CN114297355A - Method and system for establishing secure session, solid state disk and terminal equipment - Google Patents

Method and system for establishing secure session, solid state disk and terminal equipment Download PDF

Info

Publication number
CN114297355A
CN114297355A CN202111523005.9A CN202111523005A CN114297355A CN 114297355 A CN114297355 A CN 114297355A CN 202111523005 A CN202111523005 A CN 202111523005A CN 114297355 A CN114297355 A CN 114297355A
Authority
CN
China
Prior art keywords
key
random number
solid state
negotiation
state disk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111523005.9A
Other languages
Chinese (zh)
Inventor
王鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hefei Datang Storage Technology Co ltd
Original Assignee
Hefei Datang Storage Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hefei Datang Storage Technology Co ltd filed Critical Hefei Datang Storage Technology Co ltd
Priority to CN202111523005.9A priority Critical patent/CN114297355A/en
Publication of CN114297355A publication Critical patent/CN114297355A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the application discloses a method and a system for establishing a secure session, a solid state disk and terminal equipment. The method comprises the following steps: before establishing a session with a solid state disk, sending a starting instruction to the solid state disk, wherein the starting instruction comprises a negotiation public key of a terminal device; receiving a start response message, wherein the start response message comprises a negotiation public key of the solid state disk and a first encryption result, and the first encryption result is obtained by encrypting a first random number by using the negotiation public key of the terminal equipment; decrypting the first encryption result by adopting a negotiation private key of the terminal equipment to obtain a first random number, and encrypting the second random number by adopting a negotiation public key of the solid state disk to obtain a second encryption result; sending a processing instruction including a second encryption result; receiving a process response message including indication information of a session key, the session key being generated from the first random number and the second random number; determining a session key according to the indication information of the session key; a secure session is established using the session key.

Description

Method and system for establishing secure session, solid state disk and terminal equipment
Technical Field
The embodiment of the application relates to the field of information processing, and in particular, to a method and a system for establishing a secure session, a solid state disk and a terminal device.
Background
With the development of the information industry, the information security problem is increasingly prominent, various security applications based on the principle of cryptography are more and more extensive, and data encryption is deeply carried out in all corners of information applications.
A Solid State Disk (SSD), also called Solid State Drive, is a hard Disk made of an array of Solid State electronic memory chips. When the solid state disk communicates with the terminal device, the same symmetric key is usually used for encryption, and the method has the risk of information leakage in the transmission of sensitive information and is low in safety.
Disclosure of Invention
In order to solve any technical problem, embodiments of the present application provide a method and a system for establishing a secure session, a solid state disk, and a terminal device.
In order to achieve the purpose of the embodiment of the present application, an embodiment of the present application provides a method for establishing a secure session, which is applied to a terminal device, and the method includes:
before establishing a session with a solid state disk, sending a starting instruction to the solid state disk, wherein the starting instruction comprises a negotiation public key of a terminal device;
receiving a start response message, wherein the start response message comprises a negotiation public key of the solid state disk and a first encryption result, and the first encryption result is obtained by encrypting a first random number by using the negotiation public key of the terminal equipment;
decrypting the first encryption result by adopting a negotiation private key of the terminal equipment to obtain a first random number, and encrypting the second random number by adopting a negotiation public key of the solid state disk to obtain a second encryption result;
sending a processing instruction, wherein the processing instruction comprises a second encryption result;
receiving a processing response message, wherein the processing response message comprises indication information of a session key, and the session key is generated according to a first random number and a second random number;
determining a session key according to the indication information of the session key;
and establishing a secure session with the solid state disk by using the session key.
A terminal device comprising a memory having a computer program stored therein and a processor arranged to execute the computer program to perform the method as described above.
A method for establishing a secure session is applied to a solid state disk, and comprises the following steps:
before establishing a session with a terminal device, receiving a starting instruction, wherein the starting instruction comprises a negotiation public key of the terminal device;
encrypting a first random number by adopting a negotiation public key of the terminal equipment to obtain a first encryption result;
sending a starting response message, wherein the starting response message comprises a negotiation public key of the solid state disk and a first encryption result;
receiving a processing instruction, wherein the processing instruction comprises a second encryption result, and the second encryption result is obtained by encrypting a second random number by using a negotiation public key of the solid state disk;
decrypting the second encryption result by adopting a negotiation private key of the solid state disk to obtain a second random number;
generating a session key according to the first random number and the second random number;
sending a processing response message, wherein the processing response message comprises indication information of the session key;
and establishing a secure session with the terminal equipment by adopting the session key.
A solid state disk comprising a memory and a processor, wherein the memory has stored therein a computer program, and the processor is configured to execute the computer program to perform the method described above.
A secure session establishment system comprises the terminal device and the solid state disk.
One of the above technical solutions has the following advantages or beneficial effects:
before the session is established, the solid state disk and the terminal equipment are obtained by adopting encryption transmission to respectively obtain respective random numbers, and a session key is generated by utilizing the obtained random numbers, so that the secure session is established, the problem of low security caused by the session by using a fixed key in the prior art is solved, and the purpose of secure communication between the solid state disk and the terminal equipment is realized.
Additional features and advantages of the embodiments of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the embodiments of the application. The objectives and other advantages of the embodiments of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the embodiments of the present application and are incorporated in and constitute a part of this specification, illustrate embodiments of the present application and together with the examples of the embodiments of the present application do not constitute a limitation of the embodiments of the present application.
Fig. 1 is a flowchart of a method for establishing a secure session according to an embodiment of the present application;
fig. 2 is a flowchart of another secure session establishment method according to an embodiment of the present application;
fig. 3 is an interaction diagram of a session key negotiation process provided in an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application more apparent, the embodiments of the present application will be described in detail below with reference to the accompanying drawings. It should be noted that, in the embodiments of the present application, features in the embodiments and the examples may be arbitrarily combined with each other without conflict.
Fig. 1 is a flowchart of a method for establishing a secure session according to an embodiment of the present application. As shown in fig. 1, the method is applied to a terminal device, and includes:
step 101, before establishing a session with a solid state disk, sending a start instruction to the solid state disk, wherein the start instruction comprises a negotiation public key of a terminal device;
the terminal device may be a device capable of being connected to the solid state disk, a computer device, or an intelligent household appliance (e.g., an intelligent television) having a storage function.
Preferably, the start instruction further includes at least one of a version number of a CA certificate and signature data of a negotiation public key of the terminal device, where the signature data of the negotiation public key of the terminal device is obtained by processing with a CA public key;
102, receiving a start response message, wherein the start response message includes a negotiation public key of the solid state disk and a first encryption result, and the first encryption result is obtained by encrypting a first random number by using the negotiation public key of the terminal device;
preferably, the start response message further includes signature data of a negotiated public key of the solid state disk and/or signature data of the first random number.
103, decrypting the first encryption result by using a negotiation private key of the terminal equipment to obtain a first random number, and encrypting the second random number by using a negotiation public key of the solid state disk to obtain a second encryption result;
if the starting response message also comprises signature data of the negotiation public key of the solid state disk, after the signature data of the negotiation public key of the solid state disk passes verification, sending a processing instruction; and/or if the starting response message also comprises the signature data of the first random number, sending the processing instruction after the signature data of the first random number is verified.
104, sending a processing instruction, wherein the processing instruction comprises a second encryption result;
preferably, the processing instruction further includes signature data of a second random number, where the signature data of the second random number is obtained by processing with a negotiated private key of the terminal device.
Step 105, receiving a processing response message, where the processing response message includes indication information of a session key, where the session key is generated according to a first random number and a second random number;
preferably, the indication information of the session key is third encrypted data obtained by encrypting preset standard data by using the session key;
the standard data can be a field or text of preset content; for example, the field content of hello is taken as standard data.
Step 106, determining a session key according to the indication information of the session key;
preferably, the key to be verified can be generated by using the first random number and the second random number in the same manner as the solid state disk; and if the target data is successfully decrypted by adopting the key to be verified, determining that the key to be verified is a session key.
And step 107, establishing a secure session with the solid state disk by using the session key.
When the terminal device communicates with the solid state disk every time, the terminal device and the solid state device negotiate a new session key, namely a one-time pad, so that the transmission of data on a link becomes safer and is less prone to being broken.
According to the method provided by the embodiment of the application, before the session is established, the solid state disk and the terminal device are respectively obtained by adopting encryption transmission, and the session key is generated by utilizing the obtained random numbers, so that the secure session is established, the problem of low security caused by the session by using a fixed key in the prior art is solved, and the purpose of secure communication between the solid state disk and the terminal device is realized.
Fig. 2 is a flowchart of another secure session establishment method according to an embodiment of the present application. As shown in fig. 2, the method is applied to a solid state disk, and includes:
step 201, before establishing a session with a terminal device, receiving a start instruction, where the start instruction includes a negotiation public key of the terminal device;
preferably, the start instruction further includes at least one of a version number of the CA certificate and signature data of a negotiated public key of the terminal device, where the signature data of the negotiated public key of the terminal device is obtained by processing with a CA public key.
Step 202, encrypting a first random number by using a negotiation public key of the terminal equipment to obtain a first encryption result;
if the starting instruction further comprises the version number of the CA certificate, then sending a starting response message when the version number of the CA certificate is the same as the version number of the CA certificate recorded locally; and/or if the starting instruction further comprises signature data of the negotiation public key of the solid state disk, sending a starting response message after the signature data of the negotiation public key of the solid state disk passes verification.
Step 203, sending a start response message, wherein the start response message includes a negotiation public key of the solid state disk and a first encryption result;
preferably, the start response message further includes signature data of a negotiation public key of the solid state disk and/or signature data of the first random number; the signature data of the negotiation public key of the solid state disk is obtained by utilizing CA public key processing; and the signature data of the first random number is obtained by utilizing the negotiation private key of the solid state disk.
Step 204, receiving a processing instruction, wherein the processing instruction comprises a second encryption result, and the second encryption result is obtained by encrypting a second random number by using the negotiation public key of the solid state disk;
preferably, the processing instruction further includes signature data of a second random number, where the signature data of the second random number is obtained by processing with a negotiated private key of the terminal device.
Step 205, decrypting the second encryption result by using a negotiation private key of the solid state disk to obtain a second random number;
and if the processing instruction further comprises signature data of a second random number, wherein the signature data of the second random number is obtained by utilizing the negotiation private key of the terminal equipment, and then the control response message is sent after the signature data of the second random number passes verification.
Step 206, generating a session key according to the first random number and the second random number;
step 207, sending a processing response message, wherein the processing response message includes indication information of the session key;
preferably, the indication information of the session key is third encrypted data obtained by encrypting preset standard data by using the session key;
the standard data can be a field or text of preset content; for example, the field content of hello is taken as standard data.
And step 208, establishing a secure session with the terminal equipment by using the session key.
When the terminal device communicates with the terminal device each time, the terminal device and the solid-state device negotiate a new session key, namely, a one-time pad, so that the transmission of data on a link becomes safer and is less prone to being broken.
According to the method provided by the embodiment of the application, before the session is established, the solid state disk and the terminal device are respectively obtained by adopting encryption transmission, and the session key is generated by utilizing the obtained random numbers, so that the secure session is established, the problem of low security caused by the session by using a fixed key in the prior art is solved, and the purpose of secure communication between the solid state disk and the terminal device is realized.
The following is a description of the method provided by the examples of the present application:
the terminal device (also called as an upper computer or Host) can communicate with the SSD and perform data transmission by using encrypted secure session, so as to ensure the confidentiality of a sensitive data link layer, wherein session key negotiation is the first step of normal communication between the terminal device and the SSD. And after the negotiation of the session key is completed, encrypting the subsequent sensitive instruction by using the negotiated session key. For example, it can be used for identity authentication, preventing man-in-the-middle attacks, and link layer interception.
The following explains a key pair provided in the embodiments of the present application:
the certification key pair is a key pair for the CA to issue the certificate, wherein the authority stores a CA public key PubKey (CA) and a CA private key PriKey (CA), and the terminal equipment and the SSD both store the CA public key PubKey (CA) to sign respective negotiation public keys;
the negotiation key pair of the terminal equipment comprises a negotiation public key Pubkey (host) of the terminal equipment and a negotiation private key Prikey (host) of the terminal equipment, is generated by the terminal equipment by using a built-in algorithm and is used by the terminal equipment in the process of negotiating the session key;
the negotiation key pair of the SSD comprises a negotiation public key Pubkey (SSD) of the SSD and a negotiation private key Prikey (SSD) of the SSD, the negotiation public key Pubkey (SSD) and the negotiation private key Prikey (SSD) of the SSD are generated by the SSD by using a built-in algorithm and are used by the SSD in a session key negotiation process;
the session key, a symmetric key obtained by key negotiation between the terminal equipment and the terminal equipment, is used for a session key used by session communication and is stored in the terminal equipment and the terminal equipment; each session has a respective session key, and after the session is ended, the session key corresponding to the session is invalid.
In order to ensure safety, a secondary CA method is adopted: the primary CA is called RootCA, i.e. a root key pair, the key pair is generated in a secure production environment and is stored in an encryption server, the data format of the certificate adopts a custom mode, and the content includes: certificate version number, certificate serial number, signature algorithm, signature hash algorithm, issuer, user, public key content, and the like. And then, a secondary CA (namely PrIKey (CA) + Pubkey (CA)) is issued by using RootCA, the Pubkey (CA) also comprises the certificate content, and the secondary CA is stored in a proprietary authentication tool and is used for signing and verifying the public keys of the SSD and the Host terminal subsequently.
When the SSD is initialized, the SSD generates a negotiation key pair PubKey (SSD) and PrIKey (SSD), and only executes once; where the negotiation key pair generated by each chip is different.
The terminal equipment signs an SSD public key PubKey (SSD) by using a special authentication private key PrIKey (CA) by using a special authentication tool to obtain Sign (PubKey (SSD)), and imports a negotiation public key signature Sign (PubKey (SSD)) + the special authentication public key PubKey (CA) of the SSD into the SSD for storage; this process is performed during the SSD initialization phase and can only be performed once. The proprietary authentication tool will save the SSD's serial number and the public key pubkey (SSD).
Similarly, the terminal device has a pair of negotiation keys pubkey (host) and private authentication key privet (ca), and signs the negotiation public key pubkey (host) of the terminal device to obtain Sign (pubkey (host)), and the Sign + authentication public key pubkey (ca) + pubkey (host) + privet (host) is stored in the terminal device, or a code written in the terminal device is fixed. The private authentication tool and the private authentication private key PrIKey (CA) are operated in a secure environment, and the confidentiality of the private authentication private key is ensured.
Fig. 3 is an interaction diagram of a session key negotiation process provided in an embodiment of the present application. As shown in fig. 3, the method includes:
step 301, the terminal device sends a key negotiation starting instruction;
the key agreement start instruction includes an agreement public key pubkey (host) of the terminal device, signature data Sign (pubkey (host)) of the agreement public key of the terminal device, and a version number of the CA certificate.
Step 302, after receiving a key agreement start instruction of the terminal device, the SSD responds to the received key agreement start instruction;
step 302a, firstly, judging whether the version number of the CA certificate is the same as the version of a locally stored CA integer;
if the version numbers are the same, go to step 302 b; otherwise, returning an error to the terminal equipment.
Step 302b, verifying a negotiation public key pubkey (host) of the terminal device issued by the terminal device and a signature Sign (pubkey (host)) of the negotiation public key of the terminal device by using an authentication public key pubkey (CA);
if the verification is successful, the software of the terminal equipment is legal, and then step 302c is executed; and if the verification fails, returning an error to the terminal equipment.
Step 302c, the SSD generates a first random number RandA, and encrypts the first random number RandA by using a negotiation public key pubkey (host) of the terminal device to obtain a first encryption result pubkey (host) enc (RandA); performing Hash operation on the first random number randA, and signing by using a negotiation private key (SSD) of the SSD to obtain Sign (Hash (randA));
wherein the first random number RandA is used for generating a session key;
step 302d, the SSD negotiates the public key pubkey (SSD), the SSD negotiates the public key signature Sign (pubkey (SSD)), the signature Sign (randa) of the first random number, and the first encryption result pubkey (host) enc (randa) are returned to the terminal device through the key negotiation initiation response message.
Step 303, the terminal device software processes the received key negotiation starting response message returned by the SSD;
step 303a, verifying the SSD negotiation public key signature by using the authentication public key pubkey (ca), and if the verification fails, exiting the negotiation process. Decrypting the first encryption result PubKey (host) ENC (RandA) by using a negotiation private key (host) of the terminal equipment to obtain a first random number RandA, verifying the signature sign (RandA) of the first random number by using PubKey (SSD), and exiting the negotiation process after the verification fails. Otherwise, saving the first random number RandA;
step 303b, the terminal device generates a second random number RandB, and encrypts the second random number RandB by using a negotiation public key pubkey (SSD) of the SSD to obtain a second encryption result pubkey (SSD) enc (RandB); the second random number RandC is used for generating a session key;
step 303c, after performing Hash operation on the second random number RandB, signing by using a negotiation private key (host) of the terminal device to obtain a signature Sign (Hash (RandB)) of the second random number;
step 303d, sending a key agreement processing instruction to the SSD, where the key agreement processing instruction includes a second encryption result pubkey (SSD) enc (randb), and a signature Sign (hash (randb)) of a second random number.
Step 304, the SSD processes the key agreement processing instruction;
step 304a, checking Sign (hash) (randb)) by using a negotiation public key pubkey (host) of the terminal device, and if the Sign is checked to pass, indicating that the terminal device has a corresponding negotiation private key.
Step 304b, decrypting the second encryption result pubkey (SSD) enc (RandB) by using the SSD negotiation private key prikey (SSD) to obtain the second random number RandB.
Step 304c, derive the session key sessionKey of 16 bytes using the mechanism of HASH (RandA + RandB).
And step 304d, encrypting the character string 'Hello' by using sessionKey, and returning the cipher text of the character string to the terminal equipment through key agreement processing response.
Step 304, the terminal device software receives the data returned by the SSD
Step 304a, deriving a session key, HASH (RandA + RandB), by using the same mechanism;
and step 304b, decrypting the ciphertext returned by the SSD by using the derived session key, if the value obtained by decryption is 'Hello', indicating that the two parties negotiate successfully, and simultaneously proving that the SSD has a real SSD negotiation private key, and finishing the negotiation process. Otherwise, the negotiation is failed, and the negotiation process is exited.
And 305, after the session key negotiation is finished, encrypting the subsequent sensitive instruction by using the session key obtained by the negotiation based on an SM4 algorithm for identity authentication to prevent man-in-the-middle attack and link layer interception.
The method provided by the embodiment of the application provides a scheme for establishing a universal secure channel of the solid state disk, and a new SM4 symmetric key needs to be negotiated every time of communication, namely, a one-time pad is adopted, so that the problem that the secure channel of the solid state disk is unsafe to encrypt by using a fixed key in the prior art is solved, the new key is used for encrypting data or sensitive information every time of communication, a listener cannot know the rule, further cannot crack the data or sensitive information, and the security of the solid state disk communication is further enhanced; and the SM4 cryptographic algorithm is adopted, so that the data and sensitive information of the user are better protected.
An embodiment of the present application provides a terminal device, which includes a memory and a processor, where the memory stores a computer program, and the processor is configured to execute the computer program to perform the method shown in fig. 1.
An embodiment of the present application provides a solid state disk, which includes a memory and a processor, and is characterized in that the memory stores a computer program, and the processor is configured to execute the computer program to execute the method shown in fig. 2.
The embodiment of the application provides a system for establishing a secure session, which comprises the terminal device and the solid state disk.
It will be understood by those of ordinary skill in the art that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.

Claims (10)

1. A method for establishing a secure session is applied to a terminal device, and comprises the following steps:
before establishing a session with a solid state disk, sending a starting instruction to the solid state disk, wherein the starting instruction comprises a negotiation public key of a terminal device;
receiving a start response message, wherein the start response message comprises a negotiation public key of the solid state disk and a first encryption result, and the first encryption result is obtained by encrypting a first random number by using the negotiation public key of the terminal equipment;
decrypting the first encryption result by adopting a negotiation private key of the terminal equipment to obtain a first random number, and encrypting the second random number by adopting a negotiation public key of the solid state disk to obtain a second encryption result;
sending a processing instruction, wherein the processing instruction comprises a second encryption result;
receiving a processing response message, wherein the processing response message comprises indication information of a session key, and the session key is generated according to a first random number and a second random number;
determining a session key according to the indication information of the session key;
and establishing a secure session with the solid state disk by using the session key.
2. The method of claim 1, wherein:
the starting instruction further comprises at least one of the version number of the CA certificate and signature data of a negotiation public key of the terminal equipment;
and/or the presence of a gas in the gas,
the processing instruction further includes signature data of a second random number;
the signature data of the second random number is obtained by processing a negotiation private key of the terminal device, and the signature data of a negotiation public key of the terminal device is obtained by processing a CA public key.
3. The method of claim 1, wherein:
if the starting response message also comprises signature data of the negotiation public key of the solid state disk, after the signature data of the negotiation public key of the solid state disk passes verification, sending a processing instruction; and/or if the starting response message also comprises the signature data of the first random number, sending a processing instruction after the signature data of the first random number passes verification;
the signature data of the negotiation public key of the solid state disk is obtained by utilizing CA public key processing; and the signature data of the first random number is obtained by utilizing the negotiation private key of the solid state disk.
4. The method of claim 1, wherein:
the indication information of the session key is third encrypted data obtained by encrypting preset standard data by using the session key;
the determining a session key according to the indication information of the session key includes:
generating a key to be verified according to the first random number and the second random number;
and if the third encrypted data is successfully decrypted by adopting the key to be verified, determining that the key to be verified is a session key.
5. A method for establishing a secure session is applied to a solid state disk, and comprises the following steps:
before establishing a session with a terminal device, receiving a starting instruction, wherein the starting instruction comprises a negotiation public key of the terminal device;
encrypting a first random number by adopting a negotiation public key of the terminal equipment to obtain a first encryption result;
sending a starting response message, wherein the starting response message comprises a negotiation public key of the solid state disk and a first encryption result;
receiving a processing instruction, wherein the processing instruction comprises a second encryption result, and the second encryption result is obtained by encrypting a second random number by using a negotiation public key of the solid state disk;
decrypting the second encryption result by adopting a negotiation private key of the solid state disk to obtain a second random number;
generating a session key according to the first random number and the second random number;
sending a processing response message, wherein the processing response message comprises indication information of the session key;
and establishing a secure session with the terminal equipment by adopting the session key.
6. The method of claim 5, wherein:
the starting response message also comprises signature data of a negotiation public key of the solid state disk and/or signature data of a first random number;
the signature data of the negotiation public key of the solid state disk is obtained by utilizing CA public key processing; and the signature data of the first random number is obtained by utilizing the negotiation private key of the solid state disk.
7. The method of claim 5, wherein:
if the starting instruction further comprises the version number of the CA certificate, then sending a starting response message when the version number of the CA certificate is the same as the version number of the CA certificate recorded locally; and/or if the starting instruction further comprises signature data of a negotiation public key of the terminal equipment, sending a starting response message after the signature data of the negotiation public key of the terminal equipment passes verification;
if the processing instruction further comprises signature data of a second random number, wherein the signature data of the second random number is obtained by processing with a negotiation private key of the terminal equipment, and then sending a control response message after the signature data of the second random number passes verification;
the signature data of the second random number is obtained by processing a negotiation private key of the terminal device, and the signature data of a negotiation public key of the terminal device is obtained by processing a CA public key.
8. A terminal device comprising a memory and a processor, characterized in that the memory has stored therein a computer program, the processor being arranged to execute the computer program to perform the method of any of claims 1 to 4.
9. A solid state disk comprising a memory and a processor, wherein the memory has stored therein a computer program, and the processor is configured to execute the computer program to perform the method of any one of claims 5 to 7.
10. A secure session establishment system comprising the terminal device of claim 8 and the solid state disk of claim 9.
CN202111523005.9A 2021-12-13 2021-12-13 Method and system for establishing secure session, solid state disk and terminal equipment Pending CN114297355A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111523005.9A CN114297355A (en) 2021-12-13 2021-12-13 Method and system for establishing secure session, solid state disk and terminal equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111523005.9A CN114297355A (en) 2021-12-13 2021-12-13 Method and system for establishing secure session, solid state disk and terminal equipment

Publications (1)

Publication Number Publication Date
CN114297355A true CN114297355A (en) 2022-04-08

Family

ID=80967449

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111523005.9A Pending CN114297355A (en) 2021-12-13 2021-12-13 Method and system for establishing secure session, solid state disk and terminal equipment

Country Status (1)

Country Link
CN (1) CN114297355A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115549910A (en) * 2022-11-30 2022-12-30 苏州浪潮智能科技有限公司 Data transmission method, equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101090316A (en) * 2006-06-16 2007-12-19 普天信息技术研究院 Identify authorization method between storage card and terminal equipment at off-line state
CN104243451A (en) * 2014-08-19 2014-12-24 天地融科技股份有限公司 Information interaction method and system and smart key equipment
CN104811941A (en) * 2015-04-30 2015-07-29 福建星网锐捷网络有限公司 Offline virtual machine safety management method and device
CN106603485A (en) * 2016-10-31 2017-04-26 美的智慧家居科技有限公司 Secret key negotiation method and device
CN109005028A (en) * 2018-11-02 2018-12-14 美的集团股份有限公司 Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system
CN109039628A (en) * 2018-11-02 2018-12-18 美的集团股份有限公司 Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system
CN111130769A (en) * 2019-12-14 2020-05-08 武汉玖保慧信息科技有限公司 Internet of things terminal encryption method and device
CN112487380A (en) * 2020-12-16 2021-03-12 江苏国科微电子有限公司 Data interaction method, device, equipment and medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101090316A (en) * 2006-06-16 2007-12-19 普天信息技术研究院 Identify authorization method between storage card and terminal equipment at off-line state
CN104243451A (en) * 2014-08-19 2014-12-24 天地融科技股份有限公司 Information interaction method and system and smart key equipment
CN104811941A (en) * 2015-04-30 2015-07-29 福建星网锐捷网络有限公司 Offline virtual machine safety management method and device
CN106603485A (en) * 2016-10-31 2017-04-26 美的智慧家居科技有限公司 Secret key negotiation method and device
CN109005028A (en) * 2018-11-02 2018-12-14 美的集团股份有限公司 Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system
CN109039628A (en) * 2018-11-02 2018-12-18 美的集团股份有限公司 Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system
CN111130769A (en) * 2019-12-14 2020-05-08 武汉玖保慧信息科技有限公司 Internet of things terminal encryption method and device
CN112487380A (en) * 2020-12-16 2021-03-12 江苏国科微电子有限公司 Data interaction method, device, equipment and medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115549910A (en) * 2022-11-30 2022-12-30 苏州浪潮智能科技有限公司 Data transmission method, equipment and storage medium
CN115549910B (en) * 2022-11-30 2023-03-10 苏州浪潮智能科技有限公司 Data transmission method, equipment and storage medium
WO2024113724A1 (en) * 2022-11-30 2024-06-06 苏州元脑智能科技有限公司 Data transmission method, device, and storage medium

Similar Documents

Publication Publication Date Title
CN107810617B (en) Secret authentication and provisioning
US10601801B2 (en) Identity authentication method and apparatus
CN101828357B (en) Credential provisioning method and device
US20190074977A1 (en) Method and system for producing a secure communication channel for terminals
EP2905719B1 (en) Device and method certificate generation
CN107404472B (en) Method and apparatus for migration of encryption keys
CN103532713B (en) Sensor authentication and shared key production method and system and sensor
JP5954609B1 (en) Method and system for backing up private key of electronic signature token
CN103546289B (en) USB (universal serial bus) Key based secure data transmission method and system
EP3001598B1 (en) Method and system for backing up private key in electronic signature token
KR20140126787A (en) Puf-based hardware device for providing one time password, and method for 2-factor authenticating using thereof
KR20200013764A (en) Method for mutual symmetric authentication between first application and second application
CN111614621B (en) Internet of things communication method and system
WO2023143037A1 (en) Key management and service processing
JP2002344438A (en) Key sharing system, key sharing device and program thereof
CN112351037B (en) Information processing method and device for secure communication
CN110380859B (en) Quantum communication service station identity authentication method and system based on asymmetric key pool pair and DH protocol
WO2023151427A1 (en) Quantum key transmission method, device and system
KR100668446B1 (en) Safe --method for transferring digital certificate
CN112383395A (en) Key agreement method and device
CN112487380A (en) Data interaction method, device, equipment and medium
US11240661B2 (en) Secure simultaneous authentication of equals anti-clogging mechanism
CN117081736A (en) Key distribution method, key distribution device, communication method, and communication device
CN114297355A (en) Method and system for establishing secure session, solid state disk and terminal equipment
WO2015158173A1 (en) Agreement key-based data processing method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination