CN113761599B - Solid state disk encryption method and device, readable storage medium and electronic equipment - Google Patents
Solid state disk encryption method and device, readable storage medium and electronic equipment Download PDFInfo
- Publication number
- CN113761599B CN113761599B CN202111059748.5A CN202111059748A CN113761599B CN 113761599 B CN113761599 B CN 113761599B CN 202111059748 A CN202111059748 A CN 202111059748A CN 113761599 B CN113761599 B CN 113761599B
- Authority
- CN
- China
- Prior art keywords
- password
- solid state
- state disk
- information
- command
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a solid state disk encryption method, a device, a readable storage medium and electronic equipment, which are used for receiving an encryption request of a solid state disk; sending an NVMe standard password information inquiry command to the solid state disk according to the encryption request; receiving password state information corresponding to the NVMe standard password information inquiry command; and sending an NVMe standard password setting command to the solid state disk for encryption based on the password state information to obtain an encrypted solid state disk, running firmware software in a non-operating system by utilizing the particularity of the solid state disk, and carrying out corresponding permission restriction on data of the solid state disk in different modes after receiving an interaction command of a host or directly rejecting a request of the host under the condition of no credit, so that the request is not easy to crack, and the safety and reliability of the solid state disk encryption can be improved.
Description
Technical Field
The present invention relates to the field of solid state hard drives, and in particular, to a method and apparatus for encrypting a solid state hard disk, a readable storage medium, and an electronic device.
Background
At present, the solid state disk is widely applied to personal computers and mobile terminals due to the advantages of high performance, low time delay, low power consumption and the like.
Because of the wide spread of the internet and 5G, network attacks, fraud and remote theft have attracted attention from hackers, and security and privacy of data have been severely tested, and at the same time, people pay great attention to the security of data. Many solid state disk encryption technologies are available in the market, including hardware encryption, software encryption and communication encryption, so that data security in the process of data transmission and storage is guaranteed, but the existing partial encryption technology is only limited under pure software or independent hardware, and in terms of security technology, the design cannot completely protect the solid state disk, so that the situation of cracking easily occurs.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: the solid state disk encryption method, the solid state disk encryption device, the readable storage medium and the electronic equipment can improve the safety and reliability of solid state disk encryption.
In order to solve the technical problems, the invention adopts a technical scheme that:
a solid state disk encryption method comprises the following steps:
receiving an encryption request of the solid state disk;
sending an NVMe standard password information inquiry command to the solid state disk according to the encryption request;
receiving password state information corresponding to the NVMe standard password information inquiry command;
and sending an NVMe standard password setting command to the solid state disk for encryption based on the password state information to obtain the encrypted solid state disk.
In order to solve the technical problems, the invention adopts another technical scheme that:
a solid state disk encryption device comprising:
the request receiving module is used for receiving the encryption request of the solid state disk;
the command sending module is used for sending an NVMe standard password information query command to the solid state disk according to the encryption request;
the information receiving module is used for receiving the password state information corresponding to the NVMe standard password information inquiry command;
and the encryption module is used for sending the NVMe standard password setting command to the solid state disk for encryption based on the password state information to obtain the encrypted solid state disk.
In order to solve the technical problems, the invention adopts another technical scheme that:
a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of a solid state disk encryption method as described above.
In order to solve the technical problems, the invention adopts another technical scheme that:
an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of a solid state disk encryption method as described above when executing the computer program.
The invention has the beneficial effects that: according to the received encryption request, an NVMe standard password information inquiry command is sent to the solid state disk, then the NVMe standard password setting command is sent to the solid state disk for encryption according to the inquired password state information, the encrypted solid state disk is obtained, the solid state disk is not encrypted by means of pure software or independent hardware like the prior art, the special property of the solid state disk is utilized, the software in the firmware is operated in a non-operating system, after the interaction command of a host is received, corresponding permission limitation can be carried out on data of the solid state disk in different modes, or the request of the host is directly refused under the condition of no credit, the solid state disk is not easy to crack, the solid state disk is encrypted by means of cooperation of hardware and software, and the safety and reliability of solid state disk encryption are improved.
Drawings
FIG. 1 is a flow chart of steps of a method for encrypting a solid state disk according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a solid state disk encryption device according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present invention;
fig. 4 is a schematic format diagram of an NVMe standard password information query command in the solid state disk encryption method according to the embodiment of the present invention;
FIG. 5 is a schematic diagram of the format of the cryptographic status information in the solid state disk encryption method according to the embodiment of the present invention;
fig. 6 is a schematic format diagram of an NVMe standard password setting command in the solid state disk encryption method according to the embodiment of the present invention;
FIG. 7 is a schematic diagram of the meanings of the operation codes of the Reserved and CDW10.SPSP1:CDW10.SPSP0 of the NVMe standard password setting command in the solid state disk encryption method according to the embodiment of the present invention;
fig. 8 is a schematic diagram of a data packet format of an NVMe standard password setting command for implementing a password setting function in the solid state disk encryption method according to the embodiment of the present invention;
fig. 9 is a schematic diagram of a data packet format of an NVMe standard password setting command for implementing an unlocking function in the solid state disk encryption method according to the embodiment of the present invention;
fig. 10 is a schematic diagram of a packet format of an NVMe standard password setting command for implementing a disc data erasing function in the solid state disc encryption method according to an embodiment of the present invention;
fig. 11 is a schematic diagram of a data packet format of an NVMe standard password setting command for implementing a password clearing function in the solid state disk encryption method according to the embodiment of the present invention;
FIG. 12 is a schematic diagram illustrating operation limitation of a host to a solid state disk in different states in the encryption method of a solid state disk according to an embodiment of the present invention;
fig. 13 is a schematic diagram illustrating transition between different states of an SSD in the solid state disk encryption method according to an embodiment of the invention.
Detailed Description
In order to describe the technical contents, the achieved objects and effects of the present invention in detail, the following description will be made with reference to the embodiments in conjunction with the accompanying drawings.
Referring to fig. 1, an embodiment of the present invention provides a method for encrypting a solid state disk, including:
receiving an encryption request of the solid state disk;
sending an NVMe standard password information inquiry command to the solid state disk according to the encryption request;
receiving password state information corresponding to the NVMe standard password information inquiry command;
and sending an NVMe standard password setting command to the solid state disk for encryption based on the password state information to obtain the encrypted solid state disk.
From the above description, the beneficial effects of the invention are as follows: according to the received encryption request, an NVMe standard password information inquiry command is sent to the solid state disk, then the NVMe standard password setting command is sent to the solid state disk for encryption according to the inquired password state information, the encrypted solid state disk is obtained, the solid state disk is not encrypted by means of pure software or independent hardware like the prior art, the special property of the solid state disk is utilized, the software in the firmware is operated in a non-operating system, after the interaction command of a host is received, corresponding permission limitation can be carried out on data of the solid state disk in different modes, or the request of the host is directly refused under the condition of no credit, the solid state disk is not easy to crack, the solid state disk is encrypted by means of cooperation of hardware and software, and the safety and reliability of solid state disk encryption are improved.
Further, the password state information includes a password function setting state;
the sending the NVMe standard password setting command to the solid state disk based on the password state information for encryption comprises the following steps:
and judging whether the password function setting state is unset, if so, sending an NVMe standard password setting command comprising a first password to the solid state disk for encryption and receiving execution result information, and if not, sending an NVMe standard password setting command comprising a second password to the solid state disk for decryption and receiving the execution result information.
The above description shows that the password function setting state indicates whether the current solid state disk has a password, when no password is set, the host can send the password to be set to the solid state disk to encrypt the password, when the password is set, the host decrypts the solid state disk, thereby simply realizing the encryption of the solid state disk,
further, the sending the NVMe standard password setting command to the solid state disk based on the password state information for encryption, and after obtaining the encrypted solid state disk, the method includes:
receiving hardware reset information, power-down information or power-up information corresponding to the encrypted solid state disk;
locking the encrypted solid state disk according to the hardware reset information, the power-down information or the power-on information to obtain a locked solid state disk;
receiving an unlocking request corresponding to the locked solid state disk, wherein the unlocking request comprises a third password and an unlocking instruction;
generating the NVMe standard password setting command according to the third password and the unlocking command, sending the NVMe standard password setting command to the locked solid state disk for unlocking, and receiving execution result information.
As can be seen from the above description, when the encrypted solid state disk is subjected to hardware reset, power failure or power-up, the encrypted solid state disk is automatically locked, and when the solid state disk is in a locked state, the read-write and erase operations cannot be performed on the data of the disk, so that the safety of the disk data is ensured.
Further, the password state information also comprises the time for safely erasing the whole disc data;
the method comprises the steps of sending an NVMe standard password setting command to the solid state disk for encryption based on the password state information, and obtaining the encrypted solid state disk further comprises the following steps:
receiving a disc data erasing request corresponding to the encrypted solid state disk, wherein the disc data erasing request comprises a disc data erasing preparation instruction, a disc data erasing instruction and a fourth password;
sending the NVMe standard password information inquiry command to the encrypted solid state disk according to the disk data erasure request;
receiving password state information corresponding to the NVMe standard password information inquiry command;
generating the NVMe standard password setting command according to the disc data erasure preparation command, the disc data erasure command and the fourth password;
transmitting the disc data erasure preparation instruction to the encrypted solid state disk to perform disc data erasure preparation, so as to obtain a prepared solid state disk;
and sending the fourth password and the disc data erasing instruction to the prepared solid state disk to erase disc data, and waiting for the time of safely erasing the whole disc data to obtain the solid state disk after data erasing.
As can be seen from the above description, when the disc data is erased, the disc data can be erased only after the encrypted solid-state disk completes the disc data erasure preparation, and when the disc data is erased, the NVMe standard password setting command including the fourth password and the disc data erasure instruction needs to be sent to the prepared solid-state disk, and the data erasure operation can be performed after the password verification is successful, so that the data erasure is safely and reliably realized, and the data of the solid-state disk is protected.
Further, the sending the NVMe standard password setting command to the solid state disk based on the password state information for encryption, and after obtaining the encrypted solid state disk, further includes:
receiving a disc freezing request corresponding to the encrypted solid state disc, wherein the disc freezing request comprises a fifth password and a disc freezing instruction;
generating the NVMe standard password setting command according to the fifth password and the disc freezing command, and sending the NVMe standard password setting command to the encrypted solid-state disk to freeze the disc, so as to obtain the frozen solid-state disk.
As can be seen from the above description, the NVMe standard password setting command including the fifth password and the disc freezing command is sent to the encrypted solid state disc, so that the encrypted solid state disc can be frozen, the disc can be read and written normally, but the disc data cannot be erased, and therefore the security of the solid state disc is ensured.
Further, the sending the fifth password and the disc freezing instruction to the encrypted solid state disc to freeze the disc, and obtaining the frozen solid state disc includes:
receiving a freeze removal request corresponding to the frozen solid state disk;
and carrying out hardware reset operation on the frozen solid state disk according to the freezing removal request to obtain the frozen solid state disk.
The above description shows that thawing can be realized only by performing hardware reset operation on the frozen solid state disk, so that matching of hardware and software is realized, and safe and reliable solid state disk encryption is realized.
Further, the sending the NVMe standard password setting command to the solid state disk based on the password state information for encryption, and after obtaining the encrypted solid state disk, further includes:
receiving a password clearing request corresponding to the encrypted solid state disk, wherein the password clearing request comprises a sixth password and a password clearing instruction;
generating the NVMe standard password setting command according to the sixth password and the password clearing command, sending the NVMe standard password setting command to the encrypted solid-state disk for password clearing, and receiving execution result information.
According to the above description, the encrypted solid state disk is cleared, all the relevant settings of the passwords, including the previously set passwords, can be restored to the initial unset password state, and the safe state of the solid state disk is conveniently reset.
Referring to fig. 2, another embodiment of the present invention provides a solid state disk encryption device, including:
the request receiving module is used for receiving the encryption request of the solid state disk;
the command sending module is used for sending an NVMe standard password information query command to the solid state disk according to the encryption request;
the information receiving module is used for receiving the password state information corresponding to the NVMe standard password information inquiry command;
and the encryption module is used for sending the NVMe standard password setting command to the solid state disk for encryption based on the password state information to obtain the encrypted solid state disk.
Another embodiment of the present invention provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of a solid state disk encryption method described above.
Referring to fig. 3, another embodiment of the present invention provides an electronic device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the steps in the above-mentioned solid state disk encryption method are implemented when the processor executes the computer program.
The method, the device, the readable storage medium and the electronic device for encrypting the solid state disk can be applied to encryption of any type of SSD (Solid State Drive, solid state disk), such as SSD based on flash memory, SSD based on DRAM (dynamic random access memory ) and SSD based on 3D XPoint, and are described in the following by specific embodiments:
example 1
Referring to fig. 1, 4-8 and 12-13, the encryption method for a solid state disk in this embodiment includes:
s0, developing FW (FirmWare);
specifically, the FW is developed according to an NVMe (non-volatile memory express, non-volatile memory host controller interface specification) protocol standard, so that the FW can support management command Security receipt and Security Send, namely an NVMe standard password information query command and an NVMe standard password setting command;
s1, receiving an encryption request of a solid state disk;
s2, sending an NVMe standard password information query command to the solid state disk according to the encryption request;
specifically, as shown in fig. 4, fig. 4 illustrates a format in which a host (host) sends an NVMe standard password information inquiry command to an SSD, the command being used for the host to inquire about the current password state and supported password characteristics of the SSD, wherein cdw10.secp= EFh indicates a password function, all parameters of cdw10.sp1, cdw10.sp0 and cdw10.nssf are reserved fields, default value is 00, cdw11.al indicates the length of the current transmission data, and a fixed constant is 1,1 indicates a 512 byte size;
s3, receiving password state information corresponding to the NVMe standard password information inquiry command;
wherein the password state information includes a password function setting state;
specifically, as shown in fig. 5, fig. 5 illustrates a content format of 512 bytes of data (i.e., password status information) returned to host when the SSD receives the NVMe standard password information query command, wherein SET represents a secure erase full disc data time;
MPI represents management password mark information, and factory default value is 0x5655;
support represents a cryptographic function support state, when the value is 1: support cryptographic functions, when the value is 0: the cryptographic function is not supported;
enable led indicates a cryptographic function setting state, when the value is 1: the password function is set, and when the value is 0: no password function is set;
ss.locked indicates whether SSD is in locked state, when the value is 1: in the locked state, at a value of 0: is not in a locked state;
FROZEN indicates whether SSD is in frozen state, at a value of 1: in frozen state, at a value of 0: is not in a frozen state;
pwcntex indicates whether the error code exceeds the limit, and when the value is 1: when the error password input exceeds the limit and the value is 0: the error password input is not beyond the limit, and when the continuous error password attempts to exceed 5 times, the flag is set to 1;
it can be seen that the password state information further includes information about the time of safely erasing the full disc data, information about the management password flag, a password function support state, whether the SSD is in a locked state, whether the SSD is in a frozen state, and whether the error password is out of limit;
before setting the password function, the user can determine whether the current SSD supports the password function or whether the password function is set by sending an NVMe standard password information query command or an identification command (identification);
s4, sending an NVMe standard password setting command to the solid state disk based on the password state information to encrypt, so as to obtain an encrypted solid state disk;
the format of the NVMe standard password setting command sent by host to SSD is shown in fig. 6, wherein cdw10.secp= EFh represents a password function, cdw11.tl represents a length of currently transmitted data, 1 represents a size of 512 bytes, 0 represents no data transmission, cdw10.sps1: reserved and cdw10.sps0 have the meaning of an operation code shown in fig. 7, 0001b SECURITY SET PASSWORD represents a password setting function for setting a password by a user;
0010b SECURITY UNLOCK is an unlocking function for unlocking a disk after the disk is locked;
0011b SECURITY ERASE PREPARE is a disk data erasure preparation;
0100b SECURITY ERASE indicates a disc data ERASE function;
0101b SECURITY FREEZE LOCK indicates a disk freezing function;
0110b SECURITY DISABLE represents a password clear function;
it can be seen that the user can realize different functions including password setting, unlocking, disc data erasing, disc freezing and password clearing by using the NVMe standard password setting command;
specifically, whether the password function setting state is unset is judged, if yes, an NVMe standard password setting command comprising a first password is sent to the solid state disk for encryption, and execution result information is received, if not, an NVMe standard password setting command comprising a second password is sent to the solid state disk for decryption, and the execution result information is received;
for example, when the value of the password function setting state is 0, the password is not set, an NVMe standard password setting command including a first password is sent to the SSD for encryption, the first password is the password required to be set by the user, and after the SSD receives the command, if the password is legal and operation is allowed, the first password is saved, and execution success information is returned to host;
when the value of the password function setting state is 1, the password function setting state indicates that the password function setting state is set, an NVMe standard password setting command including a second password can be sent to the SSD for decryption, the second password is the password which is set, after the SSD receives the command, if the second password is legal and operation is allowed, the SSD is decrypted, and execution success information is returned to host;
the passwords required to be set by the user can be user passwords or management passwords, or both the user passwords or the management passwords can be set, if each password is repeatedly set, the latest one-time password is used as the standard, when the user sets the passwords, and MAXLVL=1, the management passwords input by the user cannot be used for operating the password clearing and unlocking functions, and whether the user sets the management passwords or not can be determined through MPI in password state information;
in an alternative embodiment, the password can be set to 64 bytes at maximum, if the password forgets that disc data cannot be retrieved, after the user finishes setting the password, ss.enable led in the password status information will be set to 1, and fig. 8 shows the data packet format of the NVMe standard password setting command for realizing the password setting function;
as shown in fig. 12, fig. 12 illustrates that in different states of the SSD, host is allowed or Not allowed to operate the SSD, wherein Abort indicates that Command execution fails, disk does Not process Command, executable indicates normal execution Command, NVMe Command indicates NVME Command, please refer to NVMe standard specifically, security Command indicates the above functions, locked indicates the Locked state of the SSD, unlocked-Not frame/Disable indicates that the SSD is in Unlocked state or has cleared cryptographic function, unlocked-frame indicates the Frozen state of the SSD;
after the password setting is completed, the user can make the SSD in a Locked state or a Frozen state to achieve disc security setting, as shown in fig. 13, fig. 13 shows the transition between different states of the SSD, and it can be seen that when the SSD is in an Unlocked but cleared password function state (Unlocked-Not Frozen Disable), a Locked state (Locked) or an Unlocked but set password state (Unlocked-Not Frozen ss.enable=1), the SSD can be converted into a Frozen state (Unlocked-Frozen) by the host;
when SSD is in frozen state, it can be converted into unlocked but cleared cryptographic function state by hardware reset;
when SSD is in a locked state, it can be converted into an unlocked but cleared cryptographic function state by data erasure;
when SSD is in an unlocked but password set state, it can be transitioned to an unlocked but password cleared functional state by password clear (DISABLE) and data ERASE (ERASE);
when the SSD is in an unlocked but password-set state, the SSD can be replaced by a locked state through hardware reset;
when SSD is in a frozen state, it can be converted into an unlocked but password-set state by hardware reset;
when SSD is in the locked state, it can be changed to an unlocked but password set state by unlocking.
Example two
Referring to fig. 9, the present embodiment further defines how to lock and unlock the SSD based on the first embodiment, specifically:
receiving hardware reset information, power-down information or power-up information corresponding to the encrypted solid state disk;
locking the encrypted solid state disk according to the hardware reset information, the power-down information or the power-on information to obtain a locked solid state disk;
specifically, when the SSD is set with the password, there is a hardware reset operation or power-off and power-on at one time, the SSD is automatically locked, at this time, the read-write and erase operations of the disc data cannot be performed, in addition, if the user tries to error the password for more than 5 times, the SSD is also automatically locked until the ss.pwcntex in the password state information can be cleared to 0 after the power cycle or the hardware reset;
receiving an unlocking request corresponding to the locked solid state disk, wherein the unlocking request comprises a third password and an unlocking instruction;
generating the NVMe standard password setting command according to the third password and the unlocking command, sending the NVMe standard password setting command to the locked solid state disk for unlocking, and receiving execution result information;
specifically, when the locked SSD needs to be unlocked, generating an NVMe standard password setting command according to the third password and an unlocking command, sending the NVMe standard password setting command to the locked SSD for unlocking, comparing the third password with the set password after the SSD receives the command, unlocking the SSD if the password is successfully checked and the operation is allowed, returning the successful execution information to host, and returning failure information to host if the password is failed to check; FIG. 9 illustrates a packet format of an NVMe standard password setup command to implement an unlock function;
wherein, the SSD determines whether the operation is allowed according to the content shown in fig. 12.
Example III
Referring to fig. 10, the present embodiment further defines how to erase disc data based on the first or second embodiment, specifically:
the password state information also comprises the time for safely erasing the whole disc data;
receiving a disc data erasing request corresponding to the encrypted solid state disk, wherein the disc data erasing request comprises a disc data erasing preparation instruction, a disc data erasing instruction and a fourth password;
sending the NVMe standard password information inquiry command to the encrypted solid state disk according to the disk data erasure request;
receiving password state information corresponding to the NVMe standard password information inquiry command;
the user can send an NVMe standard password information inquiry command at any time to acquire the password state information of the current SSD;
generating the NVMe standard password setting command according to the disc data erasure preparation command, the disc data erasure command and the fourth password;
transmitting the disc data erasure preparation instruction to the encrypted solid state disk to perform disc data erasure preparation, so as to obtain a prepared solid state disk;
specifically, the disc data erasure preparation instruction is sent to the encrypted SSD to carry out disc data erasure preparation, after the encrypted SSD receives the instruction, whether the operation is allowed or not is judged, if the operation is allowed, disc data erasure preparation is carried out, and execution success information is returned, wherein the interactive format of the instruction does not need a data packet, after the disc data erasure preparation instruction is executed, the disc data erasure instruction can be executed, otherwise, the disc data erasure instruction fails to be executed;
transmitting the fourth password and the disc data erasing instruction to the prepared solid state disk to erase disc data, and waiting for the time of safely erasing the whole disc data to obtain the solid state disk after data erasing;
specifically, the fourth password and the disc data erasing instruction are sent to the prepared SSD for disc data erasing, after the prepared SSD receives the instruction, the fourth password is compared with the set password, if verification is successful and operation is allowed, disc data erasing is executed, after the whole disc data is safely erased for a period of time, successful execution information is returned to host, SSD after data erasing is obtained, and if verification fails, failure information is returned to host;
when the disc data of the SSD is erased, all the password-related settings include the password, all the disc data are emptied, and all the disc data are restored to the factory state, and fig. 10 shows the packet format of the NVMe standard password setting command for realizing the disc data erasing function.
Example IV
Referring to fig. 12, the present embodiment further defines how to freeze and defrost the disk based on the first, second or third embodiment, specifically:
receiving a disc freezing request corresponding to the encrypted solid state disc, wherein the disc freezing request comprises a fifth password and a disc freezing instruction;
generating the NVMe standard password setting command according to the fifth password and the disc freezing command, and sending the NVMe standard password setting command to the encrypted solid-state disk to freeze the disc, so as to obtain a frozen solid-state disk;
specifically, an NVMe standard password setting command is sent to the encrypted SSD to freeze a disk, after the encrypted SSD receives the command, the fifth password is compared with the set password, if the password is successfully checked and the operation is allowed, the disk freezing is executed, and the successful execution information is returned to host to obtain the frozen SSD, if the check fails, failure information is returned to host, and a data packet is not needed in the interaction format of the command;
when the disc of the SSD is in a frozen state, the disc can be read and written normally, but the disc data cannot be erased, and in addition, part of the password function operation and the data management command cannot be operated, as shown in FIG. 12;
receiving a freeze removal request corresponding to the frozen solid state disk;
and carrying out hardware reset operation on the frozen solid state disk according to the freezing removal request to obtain the frozen solid state disk.
Example five
Referring to fig. 11, the present embodiment further defines how to perform password clearing on the SSD based on the first, second, third or fourth embodiments, specifically:
receiving a password clearing request corresponding to the encrypted solid state disk, wherein the password clearing request comprises a sixth password and a password clearing instruction;
generating the NVMe standard password setting command according to the sixth password and the password clearing command, sending the NVMe standard password setting command to the encrypted solid-state disk for password clearing, and receiving execution result information;
specifically, the NVMe standard password setting command is sent to the encrypted SSD to perform password clearing, after the encrypted SSD receives the command, the sixth password is compared with the set password, if the password is successfully checked and the operation is allowed, the password clearing is performed, the successful execution information is returned to host, if the verification is failed, the failure information is returned to host, and fig. 11 shows a data packet format of the NVMe standard password setting command for implementing the password clearing function;
executing SSD after password clearing, setting all password-related settings including passwords, emptying all passwords, and recovering the disc to an initial password-unset state;
when the user has developed the cryptographic function, the value of ss.support will be set to 1, while the NVMe identity 3277 byte will be set to 1, indicating that the cryptographic function is supported.
Example six
Referring to fig. 2, a solid state disk encryption device includes:
the request receiving module is used for receiving the encryption request of the solid state disk;
the command sending module is used for sending an NVMe standard password information query command to the solid state disk according to the encryption request;
the information receiving module is used for receiving the password state information corresponding to the NVMe standard password information inquiry command;
and the encryption module is used for sending the NVMe standard password setting command to the solid state disk for encryption based on the password state information to obtain the encrypted solid state disk.
Example seven
A computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the solid state disk encryption method of any one of the first to fifth embodiments.
Example eight
Referring to fig. 3, an electronic device includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the solid state disk encryption method in any one of the first or fifth embodiments when executing the computer program.
In summary, the method, the device, the readable storage medium and the electronic equipment for encrypting the solid state disk provided by the invention receive the encryption request of the solid state disk, send the NVMe standard password information inquiry command to the solid state disk according to the encryption request, receive the password state information corresponding to the NVMe standard password information inquiry command, send the NVMe standard password setting command to the solid state disk for encryption based on the password state information, obtain the encrypted solid state disk, encrypt the solid state disk, automatically lock the encrypted solid state disk when hardware reset information, power-down information or power-up information is received, and unless unlocking the solid state disk, so as to ensure the safety of disk data; the method comprises the steps of enabling a disc to be subjected to data erasure, sending a disc data erasure preparation instruction to an encrypted solid state disk to be subjected to disc data erasure preparation, sending a fourth password and a disc data erasure instruction to the prepared solid state disk to be subjected to disc data erasure, and waiting for the time of safely erasing all the disc data to obtain the solid state disk after data erasure; in addition, the solid state disk can be set to be in a frozen state, an NVMe standard password setting command generated by sending a fifth password and a disk freezing command to the encrypted solid state disk is used for freezing the disk, the disk can be read and written normally but cannot erase disk data, the safety of the disk data is guaranteed, when the frozen solid state disk needs to be thawed, the thawing can be realized by carrying out hardware reset operation on the frozen solid state disk, after the user sets the password, the state of the solid state disk can be set according to actual needs, and the state conversion is realized by utilizing the cooperation of software and hardware, so that the safe setting of the solid state disk is realized, and the safety and reliability of the solid state disk encryption are improved.
In the foregoing embodiments provided by the present application, it should be understood that the disclosed method, apparatus, computer readable storage medium and electronic device may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be additional divisions when actually implemented, for example, multiple components or modules may be combined or integrated into another apparatus, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with respect to each other may be an indirect coupling or communication connection via some interfaces, devices or components or modules, which may be in electrical, mechanical, or other forms.
The components illustrated as separate components may or may not be physically separate, and components shown as components may or may not be physical modules, i.e., may be located in one place, or may be distributed over multiple network modules. Some or all of the components may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in each embodiment of the present invention may be integrated into one processing module, or each component may exist alone physically, or two or more modules may be integrated into one module. The integrated modules may be implemented in hardware or in software functional modules.
The integrated modules, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
It should be noted that, for the sake of simplicity of description, the foregoing method embodiments are all expressed as a series of combinations of actions, but it should be understood by those skilled in the art that the present invention is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily all required for the present invention.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to the related descriptions of other embodiments.
The foregoing description is only illustrative of the present invention and is not intended to limit the scope of the invention, and all equivalent changes made by the specification and drawings of the present invention, or direct or indirect application in the relevant art, are included in the scope of the present invention.
Claims (9)
1. The solid state disk encryption method is characterized by comprising the following steps of:
receiving an encryption request of the solid state disk;
sending an NVMe standard password information inquiry command to the solid state disk according to the encryption request;
receiving password state information corresponding to the NVMe standard password information inquiry command;
transmitting an NVMe standard password setting command to the solid state disk based on the password state information to encrypt, so as to obtain an encrypted solid state disk;
the password state information comprises a password function setting state;
the sending the NVMe standard password setting command to the solid state disk based on the password state information for encryption comprises the following steps:
and judging whether the password function setting state is unset, if so, sending an NVMe standard password setting command comprising a first password to the solid state disk for encryption and receiving execution result information, and if not, sending an NVMe standard password setting command comprising a second password to the solid state disk for decryption and receiving the execution result information.
2. The method for encrypting the solid state disk according to claim 1, wherein the step of sending the NVMe standard password setting command to the solid state disk for encryption based on the password state information, and the step of obtaining the encrypted solid state disk comprises the following steps:
receiving hardware reset information, power-down information or power-up information corresponding to the encrypted solid state disk;
locking the encrypted solid state disk according to the hardware reset information, the power-down information or the power-on information to obtain a locked solid state disk;
receiving an unlocking request corresponding to the locked solid state disk, wherein the unlocking request comprises a third password and an unlocking instruction;
generating the NVMe standard password setting command according to the third password and the unlocking command, sending the NVMe standard password setting command to the locked solid state disk for unlocking, and receiving execution result information.
3. The method for encrypting a solid state disk according to claim 1, wherein the password state information further comprises a secure erase full-disk data time;
the method comprises the steps of sending an NVMe standard password setting command to the solid state disk for encryption based on the password state information, and obtaining the encrypted solid state disk further comprises the following steps:
receiving a disc data erasing request corresponding to the encrypted solid state disk, wherein the disc data erasing request comprises a disc data erasing preparation instruction, a disc data erasing instruction and a fourth password;
sending the NVMe standard password information inquiry command to the encrypted solid state disk according to the disk data erasure request;
receiving password state information corresponding to the NVMe standard password information inquiry command;
generating the NVMe standard password setting command according to the disc data erasure preparation command, the disc data erasure command and the fourth password;
transmitting the disc data erasure preparation instruction to the encrypted solid state disk to perform disc data erasure preparation, so as to obtain a prepared solid state disk;
and sending the fourth password and the disc data erasing instruction to the prepared solid state disk to erase disc data, and waiting for the time of safely erasing the whole disc data to obtain the solid state disk after data erasing.
4. The method for encrypting the solid state disk according to claim 1, wherein the step of sending the NVMe standard password setting command to the solid state disk for encryption based on the password state information, and further comprises the steps of:
receiving a disc freezing request corresponding to the encrypted solid state disc, wherein the disc freezing request comprises a fifth password and a disc freezing instruction;
generating the NVMe standard password setting command according to the fifth password and the disc freezing command, and sending the NVMe standard password setting command to the encrypted solid-state disk to freeze the disc, so as to obtain the frozen solid-state disk.
5. The method for encrypting the solid state disk according to claim 4, wherein the step of sending the NVMe standard password setting command to the encrypted solid state disk to freeze the disk, and the step of obtaining the frozen solid state disk comprises the following steps:
receiving a freeze removal request corresponding to the frozen solid state disk;
and carrying out hardware reset operation on the frozen solid state disk according to the freezing removal request to obtain the frozen solid state disk.
6. The method for encrypting the solid state disk according to claim 1, wherein the step of sending the NVMe standard password setting command to the solid state disk for encryption based on the password state information, and further comprises the steps of:
receiving a password clearing request corresponding to the encrypted solid state disk, wherein the password clearing request comprises a sixth password and a password clearing instruction;
generating the NVMe standard password setting command according to the sixth password and the password clearing command, sending the NVMe standard password setting command to the encrypted solid-state disk for password clearing, and receiving execution result information.
7. The solid state disk encryption device is characterized by comprising:
the request receiving module is used for receiving the encryption request of the solid state disk;
the command sending module is used for sending an NVMe standard password information query command to the solid state disk according to the encryption request;
the information receiving module is used for receiving the password state information corresponding to the NVMe standard password information inquiry command;
the encryption module is used for sending an NVMe standard password setting command to the solid state disk for encryption based on the password state information to obtain an encrypted solid state disk;
the password state information comprises a password function setting state;
the sending the NVMe standard password setting command to the solid state disk based on the password state information for encryption comprises the following steps:
and judging whether the password function setting state is unset, if so, sending an NVMe standard password setting command comprising a first password to the solid state disk for encryption and receiving execution result information, and if not, sending an NVMe standard password setting command comprising a second password to the solid state disk for decryption and receiving the execution result information.
8. A computer readable storage medium having stored thereon a computer program, which when executed by a processor performs the steps of a method of encrypting a solid state disk according to any one of claims 1 to 6.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of a method for encrypting a solid state disk according to any one of claims 1 to 6 when the computer program is executed by the processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111059748.5A CN113761599B (en) | 2021-09-10 | 2021-09-10 | Solid state disk encryption method and device, readable storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111059748.5A CN113761599B (en) | 2021-09-10 | 2021-09-10 | Solid state disk encryption method and device, readable storage medium and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113761599A CN113761599A (en) | 2021-12-07 |
| CN113761599B true CN113761599B (en) | 2023-06-20 |
Family
ID=78794541
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111059748.5A Active CN113761599B (en) | 2021-09-10 | 2021-09-10 | Solid state disk encryption method and device, readable storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113761599B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101859283A (en) * | 2010-03-22 | 2010-10-13 | 吴欣延 | Method for controlling built-in radio frequency identification (RFID) encrypted solid-state hard disk |
| CN106095329A (en) * | 2016-05-27 | 2016-11-09 | 浪潮电子信息产业股份有限公司 | A kind of management method of Intel SSD hard disk based on NVME interface |
| CN107492390A (en) * | 2017-08-18 | 2017-12-19 | 讯翱(上海)科技有限公司 | One kind is based on rsa encryption NVMe standard PCIe solid-state storage devices |
| CN109240952A (en) * | 2018-08-27 | 2019-01-18 | 北京计算机技术及应用研究所 | A kind of high-speed data encryption NVMe-SATA converter circuit |
| CN109598155A (en) * | 2018-12-04 | 2019-04-09 | 郑州云海信息技术有限公司 | A kind of SSD data encryption device and method |
| CN109783013A (en) * | 2017-11-15 | 2019-05-21 | 三星电子株式会社 | Configure and access the method and system of expansible object storage |
| CN110427326A (en) * | 2019-07-31 | 2019-11-08 | 东莞记忆存储科技有限公司 | Solid state hard disk password test method and apparatus based on Driver Master |
| CN111506255A (en) * | 2019-01-31 | 2020-08-07 | 山东存储之翼电子科技有限公司 | NVM-based solid state hard disk metadata management method and system |
| CN111666598A (en) * | 2020-05-15 | 2020-09-15 | 苏州浪潮智能科技有限公司 | Hard disk and server encryption locking method, server and hard disk |
| CN111914311A (en) * | 2020-07-10 | 2020-11-10 | 上海闻泰信息技术有限公司 | Hard disk password management method and device, electronic equipment and storage medium |
| US11032259B1 (en) * | 2012-09-26 | 2021-06-08 | Pure Storage, Inc. | Data protection in a storage system |
-
2021
- 2021-09-10 CN CN202111059748.5A patent/CN113761599B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101859283A (en) * | 2010-03-22 | 2010-10-13 | 吴欣延 | Method for controlling built-in radio frequency identification (RFID) encrypted solid-state hard disk |
| US11032259B1 (en) * | 2012-09-26 | 2021-06-08 | Pure Storage, Inc. | Data protection in a storage system |
| CN106095329A (en) * | 2016-05-27 | 2016-11-09 | 浪潮电子信息产业股份有限公司 | A kind of management method of Intel SSD hard disk based on NVME interface |
| CN107492390A (en) * | 2017-08-18 | 2017-12-19 | 讯翱(上海)科技有限公司 | One kind is based on rsa encryption NVMe standard PCIe solid-state storage devices |
| CN109783013A (en) * | 2017-11-15 | 2019-05-21 | 三星电子株式会社 | Configure and access the method and system of expansible object storage |
| CN109240952A (en) * | 2018-08-27 | 2019-01-18 | 北京计算机技术及应用研究所 | A kind of high-speed data encryption NVMe-SATA converter circuit |
| CN109598155A (en) * | 2018-12-04 | 2019-04-09 | 郑州云海信息技术有限公司 | A kind of SSD data encryption device and method |
| CN111506255A (en) * | 2019-01-31 | 2020-08-07 | 山东存储之翼电子科技有限公司 | NVM-based solid state hard disk metadata management method and system |
| CN110427326A (en) * | 2019-07-31 | 2019-11-08 | 东莞记忆存储科技有限公司 | Solid state hard disk password test method and apparatus based on Driver Master |
| CN111666598A (en) * | 2020-05-15 | 2020-09-15 | 苏州浪潮智能科技有限公司 | Hard disk and server encryption locking method, server and hard disk |
| CN111914311A (en) * | 2020-07-10 | 2020-11-10 | 上海闻泰信息技术有限公司 | Hard disk password management method and device, electronic equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 固态硬盘安全风险分析与攻击实验;刘政林 等;;微电子学与计算机;35(12);第16-20、26页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113761599A (en) | 2021-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11151231B2 (en) | Secure access device with dual authentication | |
| EP2443584B1 (en) | Remote access control of storage devices | |
| US9684898B2 (en) | Securing personal identification numbers for mobile payment applications by combining with random components | |
| JP6633228B2 (en) | Data security system with encryption | |
| US9449164B2 (en) | Method of securing a computing device | |
| CN102624699B (en) | Method and system for protecting data | |
| US7861015B2 (en) | USB apparatus and control method therein | |
| US8156331B2 (en) | Information transfer | |
| CN101788959A (en) | Solid state hard disk secure encryption system | |
| US9071581B2 (en) | Secure storage with SCSI storage devices | |
| US20210264410A1 (en) | Online wallet device and method for creating and verifying same | |
| US20030188162A1 (en) | Locking a hard drive to a host | |
| CN105354479A (en) | USB flash disk authentication based solid state disk and data hiding method | |
| TWI514149B (en) | Storage device and method for storage device state recovery | |
| CN109804598B (en) | Method, system and computer readable medium for information processing | |
| CN113761599B (en) | Solid state disk encryption method and device, readable storage medium and electronic equipment | |
| CN112149167B (en) | Data storage encryption method and device based on master-slave system | |
| US20140059378A1 (en) | Method of system recovery of client device, wireless connection device and computer program | |
| KR100676086B1 (en) | Secure data storage apparatus, and access control method thereof | |
| CN113342896A (en) | Scientific research data security protection system based on cloud fusion and working method thereof | |
| CN110727931A (en) | Data storage device and method | |
| US8914901B2 (en) | Trusted storage and display | |
| Ali et al. | DESIGNING A PLUG-N-PLAY MULTI-PURPOSE SMART CARD BASED SECURE USB TOKEN |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |