CN113836549A - Dynamic memory encryption method based on time tag - Google Patents

Dynamic memory encryption method based on time tag Download PDF

Info

Publication number
CN113836549A
CN113836549A CN202111067319.2A CN202111067319A CN113836549A CN 113836549 A CN113836549 A CN 113836549A CN 202111067319 A CN202111067319 A CN 202111067319A CN 113836549 A CN113836549 A CN 113836549A
Authority
CN
China
Prior art keywords
memory
password
mobile phone
phone app
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111067319.2A
Other languages
Chinese (zh)
Inventor
丁凯
周小利
郭发源
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Aerospace Qixing Technology Co ltd
Original Assignee
Beijing Aerospace Qixing Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Aerospace Qixing Technology Co ltd filed Critical Beijing Aerospace Qixing Technology Co ltd
Priority to CN202111067319.2A priority Critical patent/CN113836549A/en
Publication of CN113836549A publication Critical patent/CN113836549A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • G06K17/0022Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisions for transferring data to distant stations, e.g. from a sensing device
    • G06K17/0025Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisions for transferring data to distant stations, e.g. from a sensing device the arrangement consisting of a wireless interrogation device in combination with a device for optically marking the record carrier
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Telephone Function (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a dynamic encryption method of a memory based on a time tag, which comprises the following steps: s1, implanting the same cryptographic algorithm into the mobile phone App end and the memory client end, and pairing the mobile phone App and the memory; s2, when the client program is used, running the read-only partition client program of the memory; s3, the dynamic password generated by the mobile phone APP is used as the decryption key of the memory, the time tag is added in the process of generating the dynamic password by the mobile phone APP, and the key of the memory is verified according to the decryption process. The dynamic encryption method for the memory can solve the problem that the data cannot be recovered because a user needs to initialize the memory to reset the password once the password cannot be retrieved by the user because a fixed password needs to be input when the current mainstream encryption memory is used, and achieves the purposes of no increase of hardware cost, no need of password memory, random password, safety and convenience.

Description

Dynamic memory encryption method based on time tag
Technical Field
The invention relates to the technical field of data security encryption, in particular to a dynamic memory encryption method based on a time tag.
Background
With the popularization of mobile terminal information processing devices and storage devices, the information security problem of mobile devices in a mobile environment is particularly important, and the encryption technologies adopted on the current domestic and foreign encryption memory products mainly include: digital passwords, encryption Ukey, biometric identification techniques, and the like. Ukey-based encryption causes irreparable loss of data once a user loses Ukey. The encryption mode based on digital password requires memorizing the password, and in the digital era today, people need to memorize too many passwords: such as: bank cards, mailboxes, WeChat, qq, computer startup passwords and the like, so that password confusion or password forgetting can be easily caused, and the loss of Ukey or password forgetting can cause great loss that data in storage equipment cannot be read and cannot be retrieved, and the method is based on biological identification technologies such as: the memories for fingerprint recognition, iris recognition, face recognition and the like often need to increase higher hardware cost.
Disclosure of Invention
In view of the above technical problems in the related art, the present invention provides a dynamic encryption method for a memory based on a time stamp, which can overcome the above disadvantages in the prior art.
In order to achieve the technical purpose, the technical scheme of the invention is realized as follows: a dynamic memory encryption method based on time labels comprises the following steps:
s1, implanting the same cipher algorithm into the mobile phone App end and the memory client end, and pairing the mobile phone App and the memory when the memory is connected with the PC for the first time and is powered on;
s2, when the client program is used, running the read-only partition client program of the memory;
s3, the dynamic password generated by the mobile phone APP is used as a decryption key of the memory, a time tag is added in the process of generating the dynamic password by the mobile phone APP, the time tag comprises two elements of current public time and valid time range, after the memory client receives the dynamic password containing the time tag, the validity verification of the time tag is firstly carried out, whether the password is correct or not is verified, the key of the memory is verified according to the verification process, if the password is correct, an authorized encryption partition of the password is opened, reading and writing are allowed, normal reading and writing operations are executed, if the verification code is wrong, the verification is carried out again, and the verification is closed for a plurality of times when the number of errors are allowed.
Further, the process of pairing the mobile phone APP and the memory in S1 is as follows: the memory authorization software randomly generates a segment of text passcast and generates a key identifier passcast, the memory authorization software generates a two-dimensional code according to the passcast and displays a password verification input box on a PC (personal computer) terminal, the mobile phone APP scans the two-dimensional code to obtain the passcast and the passcast, the mobile phone APP calculates a one-time key according to a password verification algorithm, the mobile phone APP and the memory perform password verification handshake, pairing is successful if the handshake is successful, pairing is failed if the handshake fails, and the pairing needs to be performed again.
Further, the algorithm of the key in S3 is: firstly, generating a key parameter time tag timestamp and a preset key text passperase of a password, wherein the timestamp is obtained by calculation according to the current public time, the passperase is a section of characters set when a mobile phone APP and a memory are paired, then mixing the timestamp and the passperase according to a rule to obtain passtext, and calculating the result of the passtext according to an HMAC algorithm to obtain a one-time password.
Further, the secret verification process in S3 includes: the authorization software generates a digital password according to the key rule and displays an authorization interface, the interface comprises a password input box and a two-dimensional code comprising a password identifier, the password verification mode is to input a one-time password of the mobile phone authorization APP or scan the authorization two-dimensional code by using the mobile phone authorization APP, and then the password is verified by the memory authorization software.
Further, the memory in S3 has a function of prohibiting unauthorized software access, the encryption SSD receives a request for reading and writing data, allows reading and writing for application software in the white list, executes normal reading and writing operations, and rejects operations for application software in the black list, and pops up a prompt box for application software in the non-black and white list, so that the user selects whether to allow the operations, and selects whether to allow, allow reading and writing and add to the white list or reject operations and add to the black list during the current power-on period according to the user' S requirements.
The invention has the beneficial effects that: the dynamic encryption method for the memory can solve the problem that data cannot be recovered due to the fact that a fixed password needs to be input when the existing mainstream encryption memory is used and the memory needs to be initialized once the password cannot be retrieved by a user and needs to be reset, and achieves the purposes of no increase of hardware cost, no need of password memory, random password, safety and convenience.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a flow chart of a pairing procedure of a dynamic memory encryption method according to an embodiment of the invention;
FIG. 2 is a flow chart of a dynamic memory encryption method according to an embodiment of the invention;
FIG. 3 is a verification flow chart of the dynamic memory encryption method according to the embodiment of the invention;
fig. 4 is a schematic diagram of a key algorithm of the dynamic memory encryption method according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of the present invention.
As shown in fig. 2, the dynamic encryption method for memory based on time stamp according to the embodiment of the present invention includes the following steps:
s1, implanting the same cipher algorithm into the mobile phone App end and the memory client end, and pairing the mobile phone App and the memory when the memory is connected with the PC for the first time and is powered on;
s2, when the client program is used, running the read-only partition client program of the memory;
s3, the dynamic password generated by the mobile phone APP is used as a decryption key of the memory, a time tag is added in the process of generating the dynamic password by the mobile phone APP, the time tag comprises two elements of current public time and valid time range, after the memory client receives the dynamic password containing the time tag, the validity verification of the time tag is firstly carried out, whether the password is correct or not is verified, the key of the memory is verified according to the verification process, if the password is correct, an authorized encryption partition of the password is opened, reading and writing are allowed, normal reading and writing operations are executed, if the verification code is wrong, the verification is carried out again, and the verification is closed for a plurality of times when the number of errors are allowed.
As shown in fig. 1, the above-mentioned process of pairing the mobile phone APP and the memory in S1 is as follows: the memory authorization software randomly generates a segment of text passcast and generates a key identifier passcast, the memory authorization software generates a two-dimensional code according to the passcast and displays a password verification input box on a PC (personal computer) terminal, the mobile phone APP scans the two-dimensional code to obtain the passcast and the passcast, the mobile phone APP calculates a one-time key according to a password verification algorithm, the mobile phone APP and the memory perform password verification handshake, pairing is successful if the handshake is successful, pairing is failed if the handshake fails, and the pairing needs to be performed again.
As shown in fig. 4, the algorithm of the key in S3 is as follows: firstly, generating a key parameter time tag timestamp and a preset key text passperase of a password, wherein the timestamp is obtained by calculation according to the current public time, the passperase is a section of characters set when a mobile phone APP and a memory are paired, then mixing the timestamp and the passperase according to a rule to obtain passtext, and calculating the result of the passtext according to an HMAC algorithm to obtain a one-time password.
As shown in fig. 3, the encryption verification process in S3 includes: the authorization software generates a digital password according to the key rule and displays an authorization interface, the interface comprises a password input box and a two-dimensional code comprising a password identifier, the password verification mode is to input a one-time password of the mobile phone authorization APP or scan the authorization two-dimensional code by using the mobile phone authorization APP, and then the password is verified by the memory authorization software.
The memory in S3 has a function of prohibiting unauthorized software access, the encryption SSD receives a request for reading and writing data, allows reading and writing for the application software in the white list, executes normal reading and writing operations, and rejects operations for the application software in the black list, and pops up a prompt box for the application software in the non-black and white list, so that the user selects whether to allow the operations, and selects whether to allow, allow reading and writing and add the white list or reject the operations and add the black list during the current power-on period according to the user' S requirements.
The storage medium of the encryption memory can be any storage medium such as a magnetic storage medium or a flash memory storage medium, and the interface can be a USB interface, a SATA interface or other standard interfaces compatible with the peripheral equipment of the computer at present.
In order to facilitate understanding of the above-described technical aspects of the present invention, the above-described technical aspects of the present invention will be described in detail below in terms of specific usage.
When the mobile phone App and the memory are used, the same password algorithm is implanted at the mobile phone App end and the memory client, the mobile phone App and the memory are paired when the memory is connected with a PC for the first time, when the mobile phone App and the memory are powered on, the PC is powered on and the memory is powered on, a dynamic password generated by the mobile phone App is used as a decryption key of the memory, the key of the memory is verified according to a decryption process, if the verification is correct, an encryption partition with the authorized password is opened, reading and writing are allowed, and normal reading and writing operations are executed.
In summary, with the above technical solution of the present invention, the problem that the data cannot be recovered because the user needs to initialize the memory to reset the password once the password cannot be retrieved due to the fact that the current mainstream encryption memory needs to input the fixed password when in use can be solved, and the purposes of no increase of hardware cost, no need of memorizing the password, random password, safety and convenience can be achieved.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (5)

1. A dynamic memory encryption method based on time labels is characterized by comprising the following steps:
s1, implanting the same cipher algorithm into the mobile phone App end and the memory client end, and pairing the mobile phone App and the memory when the memory is connected with the PC for the first time and is powered on;
s2, when the client program is used, running the read-only partition client program of the memory;
s3, the dynamic password generated by the mobile phone APP is used as a decryption key of the memory, a time tag is added in the process of generating the dynamic password by the mobile phone APP, the time tag comprises two elements of current public time and valid time range, after the memory client receives the dynamic password containing the time tag, the validity verification of the time tag is firstly carried out, whether the password is correct or not is verified, the key of the memory is verified according to the verification process, if the password is correct, an authorized encryption partition of the password is opened, reading and writing are allowed, normal reading and writing operations are executed, if the verification code is wrong, the verification is carried out again, and the verification is closed for a plurality of times when the number of errors are allowed.
2. The method for dynamically encrypting the memory according to claim 1, wherein the procedure of pairing the mobile phone APP and the memory in S1 is as follows: the memory authorization software randomly generates a segment of text passcast and generates a key identifier passcast, the memory authorization software generates a two-dimensional code according to the passcast and displays a password verification input box on a PC (personal computer) terminal, the mobile phone APP scans the two-dimensional code to obtain the passcast and the passcast, the mobile phone APP calculates a one-time key according to a password verification algorithm, the mobile phone APP and the memory perform password verification handshake, pairing is successful if the handshake is successful, pairing is failed if the handshake fails, and the pairing needs to be performed again.
3. The dynamic memory encryption method according to claim 1, wherein the algorithm of the key in S3 is: firstly, generating a key parameter time tag timestamp and a preset key text passperase of a password, wherein the timestamp is obtained by calculation according to the current public time, the passperase is a section of characters set when a mobile phone APP and a memory are paired, then mixing the timestamp and the passperase according to a rule to obtain passtext, and calculating the result of the passtext according to an HMAC algorithm to obtain a one-time password.
4. The dynamic memory encryption method according to claim 1, wherein the encryption verification process in S3 is: the authorization software generates a digital password according to the key rule and displays an authorization interface, the interface comprises a password input box and a two-dimensional code comprising a password identifier, the password verification mode is to input a one-time password of the mobile phone authorization APP or scan the authorization two-dimensional code by using the mobile phone authorization APP, and then the password is verified by the memory authorization software.
5. The dynamic memory encryption method of claim 1, wherein the memory in S3 has a function of prohibiting unauthorized software access, the encryption SSD receives a request for reading and writing data, allows reading and writing for application software in the white list, performs normal reading and writing operations, rejects operations for application software in the black list, pops up a prompt box for application software in the non-black and white list to let a user select whether to allow the operations, and allows reading and writing and adds to the white list or rejects operations and adds to the black list if the user selects to allow during the current power-on period according to user requirements.
CN202111067319.2A 2021-09-13 2021-09-13 Dynamic memory encryption method based on time tag Pending CN113836549A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111067319.2A CN113836549A (en) 2021-09-13 2021-09-13 Dynamic memory encryption method based on time tag

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111067319.2A CN113836549A (en) 2021-09-13 2021-09-13 Dynamic memory encryption method based on time tag

Publications (1)

Publication Number Publication Date
CN113836549A true CN113836549A (en) 2021-12-24

Family

ID=78959183

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111067319.2A Pending CN113836549A (en) 2021-09-13 2021-09-13 Dynamic memory encryption method based on time tag

Country Status (1)

Country Link
CN (1) CN113836549A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103036674A (en) * 2012-12-04 2013-04-10 同济大学 Computer permission control method based on mobile dynamic password
CN103763786A (en) * 2014-01-20 2014-04-30 梅平 Equipment pairing method, terminal and system
CN104539421A (en) * 2014-08-22 2015-04-22 南京速帕信息科技有限公司 Realizing method for mobile token based on dynamic algorithm seed
CN105721502A (en) * 2016-04-11 2016-06-29 上海上实龙创智慧能源科技股份有限公司 Authorized access method for browser client and server

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103036674A (en) * 2012-12-04 2013-04-10 同济大学 Computer permission control method based on mobile dynamic password
CN103763786A (en) * 2014-01-20 2014-04-30 梅平 Equipment pairing method, terminal and system
CN104539421A (en) * 2014-08-22 2015-04-22 南京速帕信息科技有限公司 Realizing method for mobile token based on dynamic algorithm seed
CN105721502A (en) * 2016-04-11 2016-06-29 上海上实龙创智慧能源科技股份有限公司 Authorized access method for browser client and server

Similar Documents

Publication Publication Date Title
US8332637B2 (en) Methods and systems for nonce generation in a token
CA2838763C (en) Credential authentication methods and systems
US7941847B2 (en) Method and apparatus for providing a secure single sign-on to a computer system
US8572392B2 (en) Access authentication method, information processing unit, and computer product
US7797549B2 (en) Secure method and system for biometric verification
US7836492B2 (en) User authentication system leveraging human ability to recognize transformed images
US8209751B2 (en) Receiving an access key
CN101971182B (en) Finger sensing apparatus with credential release and associated methods
EP2278525A2 (en) Authorization method providing hints to the parts forming the authorization code
EP1295261A2 (en) Biometric-based authentication in a non-volatile memory device
US6477530B1 (en) Digital data recording and reproducing system
US20090158049A1 (en) Building a security access system
CN112636914B (en) Identity verification method, identity verification device and smart card
CN111008390A (en) Root key generation protection method and device, solid state disk and storage medium
CN105005721A (en) Computer authorization starting control system and method based on computer starting key
KR100375894B1 (en) Encrypting communication system and encrypting communication method
CN111245620B (en) Mobile security application architecture in terminal and construction method thereof
JP2008160325A (en) User authentication method using removable device, and computer
KR100350931B1 (en) Method for generating one-time password in a portable card
CN113836549A (en) Dynamic memory encryption method based on time tag
KR20070074170A (en) Security certification system using a personal encryption key
Singh Multi-factor authentication and their approaches
KR100747793B1 (en) Recording medium storing program performing password converting certification, Method for password converting certification and System using by the same
JP4760124B2 (en) Authentication device, registration device, registration method, and authentication method
US9824202B2 (en) Electronic access-protection system, method of operating a computer system, chip card and firmware component

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination