CN111783113A - Data access authority control method based on SAS Controller - Google Patents

Data access authority control method based on SAS Controller Download PDF

Info

Publication number
CN111783113A
CN111783113A CN202010570417.7A CN202010570417A CN111783113A CN 111783113 A CN111783113 A CN 111783113A CN 202010570417 A CN202010570417 A CN 202010570417A CN 111783113 A CN111783113 A CN 111783113A
Authority
CN
China
Prior art keywords
sas controller
mcu
sas
authority control
data access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010570417.7A
Other languages
Chinese (zh)
Inventor
卞一名
金长新
刘强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan Inspur Hi Tech Investment and Development Co Ltd
Original Assignee
Jinan Inspur Hi Tech Investment and Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan Inspur Hi Tech Investment and Development Co Ltd filed Critical Jinan Inspur Hi Tech Investment and Development Co Ltd
Priority to CN202010570417.7A priority Critical patent/CN111783113A/en
Publication of CN111783113A publication Critical patent/CN111783113A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/42Bus transfer protocol, e.g. handshake; Synchronisation
    • G06F13/4282Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Abstract

A data access authority control method based on SAS Controller is characterized in that an MCU (micro Controller unit) is used as a core and is connected to an SAS Controller through an I2C bus so as to control a read-write flag bit of an SAS SMP command, an identity recognition device is arranged at an MCU end, after identity recognition and verification pass, a flag position 1 is marked, a flag can be read and written, when verification fails, a flag position 0 is marked, access is forbidden, the method is used for servers and storage products, control of data access authority is realized through control over the read-write flag bit of a bottom SAS Controller, and the method can be well applied to the fields of industrial control, government affairs, judicial law, military industry and the like with higher requirements on data security.

Description

Data access authority control method based on SAS Controller
Technical Field
The invention relates to the technical field of computer security, in particular to a data access authority control method based on an SAS Controller.
Background
With the coming of the information age, data explosion and data security become the concerned technical problem, especially for data storage in the fields of business documents, political data, metallurgy, high-precision production, mechanical modeling and the like, and once the data is stolen by a third party, irreparable loss is brought. Data access authority control is one of necessary functions of data storage, but most of access authority control is still realized on the basis of system level and even third-party software, certain loopholes exist in the authority control of the software level, and in the case of network access, the authority can be easily acquired by IT (information technology) high-level hands and even hacker organizations, so that confidential data of users can be stolen.
Disclosure of Invention
In order to overcome the defects of the technology, the invention provides a data access authority control method based on SAS Controller, which adopts a hardware bottom layer to set data access authority and utilizes off-line authority control.
The technical scheme adopted by the invention for overcoming the technical problems is as follows:
a data access authority control method based on SAS Controller includes the following steps:
a) setting an identity recognition device, wherein the identity recognition device is connected to the MCU and transmits recognized characteristic data to a key setting module in the MCU;
b) the method comprises the following steps that an SAS controller is arranged, each hard disk is connected with the SAS controller through an SAS protocol or an SATA protocol, the SAS controller is connected with a processor, and the MCU is connected with the SAS controller through an I2C bus;
c) the MCU compares the identification features acquired by the key setting module with the features stored in the key verification module in the MCU, if the comparison is not consistent, the step d) is executed, and if the comparison is consistent, the step e) is executed;
d) an authority control module in the MCU controls a Write register and a Read register in the SAS controller to be forcibly set to be 0;
e) and the authority control module in the MCU controls the Write and Read registers in the SAS controller to be set to be 1.
The identity recognition device in the step a) is a fingerprint recognizer, and the fingerprint recognizer is connected with the MCU through a UART communication protocol.
The part identification device in the step a) is a password input key unit, and the password input key unit is connected to the MCU through a UART communication protocol.
The SAS controller in the step b) is connected with the processor through a PCIe bus.
The invention has the beneficial effects that: the method is characterized in that an MCU (micro controller Unit) is taken as a core and is connected to an SAS (serial attached SCSI) controller through an I2C bus, so that a read-write flag bit of an SASSMP command is controlled, an identity recognition device is arranged at an MCU end, after identity recognition and verification pass, a flag bit 1 is marked, a flag can be read and written, when verification fails, a flag bit 0 is marked, access is forbidden, the method is used for servers and storage products, control of data access authority is realized through control over the read-write flag bit of a bottom SAS controller, and the method can be well applied to the fields of industrial control, government affairs, judicial law, military industry and the like with higher requirements.
Drawings
Fig. 1 is a block diagram of a control system of the present invention.
Detailed Description
The invention is further described below with reference to fig. 1.
A data access authority control method based on SAS Controller includes the following steps:
a) and setting an identity recognition device, wherein the identity recognition device is connected to the MCU, and the identity recognition device transmits the recognized characteristic data to a key setting module in the MCU.
b) And the SAS controller is arranged, each hard disk is connected with the SAS controller through an SAS protocol or SATA protocol, the SAS controller is connected with the processor, and the MCU is connected with the SAS controller through an I2C bus.
c) The MCU compares the identification features acquired by the key setting module with the features stored in the key verification module in the MCU, if the comparison is not consistent, the step d) is executed, and if the comparison is consistent, the step e) is executed.
d) And the authority control module in the MCU controls the Write register and the Read register in the SAS controller to be forcibly set with 0. At this time, the processor cannot read and write data from and to the hard disk through the SAS controller.
e) And the authority control module in the MCU controls the Write and Read registers in the SAS controller to be set to be 1. The processor can read and write data to the hard disk through the SAS controller.
The method is characterized in that an MCU (micro controller unit) is taken as a core and is connected to an SAS (serial attached small computer system interface) controller through an I2C bus, so that a read-write flag bit of the SAS SMP command is controlled, an identity recognition device is arranged at an MCU end, after identity recognition and verification pass, a flag bit 1 is marked, identification can be read and written, when verification fails, a flag bit 0 is marked, access is forbidden, the method is used for servers and storage products, control of data access authority is realized through control over the read-write flag bit of a bottom SAS controller, and the method can be well applied to the fields of industrial control, government affairs, judicial law, military industry and the like with.
Example 1:
the identity recognition device in the step a) is a fingerprint recognizer, and the fingerprint recognizer is connected with the MCU through a UART communication protocol. Fingerprint verification is carried out by inputting a fingerprint, so that whether the hard disk is authorized to be read and written can be judged.
Example 2:
the part identification device in the step a) is a password input key unit, and the password input key unit is connected to the MCU through a UART communication protocol. Authentication can be performed by inputting a password, so that whether the hard disk is authorized to be read and written or not can be judged.
Example 3:
the SAS controller in the step b) is connected with the processor through a PCIe bus.

Claims (4)

1. A data access authority control method based on SAS Controller is characterized by comprising the following steps:
a) setting an identity recognition device, wherein the identity recognition device is connected to the MCU and transmits recognized characteristic data to a key setting module in the MCU;
b) the method comprises the following steps that an SAS controller is arranged, each hard disk is connected with the SAS controller through an SAS protocol or an SATA protocol, the SAS controller is connected with a processor, and the MCU is connected with the SAS controller through an I2C bus;
c) the MCU compares the identification features acquired by the key setting module with the features stored in the key verification module in the MCU, if the comparison is not consistent, the step d) is executed, and if the comparison is consistent, the step e) is executed;
d) an authority control module in the MCU controls a Write register and a Read register in the SAS controller to be forcibly set to be 0;
e) and the authority control module in the MCU controls the Write and Read registers in the SAS controller to be set to be 1.
2. The SAS Controller-based data access authority control method of claim 1, wherein: the identity recognition device in the step a) is a fingerprint recognizer, and the fingerprint recognizer is connected with the MCU through a UART communication protocol.
3. The SAS Controller-based data access authority control method of claim 1, wherein: the part identification device in the step a) is a password input key unit, and the password input key unit is connected to the MCU through a UART communication protocol.
4. The SAS Controller-based data access authority control method of claim 1, wherein: the SAS controller in the step b) is connected with the processor through a PCIe bus.
CN202010570417.7A 2020-06-22 2020-06-22 Data access authority control method based on SAS Controller Pending CN111783113A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010570417.7A CN111783113A (en) 2020-06-22 2020-06-22 Data access authority control method based on SAS Controller

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010570417.7A CN111783113A (en) 2020-06-22 2020-06-22 Data access authority control method based on SAS Controller

Publications (1)

Publication Number Publication Date
CN111783113A true CN111783113A (en) 2020-10-16

Family

ID=72756885

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010570417.7A Pending CN111783113A (en) 2020-06-22 2020-06-22 Data access authority control method based on SAS Controller

Country Status (1)

Country Link
CN (1) CN111783113A (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1423202A (en) * 2001-12-05 2003-06-11 武汉瑞达电子有限公司 Embedded safety module and its safety protection method
CN101382977A (en) * 2008-09-18 2009-03-11 杭州晟元芯片技术有限公司 Control device and method for opening and closing computer software and hardware system based on biology authentication
CN103500565A (en) * 2013-09-30 2014-01-08 乐视致新电子科技(天津)有限公司 Storage method and storage device
CN105282117A (en) * 2014-07-21 2016-01-27 中兴通讯股份有限公司 Access control method and device
CN205405496U (en) * 2016-03-01 2016-07-27 北京天地超云科技有限公司 A device for management of server hard disk
CN109582612A (en) * 2018-12-24 2019-04-05 郑州云海信息技术有限公司 A kind of device and its design, application method obtaining SAS card log
US20190197000A1 (en) * 2017-03-24 2019-06-27 Hitachi, Ltd. Storage system and backend construction method for storage system
CN110084017A (en) * 2019-04-24 2019-08-02 上海互啊佑智能科技有限公司 A kind of ID authentication device, system, method, apparatus and storage medium
CN110378137A (en) * 2019-07-19 2019-10-25 广东浪潮大数据研究有限公司 A kind of hardware bottom layer encryption storage method, system and readable storage medium storing program for executing
CN110727636A (en) * 2019-10-10 2020-01-24 天津飞腾信息技术有限公司 System on chip and device isolation method thereof
US20200132768A1 (en) * 2018-10-29 2020-04-30 Inventec (Pudong) Technology Corporation SAS Connector Conduction Detecting System And Method Thereof

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1423202A (en) * 2001-12-05 2003-06-11 武汉瑞达电子有限公司 Embedded safety module and its safety protection method
CN101382977A (en) * 2008-09-18 2009-03-11 杭州晟元芯片技术有限公司 Control device and method for opening and closing computer software and hardware system based on biology authentication
CN103500565A (en) * 2013-09-30 2014-01-08 乐视致新电子科技(天津)有限公司 Storage method and storage device
CN105282117A (en) * 2014-07-21 2016-01-27 中兴通讯股份有限公司 Access control method and device
CN205405496U (en) * 2016-03-01 2016-07-27 北京天地超云科技有限公司 A device for management of server hard disk
US20190197000A1 (en) * 2017-03-24 2019-06-27 Hitachi, Ltd. Storage system and backend construction method for storage system
US20200132768A1 (en) * 2018-10-29 2020-04-30 Inventec (Pudong) Technology Corporation SAS Connector Conduction Detecting System And Method Thereof
CN109582612A (en) * 2018-12-24 2019-04-05 郑州云海信息技术有限公司 A kind of device and its design, application method obtaining SAS card log
CN110084017A (en) * 2019-04-24 2019-08-02 上海互啊佑智能科技有限公司 A kind of ID authentication device, system, method, apparatus and storage medium
CN110378137A (en) * 2019-07-19 2019-10-25 广东浪潮大数据研究有限公司 A kind of hardware bottom layer encryption storage method, system and readable storage medium storing program for executing
CN110727636A (en) * 2019-10-10 2020-01-24 天津飞腾信息技术有限公司 System on chip and device isolation method thereof

Similar Documents

Publication Publication Date Title
EP1770575B1 (en) System and method for scrambling keystrokes related to a password
EP3798875B1 (en) Portable storage device with internal secure controller that performs self-verification and self-generates encryption key(s) without using host or memory controller and that securely sends encryption key(s) via side channel
CN107077546A (en) Hold the system and method for factor authority for updating
US20030212709A1 (en) Apparatus and method for secure object access
US9195813B2 (en) Secure gesture
CN111931140A (en) Authority management method, resource access control method and device and electronic equipment
TW202040385A (en) System for using device identification to identify via telecommunication server and method thereof
KR100841982B1 (en) Memory card storing host identification information and access method thereof
US20200210611A1 (en) Hardware safe for protecting sensitive data with controlled external access
US20090133111A1 (en) System for centralizing personal identification verification and access control
JP2002312326A (en) Multiple authentication method using electronic device with usb interface
CN111783113A (en) Data access authority control method based on SAS Controller
CN111949956A (en) Secure interaction method and device
US20230075252A1 (en) Methods, systems, apparatus, and devices for controlling access to access control locations
CN109583242A (en) The method and system that fdisk encrypts under a kind of K-UX system
RU2573235C2 (en) System and method for checking authenticity of identity of person accessing data over computer network
CN101303670B (en) Storage device and control method thereof
CN110717175A (en) Security authentication method based on security computer
US8826389B2 (en) Multi-media identity management system
US8275960B2 (en) Method for protecting data in the hard disk
US11907306B2 (en) Systems and methods for classifying documents
US20070181697A1 (en) Method of a USB interface device with a discrimination function
EP3570514B1 (en) Method for performing a biometric function between a client and a server
US20240160672A1 (en) Systems and methods for classifying documents
US20220051092A1 (en) System and methods for translating error messages

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20201016

RJ01 Rejection of invention patent application after publication