CN114003888A - Bidirectional authentication method and device for storage system access based on hardware information - Google Patents

Bidirectional authentication method and device for storage system access based on hardware information Download PDF

Info

Publication number
CN114003888A
CN114003888A CN202111155486.2A CN202111155486A CN114003888A CN 114003888 A CN114003888 A CN 114003888A CN 202111155486 A CN202111155486 A CN 202111155486A CN 114003888 A CN114003888 A CN 114003888A
Authority
CN
China
Prior art keywords
storage system
host
hash value
hardware information
hardware
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111155486.2A
Other languages
Chinese (zh)
Other versions
CN114003888B (en
Inventor
邢希双
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Inspur Intelligent Technology Co Ltd
Original Assignee
Suzhou Inspur Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Inspur Intelligent Technology Co Ltd filed Critical Suzhou Inspur Intelligent Technology Co Ltd
Priority to CN202111155486.2A priority Critical patent/CN114003888B/en
Publication of CN114003888A publication Critical patent/CN114003888A/en
Application granted granted Critical
Publication of CN114003888B publication Critical patent/CN114003888B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a bidirectional authentication method and a device for storage system access based on hardware information, wherein the method comprises the following steps: acquiring host and stored hardware information and respectively storing the host and the stored hardware information into the other system; the host access storage calculates a host hardware identification code from the hash value of the hardware information of the host, generates a host authentication packet with the authentication information, sends the host authentication packet to the storage for comparison, and refuses the host access when the comparison is not passed; calculating a storage hardware identification code from the storage hardware information, putting the storage hardware identification code into a storage authentication packet, sending the storage hardware identification code to a host for comparison, and giving up access to storage when the comparison is failed; and acquiring storage hardware information from the storage hardware identification code, calculating a combined hardware identification code with the hardware information of the host, putting the combined hardware identification code into a host authentication response packet, sending the combined hardware identification code to the storage for authentication, refusing the access of the host when the comparison is failed, and allowing the access of the host when the comparison is passed. The invention realizes the bidirectional authentication between the storage and the host, and triple verification of hardware information ensures the access safety.

Description

Bidirectional authentication method and device for storage system access based on hardware information
Technical Field
The invention belongs to the technical field of storage security, and particularly relates to a bidirectional authentication method and device for storage system access based on hardware information.
Background
With the development of technologies such as cloud computing, internet of things and mobile computing and the continuous widening of application fields, the leading role of modern information technology in social production and life is more and more prominent, and the support function of information technology means in various fields of society is more and more important. Meanwhile, the security requirements and the importance of information are higher and higher whether the information provider or the information visitor, and the requirements of people on the information security exceed five factors of confidentiality, integrity, reliability, availability and non-repudiation in the traditional definition. The data of the service system is the core asset of the data center, the service data is mainly stored on the storage system, and the storage system becomes the core infrastructure of the current data center. At present, malicious attacks on a storage system and illegal acquisition of service data are on the rise year by year, so that protection of the storage system is more and more important. This bypasses the authentication measures of the storage system, and unauthorized use of storage and illegal access to the storage system are the most common way for hackers to attack the storage system.
The authentication mode of the storage system for the host system access belongs to a general machine authentication mode, namely the authentication mode that the business system provides a user name and a password, the storage system obtains the user name and the password provided by the host system and then matches the user name and the password which are stored in the system in advance, and after the user name and the password are verified, the host system can normally access the storage system. The security problem that this authentication method exposes at present is getting bigger and bigger. First, the authentication information is easy to crack. The user name is typically set as a simple string of characters that can be easily guessed. If the length of the password is short or the complexity of the password is low, the password is easy to crack violently. Even if the length of the password is increased and the complexity of the password is enhanced, the password is difficult to escape from malicious programs and be cracked through a rainbow table.
At present, for the problem that the authentication information is cracked, an additional authentication mode (such as a software certificate and the like) is generally introduced to form multi-factor authentication, so that even if a hacker cracks a user name and a password, the other authentication mode is difficult to bypass, the difficulty of obtaining the access capability of a storage system by an illegal visitor is increased, and the problem of leakage of the additional authentication information such as the software certificate and the like also exists. And secondly, some illegal visitors obtain authentication information through other ways (such as social engineering or phishing websites), and then steal or destroy data of the storage system through a self-developed malicious system imitating a legal host system. At present, a storage system is lack of a reasonable coping scheme for the counterfeit behavior all the time, most of the coping scheme is discovered after data is stolen or destroyed, and the loss caused by the coping scheme cannot be made up. Meanwhile, the host system cannot avoid the counterfeiting of the storage system to be accessed, so that the authenticity and integrity of the data accessed by the host system cannot be guaranteed.
Therefore, it is very necessary to provide a method and an apparatus for bidirectional authentication of storage system access based on hardware information to solve the above-mentioned drawbacks of the prior art.
Disclosure of Invention
The invention provides a bidirectional authentication method and device for storage system access based on hardware information, aiming at the problems that the prior storage system in the prior art has a security problem in the access authentication mode of a host system and the host system cannot acquire real data due to the fact that the storage system is counterfeited, and the technical problems are solved.
In a first aspect, the present invention provides a bidirectional authentication method for accessing a storage system based on hardware information, including the following steps:
s1, acquiring hardware information of a host system to be accessed to a storage system and the storage system, and presetting and storing the hardware information into an opposite system after taking a hash value of the hardware information;
s2, when a host system accesses the storage system, the host system calculates a host hardware identification code according to a first algorithm agreed with the storage system by the hash value of the hardware information of the host system, then generates a host authentication data packet by the host hardware identification code and the authentication information, and sends the host authentication data packet to the storage system for comparison, and when the storage system fails in comparison, the host system is refused to access;
s3, when the storage system passes the comparison host authentication data packet, calculating a storage system hardware identification code according to a second algorithm agreed with the host system by using the hash value of the hardware information of the storage system, putting the storage system hardware identification code into a storage authentication response packet, sending the storage system hardware identification code to the host system for comparison, and giving up access to the storage system when the host system does not pass the comparison;
s4, when the host system passes the comparison of the storage authentication response packet, acquiring a hardware information hash value of the storage system from the hardware identification code of the storage system, calculating a combined hardware identification code by a third algorithm agreed with the storage system according to the hardware information hash value of the host system and the hardware information hash value of the storage system, putting the combined hardware identification code into a host authentication response confirmation data packet, sending the data packet to the storage system for authentication, refusing the access of the host system when the storage system does not pass the comparison, and allowing the access of the host system when the storage system passes the comparison.
Further, the step S1 specifically includes the following steps:
s11, initializing a storage system, generating a public key and a private key of the storage system, setting the private key for the storage system, and setting the public key for a host system;
s12, acquiring hardware information of a host system to be accessed to the storage system; the hardware information of the host system comprises the ID of a CPU of the host system, the global name address of an optical fiber card in an optical fiber storage area and the MAC address information of a network port in an IP storage area;
s13, after calculating a hash value of hardware information of the host system, safely setting and storing the hash value in a storage system in advance in an offline mode;
s14, acquiring hardware information of a storage system to be accessed by the host system; the hardware information of the storage system comprises the ID of a CPU of the storage system, the global name address of an optical fiber card in an optical fiber storage area and the MAC address information of a network card;
and S15, after calculating the hash value of the hardware information of the storage system, safely setting and storing the hash value in the host system in an offline mode in advance. The storage system and the host system adopt an asymmetric encryption algorithm to generate and store a public key and a private key in advance; the hardware information of the storage system is stored in the host system in an offline preset mode, and the hardware information of the host system is stored in the storage system, so that the risk of network transmission is avoided, and the hardware information is set to be a Haoha value, so that configuration personnel can not know the meaning of the hardware information, and the safety of the hardware information is ensured.
Further, the step S2 specifically includes the following steps:
s21, when a host system accesses the storage system, the host system provides authentication information; the authentication information comprises a user name, a password and a software certificate;
s22, the host system automatically acquires the hardware information of the host system, calculates a hash value, calculates a host hardware identification code according to the hash value of the hardware information of the host system through a first algorithm agreed with a storage system, and then encrypts the host hardware identification code by using a public key provided by the storage system;
s23, the host system puts the authentication information and the encrypted host hardware identification code into a host authentication data packet and sends the host authentication data packet to a storage system;
s24, after receiving the host authentication data packet, the storage system verifies the validity of the host system according to the authentication information;
if the verification fails, the host system is refused to access, and the operation is finished;
if the verification is passed, the flow proceeds to step S25;
s25, the storage system decrypts the host hardware identification code by using a private key of the storage system, obtains a hash value of the host system hardware information through a first algorithm, and compares the hash value with the hash value of the host system hardware information prestored in the storage system;
if the two are not consistent, the host system is refused to access, and the operation is finished;
if they match, the process proceeds to step S3. The storage system authentication information is prevented from being bypassed through the host hardware identification code, the storage system is prevented from being attacked, and meanwhile, the host system is guaranteed to legally access the storage system.
Further, the step S3 specifically includes the following steps:
s31, when the storage system passes the hash value of the hardware information of the comparison host system, the storage system automatically acquires the hardware information of the storage system and calculates the hash value;
s32, calculating a hardware identification code of the storage system by the storage system through a hash value of hardware information of the storage system through a second algorithm agreed with the host system, encrypting the hardware identification code by using a private key of the storage system, putting the encrypted hardware identification code into a storage authentication response packet, and sending the encrypted hardware identification code to the host system;
s33, after receiving the storage authentication response packet, the host system decrypts the storage system hardware identification code by using the public key provided by the storage system, obtains the hash value of the storage system hardware information by using a second algorithm, and compares the hash value with the hash value of the storage system hardware information prestored by the host system;
if the two are not consistent, giving up access to the storage system, and ending;
if they match, the process proceeds to step S4. The storage system hardware identification code ensures the legality of the storage system accessed by the host system and avoids the storage system being counterfeited.
Further, the step S4 specifically includes the following steps:
s41, when the host system passes the comparison of the hash value of the hardware information of the storage system, automatically acquiring the hash value of the hardware information of the host system;
s42, the host system combines the hash value of the hardware information of the storage system passing the comparison with the hash value of the hardware information of the host system, and dynamically calculates a combined hardware identification code by a third algorithm agreed with the storage system;
s43, after encrypting the combined hardware identification code by the host system through a public key provided by the storage system, putting the combined hardware identification code into a host authentication response confirmation data packet, and sending the combined hardware identification code to the storage system;
s44, after receiving the host authentication response confirmation data packet, the storage system decrypts the combined hardware identification code by using a private key of the storage system, and extracts a host system hardware information hash value and a storage system hardware information hash value from the combined hardware identification code according to a third algorithm;
s45, the storage system compares the hash value of the hardware information of the host system in the host authentication response confirmation data packet with the hash value of the hardware information of the host system stored in advance, compares the hash value of the hardware information of the storage system in the host authentication response confirmation data packet with the hash value of the hardware information of the storage system obtained dynamically, and judges whether the hash values of the hardware information of the two items of comparison contents are consistent;
if not, refusing the host system to access the storage system;
if yes, the host system is judged to be legal, and the storage system is safely accessed. By comparing the combined hardware identification codes, the authenticity and the legality of the opposite end of the storage system and the host system are realized, and the fact that the two parties can carry out actual service data interaction is guaranteed.
In a second aspect, the present invention provides a bidirectional authentication apparatus for accessing a storage system based on hardware information, including:
the system comprises a host and storage system offline configuration module, a host and storage system offline configuration module and a storage system offline configuration module, wherein the host and storage system offline configuration module is used for acquiring hardware information of a host system and a storage system which need to access the storage system, and presetting and storing the hardware information into an opposite system after taking a hash value;
the host system primary authentication module is used for calculating a host hardware identification code according to a first algorithm agreed with the storage system by the host system based on the hash value of the hardware information of the host system when the host system accesses the storage system, generating a host authentication data packet by the host hardware identification code and the authentication information, sending the host authentication data packet to the storage system for comparison, and refusing the access of the host system when the storage system fails in comparison;
the storage system authentication module is used for calculating a storage system hardware identification code according to a second algorithm appointed with the host system by using the hash value of the hardware information of the storage system when the storage system passes the comparison host authentication data packet, then putting the storage system hardware identification code into a storage authentication response packet and sending the storage system hardware identification code to the host system for comparison, and giving up access to the storage system when the host system does not pass the comparison;
and the host system secondary authentication module is used for acquiring a storage system hardware information hash value from the storage system hardware identification code when the host system passes the comparison storage authentication response packet, calculating a combined hardware identification code by a third algorithm agreed with the storage system according to the hardware information hash value of the host system and the storage system hardware information hash value, putting the combined hardware identification code into a host authentication response confirmation data packet, sending the combined hardware identification code to the storage system for authentication, refusing the access of the host system when the storage system does not pass the comparison, and allowing the access of the host system when the storage system passes the comparison.
Further, the host and storage system offline configuration module comprises:
the storage system initialization unit is used for initializing the storage system, generating a public key and a private key of the storage system, setting the private key to be used by the storage system, and setting the public key to be used by the host system;
a host hardware information acquisition unit configured to acquire hardware information of a host system that is to access the storage system;
the host hardware information prestoring unit is used for calculating a hash value of the hardware information of the host system and then prestoring the hash value into the storage system in an offline mode;
a storage hardware information acquisition unit for acquiring hardware information of a storage system to be accessed by a host system;
and the storage hardware information pre-storage unit is used for calculating the hash value of the hardware information of the storage system and then safely storing the hardware information in the host system in an offline mode in advance.
Further, the primary authentication module of the host system comprises:
an authentication information providing unit for providing authentication information by a host system when the host system accesses the storage system;
the host hardware identification code generating unit is used for automatically acquiring hardware information of the host system by the host system, calculating a hash value, calculating the hash value of the hardware information of the host system by a first algorithm agreed with the storage system to obtain a host hardware identification code, and encrypting the host hardware identification code by using a public key provided by the storage system;
the host authentication data packet sending unit is used for putting the authentication information and the encrypted host hardware identification code into a host authentication data packet by the host system and sending the host authentication data packet to the storage system;
the authentication information verification unit is used for verifying the legality of the host system according to the authentication information after the storage system receives the host authentication data packet;
the host system access first refusing unit is used for refusing the access of the host system when the host system is verified to be invalid according to the authentication information;
the host hardware information comparison unit is used for decrypting the host hardware identification code by using a private key of the storage system, obtaining a host system hardware information hash value through a first algorithm and comparing the host system hardware information hash value with a host system hardware information hash value prestored in the storage system;
and the host system access second refusing unit is used for refusing the access of the host system when the calculated hash value of the hardware information of the host system is inconsistent with the hash value of the hardware information of the host system.
Further, the storage system authentication module includes:
the storage system self hardware information hash value calculation unit is used for automatically acquiring self hardware information and calculating a hash value when the storage system passes the comparison host system hardware information hash value;
the storage authentication response packet sending unit is used for the storage system to calculate the hardware identification code of the storage system according to the hash value of the hardware information of the storage system by a second algorithm agreed with the host system, and then the storage authentication response packet is put into the storage authentication response packet after the storage system is encrypted by using the private key of the storage system and sent to the host system;
the storage hardware information comparison unit is used for decrypting a storage system hardware identification code by using a public key provided by the storage system after the host system receives the storage authentication response packet, obtaining a storage system hardware information hash value by using a second algorithm and comparing the storage system hardware information hash value with a storage system hardware information hash value prestored by the host system;
and the storage system abandoning access unit is used for abandoning the access to the storage system when the calculated hash value of the hardware information of the storage system is inconsistent with the pre-stored hash value of the hardware information of the storage system by the host system.
Further, the host system secondary authentication module comprises:
the host hardware information hash value acquisition unit is used for automatically acquiring the hardware information hash value of the host system when the host system passes the comparison of the hardware information hash value of the storage system;
the combined hardware identification code generating unit is used for combining the compared hardware information hash value of the storage system with the hardware information hash value of the host system by the host system and dynamically calculating the combined hardware identification code by a third algorithm agreed with the storage system;
the host authentication response confirmation data packet sending unit is used for the host system to encrypt the combined hardware identification code through a public key provided by the storage system, then put the combined hardware identification code into the host authentication response confirmation data packet and send the combined hardware identification code to the storage system;
the two hardware information hash value extraction units are used for decrypting the combined hardware identification code by using a private key of the storage system after the storage system receives the host authentication response confirmation data packet, and extracting a hardware information hash value of the host system and a hardware information hash value of the storage system from the combined hardware identification code according to a third algorithm;
the two hardware information hash value comparison units are used for comparing the host system hardware information hash value in the host authentication response confirmation data packet with the host system hardware information hash value stored in advance by the storage system, comparing the storage system hardware information hash value in the host authentication response confirmation data packet with the hardware information hash value of the storage system obtained dynamically, and judging whether the hardware information hash values of the two comparison contents are consistent or not;
the host system accesses a third refusing unit, which is used for refusing the host system to access the storage system when the hash values of the hardware information of the two items of comparison contents are inconsistent;
and the host system access permitting unit is used for judging that the host system is legal and carrying out safe access on the storage system when the hash values of the hardware information of the two items of comparison content are consistent.
The beneficial effect of the invention is that,
the bidirectional authentication method and device for the access of the storage system based on the hardware information ensure that the authentication process of the storage system is not bypassed and prevent the storage system from being attacked; the method solves the problem of automatically authenticating the legality of the storage system and the host system by triple verification of hardware information between the host system and the storage system, and avoids the problem of counterfeiting of the storage system or the host system.
The hardware information hash values of the storage system and the host system are automatically added in the authentication process, and are completely transparent to system operators, so that the authentication strength is ensured, and the risk of authentication factor leakage caused by human intervention is avoided.
In addition, the invention has reliable design principle, simple structure and very wide application prospect.
Therefore, compared with the prior art, the invention has prominent substantive features and remarkable progress, and the beneficial effects of the implementation are also obvious.
Drawings
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present invention, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without creative efforts.
Fig. 1 is a schematic flowchart of embodiment 1 of the bidirectional authentication method for accessing a storage system based on hardware information according to the present invention.
Fig. 2 is a first flowchart of a bidirectional authentication method for accessing a storage system based on hardware information according to embodiment 2 of the present invention.
Fig. 3 is a schematic flowchart of a two-way authentication method for accessing a storage system based on hardware information according to embodiment 2 of the present invention.
FIG. 4 is a schematic diagram of a bidirectional authentication device for accessing a storage system based on hardware information according to the present invention.
In the figure, 1-host and storage system configuration module offline; 1.1-a storage system initialization unit; 1.2-a host hardware information acquisition unit; 1.3-host hardware information prestoring unit; 1.4-storage hardware information acquisition unit; 1.5-a hardware information pre-storage unit is stored; 2-primary authentication module of host system; 2.1-authentication information providing unit; 2.2-a host hardware identification code generating unit; 2.3-host authentication data packet sending unit; 2.4-authentication information verification unit; 2.5-the host system accesses the first denial unit; 2.6-a host hardware information comparison unit; 2.7-the host system accesses the second denial unit; 3-storage system authentication module; 3.1-hardware information hash value calculation unit of the storage system; 3.2-store the authentication response packet sending unit; 3.3-storage hardware information comparison unit; 3.4-the storage system gives up the access unit; 4-secondary authentication module of host system; 4.1-a host hardware information hash value acquisition unit; 4.2-a combined hardware identification code generating unit; 4.3-host authentication response confirmation data packet sending unit; 4.4-two hardware information hash value extraction units; 4.5-two hardware information hash value comparison units; 4.6-the host system accesses the third denial unit; 4.7-host System Access permission Unit.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present invention, the technical solution in the embodiment of the present invention will be clearly and completely described below with reference to the drawings in the embodiment of the present invention, and it is obvious that the described embodiment is only a part of the embodiment of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1:
as shown in fig. 1, the present invention provides a bidirectional authentication method for accessing a storage system based on hardware information, which includes the following steps:
s1, acquiring hardware information of a host system to be accessed to a storage system and the storage system, and presetting and storing the hardware information into an opposite system after taking a hash value of the hardware information;
s2, when a host system accesses the storage system, the host system calculates a host hardware identification code according to a first algorithm agreed with the storage system by the hash value of the hardware information of the host system, then generates a host authentication data packet by the host hardware identification code and the authentication information, and sends the host authentication data packet to the storage system for comparison, and when the storage system fails in comparison, the host system is refused to access;
s3, when the storage system passes the comparison host authentication data packet, calculating a storage system hardware identification code according to a second algorithm agreed with the host system by using the hash value of the hardware information of the storage system, putting the storage system hardware identification code into a storage authentication response packet, sending the storage system hardware identification code to the host system for comparison, and giving up access to the storage system when the host system does not pass the comparison;
s4, when the host system passes the comparison of the storage authentication response packet, acquiring a hardware information hash value of the storage system from the hardware identification code of the storage system, calculating a combined hardware identification code by a third algorithm agreed with the storage system according to the hardware information hash value of the host system and the hardware information hash value of the storage system, putting the combined hardware identification code into a host authentication response confirmation data packet, sending the data packet to the storage system for authentication, refusing the access of the host system when the storage system does not pass the comparison, and allowing the access of the host system when the storage system passes the comparison.
Example 2:
as shown in fig. 2 and fig. 3, the present invention provides a bidirectional authentication method for access to a storage system based on hardware information, comprising the following steps:
s1, acquiring hardware information of a host system to be accessed to a storage system and the storage system, and presetting and storing the hardware information into an opposite system after taking a hash value of the hardware information; the method comprises the following specific steps:
s11, initializing a storage system, generating a public key and a private key of the storage system, setting the private key for the storage system, and setting the public key for a host system;
s12, acquiring hardware information of a host system to be accessed to the storage system; the hardware information of the host system comprises the ID of a CPU of the host system, the global name address of an optical fiber card in an optical fiber storage area and the MAC address information of a network port in an IP storage area;
s13, after calculating a hash value of hardware information of the host system, safely setting and storing the hash value in a storage system in advance in an offline mode;
s14, acquiring hardware information of a storage system to be accessed by the host system; the hardware information of the storage system comprises the ID of a CPU of the storage system, the global name address of an optical fiber card in an optical fiber storage area and the MAC address information of a network card;
s15, after calculating the hash value of the hardware information of the storage system, safely setting and storing the hash value in the host system in advance in an offline mode;
s2, when a host system accesses the storage system, the host system calculates a host hardware identification code according to a first algorithm agreed with the storage system by the hash value of the hardware information of the host system, then generates a host authentication data packet by the host hardware identification code and the authentication information, and sends the host authentication data packet to the storage system for comparison, and when the storage system fails in comparison, the host system is refused to access; the method comprises the following specific steps:
s21, when a host system accesses the storage system, the host system provides authentication information; the authentication information comprises a user name, a password and a software certificate;
s22, the host system automatically acquires the hardware information of the host system, calculates a hash value, calculates a host hardware identification code according to the hash value of the hardware information of the host system through a first algorithm agreed with a storage system, and then encrypts the host hardware identification code by using a public key provided by the storage system;
s23, the host system puts the authentication information and the encrypted host hardware identification code into a host authentication data packet and sends the host authentication data packet to a storage system;
s24, after receiving the host authentication data packet, the storage system verifies the validity of the host system according to the authentication information;
if the verification fails, the host system is refused to access, and the operation is finished;
if the verification is passed, the flow proceeds to step S25;
s25, the storage system decrypts the host hardware identification code by using a private key of the storage system, obtains a hash value of the host system hardware information through a first algorithm, and compares the hash value with the hash value of the host system hardware information prestored in the storage system;
if the two are not consistent, the host system is refused to access, and the operation is finished;
if the two are consistent, go to step S3;
s3, when the storage system passes the comparison host authentication data packet, calculating a storage system hardware identification code according to a second algorithm agreed with the host system by using the hash value of the hardware information of the storage system, putting the storage system hardware identification code into a storage authentication response packet, sending the storage system hardware identification code to the host system for comparison, and giving up access to the storage system when the host system does not pass the comparison; the method comprises the following specific steps:
s31, when the storage system passes the hash value of the hardware information of the comparison host system, the storage system automatically acquires the hardware information of the storage system and calculates the hash value;
s32, calculating a hardware identification code of the storage system by the storage system through a hash value of hardware information of the storage system through a second algorithm agreed with the host system, encrypting the hardware identification code by using a private key of the storage system, putting the encrypted hardware identification code into a storage authentication response packet, and sending the encrypted hardware identification code to the host system;
s33, after receiving the storage authentication response packet, the host system decrypts the storage system hardware identification code by using the public key provided by the storage system, obtains the hash value of the storage system hardware information by using a second algorithm, and compares the hash value with the hash value of the storage system hardware information prestored by the host system;
if the two are not consistent, giving up access to the storage system, and ending;
if the two are consistent, go to step S4;
s4, when the host system passes the comparison storage authentication response packet, acquiring a hardware information hash value of the storage system from a hardware identification code of the storage system, calculating a combined hardware identification code by a third algorithm agreed with the storage system according to the hardware information hash value of the host system and the hardware information hash value of the storage system, putting the combined hardware identification code into a host authentication response confirmation data packet, sending the combined hardware identification code to the storage system for authentication, refusing the access of the host system when the storage system does not pass the comparison, and allowing the access of the host system when the storage system passes the comparison; the method comprises the following specific steps:
s41, when the host system passes the comparison of the hash value of the hardware information of the storage system, automatically acquiring the hash value of the hardware information of the host system;
s42, the host system combines the hash value of the hardware information of the storage system passing the comparison with the hash value of the hardware information of the host system, and dynamically calculates a combined hardware identification code by a third algorithm agreed with the storage system;
s43, after encrypting the combined hardware identification code by the host system through a public key provided by the storage system, putting the combined hardware identification code into a host authentication response confirmation data packet, and sending the combined hardware identification code to the storage system;
s44, after receiving the host authentication response confirmation data packet, the storage system decrypts the combined hardware identification code by using a private key of the storage system, and extracts a host system hardware information hash value and a storage system hardware information hash value from the hardware combined identification code according to a third algorithm;
s45, the storage system compares the hash value of the hardware information of the host system in the host authentication response confirmation data packet with the hash value of the hardware information of the host system stored in advance, compares the hash value of the hardware information of the storage system in the host authentication response confirmation data packet with the hash value of the hardware information of the storage system obtained dynamically, and judges whether the hash values of the hardware information of the two items of comparison contents are consistent;
if not, refusing the host system to access the storage system;
if yes, the host system is judged to be legal, and the storage system is safely accessed.
Example 3:
as shown in fig. 4, the present invention provides a bidirectional authentication apparatus for accessing a storage system based on hardware information, comprising:
the system comprises a host and storage system offline configuration module 1, a host and storage system offline configuration module and a storage system offline configuration module, wherein the host and storage system offline configuration module is used for acquiring hardware information of a host system and a storage system which need to access the storage system, and presetting and storing the hardware information into an opposite system after taking a hash value; the offline configuration module 1 of the host and storage system comprises:
the storage system initialization unit 1.1 is used for initializing the storage system, generating a public key and a private key of the storage system, setting the private key for the storage system, and setting the public key for the host system;
a host hardware information obtaining unit 1.2 for obtaining hardware information of a host system to be accessed to the storage system;
the host hardware information prestoring unit 1.3 is used for calculating a hash value of the hardware information of the host system and then prestoring the hash value into the storage system in an offline mode;
a storage hardware information obtaining unit 1.4, configured to obtain hardware information of a storage system to which a host system is ready to access;
the storage hardware information prestoring unit 1.5 is used for calculating a hash value of the hardware information of the storage system and then safely setting and storing the hash value in the host system in advance in an offline mode;
the host system primary authentication module 2 is used for calculating a host hardware identification code according to a first algorithm agreed with the storage system by the host system based on the hash value of the hardware information of the host system when the host system accesses the storage system, generating a host authentication data packet by the host hardware identification code and the authentication information, sending the host authentication data packet to the storage system for comparison, and refusing the access of the host system when the storage system fails in comparison; the host system primary authentication module 2 includes:
an authentication information providing unit 2.1 for providing authentication information by a host system when the host system accesses the storage system;
the host hardware identification code generating unit 2.2 is used for the host system to automatically acquire the hardware information of the host system, calculate the hash value, calculate the host hardware identification code according to the hash value of the hardware information of the host system by a first algorithm agreed with the storage system, and then encrypt the host hardware identification code by using a public key provided by the storage system;
a host authentication data packet sending unit 2.3, which is used for the host system to put the authentication information and the encrypted host hardware identification code into a host authentication data packet and send the host authentication data packet to the storage system;
the authentication information verification unit 2.4 is used for verifying the validity of the host system according to the authentication information after the storage system receives the host authentication data packet;
the host system access refusing unit 2.5 is used for refusing the access of the host system when the host system is verified not to pass the validity according to the authentication information;
the host hardware information comparison unit 2.6 is used for decrypting the host hardware identification code by using a private key of the storage system, obtaining a host system hardware information hash value through a first algorithm, and comparing the host system hardware information hash value with a host system hardware information hash value prestored in the storage system;
the host system access first refusing unit 2.7 is used for refusing the access of the host system when the calculated hash value of the hardware information of the host system is inconsistent with the hash value of the hardware information of the host system;
the storage system authentication module 3 is used for calculating a storage system hardware identification code according to a second algorithm appointed by the host system for the hash value of the hardware information of the storage system when the storage system passes the comparison host authentication data packet, then putting the storage system hardware identification code into a storage authentication response packet and sending the storage system hardware identification code to the host system for comparison, and giving up accessing the storage system when the host system does not pass the comparison; the storage system authentication module 3 includes:
the storage system hardware information hash value calculation unit 3.1 is used for automatically acquiring the hardware information of the storage system when the storage system passes the comparison of the hardware information hash value of the host system and calculating the hash value;
the storage authentication response packet sending unit 3.2 is used for the storage system to calculate the hardware identification code of the storage system through a second algorithm agreed with the host system according to the hash value of the hardware information of the storage system, and then the storage authentication response packet is put into the storage authentication response packet after being encrypted by using the private key of the storage system and sent to the host system;
the storage hardware information comparison unit 3.3 is used for decrypting the storage system hardware identification code by using the public key provided by the storage system after the host system receives the storage authentication response packet, obtaining a storage system hardware information hash value by using a second algorithm, and comparing the storage system hardware information hash value with a storage system hardware information hash value prestored by the host system;
the storage system abandon access unit 3.4 is used for abandoning the access to the storage system when the calculated hash value of the hardware information of the storage system is inconsistent with the pre-stored hash value of the hardware information of the storage system by the host system;
the host system secondary authentication module 4 is used for acquiring a storage system hardware information hash value from the storage system hardware identification code when the host system passes the comparison storage authentication response packet, calculating a combined hardware identification code by a third algorithm agreed with the storage system according to the hardware information hash value of the host system and the storage system hardware information hash value, putting the combined hardware identification code into a host authentication response confirmation data packet, sending the combined hardware identification code to the storage system for authentication, refusing the access of the host system when the storage system does not pass the comparison, and allowing the access of the host system when the storage system passes the comparison; the host system secondary authentication module 4 includes:
the host hardware information hash value acquisition unit 4.1 is used for automatically acquiring the hardware information hash value of the host system when the host system passes the comparison of the hardware information hash value of the storage system;
the combined hardware identification code generating unit 4.2 is used for the host system to combine the compared hardware information hash value of the storage system with the hardware information hash value of the host system, and then dynamically calculate the combined hardware identification code by a third algorithm agreed with the storage system;
the host authentication response confirmation data packet sending unit 4.3 is used for the host system to encrypt the combined hardware identification code through the public key provided by the storage system, then put into the host authentication response confirmation data packet and send the host authentication response confirmation data packet to the storage system;
the two hardware information hash value extraction units 4.4 are used for decrypting the combined hardware identification code by using a private key of the storage system after the storage system receives the host authentication response confirmation data packet, and extracting the hardware information hash value of the host system and the hardware information hash value of the storage system from the combined hardware identification code according to a third algorithm;
two hardware information hash value comparison units 4.5, which are used for the storage system to compare the host system hardware information hash value in the host authentication response confirmation data packet with the host system hardware information hash value stored in advance, compare the storage system hardware information hash value in the host authentication response confirmation packet with the dynamically acquired storage system hardware information hash value, and judge whether the hardware information hash values of the two comparison contents are consistent;
the host system accesses the second refusing unit 4.6, is used for when there is a disagreement in the hardware information hash value of two items of comparison content, refuse the host system to access the storage system;
and the host system access permitting unit 4.7 is used for judging that the host system is legal and carrying out safe access on the storage system when the hash values of the hardware information of the two items of comparison content are consistent.
Although the present invention has been described in detail by referring to the drawings in connection with the preferred embodiments, the present invention is not limited thereto. Various equivalent modifications or substitutions can be made on the embodiments of the present invention by those skilled in the art without departing from the spirit and scope of the present invention, and these modifications or substitutions are within the scope of the present invention/any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (10)

1. A bidirectional authentication method for storage system access based on hardware information is characterized by comprising the following steps:
s1, acquiring hardware information of a host system to be accessed to a storage system and the storage system, and presetting and storing the hardware information into an opposite system after taking a hash value of the hardware information;
s2, when a host system accesses the storage system, the host system calculates a host hardware identification code according to a first algorithm agreed with the storage system by the hash value of the hardware information of the host system, then generates a host authentication data packet by the host hardware identification code and the authentication information, and sends the host authentication data packet to the storage system for comparison, and when the storage system fails in comparison, the host system is refused to access;
s3, when the storage system passes the comparison host authentication data packet, calculating a storage system hardware identification code according to a second algorithm agreed with the host system by using the hash value of the hardware information of the storage system, putting the storage system hardware identification code into a storage authentication response packet, sending the storage system hardware identification code to the host system for comparison, and giving up access to the storage system when the host system does not pass the comparison;
s4, when the host system passes the comparison of the storage authentication response packet, acquiring a hardware information hash value of the storage system from the hardware identification code of the storage system, calculating a combined hardware identification code by a third algorithm agreed with the storage system according to the hardware information hash value of the host system and the hardware information hash value of the storage system, putting the combined hardware identification code into a host authentication response confirmation data packet, sending the data packet to the storage system for authentication, refusing the access of the host system when the storage system does not pass the comparison, and allowing the access of the host system when the storage system passes the comparison.
2. The method for mutual authentication of access to a storage system based on hardware information as claimed in claim 1, wherein step S1 comprises the following steps:
s11, initializing a storage system, generating a public key and a private key of the storage system, setting the private key for the storage system, and setting the public key for a host system;
s12, acquiring hardware information of a host system to be accessed to the storage system; the hardware information of the host system comprises the ID of a CPU of the host system, the global name address of an optical fiber card in an optical fiber storage area and the MAC address information of a network port in an IP storage area;
s13, after calculating a hash value of hardware information of the host system, safely setting and storing the hash value in a storage system in advance in an offline mode;
s14, acquiring hardware information of a storage system to be accessed by the host system; the hardware information of the storage system comprises the ID of a CPU of the storage system, the global name address of an optical fiber card in an optical fiber storage area and the MAC address information of a network card;
and S15, after calculating the hash value of the hardware information of the storage system, safely setting and storing the hash value in the host system in an offline mode in advance.
3. The bidirectional authentication method for accessing a storage system based on hardware information as claimed in claim 2, wherein the step S2 comprises the following steps:
s21, when a host system accesses the storage system, the host system provides authentication information; the authentication information comprises a user name, a password and a software certificate;
s22, the host system automatically acquires the hardware information of the host system, calculates a hash value, calculates a host hardware identification code according to the hash value of the hardware information of the host system through a first algorithm agreed with a storage system, and then encrypts the host hardware identification code by using a public key provided by the storage system;
s23, the host system puts the authentication information and the encrypted host hardware identification code into a host authentication data packet and sends the host authentication data packet to a storage system;
s24, after receiving the host authentication data packet, the storage system verifies the validity of the host system according to the authentication information;
if the verification fails, the host system is refused to access, and the operation is finished;
if the verification is passed, the flow proceeds to step S25;
s25, the storage system decrypts the host hardware identification code by using a private key of the storage system, obtains a hash value of the host system hardware information through a first algorithm, and compares the hash value with the hash value of the host system hardware information prestored in the storage system;
if the two are not consistent, the host system is refused to access, and the operation is finished;
if they match, the process proceeds to step S3.
4. The method for mutual authentication of access to a storage system based on hardware information as claimed in claim 3, wherein the step S3 comprises the following steps:
s31, when the storage system passes the hash value of the hardware information of the comparison host system, the storage system automatically acquires the hardware information of the storage system and calculates the hash value;
s32, calculating a hardware identification code of the storage system by the storage system through a hash value of hardware information of the storage system through a second algorithm agreed with the host system, encrypting the hardware identification code by using a private key of the storage system, putting the encrypted hardware identification code into a storage authentication response packet, and sending the encrypted hardware identification code to the host system;
s33, after receiving the storage authentication response packet, the host system decrypts the storage system hardware identification code by using the public key provided by the storage system, obtains the hash value of the storage system hardware information by using a second algorithm, and compares the hash value with the hash value of the storage system hardware information prestored by the host system;
if the two are not consistent, giving up access to the storage system, and ending;
if they match, the process proceeds to step S4.
5. The method for mutual authentication of access to a storage system based on hardware information as claimed in claim 4, wherein the step S4 comprises the following steps:
s41, when the host system passes the comparison of the hash value of the hardware information of the storage system, automatically acquiring the hash value of the hardware information of the host system;
s42, the host system combines the hash value of the hardware information of the storage system passing the comparison with the hash value of the hardware information of the host system, and dynamically calculates a combined hardware identification code by a third algorithm agreed with the storage system;
s43, after encrypting the combined hardware identification code by the host system through a public key provided by the storage system, putting the combined hardware identification code into a host authentication response confirmation data packet, and sending the combined hardware identification code to the storage system;
s44, after receiving the host authentication response confirmation data packet, the storage system decrypts the combined hardware identification code by using a private key of the storage system, and extracts a host system hardware information hash value and a storage system hardware information hash value from the combined hardware identification code according to a third algorithm;
s45, the storage system compares the hash value of the hardware information of the host system in the host authentication response confirmation data packet with the hash value of the hardware information of the host system stored in advance, compares the hash value of the hardware information of the storage system in the host authentication response confirmation data packet with the hash value of the hardware information of the storage system obtained dynamically, and judges whether the hash values of the hardware information of the two items of comparison contents are consistent;
if not, refusing the host system to access the storage system;
if yes, the host system is judged to be legal, and the storage system is safely accessed.
6. A bidirectional authentication device for storage system access based on hardware information is characterized by comprising
The system comprises a host and storage system offline configuration module (1) for acquiring hardware information of a host system and a storage system which need to access the storage system, and presetting and storing the hardware information into an opposite system after taking a hash value;
the host system primary authentication module (2) is used for calculating a host hardware identification code according to a first algorithm agreed with the storage system by the host system with the hash value of the hardware information of the host system when the host system accesses the storage system, generating a host authentication data packet by the host hardware identification code and the authentication information, sending the host authentication data packet to the storage system for comparison, and refusing the access of the host system when the storage system fails in comparison;
the storage system authentication module (3) is used for calculating a storage system hardware identification code according to a second algorithm appointed by the host system for the hash value of the hardware information of the storage system when the storage system passes the comparison host authentication data packet, then putting the storage system hardware identification code into a storage authentication response packet and sending the storage system hardware identification code to the host system for comparison, and giving up accessing the storage system when the host system does not pass the comparison;
and the host system secondary authentication module (4) is used for acquiring the hash value of the hardware information of the storage system from the hardware identification code of the storage system when the host system passes the comparison storage authentication response packet, calculating the combined hardware identification code by a third algorithm agreed with the storage system according to the hash value of the hardware information of the host system and the hash value of the hardware information of the storage system, putting the combined hardware identification code into the host authentication response confirmation data packet, sending the combined hardware identification code to the storage system for authentication, refusing the access of the host system when the storage system does not pass the comparison, and allowing the access of the host system when the comparison passes the comparison.
7. The apparatus for mutual authentication of hardware information based storage system access as claimed in claim 6, wherein the host and storage system offline configuration module (1) comprises:
the storage system initialization unit (1.1) is used for initializing the storage system, generating a public key and a private key of the storage system, setting the private key for the storage system and setting the public key for the host system;
a host hardware information acquisition unit (1.2) for acquiring hardware information of a host system to which the storage system is to be accessed;
the host hardware information prestoring unit (1.3) is used for calculating a hash value of the hardware information of the host system and then prestoring the hash value into the storage system in an offline mode in a safe setting manner;
a storage hardware information acquisition unit (1.4) for acquiring hardware information of a storage system to which a host system is ready to access;
and the storage hardware information pre-storage unit (1.5) is used for calculating the hash value of the hardware information of the storage system and then safely storing the hardware information into the host system in an offline mode in advance.
8. The bidirectional authentication apparatus for hardware-based information storage system access according to claim 7, wherein the host system primary authentication module (2) comprises:
an authentication information providing unit (2.1) for providing authentication information by a host system when the host system accesses the storage system;
the host hardware identification code generating unit (2.2) is used for automatically acquiring the hardware information of the host system, calculating a hash value, calculating the hash value of the hardware information of the host system by a first algorithm agreed with the storage system to obtain the host hardware identification code, and encrypting the host hardware identification code by using a public key provided by the storage system;
a host authentication data packet sending unit (2.3) for the host system to put the authentication information and the encrypted host hardware identification code into the host authentication data packet and send the host authentication data packet to the storage system;
the authentication information verification unit (2.4) is used for verifying the legality of the host system according to the authentication information after the storage system receives the host authentication data packet;
the host system access first refusing unit (2.5) is used for refusing the access of the host system when the host system is verified not to pass the validity according to the authentication information;
the host hardware information comparison unit (2.6) is used for decrypting the host hardware identification code by using a private key of the storage system, obtaining a host system hardware information hash value through a first algorithm and comparing the host system hardware information hash value with a host system hardware information hash value prestored in the storage system;
and the host system access second rejection unit (2.7) is used for rejecting the access of the host system when the calculated hash value of the hardware information of the host system is inconsistent with the hash value of the hardware information of the host system.
9. The bidirectional authentication apparatus for hardware-based information storage system access according to claim 8, wherein the storage system authentication module (3) comprises:
the storage system self hardware information hash value calculation unit (3.1) is used for automatically acquiring self hardware information and calculating the hash value when the storage system passes the comparison of the hardware information hash value of the host system;
the storage authentication response packet sending unit (3.2) is used for the storage system to calculate the hardware identification code of the storage system according to the hash value of the hardware information of the storage system by a second algorithm agreed with the host system, and then the storage authentication response packet is put into the storage authentication response packet after being encrypted by using the private key of the storage system and sent to the host system;
the storage hardware information comparison unit (3.3) is used for decrypting a storage system hardware identification code by using a public key provided by the storage system after the host system receives the storage authentication response packet, obtaining a storage system hardware information hash value through a second algorithm, and comparing the storage system hardware information hash value with a storage system hardware information hash value prestored by the host system;
and the storage system abandon access unit (3.4) is used for abandoning the access to the storage system when the calculated hash value is inconsistent with the prestored hardware information of the storage system by the host system.
10. The bidirectional authentication apparatus for hardware-based information storage system access according to claim 9, wherein the host system secondary authentication module (4) comprises:
the host hardware information hash value acquisition unit (4.1) is used for automatically acquiring the hardware information hash value of the host system when the host system passes the comparison of the hardware information hash value of the storage system;
the combined hardware identification code generating unit (4.2) is used for combining the compared hardware information hash value of the storage system with the hardware information hash value of the host system by the host system and dynamically calculating the combined hardware identification code by a third algorithm agreed with the storage system;
the host authentication response confirmation data packet sending unit (4.3) is used for the host system to encrypt the combined hardware identification code through a public key provided by the storage system, then put into the host authentication response confirmation data packet and send the host authentication response confirmation data packet to the storage system;
two hardware information hash value extraction units (4.4) are used for decrypting the combined hardware identification code by using a private key of the storage system after the storage system receives the host authentication response confirmation data packet, and extracting the hardware information hash value of the host system and the hardware information hash value of the storage system from the combined hardware identification code according to a third algorithm;
two hardware information hash value comparison units (4.5) for comparing the host system hardware information hash value in the host authentication response confirmation data packet with the host system hardware information hash value stored in advance by the storage system, comparing the storage system hardware information hash value in the host authentication response confirmation data packet with the dynamically acquired storage system hardware information hash value, and judging whether the hardware information hash values of the two comparison contents are consistent;
the host system accesses a third refusing unit (4.6) which is used for refusing the host system to access the storage system when the hash values of the hardware information of the two items of comparison contents are inconsistent;
and the host system access permitting unit (4.7) is used for judging that the host system is legal and carrying out safe access on the storage system when the hash values of the hardware information of the two items of comparison content are consistent.
CN202111155486.2A 2021-09-29 2021-09-29 Bidirectional authentication method and device for storage system access based on hardware information Active CN114003888B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111155486.2A CN114003888B (en) 2021-09-29 2021-09-29 Bidirectional authentication method and device for storage system access based on hardware information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111155486.2A CN114003888B (en) 2021-09-29 2021-09-29 Bidirectional authentication method and device for storage system access based on hardware information

Publications (2)

Publication Number Publication Date
CN114003888A true CN114003888A (en) 2022-02-01
CN114003888B CN114003888B (en) 2023-11-07

Family

ID=79922132

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111155486.2A Active CN114003888B (en) 2021-09-29 2021-09-29 Bidirectional authentication method and device for storage system access based on hardware information

Country Status (1)

Country Link
CN (1) CN114003888B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114374522A (en) * 2022-03-22 2022-04-19 杭州美创科技有限公司 Trusted device authentication method and device, computer device and storage medium
CN114726550A (en) * 2022-05-25 2022-07-08 北京奇虎科技有限公司 Identification code generation method, device, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060149969A1 (en) * 2004-12-30 2006-07-06 Samsung Electronics Co.,Ltd. Authentication method of hard disk drive and recording medium storing the same
CN103942690A (en) * 2014-04-25 2014-07-23 天地融科技股份有限公司 Data security interactive system
CN104660605A (en) * 2015-03-05 2015-05-27 北京安普诺信息技术有限公司 Multi-factor identity authentication method and system
US20160337351A1 (en) * 2012-03-16 2016-11-17 Acuity Systems, Inc. Authentication system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060149969A1 (en) * 2004-12-30 2006-07-06 Samsung Electronics Co.,Ltd. Authentication method of hard disk drive and recording medium storing the same
US20160337351A1 (en) * 2012-03-16 2016-11-17 Acuity Systems, Inc. Authentication system
CN103942690A (en) * 2014-04-25 2014-07-23 天地融科技股份有限公司 Data security interactive system
CN104660605A (en) * 2015-03-05 2015-05-27 北京安普诺信息技术有限公司 Multi-factor identity authentication method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114374522A (en) * 2022-03-22 2022-04-19 杭州美创科技有限公司 Trusted device authentication method and device, computer device and storage medium
CN114726550A (en) * 2022-05-25 2022-07-08 北京奇虎科技有限公司 Identification code generation method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN114003888B (en) 2023-11-07

Similar Documents

Publication Publication Date Title
CN109787771B (en) Identity authorization method and system based on block chain
CN109361668A (en) A kind of data trusted transmission method
US8261089B2 (en) Method and system for authenticating a user by means of a mobile device
US9294288B2 (en) Facilitating secure online transactions
CN101005361B (en) Server and software protection method and system
WO2016180264A1 (en) Method and apparatus for acquiring an electronic file
CN109327313A (en) A kind of Bidirectional identity authentication method with secret protection characteristic, server
CN111027036B (en) Identity association method based on block chain
CN101577917A (en) Safe dynamic password authentication method based on mobile phone
CN107920052B (en) Encryption method and intelligent device
US20150170144A1 (en) System and method for signing and authenticating secure transactions through a communications network
CN101686127A (en) Novel USBKey secure calling method and USBKey device
CN114003888A (en) Bidirectional authentication method and device for storage system access based on hardware information
CN101420302A (en) Safe identification method and device
CN110505055A (en) Based on unsymmetrical key pond to and key card outer net access identity authentication method and system
Cui et al. Security analysis of openstack keystone
JP6533542B2 (en) Secret key replication system, terminal and secret key replication method
CN110866754A (en) Pure software DPVA (distributed data authentication and privacy infrastructure) identity authentication method based on dynamic password
CN110519222A (en) Outer net access identity authentication method and system based on disposable asymmetric key pair and key card
CN113904767A (en) System for establishing communication based on SSL
CN117411671A (en) IPv 6-based terminal identity authentication method and device
KR20150005788A (en) Method for authenticating by using user's key value
Chen et al. CallChain: Identity authentication based on blockchain for telephony networks
CN107864136A (en) A kind of stolen method of anti-locking system short message service
KR20150005789A (en) Method for Authenticating by using Certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant