage after inputting a password through the specific software, however, in some working environments, it is not allowed to install other software on the host at will. In the mode B, the fingerprint sensor or the keyboard is integrated on the mobile memory, and after the mobile memory is connected to the host, the user can only access the data on the mobile memory from the host by inputting the correct fingerprint or password on the mobile memory.
Disclosure of Invention
The embodiment of the application provides a mobile storage device, a storage system and a storage method, wherein a security key input interface is arranged on an external security device (such as a personal intelligent terminal), so that the installation of specific software on a host device or the integration of a security key input device on the mobile storage device is avoided, the universality of a security function in the mobile storage device is improved, and the volume of the mobile storage device is reduced.
In a first aspect, a mobile storage device is provided, including:
a security module, a wireless communication module, a control module, and a storage medium; wherein the content of the first and second substances,
the control module is used for receiving a security key sent by a security device through the wireless communication module, controlling the security module to store the security key, and controlling the mobile storage device to send a first instruction to a host device, wherein the security key is used for accessing data in the storage medium, and the first instruction indicates that the mobile storage device can mount to a file system of the host device.
In a possible implementation manner, the control module is further configured to receive, by the wireless communication module, a first key sent by the security device, verify the first key according to the security key, and determine whether to send the first instruction to the host device according to a verification result.
In one possible implementation, in case the first key check is successful,
the control module is further configured to receive, through the wireless communication module, a second key sent by the security device, and control the security module to update the security key to the second key.
In one possible implementation, after the mobile storage device is mounted to the file system of the host device,
the control module is used for controlling the security module to encrypt the data written into the storage medium by the host device according to the security key, and controlling the security module to decrypt the data read from the storage medium by the host device according to the security key.
In one possible implementation, the storage medium is configured to store data encrypted based on the security key.
In one possible implementation, the control module is further configured to decrypt a key received from the secure device according to a session key.
In one possible implementation, the session key is determined based on a wireless communication protocol between the mobile storage device and the security device.
In a possible implementation manner, the wireless communication module is further configured to broadcast device information of the mobile storage device after the mobile storage device is powered on, so as to establish a wireless communication connection with the security device.
In one possible implementation, the mobile storage device communicates with the host device through a wired interface.
In one possible implementation, the security key is a biometric.
In a possible implementation manner, the mobile storage device is a usb disk or a mobile hard disk.
In one possible implementation, the security device includes at least one of:
wearable equipment, mobile terminal equipment.
In a second aspect, there is provided a storage system comprising:
a security device; and
the mobile storage device of the first aspect or any possible implementation manner of the first aspect.
In a third aspect, a storage system is provided, including:
a host device and a security device; and
the mobile storage device of the first aspect or any possible implementation manner of the first aspect.
In a fourth aspect, a storage method is provided, which is applied to a storage system including a mobile storage device, a host device, and a security device, where the mobile storage device and the security device communicate with each other in a wireless manner, and the method includes:
the mobile storage device receives a security key sent by the security device and stores the security key, wherein the security key is used for accessing data stored in the mobile storage device;
the mobile storage device sends a first instruction to the host device, wherein the first instruction is used for indicating that the mobile storage device can mount to a file system of the host device.
In one possible implementation, the method further includes:
the mobile storage device receives a first secret key sent by the security device;
and the mobile storage equipment verifies the first key according to the security key and determines whether to send the first instruction to the host equipment according to a verification result.
In a possible implementation manner, in a case that the first key verification is successful, the method further includes:
the mobile storage device receives a second secret key sent by the security device;
and the mobile storage equipment updates the security key into the second key.
In one possible implementation, after the mount of the mobile storage device to the file system of the host device, the method further includes:
and the mobile storage equipment encrypts data written in by the host equipment according to the security key and decrypts the data read out by the host equipment according to the security key.
In one possible implementation, the method further includes:
the mobile storage device decrypts the key received from the secure device according to the session key.
In one possible implementation, the session key is determined based on a wireless communication protocol between the mobile storage device and the security device.
In one possible implementation, the method further includes:
the mobile storage device broadcasts the device information of the mobile storage device after being powered on so as to establish wireless communication connection with the safety device.
In one possible implementation, the mobile storage device communicates with the host device through a wired interface.
In one possible implementation, the security key is a biometric.
In a possible implementation manner, the mobile storage device is a usb disk or a mobile hard disk.
In one possible implementation, the security device includes at least one of:
wearable equipment, mobile terminal equipment.
In a fifth aspect, a computer-readable medium is provided for storing a computer program comprising instructions for performing the storage method of the fourth aspect and any possible implementation manner thereof.
A sixth aspect provides a computer program product comprising instructions which, when executed by a computer, cause the computer to perform the storage method of the fourth aspect and any possible implementation thereof.
Based on the technical scheme, the mobile storage device can receive the security key from the security device in a wireless communication mode, so that the data in the mobile storage device can be encrypted and decrypted based on the security key. The security key input interface is arranged on the external security equipment, so that the installation of specific software for inputting the security key on the host equipment is avoided, and the integration of a security key input device on the mobile storage equipment is also avoided, thereby improving the universality of the security function in the mobile storage equipment and reducing the volume of the mobile storage equipment.
Drawings
Fig. 1 is a schematic structural diagram of a mobile storage device according to an embodiment of the present application.
FIG. 2 is a schematic diagram of a storage system of an embodiment of the present application.
Fig. 3 is a schematic diagram of communication between a mobile storage device and a master device and a security device according to an embodiment of the present application.
Fig. 4 is a schematic block diagram of a memory system according to an embodiment of the present application.
Fig. 5 is a schematic flow chart of a storage method according to an embodiment of the present application.
Detailed Description
The technical solution in the present application will be described below with reference to the accompanying drawings.
It should be noted that, for convenience of description, like reference numerals denote like parts in the embodiments of the present application, and detailed description of the like parts is omitted in different embodiments for the sake of brevity.
Fig. 1 is a schematic structural diagram of a mobile storage device 100 according to an embodiment of the present application. As shown in fig. 1, the mobile storage device 100 includes a security module 110, a wireless communication module 120, a control module 130, and a storage medium 140.
In the embodiment of the present application, as shown in fig. 2, the mobile storage device 100, the master device 200, and the security device 300 may form a storage system.
Specifically, the control module 130 is configured to receive a security key sent by the security device 300 through the wireless communication module 120, control the security module 110 to store the security key, and control the mobile storage device 100 to send a first instruction to the host device 200, where the security key is used to access data in the storage medium 140, and the first instruction is used to indicate that the mobile storage device 100 can mount to a file system of the host device 200.
In the embodiment of the application, the mobile storage device acquires the security key from the security device in a wireless communication mode, that is, the input interface of the security key is arranged on the security device, so that the installation of specific software for inputting the security key on the host device is avoided, and the integration of a security key input device on the mobile storage device is also avoided, thereby improving the universality of the security function in the mobile storage device and reducing the volume of the mobile storage device. In addition, the safety equipment is used as an external equipment of the mobile storage equipment, portability can be realized, more complete machine design space is provided for the mobile storage equipment, the situation that the complete machine integrity of the mobile storage equipment is damaged due to the fact that the safety key input device is arranged can be avoided, and user experience is improved.
Further, in the embodiment of the present application, the security key is used to access the data in the storage medium 140, that is, the data stored in the storage medium 140 is encrypted based on the security key. Thereby preventing an attacker from stealing valid data directly from the storage medium 140.
It should be noted that the security device 300 has wireless communication capability. That is, the security device 300 also has a communication module similar to the wireless communication module 120. In addition, the mobile storage device 100 can be used with the security device 300 to enable the input of security keys.
Alternatively, the security device 300 may be some device capable of verifying the validity of the user to ensure the security of the security key output by the security device 300. For example, the security device 300 is a mobile phone, and the user needs to first obtain the right to access the mobile phone and then can send the security key to the mobile storage device through the mobile phone.
It should be noted that after the mobile storage device 100 mounts to the file system of the host device 200, the host device 200 may perform read and write operations on the mobile storage device 100, or the host device 200 may access data in the mobile storage device 100.
Optionally, after the host device 200 receives the first instruction, the host device 200 may control or trigger the mobile storage device 100 to mount to the file system of the host device 200.
Alternatively, in the embodiment of the present application, the removable storage device 100 may be a flash memory, a removable hard disk, a floppy disk, a rewritable optical disk, a memory card readable and writable by a card reader, and the like.
For example, the mobile storage device 100 is a usb disk or a removable hard disk.
It should be noted that the mobile storage device 100 in the embodiment of the present application may also be referred to as a mobile memory.
Optionally, in this embodiment of the present application, the security key may be a biometric feature, or may be some other password.
Optionally, the biometric features include, but are not limited to, fingerprints, iris, face, ear, palm print, palm vein, voice, brain wave, and the like.
Optionally, in this embodiment of the application, the control module 130 is further configured to receive, through the wireless communication module 120, a first key sent by the security device 300, verify the first key according to the security key, and determine whether to send the first instruction to the host device 200 according to a verification result.
Specifically, if the first key is the same as the security key, that is, the first key is successfully verified, the control module 130 determines to send the first instruction to the host device 200; if the first key is not the same as the security key, i.e., the first key fails to be verified, the control module 130 determines not to send the first command to the host device 200.
Optionally, if the control module 130 determines to send the first instruction to the host device 200, the control module 130 is further configured to control the mobile storage device 100 to send the first instruction to the host device 200.
It should be noted that the first key and the security key are the same type of key, for example, the first key and the security key are both biometric features.
That is to say, in the embodiment of the present application, if the mobile storage device is used for the first time, the security key input by the user through the security device is stored in the security module built in the mobile storage device; the mobile storage device will then initiate a signal (first instruction) to the host device that can mount to the host device file system. If the mobile storage device is not used for the first time, a key input by a user through the security device is verified with a security key stored in a security module built in the mobile storage device, and if the verification is successful, the mobile storage device initiates a signal (a first instruction) which can be mounted to a file system of the host device to the host device.
Optionally, in this embodiment of the present application, in case the first key verification is successful,
the control module 130 is further configured to receive a second key sent by the security device 300 through the wireless communication module 120, and control the security module 110 to update the security key to the second key.
It should be noted that the second key and the security key may be the same type of key, for example, the second key and the security key are both biometric features; the second key and the security key may also be different types of keys, for example, the security key is a biometric and the second key is a password.
Optionally, in this embodiment of the application, after the mobile storage device 100 is mounted on the file system of the host device 200, the control module 130 is configured to control the security module 110 to encrypt data written by the host device 200 to the storage medium 140 according to the security key, and control the security module 110 to decrypt data read by the host device 200 from the storage medium 140 according to the security key.
Optionally, in this embodiment of the application, the mobile storage device 100 and the security device 300 communicate wirelessly, specifically, the Wireless technology may be 2.4GHz, bluetooth, ZigBee, Wireless-Fidelity (Wi-Fi), 3G, 4G, 5G communication, a Wireless communication technology that is evolved later, or some other Wireless communication technology, which is not limited in this application.
Optionally, in this embodiment of the application, the Control module 130 in the mobile storage device 100 may be a Micro Control Unit (MCU).
Optionally, in this embodiment of the present application, the security module 110 in the mobile storage device 100 may have a certain storage capability, for example, the security module may store a security key. In addition, the security module 110 in the mobile storage device 100 may also have certain processing capabilities, such as the security module 110 encrypting data written by the host device 200 based on the control of the control module 130 and decrypting data read by the host device 200 based on the control of the control module 130.
Optionally, in this embodiment of the present application, the control module 130 is further configured to decrypt the key received from the secure device 300 according to the session key. That is, the secure device 300 may encrypt the key sent to the mobile storage device 100 according to the session key to ensure key security.
It should be noted that the key received from the secure device 300 may be at least one of a secure key, a first key and a second key.
Optionally, the session key is determined based on a wireless communication protocol between the mobile storage device 100 and the secure device 300. In addition, the session key may also be determined or pre-agreed by the mobile storage device 100 and the security device 300.
Optionally, in this embodiment of the present application, the wireless communication module 120 is further configured to broadcast device information of the mobile storage device 100 after the mobile storage device 100 is powered on, so as to establish a wireless communication connection with the secure device 300.
For example, the device information of the mobile storage device 100 is an identifier of the mobile storage device 100.
Optionally, in this embodiment of the present application, the mobile storage device 100 communicates with the host device 200 through a wired interface. Therefore, the communication security and the transmission rate between the mobile storage device 100 and the host device 200 can be ensured, and the user experience is improved.
Optionally, the wired interface is a USB interface.
For example, as shown in fig. 3, the mobile storage device 100 communicates with the host device 200 through a wired interface, and the mobile storage device 100 communicates with the security device 300 through a wireless communication method.
Optionally, the mobile storage device 100 and the host device 200 may communicate with each other through wireless communication. For example, the mobile storage device 100 may transmit the first instruction to the host device 200 through the wireless communication module 120.
The host device 200 in the embodiment of the present application may be a portable or mobile computing device such as a tablet computer, a notebook computer, a desktop computer, a game device, an in-vehicle electronic device, an intelligent appliance, or a wearable intelligent device, and other electronic devices such as an electronic database, an automobile, and an Automated Teller Machine (ATM). In addition, the host device 200 in the embodiment of the present application may be a virtual host, a virtual server, or the like.
Optionally, in this embodiment of the present application, the security device 300 includes at least one of the following:
wearable equipment, mobile terminal equipment.
That is to say, the security device 300 in the embodiment of the present application may be some devices having a wireless communication function, such as a wireless mouse, a wireless keyboard, a wearable smart device, and a mobile terminal device, such as a mobile phone. The security device 300 may be another device having a wireless communication function.
Optionally, the wireless mouse and/or the wireless keyboard may have biometric acquisition functionality.
The wearable smart device has full functions and large size, and can realize complete or partial functions without depending on a smart phone, for example: smart watches or smart glasses and the like, and only focus on a certain type of application function, and need to be used in cooperation with other devices such as smart phones, such as various smart bracelets for physical sign monitoring, smart jewelry and other devices.
In some embodiments, the host device 200 can access the storage medium 140 in the mobile storage device 100 through steps 1 to 5 as follows.
1. A user connects the mobile storage device 100 with the host device 200 through a wired interface, and after the mobile storage device 100 is powered on, the user automatically broadcasts a wireless signal, where the wireless signal carries device information of the mobile storage device 100, for example, an identifier of the mobile storage device 100;
2. after detecting the wireless signal, the secure device 300 establishes a wireless connection with the mobile storage device 100 through the wireless signal, and after a user inputs a security key into the secure device 300, the secure device 300 sends the security key to the mobile storage device 100 through a wireless communication manner;
3. if the mobile storage device 100 is used for the first time, the security key inputted by the user is stored in the security module 110 built in the mobile storage device 100, and then the mobile storage device 100 will initiate a signal to the host device 200 that the file system of the host device 200 can be mounted;
4. if the mobile storage device 100 is not used for the first time, the security key input by the user is verified with the security key in the built-in security module 110 of the mobile storage device 100, and if the verification is successful, the mobile storage device 100 will initiate a signal to the host device 200 that the file system of the host device 200 can be mounted;
5. after the host device 200 mounts the mobile storage device 100 into the file system, the user can access the data in the mobile storage device 100 from the host device 200.
The specific way for the user to access the data in the mobile storage device 100 from the host device 200 may be:
a) unencrypted data written into the mobile storage device 100 by the host device 200 is encrypted by the security module 110 built in the mobile storage device 100 with a security key and then written into the storage medium 140 of the mobile storage device 100;
b) data to be read from the removable storage device 100 by the host device 200 is read from the storage medium 140 by the removable storage device 100, and then decrypted by the built-in security module 110 using the security key to obtain unencrypted data.
Optionally, an embodiment of the present application provides a storage system as shown in fig. 2.
Optionally, an embodiment of the present application further provides a storage system, as shown in fig. 4, where the storage system includes the security device 300 and the mobile storage device 100 shown in fig. 2. That is, the mobile storage device 100 and the security device 300 form a storage system.
Fig. 5 is a schematic flow chart of a storing method 500 of an embodiment of the present application. The storage method 500 is used in a storage system comprising a mobile storage device, a host device, and a security device, the mobile storage device and the security device communicating wirelessly.
As shown in fig. 5, the method 500 includes:
s510, the mobile storage device receives a security key sent by the security device and stores the security key, wherein the security key is used for accessing data stored in the mobile storage device;
s520, the mobile storage device sends a first instruction to the host device, wherein the first instruction is used for indicating that the mobile storage device can mount to a file system of the host device.
Optionally, the method 500 further comprises:
the mobile storage device receives a first secret key sent by the security device;
the mobile storage device verifies the first key according to the security key, and determines whether to send the first instruction to the host device according to a verification result.
Optionally, in a case that the first key verification is successful, the method 500 further includes:
the mobile storage device receives a second secret key sent by the security device;
the mobile storage device updates the security key to the second key.
Optionally, after the mount of the mobile storage device to the file system of the host device, the method 500 further includes:
the mobile storage device encrypts data written by the host device according to the security key, and decrypts data read by the host device according to the security key.
Optionally, the method 500 further comprises:
the mobile storage device decrypts the key received from the secure device based on the session key.
Optionally, the session key is determined based on a wireless communication protocol between the mobile storage device and the security device.
Optionally, the method 500 further comprises:
the mobile storage device broadcasts the device information of the mobile storage device after powering on to establish a wireless communication connection with the security device.
Optionally, the mobile storage device communicates with the host device through a wired interface.
Optionally, the security key is a biometric.
Optionally, the mobile storage device is a usb disk or a removable hard disk.
Optionally, the security device comprises at least one of:
wearable equipment, mobile terminal equipment.
In the embodiment of the application, the mobile storage device may receive the security key from the security device through wireless communication, so as to implement encryption and decryption of data in the mobile storage device based on the security key. The security key input interface is arranged on the external security equipment, so that the installation of specific software for inputting the security key on the host equipment is avoided, and the integration of a security key input device on the mobile storage equipment is also avoided, thereby improving the universality of the security function in the mobile storage equipment and reducing the volume of the mobile storage equipment.
It should be noted that, in the embodiment of the present application, the control module in the mobile storage device may include a Random Access Memory (RAM) for controlling the execution of the program, for example, when the RAM control program is executed, the control module may perform the operations performed by the mobile storage device in the method 500.
It should be understood that the specific examples in the embodiments of the present application are for the purpose of promoting a better understanding of the embodiments of the present application and are not intended to limit the scope of the embodiments of the present application.
It should be understood that, in the embodiments of the present application, "first" and "second" are only for distinguishing different objects, but do not limit the scope of the embodiments of the present application.
It is to be understood that the terminology used in the embodiments of the present application and the appended claims is for the purpose of describing particular embodiments only and is not intended to be limiting of the embodiments of the present application. For example, as used in the examples of this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be understood that the control module in the mobile storage device of the embodiment of the present application may be an integrated circuit chip having signal processing capability. In implementation, the steps of the above method embodiments may be implemented by integrated logic circuits of hardware in the control module or instructions in the form of software. The control module may be a general-purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is positioned in the mobile storage device, and the control module reads the information in the storage medium and completes the steps of the method by combining the hardware.
It is understood that the removable storage device of the embodiment of the present application may be a non-volatile Memory, and the non-volatile Memory may be a Read-Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), or a flash Memory. It should be noted that the mobile storage devices of the systems and methods described herein are intended to comprise, without being limited to, these and any other suitable types of memory.
Embodiments of the present application also provide a computer-readable storage medium storing one or more programs, the one or more programs including instructions, which when executed by a portable electronic device including a plurality of application programs, enable the portable electronic device to perform the contents of the method embodiments.
Embodiments of the present application also provide a computer program, which includes instructions that, when executed by a computer, enable the computer to execute the contents of the method embodiments.
The embodiment of the present application further provides a chip, where the chip includes an input/output interface, at least one processor, at least one memory, and a bus, where the at least one memory is used to store instructions, and the at least one processor is used to call the instructions in the at least one memory to execute the contents of the method embodiment.
It should be noted that, without conflict, the embodiments and/or technical features in the embodiments described in the present application may be arbitrarily combined with each other, and the technical solutions obtained after the combination also fall within the protection scope of the present application.
It should be understood that the specific examples in the embodiments of the present application are for the purpose of promoting a better understanding of the embodiments of the present application, and are not intended to limit the scope of the embodiments of the present application, and that various modifications and variations can be made by those skilled in the art based on the above embodiments and fall within the scope of the present application.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (25)
1. A mobile storage device, comprising:
a security module, a wireless communication module, a control module, and a storage medium; wherein the content of the first and second substances,
the control module is used for receiving a security key sent by a security device through the wireless communication module, controlling the security module to store the security key, and controlling the mobile storage device to send a first instruction to a host device, wherein the security key is used for accessing data in the storage medium, and the first instruction indicates that the mobile storage device can mount to a file system of the host device.
2. The mobile storage device of claim 1,
the control module is further configured to receive, through the wireless communication module, a first key sent by the security device, verify the first key according to the security key, and determine whether to send the first instruction to the host device according to a verification result.
3. The mobile storage device of claim 2, wherein, in the event that the first key check is successful,
the control module is further configured to receive, through the wireless communication module, a second key sent by the security device, and control the security module to update the security key to the second key.
4. The mobile storage device of any of claims 1 to 3, wherein, after the mobile storage device is mounted onto the file system of the host device,
the control module is used for controlling the security module to encrypt the data written into the storage medium by the host device according to the security key, and controlling the security module to decrypt the data read from the storage medium by the host device according to the security key.
5. The mobile storage device according to any one of claims 1 to 4, wherein the storage medium is configured to store data after being encrypted based on the security key.
6. The mobile storage device of any of claims 1 to 5, wherein the control module is further configured to decrypt the key received from the secure device according to a session key.
7. The mobile storage device of claim 6, wherein the session key is determined based on a wireless communication protocol between the mobile storage device and the security device.
8. The removable storage device of any one of claims 1 to 7, wherein the wireless communication module is further configured to broadcast device information of the removable storage device after the removable storage device is powered on, so as to establish a wireless communication connection with the secure device.
9. The mobile storage device of any of claims 1 to 8, wherein the mobile storage device communicates with the host device via a wired interface.
10. The mobile storage device of any of claims 1 to 9, wherein the security key is a biometric.
11. The mobile storage device according to any one of claims 1 to 10, wherein the mobile storage device is a usb disk or a removable hard disk.
12. The mobile storage device of any of claims 1 to 11, wherein the security device comprises at least one of:
wearable equipment, mobile terminal equipment.
13. A storage system, comprising:
a security device; and
the mobile storage device of any one of claims 1 to 12.
14. A storage system, comprising:
a host device and a security device; and
the mobile storage device of any one of claims 1 to 12.
15. A storage method applied to a storage system comprising a mobile storage device, a host device and a security device, wherein the mobile storage device and the security device communicate with each other in a wireless manner, the method comprising:
the mobile storage device receives a security key sent by the security device and stores the security key, wherein the security key is used for accessing data stored in the mobile storage device;
the mobile storage device sends a first instruction to the host device, wherein the first instruction is used for indicating that the mobile storage device can mount to a file system of the host device.
16. The method of claim 15, further comprising:
the mobile storage device receives a first secret key sent by the security device;
and the mobile storage equipment verifies the first key according to the security key and determines whether to send the first instruction to the host equipment according to a verification result.
17. The method of claim 16, wherein in case the first key check is successful, the method further comprises:
the mobile storage device receives a second secret key sent by the security device;
and the mobile storage equipment updates the security key into the second key.
18. The method according to any one of claims 15 to 17, wherein after the mount of the mobile storage device onto the file system of the host device, the method further comprises:
and the mobile storage equipment encrypts data written in by the host equipment according to the security key and decrypts the data read out by the host equipment according to the security key.
19. The method according to any one of claims 15 to 18, further comprising:
the mobile storage device decrypts the key received from the secure device according to the session key.
20. The method of claim 19, wherein the session key is determined based on a wireless communication protocol between the mobile storage device and the security device.
21. The method according to any one of claims 15 to 20, further comprising:
the mobile storage device broadcasts the device information of the mobile storage device after being powered on so as to establish wireless communication connection with the safety device.
22. The method of any of claims 15 to 21, wherein the mobile storage device communicates with the host device via a wired interface.
23. The method of any one of claims 15 to 22, wherein the security key is a biometric.
24. The method according to any one of claims 15 to 23, wherein the mobile storage device is a usb disk or a removable hard disk.
25. The method of any one of claims 15 to 24, wherein the security device comprises at least one of:
wearable equipment, mobile terminal equipment.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2019/126391 WO2021120066A1 (en) | 2019-12-18 | 2019-12-18 | Mobile storage device, storage system, and storage method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111758243A true CN111758243A (en) | 2020-10-09 |
Family
ID=72672840
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201980014556.7A Pending CN111758243A (en) | 2019-12-18 | 2019-12-18 | Mobile storage device, storage system and storage method |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN111758243A (en) |
| WO (1) | WO2021120066A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112601219A (en) * | 2021-03-03 | 2021-04-02 | 四川微巨芯科技有限公司 | Data encryption and decryption method and system, server, storage device and mobile device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101140605A (en) * | 2007-10-24 | 2008-03-12 | 北京飞天诚信科技有限公司 | Data safety reading method and safety storage apparatus thereof |
| CN201181472Y (en) * | 2008-02-29 | 2009-01-14 | 北京华大恒泰科技有限责任公司 | Hardware key device and movable memory system |
| CN102292732A (en) * | 2009-01-20 | 2011-12-21 | 微软公司 | Hardware encrypting storage device with physically separable key storage device |
| US20120284772A1 (en) * | 2011-05-02 | 2012-11-08 | Samsung Electronics Co., Ltd. | Data storage device authentication apparatus and data storage device including authentication apparatus connector |
| CN104063333A (en) * | 2013-03-18 | 2014-09-24 | 置富存储科技(深圳)有限公司 | Encrypted storage equipment and encrypted storage method |
| CN108734031A (en) * | 2017-04-10 | 2018-11-02 | 奈奎斯特半导体有限公司 | Secure data storage device with the security function realized in data safety bridge |
| CN110263557A (en) * | 2019-05-31 | 2019-09-20 | 花豹科技有限公司 | Data access control method, storage equipment and computer readable storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2932294B1 (en) * | 2008-06-06 | 2010-08-13 | Oberthur Technologies | METHOD AND DEVICE FOR SECURING PORTABLE ELECTRONIC ENTITY |
| CN103632081A (en) * | 2013-11-15 | 2014-03-12 | 深圳市江波龙电子有限公司 | Encrypted storage device and authentication system and authentication method thereof |
| CN206991357U (en) * | 2017-07-14 | 2018-02-09 | 厦门天锐科技股份有限公司 | A kind of Novel USB flash disk with data encryption feature |
| CN108376224A (en) * | 2018-02-24 | 2018-08-07 | 深圳市大迈科技有限公司 | A kind of movable storage device and its encryption method and device |
-
2019
- 2019-12-18 WO PCT/CN2019/126391 patent/WO2021120066A1/en active Application Filing
- 2019-12-18 CN CN201980014556.7A patent/CN111758243A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101140605A (en) * | 2007-10-24 | 2008-03-12 | 北京飞天诚信科技有限公司 | Data safety reading method and safety storage apparatus thereof |
| CN201181472Y (en) * | 2008-02-29 | 2009-01-14 | 北京华大恒泰科技有限责任公司 | Hardware key device and movable memory system |
| CN102292732A (en) * | 2009-01-20 | 2011-12-21 | 微软公司 | Hardware encrypting storage device with physically separable key storage device |
| US20120284772A1 (en) * | 2011-05-02 | 2012-11-08 | Samsung Electronics Co., Ltd. | Data storage device authentication apparatus and data storage device including authentication apparatus connector |
| CN104063333A (en) * | 2013-03-18 | 2014-09-24 | 置富存储科技(深圳)有限公司 | Encrypted storage equipment and encrypted storage method |
| CN108734031A (en) * | 2017-04-10 | 2018-11-02 | 奈奎斯特半导体有限公司 | Secure data storage device with the security function realized in data safety bridge |
| CN110263557A (en) * | 2019-05-31 | 2019-09-20 | 花豹科技有限公司 | Data access control method, storage equipment and computer readable storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112601219A (en) * | 2021-03-03 | 2021-04-02 | 四川微巨芯科技有限公司 | Data encryption and decryption method and system, server, storage device and mobile device |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021120066A1 (en) | 2021-06-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210350013A1 (en) | Security systems and methods for continuous authorized access to restricted access locations | |
| JP6239788B2 (en) | Fingerprint authentication method, apparatus, intelligent terminal, and computer storage medium | |
| US9262616B2 (en) | Simplified multi-factor authentication | |
| US9301140B1 (en) | Behavioral authentication system using a secure element, a behaviometric server and cryptographic servers to authenticate users | |
| CN108763917B (en) | Data encryption and decryption method and device | |
| CN101984575A (en) | Method and device for protecting mobile terminal software | |
| EP3312759B1 (en) | Secure element (se), a method of operating the se, and an electronic device including the se | |
| CN107766713B (en) | Face template data entry control method and related product | |
| KR102616421B1 (en) | Payment method using biometric authentication and electronic device thereof | |
| JP2017505048A (en) | Electronic signature method, system and apparatus | |
| CN107818253B (en) | Face template data entry control method and related product | |
| CA2686691C (en) | Simplified multi-factor authentication | |
| CN107924516B (en) | Payment authentication method and device of mobile terminal and mobile terminal | |
| CN111758243A (en) | Mobile storage device, storage system and storage method | |
| CN115915131B (en) | Vehicle key bidirectional encryption authentication method and system, vehicle binding device and NFC card | |
| KR102010764B1 (en) | Computer security system and method using authentication function in smart phone | |
| WO2021139703A1 (en) | Method and device for processing payment information, wearable apparatus, and computer readable storage medium | |
| US20200195638A1 (en) | Secure access to encrypted data of a user terminal | |
| CN108990041B (en) | Method and equipment for setting main card and auxiliary card | |
| CN110781472A (en) | Fingerprint data storage and verification method, terminal and storage medium | |
| KR101972492B1 (en) | Method for Operating Multiple One Time Password based on SD Memory | |
| JP2000222289A (en) | Information processor and storage medium storing program to be used for the same | |
| KR101394147B1 (en) | How to use Certificate safely at Mobile Terminal | |
| KR20170010341A (en) | Method for Processing Certification by using Secure Operating System | |
| CN113159785A (en) | Method, device and system for remotely acquiring verification code of bank security authentication tool |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201009 |