CN111783113A - Data access authority control method based on SAS Controller - Google Patents
Data access authority control method based on SAS Controller Download PDFInfo
- Publication number
- CN111783113A CN111783113A CN202010570417.7A CN202010570417A CN111783113A CN 111783113 A CN111783113 A CN 111783113A CN 202010570417 A CN202010570417 A CN 202010570417A CN 111783113 A CN111783113 A CN 111783113A
- Authority
- CN
- China
- Prior art keywords
- sas controller
- mcu
- sas
- authority control
- data access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/42—Bus transfer protocol, e.g. handshake; Synchronisation
- G06F13/4282—Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
A data access authority control method based on SAS Controller is characterized in that an MCU (micro Controller unit) is used as a core and is connected to an SAS Controller through an I2C bus so as to control a read-write flag bit of an SAS SMP command, an identity recognition device is arranged at an MCU end, after identity recognition and verification pass, a flag position 1 is marked, a flag can be read and written, when verification fails, a flag position 0 is marked, access is forbidden, the method is used for servers and storage products, control of data access authority is realized through control over the read-write flag bit of a bottom SAS Controller, and the method can be well applied to the fields of industrial control, government affairs, judicial law, military industry and the like with higher requirements on data security.
Description
Technical Field
The invention relates to the technical field of computer security, in particular to a data access authority control method based on an SAS Controller.
Background
With the coming of the information age, data explosion and data security become the concerned technical problem, especially for data storage in the fields of business documents, political data, metallurgy, high-precision production, mechanical modeling and the like, and once the data is stolen by a third party, irreparable loss is brought. Data access authority control is one of necessary functions of data storage, but most of access authority control is still realized on the basis of system level and even third-party software, certain loopholes exist in the authority control of the software level, and in the case of network access, the authority can be easily acquired by IT (information technology) high-level hands and even hacker organizations, so that confidential data of users can be stolen.
Disclosure of Invention
In order to overcome the defects of the technology, the invention provides a data access authority control method based on SAS Controller, which adopts a hardware bottom layer to set data access authority and utilizes off-line authority control.
The technical scheme adopted by the invention for overcoming the technical problems is as follows:
a data access authority control method based on SAS Controller includes the following steps:
a) setting an identity recognition device, wherein the identity recognition device is connected to the MCU and transmits recognized characteristic data to a key setting module in the MCU;
b) the method comprises the following steps that an SAS controller is arranged, each hard disk is connected with the SAS controller through an SAS protocol or an SATA protocol, the SAS controller is connected with a processor, and the MCU is connected with the SAS controller through an I2C bus;
c) the MCU compares the identification features acquired by the key setting module with the features stored in the key verification module in the MCU, if the comparison is not consistent, the step d) is executed, and if the comparison is consistent, the step e) is executed;
d) an authority control module in the MCU controls a Write register and a Read register in the SAS controller to be forcibly set to be 0;
e) and the authority control module in the MCU controls the Write and Read registers in the SAS controller to be set to be 1.
The identity recognition device in the step a) is a fingerprint recognizer, and the fingerprint recognizer is connected with the MCU through a UART communication protocol.
The part identification device in the step a) is a password input key unit, and the password input key unit is connected to the MCU through a UART communication protocol.
The SAS controller in the step b) is connected with the processor through a PCIe bus.
The invention has the beneficial effects that: the method is characterized in that an MCU (micro controller Unit) is taken as a core and is connected to an SAS (serial attached SCSI) controller through an I2C bus, so that a read-write flag bit of an SASSMP command is controlled, an identity recognition device is arranged at an MCU end, after identity recognition and verification pass, a flag bit 1 is marked, a flag can be read and written, when verification fails, a flag bit 0 is marked, access is forbidden, the method is used for servers and storage products, control of data access authority is realized through control over the read-write flag bit of a bottom SAS controller, and the method can be well applied to the fields of industrial control, government affairs, judicial law, military industry and the like with higher requirements.
Drawings
Fig. 1 is a block diagram of a control system of the present invention.
Detailed Description
The invention is further described below with reference to fig. 1.
A data access authority control method based on SAS Controller includes the following steps:
a) and setting an identity recognition device, wherein the identity recognition device is connected to the MCU, and the identity recognition device transmits the recognized characteristic data to a key setting module in the MCU.
b) And the SAS controller is arranged, each hard disk is connected with the SAS controller through an SAS protocol or SATA protocol, the SAS controller is connected with the processor, and the MCU is connected with the SAS controller through an I2C bus.
c) The MCU compares the identification features acquired by the key setting module with the features stored in the key verification module in the MCU, if the comparison is not consistent, the step d) is executed, and if the comparison is consistent, the step e) is executed.
d) And the authority control module in the MCU controls the Write register and the Read register in the SAS controller to be forcibly set with 0. At this time, the processor cannot read and write data from and to the hard disk through the SAS controller.
e) And the authority control module in the MCU controls the Write and Read registers in the SAS controller to be set to be 1. The processor can read and write data to the hard disk through the SAS controller.
The method is characterized in that an MCU (micro controller unit) is taken as a core and is connected to an SAS (serial attached small computer system interface) controller through an I2C bus, so that a read-write flag bit of the SAS SMP command is controlled, an identity recognition device is arranged at an MCU end, after identity recognition and verification pass, a flag bit 1 is marked, identification can be read and written, when verification fails, a flag bit 0 is marked, access is forbidden, the method is used for servers and storage products, control of data access authority is realized through control over the read-write flag bit of a bottom SAS controller, and the method can be well applied to the fields of industrial control, government affairs, judicial law, military industry and the like with.
Example 1:
the identity recognition device in the step a) is a fingerprint recognizer, and the fingerprint recognizer is connected with the MCU through a UART communication protocol. Fingerprint verification is carried out by inputting a fingerprint, so that whether the hard disk is authorized to be read and written can be judged.
Example 2:
the part identification device in the step a) is a password input key unit, and the password input key unit is connected to the MCU through a UART communication protocol. Authentication can be performed by inputting a password, so that whether the hard disk is authorized to be read and written or not can be judged.
Example 3:
the SAS controller in the step b) is connected with the processor through a PCIe bus.
Claims (4)
1. A data access authority control method based on SAS Controller is characterized by comprising the following steps:
a) setting an identity recognition device, wherein the identity recognition device is connected to the MCU and transmits recognized characteristic data to a key setting module in the MCU;
b) the method comprises the following steps that an SAS controller is arranged, each hard disk is connected with the SAS controller through an SAS protocol or an SATA protocol, the SAS controller is connected with a processor, and the MCU is connected with the SAS controller through an I2C bus;
c) the MCU compares the identification features acquired by the key setting module with the features stored in the key verification module in the MCU, if the comparison is not consistent, the step d) is executed, and if the comparison is consistent, the step e) is executed;
d) an authority control module in the MCU controls a Write register and a Read register in the SAS controller to be forcibly set to be 0;
e) and the authority control module in the MCU controls the Write and Read registers in the SAS controller to be set to be 1.
2. The SAS Controller-based data access authority control method of claim 1, wherein: the identity recognition device in the step a) is a fingerprint recognizer, and the fingerprint recognizer is connected with the MCU through a UART communication protocol.
3. The SAS Controller-based data access authority control method of claim 1, wherein: the part identification device in the step a) is a password input key unit, and the password input key unit is connected to the MCU through a UART communication protocol.
4. The SAS Controller-based data access authority control method of claim 1, wherein: the SAS controller in the step b) is connected with the processor through a PCIe bus.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010570417.7A CN111783113A (en) | 2020-06-22 | 2020-06-22 | Data access authority control method based on SAS Controller |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010570417.7A CN111783113A (en) | 2020-06-22 | 2020-06-22 | Data access authority control method based on SAS Controller |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111783113A true CN111783113A (en) | 2020-10-16 |
Family
ID=72756885
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010570417.7A Pending CN111783113A (en) | 2020-06-22 | 2020-06-22 | Data access authority control method based on SAS Controller |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111783113A (en) |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1423202A (en) * | 2001-12-05 | 2003-06-11 | 武汉瑞达电子有限公司 | Embedded safety module and its safety protection method |
CN101382977A (en) * | 2008-09-18 | 2009-03-11 | 杭州晟元芯片技术有限公司 | Control device and method for opening and closing computer software and hardware system based on biology authentication |
CN103500565A (en) * | 2013-09-30 | 2014-01-08 | 乐视致新电子科技(天津)有限公司 | Storage method and storage device |
CN105282117A (en) * | 2014-07-21 | 2016-01-27 | 中兴通讯股份有限公司 | Access control method and device |
CN205405496U (en) * | 2016-03-01 | 2016-07-27 | 北京天地超云科技有限公司 | A device for management of server hard disk |
CN109582612A (en) * | 2018-12-24 | 2019-04-05 | 郑州云海信息技术有限公司 | A kind of device and its design, application method obtaining SAS card log |
US20190197000A1 (en) * | 2017-03-24 | 2019-06-27 | Hitachi, Ltd. | Storage system and backend construction method for storage system |
CN110084017A (en) * | 2019-04-24 | 2019-08-02 | 上海互啊佑智能科技有限公司 | A kind of ID authentication device, system, method, apparatus and storage medium |
CN110378137A (en) * | 2019-07-19 | 2019-10-25 | 广东浪潮大数据研究有限公司 | A kind of hardware bottom layer encryption storage method, system and readable storage medium storing program for executing |
CN110727636A (en) * | 2019-10-10 | 2020-01-24 | 天津飞腾信息技术有限公司 | System on chip and device isolation method thereof |
US20200132768A1 (en) * | 2018-10-29 | 2020-04-30 | Inventec (Pudong) Technology Corporation | SAS Connector Conduction Detecting System And Method Thereof |
-
2020
- 2020-06-22 CN CN202010570417.7A patent/CN111783113A/en active Pending
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1423202A (en) * | 2001-12-05 | 2003-06-11 | 武汉瑞达电子有限公司 | Embedded safety module and its safety protection method |
CN101382977A (en) * | 2008-09-18 | 2009-03-11 | 杭州晟元芯片技术有限公司 | Control device and method for opening and closing computer software and hardware system based on biology authentication |
CN103500565A (en) * | 2013-09-30 | 2014-01-08 | 乐视致新电子科技(天津)有限公司 | Storage method and storage device |
CN105282117A (en) * | 2014-07-21 | 2016-01-27 | 中兴通讯股份有限公司 | Access control method and device |
CN205405496U (en) * | 2016-03-01 | 2016-07-27 | 北京天地超云科技有限公司 | A device for management of server hard disk |
US20190197000A1 (en) * | 2017-03-24 | 2019-06-27 | Hitachi, Ltd. | Storage system and backend construction method for storage system |
US20200132768A1 (en) * | 2018-10-29 | 2020-04-30 | Inventec (Pudong) Technology Corporation | SAS Connector Conduction Detecting System And Method Thereof |
CN109582612A (en) * | 2018-12-24 | 2019-04-05 | 郑州云海信息技术有限公司 | A kind of device and its design, application method obtaining SAS card log |
CN110084017A (en) * | 2019-04-24 | 2019-08-02 | 上海互啊佑智能科技有限公司 | A kind of ID authentication device, system, method, apparatus and storage medium |
CN110378137A (en) * | 2019-07-19 | 2019-10-25 | 广东浪潮大数据研究有限公司 | A kind of hardware bottom layer encryption storage method, system and readable storage medium storing program for executing |
CN110727636A (en) * | 2019-10-10 | 2020-01-24 | 天津飞腾信息技术有限公司 | System on chip and device isolation method thereof |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1770575B1 (en) | System and method for scrambling keystrokes related to a password | |
EP3798875B1 (en) | Portable storage device with internal secure controller that performs self-verification and self-generates encryption key(s) without using host or memory controller and that securely sends encryption key(s) via side channel | |
CN107077546A (en) | Hold the system and method for factor authority for updating | |
US20030212709A1 (en) | Apparatus and method for secure object access | |
US9195813B2 (en) | Secure gesture | |
CN111931140A (en) | Authority management method, resource access control method and device and electronic equipment | |
TW202040385A (en) | System for using device identification to identify via telecommunication server and method thereof | |
KR100841982B1 (en) | Memory card storing host identification information and access method thereof | |
US20200210611A1 (en) | Hardware safe for protecting sensitive data with controlled external access | |
US20090133111A1 (en) | System for centralizing personal identification verification and access control | |
JP2002312326A (en) | Multiple authentication method using electronic device with usb interface | |
CN111783113A (en) | Data access authority control method based on SAS Controller | |
CN111949956A (en) | Secure interaction method and device | |
US20230075252A1 (en) | Methods, systems, apparatus, and devices for controlling access to access control locations | |
CN109583242A (en) | The method and system that fdisk encrypts under a kind of K-UX system | |
RU2573235C2 (en) | System and method for checking authenticity of identity of person accessing data over computer network | |
CN101303670B (en) | Storage device and control method thereof | |
CN110717175A (en) | Security authentication method based on security computer | |
US8826389B2 (en) | Multi-media identity management system | |
US8275960B2 (en) | Method for protecting data in the hard disk | |
US11907306B2 (en) | Systems and methods for classifying documents | |
US20070181697A1 (en) | Method of a USB interface device with a discrimination function | |
EP3570514B1 (en) | Method for performing a biometric function between a client and a server | |
US20240160672A1 (en) | Systems and methods for classifying documents | |
US20220051092A1 (en) | System and methods for translating error messages |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201016 |
|
RJ01 | Rejection of invention patent application after publication |