CN113901529A - Equipment safety management method based on encryption hardware - Google Patents
Equipment safety management method based on encryption hardware Download PDFInfo
- Publication number
- CN113901529A CN113901529A CN202111177236.9A CN202111177236A CN113901529A CN 113901529 A CN113901529 A CN 113901529A CN 202111177236 A CN202111177236 A CN 202111177236A CN 113901529 A CN113901529 A CN 113901529A
- Authority
- CN
- China
- Prior art keywords
- information
- hardware
- sec
- equipment
- sdcard
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a device security management method based on encryption hardware, which comprises the following steps: s1, detecting whether DEVICE _ ID information of a unique DEVICE identifier exists in encryption hardware, and detecting whether SDCARD _ ID information of the unique DEVICE identifier exists in a sec-ID partition of the DEVICE; s2, if the DEVICE _ ID information and the SDCARD _ ID information do not exist, binding the encrypted hardware and the equipment, and continuing to start the equipment after binding; s3, if the DEVICE _ ID information or the SDCARD _ ID information does not exist, or the DEVICE _ ID information and the SDCARD _ ID information both exist but the information is not matched, the encryption hardware and the equipment cannot be matched, the equipment is shut down, and if the information is matched, the equipment is continuously started. The invention reconstructs the starting process of the equipment based on the hardware encryption hardware, realizes one-to-one binding of the encryption hardware and the equipment, and can normally start the system under the condition that the encryption hardware held by a user is matched with the equipment, thereby effectively improving the safety of the starting process of the equipment.
Description
Technical Field
The invention relates to the technical field of computers, in particular to an equipment safety management method based on encryption hardware.
Background
Along with the popularization of intelligent equipment, the safety of an intelligent equipment system becomes more and more important, the universal equipment management in the prior art is not bound with other hardware, other people can normally start up after taking the equipment, and if the password entering the system is broken through, the system can enter the system to steal important information.
Therefore, how to provide a device security management method based on encrypted hardware is a problem that needs to be solved urgently by those skilled in the art.
Disclosure of Invention
In view of this, the present invention provides an apparatus security management method based on encrypted hardware, which can effectively improve the security of the apparatus starting process.
In order to achieve the purpose, the invention adopts the following technical scheme:
a device security management method based on encryption hardware comprises the following steps:
s1, detecting whether DEVICE _ ID information of a unique DEVICE identifier exists in encryption hardware, and detecting whether SDCARD _ ID information of the unique DEVICE identifier exists in a sec-ID partition of the DEVICE;
s2, if the DEVICE _ ID information and the SDCARD _ ID information do not exist, binding the encrypted hardware and the equipment, and continuing to start the equipment after binding;
s3, if the DEVICE _ ID information or the SDCARD _ ID information does not exist, or the DEVICE _ ID information and the SDCARD _ ID information both exist but the information is not matched, the encryption hardware and the equipment cannot be matched, the equipment is shut down, and if the information is matched, the equipment is continuously started.
Preferably, the specific contents of binding the encryption hardware and the device in S2 include:
s21, the encryption hardware generates a random number as a KEY, and the random number is stored in the encryption hardware;
s22, reading the SDCARD _ ID information, encrypting by using encryption hardware, generating an encrypted first encryption hardware identifier SDCARD _ ID _ SEC, and storing the SDCARD _ ID _ SEC into the device SEC-ID partition;
s23, reading the DEVICE _ ID information, encrypting by using encryption hardware, generating an encrypted first DEVICE identifier DEVICE _ ID _ SEC, and storing the DEVICE _ ID _ SEC in a user storage area of the encryption hardware.
Preferably, the specific content of information matching in S3 includes:
s31, reading the SDCARD _ ID, encrypting by using encryption hardware, and generating an encrypted second encryption hardware identifier SDCARD _ ID _ SEC _ 1;
s32, reading the SDCARD _ ID _ SEC stored in the equipment;
s33, comparing the SDCARD _ ID _ SEC _1 with the SDCARD _ ID _ SEC;
s34, reading the DEVICE _ ID, encrypting by using encryption hardware, and generating an encrypted second DEVICE identifier, namely DEVICE _ ID _ SEC _ 1;
s35, reading the DEVICE _ ID _ SEC stored in the encryption hardware;
s36, comparing the DEVICE _ ID _ SEC _1 with the DEVICE _ ID _ SEC.
Preferably, before proceeding to S1, the following is also included:
when the equipment is started, firstly detecting whether encryption hardware exists; if not, prompting that the encryption hardware does not exist and closing the equipment.
Preferably, the encryption hardware is an encryption T card.
According to the technical scheme, compared with the prior art, the equipment safety management method based on the encryption hardware is disclosed in the invention, the starting process of the equipment is reconstructed based on the hardware encryption hardware, one-to-one binding of the encryption hardware and the equipment is realized, the system can be normally started only under the condition that the encryption hardware held by a user is matched with the equipment, and the safety of the equipment starting process is effectively improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic flowchart of a device security management method based on encrypted hardware according to the present invention;
FIG. 2 is a KEY KEY provided in an embodiment of a method for secure management of devices based on cryptographic hardware according to the present invention;
fig. 3 is a diagram illustrating sdcad _ ID information provided in an embodiment of a device security management method based on encrypted hardware according to the present invention;
fig. 4 is a diagram illustrating an encrypted first encrypted hardware identifier sdcad _ ID _ SEC provided in an embodiment of a method for secure management of a device based on encrypted hardware according to the present invention;
FIG. 5 is a diagram illustrating DEVICE _ ID information provided in an embodiment of a hardware encryption-based DEVICE security management method according to the present invention;
fig. 6 is a diagram of encrypted first DEVICE identification DEVICE _ ID _ SEC provided in an embodiment of a DEVICE security management method based on encrypted hardware according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention discloses an equipment safety management method based on encrypted hardware, which comprises the following steps:
s1, detecting whether DEVICE _ ID information of a unique DEVICE identifier exists in encryption hardware, and detecting whether SDCARD _ ID information of the unique DEVICE identifier exists in a sec-ID partition of the DEVICE;
s2, if both the DEVICE _ ID information and the SDCARD _ ID information do not exist, binding the encrypted hardware and the equipment, and continuing to start the equipment after binding;
and S3, if the DEVICE _ ID information or the SDCARD _ ID information does not exist, or the DEVICE _ ID information and the SDCARD _ ID information both exist but are not matched, the encryption hardware cannot be matched with the equipment, the equipment is shut down, and if the information is matched, the equipment is continuously started.
In order to further implement the above technical solution, the specific content of binding the encryption hardware and the device in S2 includes:
s21, the encryption hardware generates a random number as a KEY, and the random number is stored in the encryption hardware;
s22, reading SDCARD _ ID information, encrypting by using encryption hardware, generating an encrypted first encryption hardware identifier SDCARD _ ID _ SEC, and storing the SDCARD _ ID _ SEC into a device SEC-ID partition;
s23, reading the DEVICE _ ID information, encrypting by using encryption hardware, generating an encrypted first DEVICE identifier, namely, DEVICE _ ID _ SEC, and storing the DEVICE _ ID _ SEC in a user storage area of the encryption hardware.
In order to further implement the above technical solution, the specific content of information matching in S3 includes:
s31, reading the SDCARD _ ID, encrypting by using encryption hardware, and generating an encrypted second encryption hardware identifier SDCARD _ ID _ SEC _ 1;
s32, reading SDCARD _ ID _ SEC stored in the equipment;
s33, comparing the SDCARD _ ID _ SEC _1 with the SDCARD _ ID _ SEC;
s34, reading the DEVICE _ ID, encrypting by using encryption hardware, and generating an encrypted second DEVICE identifier, namely DEVICE _ ID _ SEC _ 1;
s35, reading DEVICE _ ID _ SEC stored in the encryption hardware;
s36, compare DEVICE _ ID _ SEC _1 with DEVICE _ ID _ SEC.
In order to further implement the above technical solution, the following is also included before performing S1:
when the equipment is started, firstly detecting whether encryption hardware exists; if not, prompting that the encryption hardware does not exist and closing the equipment.
In this embodiment, the encryption hardware is an encryption T card, the random number generated by the encryption T card is 24Bytes, the KEY is as shown in fig. 2, the sdcd _ ID information is 03C 5F 26B 97C 05B 73, as shown in fig. 3, the encrypted first encryption hardware identifier sdcd _ ID _ SEC is 8E F2 AA 2D D67C 1E 9a 369 A6A FB 75533561, as shown in fig. 4, the DEVICE _ ID information is 87F 09 a 48, as shown in fig. 5, the encrypted first DEVICE identifier DEVICE _ ID _ SEC is a 97C CF 9 FF a06A 79, as shown in fig. 6.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (5)
1. A device security management method based on encrypted hardware is characterized by comprising the following steps:
s1, detecting whether DEVICE _ ID information of a unique DEVICE identifier exists in encryption hardware, and detecting whether SDCARD _ ID information of the unique DEVICE identifier exists in a sec-ID partition of the DEVICE;
s2, if the DEVICE _ ID information and the SDCARD _ ID information do not exist, binding the encrypted hardware and the equipment, and continuing to start the equipment after binding;
s3, if the DEVICE _ ID information or the SDCARD _ ID information does not exist, or the DEVICE _ ID information and the SDCARD _ ID information both exist but the information is not matched, the encryption hardware and the equipment cannot be matched, the equipment is shut down, and if the information is matched, the equipment is continuously started.
2. The method for device security management based on cryptographic hardware of claim 1, wherein the specific content of binding the cryptographic hardware and the device in S2 includes:
s21, the encryption hardware generates a random number as a KEY, and the random number is stored in the encryption hardware;
s22, reading the SDCARD _ ID information, encrypting by using encryption hardware, generating an encrypted first encryption hardware identifier SDCARD _ ID _ SEC, and storing the SDCARD _ ID _ SEC into the device SEC-ID partition;
s23, reading the DEVICE _ ID information, encrypting by using encryption hardware, generating an encrypted first DEVICE identifier DEVICE _ ID _ SEC, and storing the DEVICE _ ID _ SEC in a user storage area of the encryption hardware.
3. The method for device security management based on cryptographic hardware as claimed in claim 2, wherein the specific content of information matching in S3 includes:
s31, reading the SDCARD _ ID, encrypting by using encryption hardware, and generating an encrypted second encryption hardware identifier SDCARD _ ID _ SEC _ 1;
s32, reading the SDCARD _ ID _ SEC stored in the equipment;
s33, comparing the SDCARD _ ID _ SEC _1 with the SDCARD _ ID _ SEC;
s34, reading the DEVICE _ ID, encrypting by using encryption hardware, and generating an encrypted second DEVICE identifier, namely DEVICE _ ID _ SEC _ 1;
s35, reading the DEVICE _ ID _ SEC stored in the encryption hardware;
s36, comparing the DEVICE _ ID _ SEC _1 with the DEVICE _ ID _ SEC.
4. The method for device security management based on cryptographic hardware of claim 1, further comprising the following steps before proceeding to S1:
when the equipment is started, firstly detecting whether encryption hardware exists; if not, prompting that the encryption hardware does not exist and closing the equipment.
5. A device security management method based on encryption hardware as claimed in any one of claims 1 to 4, characterized in that the encryption hardware is an encryption T card.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111177236.9A CN113901529B (en) | 2021-10-09 | 2021-10-09 | Equipment safety management method based on encryption hardware |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111177236.9A CN113901529B (en) | 2021-10-09 | 2021-10-09 | Equipment safety management method based on encryption hardware |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113901529A true CN113901529A (en) | 2022-01-07 |
| CN113901529B CN113901529B (en) | 2023-03-24 |
Family
ID=79190793
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111177236.9A Active CN113901529B (en) | 2021-10-09 | 2021-10-09 | Equipment safety management method based on encryption hardware |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113901529B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108959982A (en) * | 2018-07-06 | 2018-12-07 | 江苏北弓智能科技有限公司 | A kind of mobile terminal document encrypting and deciphering system and method based on hardware encryption TF card |
| CN111901095A (en) * | 2020-07-23 | 2020-11-06 | 上海世麦智能科技有限公司 | Safe starting method and system based on hardware encryption |
| CN112383914A (en) * | 2020-11-13 | 2021-02-19 | 广东工业大学 | Password management method based on secure hardware |
-
2021
- 2021-10-09 CN CN202111177236.9A patent/CN113901529B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108959982A (en) * | 2018-07-06 | 2018-12-07 | 江苏北弓智能科技有限公司 | A kind of mobile terminal document encrypting and deciphering system and method based on hardware encryption TF card |
| CN111901095A (en) * | 2020-07-23 | 2020-11-06 | 上海世麦智能科技有限公司 | Safe starting method and system based on hardware encryption |
| CN112383914A (en) * | 2020-11-13 | 2021-02-19 | 广东工业大学 | Password management method based on secure hardware |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113901529B (en) | 2023-03-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109150835B (en) | Cloud data access method, device, equipment and computer readable storage medium | |
| CN105654580B (en) | Access control method and system, electronic lock, management and visitor's terminal | |
| CN110706379B (en) | Access control method and device based on block chain | |
| CN107864124B (en) | Terminal information security protection method, terminal and Bluetooth lock | |
| CN106452770B (en) | Data encryption method, data decryption method, device and system | |
| CN106911476B (en) | Encryption and decryption device and method | |
| HUE025028T2 (en) | Method and system for automatically logging in client | |
| WO2008024559A2 (en) | Method and apparatus for authenticating applications to secure services | |
| CN111163044B (en) | Battery management method, equipment, server and system | |
| CN102833068B (en) | Method for bidirectional authentication of terminal and smart card, protocol and smart card | |
| WO2013178154A1 (en) | Method for implementing encryption in storage card, and decryption method and device | |
| CN104468937A (en) | Data encryption and decryption methods and devices for mobile terminal and protection system | |
| CN101815292B (en) | Device and method for protecting data of mobile terminal | |
| CN101770552A (en) | Method for clearing computer password, computer and system for clearing computer password | |
| CA2686801C (en) | Authetication using stored biometric data | |
| CN104333544A (en) | Encryption method for data file based on mobile terminal | |
| CN105631298B (en) | A kind of ciphering and deciphering device and method | |
| CN108173926A (en) | One-key start automobile method, system and user terminal and T-box terminals | |
| CN112738052B (en) | Authentication method between devices, storage medium and electronic device | |
| CN105787319A (en) | Iris recognition-based portable terminal and method for same | |
| CN104363093A (en) | Method for encrypting file data by dynamic authorization code | |
| CN102833067B (en) | Trilateral authentication method and system and authentication state management method of terminal equipment | |
| US20160055339A1 (en) | Encryption Processing Method and Device for Application, and Terminal | |
| CN112199730A (en) | Method and device for processing application data on terminal and electronic equipment | |
| CN113901529A (en) | Equipment safety management method based on encryption hardware |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Device Security Management Method Based on Encryption Hardware Effective date of registration: 20230912 Granted publication date: 20230324 Pledgee: Agricultural Bank of China Co.,Ltd. Shanghai Xuhui Sub branch Pledgor: SHANGHAI BASEWIN INTELLIGENT TECHNOLOGY CO.,LTD. Registration number: Y2023310000538 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |