CN113836549A - Dynamic memory encryption method based on time tag - Google Patents
Dynamic memory encryption method based on time tag Download PDFInfo
- Publication number
- CN113836549A CN113836549A CN202111067319.2A CN202111067319A CN113836549A CN 113836549 A CN113836549 A CN 113836549A CN 202111067319 A CN202111067319 A CN 202111067319A CN 113836549 A CN113836549 A CN 113836549A
- Authority
- CN
- China
- Prior art keywords
- memory
- password
- mobile phone
- phone app
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000015654 memory Effects 0.000 title claims abstract description 84
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000005192 partition Methods 0.000 claims abstract description 8
- 238000012795 verification Methods 0.000 claims description 32
- 238000013475 authorization Methods 0.000 claims description 12
- 238000004364 calculation method Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
- G06K17/0022—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
- G06K17/0025—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device the arrangement consisting of a wireless interrogation device in combination with a device for optically marking the record carrier
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2133—Verifying human interaction, e.g., Captcha
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Telephone Function (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a dynamic encryption method of a memory based on a time tag, which comprises the following steps: s1, implanting the same cryptographic algorithm into the mobile phone App end and the memory client end, and pairing the mobile phone App and the memory; s2, when the client program is used, running the read-only partition client program of the memory; s3, the dynamic password generated by the mobile phone APP is used as the decryption key of the memory, the time tag is added in the process of generating the dynamic password by the mobile phone APP, and the key of the memory is verified according to the decryption process. The dynamic encryption method for the memory can solve the problem that the data cannot be recovered because a user needs to initialize the memory to reset the password once the password cannot be retrieved by the user because a fixed password needs to be input when the current mainstream encryption memory is used, and achieves the purposes of no increase of hardware cost, no need of password memory, random password, safety and convenience.
Description
Technical Field
The invention relates to the technical field of data security encryption, in particular to a dynamic memory encryption method based on a time tag.
Background
With the popularization of mobile terminal information processing devices and storage devices, the information security problem of mobile devices in a mobile environment is particularly important, and the encryption technologies adopted on the current domestic and foreign encryption memory products mainly include: digital passwords, encryption Ukey, biometric identification techniques, and the like. Ukey-based encryption causes irreparable loss of data once a user loses Ukey. The encryption mode based on digital password requires memorizing the password, and in the digital era today, people need to memorize too many passwords: such as: bank cards, mailboxes, WeChat, qq, computer startup passwords and the like, so that password confusion or password forgetting can be easily caused, and the loss of Ukey or password forgetting can cause great loss that data in storage equipment cannot be read and cannot be retrieved, and the method is based on biological identification technologies such as: the memories for fingerprint recognition, iris recognition, face recognition and the like often need to increase higher hardware cost.
Disclosure of Invention
In view of the above technical problems in the related art, the present invention provides a dynamic encryption method for a memory based on a time stamp, which can overcome the above disadvantages in the prior art.
In order to achieve the technical purpose, the technical scheme of the invention is realized as follows: a dynamic memory encryption method based on time labels comprises the following steps:
s1, implanting the same cipher algorithm into the mobile phone App end and the memory client end, and pairing the mobile phone App and the memory when the memory is connected with the PC for the first time and is powered on;
s2, when the client program is used, running the read-only partition client program of the memory;
s3, the dynamic password generated by the mobile phone APP is used as a decryption key of the memory, a time tag is added in the process of generating the dynamic password by the mobile phone APP, the time tag comprises two elements of current public time and valid time range, after the memory client receives the dynamic password containing the time tag, the validity verification of the time tag is firstly carried out, whether the password is correct or not is verified, the key of the memory is verified according to the verification process, if the password is correct, an authorized encryption partition of the password is opened, reading and writing are allowed, normal reading and writing operations are executed, if the verification code is wrong, the verification is carried out again, and the verification is closed for a plurality of times when the number of errors are allowed.
Further, the process of pairing the mobile phone APP and the memory in S1 is as follows: the memory authorization software randomly generates a segment of text passcast and generates a key identifier passcast, the memory authorization software generates a two-dimensional code according to the passcast and displays a password verification input box on a PC (personal computer) terminal, the mobile phone APP scans the two-dimensional code to obtain the passcast and the passcast, the mobile phone APP calculates a one-time key according to a password verification algorithm, the mobile phone APP and the memory perform password verification handshake, pairing is successful if the handshake is successful, pairing is failed if the handshake fails, and the pairing needs to be performed again.
Further, the algorithm of the key in S3 is: firstly, generating a key parameter time tag timestamp and a preset key text passperase of a password, wherein the timestamp is obtained by calculation according to the current public time, the passperase is a section of characters set when a mobile phone APP and a memory are paired, then mixing the timestamp and the passperase according to a rule to obtain passtext, and calculating the result of the passtext according to an HMAC algorithm to obtain a one-time password.
Further, the secret verification process in S3 includes: the authorization software generates a digital password according to the key rule and displays an authorization interface, the interface comprises a password input box and a two-dimensional code comprising a password identifier, the password verification mode is to input a one-time password of the mobile phone authorization APP or scan the authorization two-dimensional code by using the mobile phone authorization APP, and then the password is verified by the memory authorization software.
Further, the memory in S3 has a function of prohibiting unauthorized software access, the encryption SSD receives a request for reading and writing data, allows reading and writing for application software in the white list, executes normal reading and writing operations, and rejects operations for application software in the black list, and pops up a prompt box for application software in the non-black and white list, so that the user selects whether to allow the operations, and selects whether to allow, allow reading and writing and add to the white list or reject operations and add to the black list during the current power-on period according to the user' S requirements.
The invention has the beneficial effects that: the dynamic encryption method for the memory can solve the problem that data cannot be recovered due to the fact that a fixed password needs to be input when the existing mainstream encryption memory is used and the memory needs to be initialized once the password cannot be retrieved by a user and needs to be reset, and achieves the purposes of no increase of hardware cost, no need of password memory, random password, safety and convenience.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a flow chart of a pairing procedure of a dynamic memory encryption method according to an embodiment of the invention;
FIG. 2 is a flow chart of a dynamic memory encryption method according to an embodiment of the invention;
FIG. 3 is a verification flow chart of the dynamic memory encryption method according to the embodiment of the invention;
fig. 4 is a schematic diagram of a key algorithm of the dynamic memory encryption method according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of the present invention.
As shown in fig. 2, the dynamic encryption method for memory based on time stamp according to the embodiment of the present invention includes the following steps:
s1, implanting the same cipher algorithm into the mobile phone App end and the memory client end, and pairing the mobile phone App and the memory when the memory is connected with the PC for the first time and is powered on;
s2, when the client program is used, running the read-only partition client program of the memory;
s3, the dynamic password generated by the mobile phone APP is used as a decryption key of the memory, a time tag is added in the process of generating the dynamic password by the mobile phone APP, the time tag comprises two elements of current public time and valid time range, after the memory client receives the dynamic password containing the time tag, the validity verification of the time tag is firstly carried out, whether the password is correct or not is verified, the key of the memory is verified according to the verification process, if the password is correct, an authorized encryption partition of the password is opened, reading and writing are allowed, normal reading and writing operations are executed, if the verification code is wrong, the verification is carried out again, and the verification is closed for a plurality of times when the number of errors are allowed.
As shown in fig. 1, the above-mentioned process of pairing the mobile phone APP and the memory in S1 is as follows: the memory authorization software randomly generates a segment of text passcast and generates a key identifier passcast, the memory authorization software generates a two-dimensional code according to the passcast and displays a password verification input box on a PC (personal computer) terminal, the mobile phone APP scans the two-dimensional code to obtain the passcast and the passcast, the mobile phone APP calculates a one-time key according to a password verification algorithm, the mobile phone APP and the memory perform password verification handshake, pairing is successful if the handshake is successful, pairing is failed if the handshake fails, and the pairing needs to be performed again.
As shown in fig. 4, the algorithm of the key in S3 is as follows: firstly, generating a key parameter time tag timestamp and a preset key text passperase of a password, wherein the timestamp is obtained by calculation according to the current public time, the passperase is a section of characters set when a mobile phone APP and a memory are paired, then mixing the timestamp and the passperase according to a rule to obtain passtext, and calculating the result of the passtext according to an HMAC algorithm to obtain a one-time password.
As shown in fig. 3, the encryption verification process in S3 includes: the authorization software generates a digital password according to the key rule and displays an authorization interface, the interface comprises a password input box and a two-dimensional code comprising a password identifier, the password verification mode is to input a one-time password of the mobile phone authorization APP or scan the authorization two-dimensional code by using the mobile phone authorization APP, and then the password is verified by the memory authorization software.
The memory in S3 has a function of prohibiting unauthorized software access, the encryption SSD receives a request for reading and writing data, allows reading and writing for the application software in the white list, executes normal reading and writing operations, and rejects operations for the application software in the black list, and pops up a prompt box for the application software in the non-black and white list, so that the user selects whether to allow the operations, and selects whether to allow, allow reading and writing and add the white list or reject the operations and add the black list during the current power-on period according to the user' S requirements.
The storage medium of the encryption memory can be any storage medium such as a magnetic storage medium or a flash memory storage medium, and the interface can be a USB interface, a SATA interface or other standard interfaces compatible with the peripheral equipment of the computer at present.
In order to facilitate understanding of the above-described technical aspects of the present invention, the above-described technical aspects of the present invention will be described in detail below in terms of specific usage.
When the mobile phone App and the memory are used, the same password algorithm is implanted at the mobile phone App end and the memory client, the mobile phone App and the memory are paired when the memory is connected with a PC for the first time, when the mobile phone App and the memory are powered on, the PC is powered on and the memory is powered on, a dynamic password generated by the mobile phone App is used as a decryption key of the memory, the key of the memory is verified according to a decryption process, if the verification is correct, an encryption partition with the authorized password is opened, reading and writing are allowed, and normal reading and writing operations are executed.
In summary, with the above technical solution of the present invention, the problem that the data cannot be recovered because the user needs to initialize the memory to reset the password once the password cannot be retrieved due to the fact that the current mainstream encryption memory needs to input the fixed password when in use can be solved, and the purposes of no increase of hardware cost, no need of memorizing the password, random password, safety and convenience can be achieved.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (5)
1. A dynamic memory encryption method based on time labels is characterized by comprising the following steps:
s1, implanting the same cipher algorithm into the mobile phone App end and the memory client end, and pairing the mobile phone App and the memory when the memory is connected with the PC for the first time and is powered on;
s2, when the client program is used, running the read-only partition client program of the memory;
s3, the dynamic password generated by the mobile phone APP is used as a decryption key of the memory, a time tag is added in the process of generating the dynamic password by the mobile phone APP, the time tag comprises two elements of current public time and valid time range, after the memory client receives the dynamic password containing the time tag, the validity verification of the time tag is firstly carried out, whether the password is correct or not is verified, the key of the memory is verified according to the verification process, if the password is correct, an authorized encryption partition of the password is opened, reading and writing are allowed, normal reading and writing operations are executed, if the verification code is wrong, the verification is carried out again, and the verification is closed for a plurality of times when the number of errors are allowed.
2. The method for dynamically encrypting the memory according to claim 1, wherein the procedure of pairing the mobile phone APP and the memory in S1 is as follows: the memory authorization software randomly generates a segment of text passcast and generates a key identifier passcast, the memory authorization software generates a two-dimensional code according to the passcast and displays a password verification input box on a PC (personal computer) terminal, the mobile phone APP scans the two-dimensional code to obtain the passcast and the passcast, the mobile phone APP calculates a one-time key according to a password verification algorithm, the mobile phone APP and the memory perform password verification handshake, pairing is successful if the handshake is successful, pairing is failed if the handshake fails, and the pairing needs to be performed again.
3. The dynamic memory encryption method according to claim 1, wherein the algorithm of the key in S3 is: firstly, generating a key parameter time tag timestamp and a preset key text passperase of a password, wherein the timestamp is obtained by calculation according to the current public time, the passperase is a section of characters set when a mobile phone APP and a memory are paired, then mixing the timestamp and the passperase according to a rule to obtain passtext, and calculating the result of the passtext according to an HMAC algorithm to obtain a one-time password.
4. The dynamic memory encryption method according to claim 1, wherein the encryption verification process in S3 is: the authorization software generates a digital password according to the key rule and displays an authorization interface, the interface comprises a password input box and a two-dimensional code comprising a password identifier, the password verification mode is to input a one-time password of the mobile phone authorization APP or scan the authorization two-dimensional code by using the mobile phone authorization APP, and then the password is verified by the memory authorization software.
5. The dynamic memory encryption method of claim 1, wherein the memory in S3 has a function of prohibiting unauthorized software access, the encryption SSD receives a request for reading and writing data, allows reading and writing for application software in the white list, performs normal reading and writing operations, rejects operations for application software in the black list, pops up a prompt box for application software in the non-black and white list to let a user select whether to allow the operations, and allows reading and writing and adds to the white list or rejects operations and adds to the black list if the user selects to allow during the current power-on period according to user requirements.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111067319.2A CN113836549A (en) | 2021-09-13 | 2021-09-13 | Dynamic memory encryption method based on time tag |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111067319.2A CN113836549A (en) | 2021-09-13 | 2021-09-13 | Dynamic memory encryption method based on time tag |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113836549A true CN113836549A (en) | 2021-12-24 |
Family
ID=78959183
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111067319.2A Pending CN113836549A (en) | 2021-09-13 | 2021-09-13 | Dynamic memory encryption method based on time tag |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113836549A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103036674A (en) * | 2012-12-04 | 2013-04-10 | 同济大学 | Computer permission control method based on mobile dynamic password |
| CN103763786A (en) * | 2014-01-20 | 2014-04-30 | 梅平 | Equipment pairing method, terminal and system |
| CN104539421A (en) * | 2014-08-22 | 2015-04-22 | 南京速帕信息科技有限公司 | Realizing method for mobile token based on dynamic algorithm seed |
| CN105721502A (en) * | 2016-04-11 | 2016-06-29 | 上海上实龙创智慧能源科技股份有限公司 | Authorized access method for browser client and server |
-
2021
- 2021-09-13 CN CN202111067319.2A patent/CN113836549A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103036674A (en) * | 2012-12-04 | 2013-04-10 | 同济大学 | Computer permission control method based on mobile dynamic password |
| CN103763786A (en) * | 2014-01-20 | 2014-04-30 | 梅平 | Equipment pairing method, terminal and system |
| CN104539421A (en) * | 2014-08-22 | 2015-04-22 | 南京速帕信息科技有限公司 | Realizing method for mobile token based on dynamic algorithm seed |
| CN105721502A (en) * | 2016-04-11 | 2016-06-29 | 上海上实龙创智慧能源科技股份有限公司 | Authorized access method for browser client and server |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8332637B2 (en) | Methods and systems for nonce generation in a token | |
| CN101939754B (en) | Finger sensing apparatus using hybrid matching and associated methods | |
| US7941847B2 (en) | Method and apparatus for providing a secure single sign-on to a computer system | |
| US8572392B2 (en) | Access authentication method, information processing unit, and computer product | |
| US7797549B2 (en) | Secure method and system for biometric verification | |
| US7389425B2 (en) | Biometric-based authentication in a nonvolatile memory device | |
| US7836492B2 (en) | User authentication system leveraging human ability to recognize transformed images | |
| US20140101734A1 (en) | Credential authentication methods and systems | |
| US8209751B2 (en) | Receiving an access key | |
| EP2278525A2 (en) | Authorization method providing hints to the parts forming the authorization code | |
| US20080288786A1 (en) | System with access keys | |
| US6477530B1 (en) | Digital data recording and reproducing system | |
| US20090158049A1 (en) | Building a security access system | |
| CN111008390A (en) | Root key generation protection method and device, solid state disk and storage medium | |
| CN105005721A (en) | Computer authorization starting control system and method based on computer starting key | |
| CN108900296A (en) | A kind of code key storage device and method based on living things feature recognition | |
| KR100375894B1 (en) | Encrypting communication system and encrypting communication method | |
| CN111245620B (en) | Mobile security application architecture in terminal and construction method thereof | |
| JP4724107B2 (en) | User authentication method using removable device and computer | |
| CN112636914B (en) | Identity verification method, identity verification device and smart card | |
| KR100350931B1 (en) | Method for generating one-time password in a portable card | |
| CN113836549A (en) | Dynamic memory encryption method based on time tag | |
| KR20070074170A (en) | Security certification system using a personal encryption key | |
| Singh | Multi-factor authentication and their approaches | |
| JP4760124B2 (en) | Authentication device, registration device, registration method, and authentication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |