CN114297673A - Password verification method, solid state disk and upper computer - Google Patents
Password verification method, solid state disk and upper computer Download PDFInfo
- Publication number
- CN114297673A CN114297673A CN202111543549.1A CN202111543549A CN114297673A CN 114297673 A CN114297673 A CN 114297673A CN 202111543549 A CN202111543549 A CN 202111543549A CN 114297673 A CN114297673 A CN 114297673A
- Authority
- CN
- China
- Prior art keywords
- password
- solid state
- state disk
- public key
- upper computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 239000007787 solid Substances 0.000 title claims abstract description 147
- 238000012795 verification Methods 0.000 title claims abstract description 103
- 238000000034 method Methods 0.000 title claims abstract description 75
- 238000012545 processing Methods 0.000 claims abstract description 80
- 230000008569 process Effects 0.000 claims abstract description 23
- 238000004891 communication Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000008676 import Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000011022 opal Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the application discloses a password verification method, a solid state disk and an upper computer, wherein the method comprises the following steps: after the solid state disk is placed in an upper computer, storing the card opening stage of the solid state disk into initial verification data of the solid state disk, and sending the initial verification data to the upper computer; the initial verification data includes: a password protection public key and a password protection public key signature; so that the upper computer verifies the validity of the password protection public key; when the verification result is that the password protection public key is legal, generating a random number according to an instruction of the upper computer, and sending the random number to the upper computer so that the upper computer verifies data according to a random number ciphertext password; receiving ciphertext password verification data sent by an upper computer, decrypting according to the password verification data and a password protection private key, and acquiring password processing data; and carrying out reverse security processing on the password processing data to obtain a plaintext password. By the scheme of the embodiment, the security of the password authentication process is improved, man-in-the-middle attack can be prevented, and replay attack can be prevented.
Description
Technical Field
The embodiment of the application relates to the field of solid state disks, in particular to a password verification method, a solid state disk and an upper computer.
Background
In solid state disk products, user passwords are used for access control of the authority of user data. The security standard in the field of the solid state disk is TCG OPAL at present, the security of a password authentication mechanism in the standard is poor, only pbkdf (hash operation capable of being operated for multiple times) processing is carried out on a user password, and replay attack and man-in-the-middle attack cannot be prevented; in addition, a symmetric encryption algorithm is used in the PIN (personal identification number) verification process of other products, so that the security strength is low and the products are easy to crack.
Disclosure of Invention
The embodiment of the application provides a password verification method, a solid state disk and an upper computer, which can improve the security of the password verification process, prevent man-in-the-middle attacks and prevent replay attacks.
The embodiment of the application provides a password verification method, which is applied to a solid state hard disk side, and the method can comprise the following steps:
after the solid state disk is placed into an upper computer, storing initial verification data of the solid state disk, which are stored in a card opening stage of the solid state disk, into the solid state disk, and sending the initial verification data to the upper computer; the initial verification data includes: a password protection public key and a password protection public key signature; so that the upper computer verifies the validity of the password protection public key;
when the verification result of the upper computer indicates that the password protection public key is legal, generating a random number according to a received instruction of the upper computer, and sending the random number to the upper computer so that the upper computer verifies data according to the random number ciphertext password;
receiving the ciphertext password verification data sent by the upper computer, decrypting according to the password verification data and a password protection private key, and acquiring password processing data;
and carrying out reverse security processing on the password processing data to obtain a plaintext password.
In an exemplary embodiment of the present application, after acquiring the plaintext password, the method may further include:
checking the strength of the personal identification number PIN of the plaintext password; and the number of the first and second groups,
and comparing the obtained plaintext password with the plaintext password stored in the solid state disk.
In an exemplary embodiment of the present application, the performing reverse security processing on the password processing data may include:
decrypting the password processing data by using the random number as a key; or,
performing preset logic operation by adopting the random number and the password processing data; the logical operation comprises an exclusive or operation.
In an exemplary embodiment of the present application, the method may further include:
after the solid state disk is electrified for the first time, generating a password protection asymmetric key pair and storing the password protection asymmetric key pair in the solid state disk; the password protected asymmetric key pair comprises: a password-protected public key and a password-protected private key.
In an exemplary embodiment of the present application, the method may further include:
sending the password protection asymmetric key pair and a first hard disk serial number stored in the solid state disk to a preset card opening tool, so that the card opening tool sends the password protection public key and the first hard disk serial number to a preset server, and signing the password protection public key and the first hard disk serial number by adopting a root private key stored in the server to obtain a password protection public key signature;
receiving initial verification data returned by the card opening tool; the initial verification data includes: password protected public key signatures.
The embodiment of the present application further provides a solid state disk, which may include a first processor and a first computer-readable storage medium, where instructions are stored in the first computer-readable storage medium, and when the instructions are executed by the first processor, the method for verifying a password applied to a solid state disk side in any one of the above-mentioned items is implemented.
The embodiment of the application further provides a password verification method, which is applied to the upper computer side, and the method comprises the following steps:
acquiring initial verification data stored in a solid state disk at a card opening stage of the solid state disk from the solid state disk; the initial verification data includes: a password protection public key and a password protection public key signature;
verifying the validity of the password protection public key;
when the verification result shows that the password protection public key is legal, acquiring a random number from the solid state disk; the solid state disk is generated according to the received instruction during the random number;
carrying out security processing on the random number and a preset plaintext password to obtain password processing data;
encrypting the password processing data by adopting the password protection public key to obtain ciphertext password verification data;
and sending the ciphertext password verification data to the solid state disk so that the solid state disk decrypts the ciphertext password verification data according to a password protection private key to obtain the password processing data, and performing reverse security processing on the password processing data to obtain the plaintext password.
In an exemplary embodiment of the present application, the initial verification data may further include: a first hard disk serial number; before acquiring the random number from the solid state disk, the method may further include:
comparing the obtained first hard disk serial number with a second hard disk serial number which is preset on the solid state disk; and judging whether the serial number of the first hard disk is consistent with the serial number of the second hard disk.
In an exemplary embodiment of the present application, the initial verification data may further include: and when the verification result is that the password protection public key is illegal, exiting the operation process of the solid state disk.
In an exemplary embodiment of the present application, the performing security processing on the random number and a preset plaintext password may include:
encrypting the plaintext password by using the random number as a key; or,
performing preset logic operation by adopting the random number and the plaintext password; the logical operation comprises an exclusive or operation.
The embodiment of the present application further provides an upper computer, which may include a second processor and a second computer-readable storage medium, where the second computer-readable storage medium stores instructions, and when the instructions are executed by the second processor, the method for verifying a password applied to the upper computer side as described in any one of the above is implemented.
Compared with the related art, the embodiment of the application can comprise the following steps: after the solid state disk is placed into an upper computer, storing initial verification data of the solid state disk, which are stored in a card opening stage of the solid state disk, into the solid state disk, and sending the initial verification data to the upper computer; the initial verification data includes: a password protection public key and a password protection public key signature; so that the upper computer verifies the validity of the password protection public key; when the verification result of the upper computer indicates that the password protection public key is legal, generating a random number according to a received instruction of the upper computer, and sending the random number to the upper computer so that the upper computer verifies data according to the random number ciphertext password; receiving the ciphertext password verification data sent by the upper computer, decrypting according to the password verification data and a password protection private key, and acquiring password processing data; and carrying out reverse security processing on the password processing data to obtain the plaintext password. By the scheme of the embodiment, the security of the password authentication process is improved, man-in-the-middle attack can be prevented, and replay attack can be prevented.
Additional features and advantages of embodiments of the present application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the present application. Other advantages of the present application may be realized and attained by the instrumentalities and combinations particularly pointed out in the specification and the drawings.
Drawings
The accompanying drawings are included to provide an understanding of the present disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the examples serve to explain the principles of the disclosure and not to limit the disclosure.
FIG. 1 is a flowchart of a password authentication method applied to a solid state disk according to an embodiment of the present application;
fig. 2 is a block diagram illustrating a solid state disk according to an embodiment of the present application;
FIG. 3 is a flowchart of a password authentication method applied to the upper computer side according to an embodiment of the present application;
fig. 4 is a block diagram of a host computer according to an embodiment of the present disclosure.
Detailed Description
The present application describes embodiments, but the description is illustrative rather than limiting and it will be apparent to those of ordinary skill in the art that many more embodiments and implementations are possible within the scope of the embodiments described herein. Although many possible combinations of features are shown in the drawings and discussed in the detailed description, many other combinations of the disclosed features are possible. Any feature or element of any embodiment may be used in combination with or instead of any other feature or element in any other embodiment, unless expressly limited otherwise.
The present application includes and contemplates combinations of features and elements known to those of ordinary skill in the art. The embodiments, features and elements disclosed in this application may also be combined with any conventional features or elements to form a unique inventive concept as defined by the claims. Any feature or element of any embodiment may also be combined with features or elements from other inventive aspects to form yet another unique inventive aspect, as defined by the claims. Thus, it should be understood that any of the features shown and/or discussed in this application may be implemented alone or in any suitable combination. Accordingly, the embodiments are not limited except as by the appended claims and their equivalents. Furthermore, various modifications and changes may be made within the scope of the appended claims.
Further, in describing representative embodiments, the specification may have presented the method and/or process as a particular sequence of steps. However, to the extent that the method or process does not rely on the particular order of steps set forth herein, the method or process should not be limited to the particular sequence of steps described. Other orders of steps are possible as will be understood by those of ordinary skill in the art. Therefore, the particular order of the steps set forth in the specification should not be construed as limitations on the claims. Further, the claims directed to the method and/or process should not be limited to the performance of their steps in the order written, and one skilled in the art can readily appreciate that the sequences may be varied and still remain within the spirit and scope of the embodiments of the present application.
The embodiment of the present application provides a password verification method, which is applied to a solid state hard disk side, as shown in fig. 1, the method may include steps S101 to S104:
s101, after the solid state disk is placed into an upper computer, storing initial verification data of a card opening stage of the solid state disk into the solid state disk, and sending the initial verification data to the upper computer; the initial verification data includes: a password protection public key and a password protection public key signature; so that the upper computer verifies the validity of the password protection public key;
s102, when the verification result of the upper computer is that the password protection public key is legal, generating a random number according to a received instruction of the upper computer, and sending the random number to the upper computer so that the upper computer verifies data according to the random number cipher text password;
s103, receiving the ciphertext password verification data sent by the upper computer, decrypting according to the password verification data and a password protection private key, and acquiring password processing data;
and S104, carrying out reverse security processing on the password processing data to obtain a plaintext password.
In an exemplary embodiment of the present application, the method may further include:
after the solid state disk is electrified for the first time, generating a password protection asymmetric key pair and storing the password protection asymmetric key pair in the solid state disk; the password protected asymmetric key pair comprises: a password-protected public key and a password-protected private key.
In an exemplary embodiment of the present application, the solid state disk needs to be opened when shipped from a factory, and after the solid state disk is powered on for the first time, a pair of password-protected asymmetric key pairs, such as an SM2 key pair, is generated and stored in the solid state disk.
In an exemplary embodiment of the present application, the method may further include:
sending the password protection asymmetric key pair and a first hard disk serial number stored in the solid state disk to a preset card opening tool, so that the card opening tool sends the password protection public key and the first hard disk serial number to a preset server, and signing the password protection public key and the first hard disk serial number by adopting a root private key stored in the server to obtain a password protection public key signature;
receiving initial verification data returned by the card opening tool; the initial verification data includes: password protected public key signatures.
In an exemplary embodiment of the present application, the solid state disk performs a card opening operation when being shipped from a factory, mainly for importing a password protection public key signature. The card opening tool acquires the password protection public key and the solid state disk serial number (namely the first hard disk serial number) from the solid state disk, and sends the password protection public key and the first hard disk serial number to a preset server, so that the server signs the password protection public key and the first hard disk serial number by adopting a root private key (the root private key is generally stored in the server, and the root public key is stored in the card opening tool) and then returns the signature to the card opening tool. The root key pair (which may include a root public key and a root private key) is a key pair for a company or a product. Generally, in signing, a hash operation may be performed on the password protection public key and the serial number (i.e., the first hard disk serial number) to obtain a hash value, and then the hash value is signed.
In an exemplary embodiment of the present application, the card opening tool imports the password protection public key signature into the solid state disk, and then the card opening is finished.
In an exemplary embodiment of the present application, in a use stage of the solid state disk, a program of the upper computer may obtain, from the solid state disk, a password protection public key, a disk serial number (i.e., the first disk serial number described above), and a password protection public key signature. The host computer here may be a host system program or a BIOS (basic input output system) or the like.
In an exemplary embodiment of the present application, a program of the upper computer may perform validity verification on the obtained password protection public key by using a root public key [ generally, the information source may be further ensured by comparing the read hard disk serial number (i.e., the above-mentioned first hard disk serial number) with a hard disk serial number (a second hard disk serial number) attached to the solid state disk. [ MEANS FOR solving PROBLEMS ] is provided. If the password protection public key is failed in validity verification, the solid state disk is an illegal solid state disk or the risk of man-in-the-middle attack exists, and the operation process of the solid state disk can be quitted at the moment. And if the password protection public key passes the verification, the solid state disk is a legal solid state disk and has no man-in-the-middle attack.
In an exemplary embodiment of the present application, after verifying that the solid state disk is a legal solid state disk, the upper computer obtains a random number from the solid state disk, where the random number may be generated after the solid state disk receives an instruction and may be temporarily stored in a RAM (random access memory) of the solid state disk; the host computer can perform security processing on the random number and the plaintext password, for example, the random number is used as a secret key to encrypt the plaintext password; alternatively, the random number and the plaintext password are subjected to exclusive-or the like to obtain password processing data. The upper computer encrypts the obtained password processing data by using a password protection public key to obtain encrypted password verification data (recorded as ciphertext password verification data); and the upper computer sends the ciphertext password verification data to the solid state disk.
In an exemplary embodiment of the application, after receiving the ciphertext password verification data, the solid state disk decrypts the ciphertext password verification data by using a password protection private key, and if decryption fails, exits from the current use process of the solid state disk; if the decryption is successful and the password processing data is obtained, the password processing data is subjected to reverse security processing according to the random number stored in the RAM.
In an exemplary embodiment of the present application, the performing reverse security processing on the password processing data may include:
decrypting the password processing data by using the random number as a key; or,
performing preset logic operation by adopting the random number and the password processing data; the logical operation comprises an exclusive or operation.
In an exemplary embodiment of the present application, a clear text password (or clear text user password) may be obtained by reverse security processing the password processing data.
In an exemplary embodiment of the present application, after acquiring the plaintext password, the method may further include:
checking the strength of the personal identification number PIN of the plaintext password; and the number of the first and second groups,
and comparing the obtained plaintext password with the plaintext password stored in the solid state disk.
In the exemplary embodiment of the present application, the solid state disk may perform security processing such as weak PIN (Personal Identification Number, which is a Personal Identification Number of a SIM (Subscriber Identity Module) card) check on the obtained plaintext password as needed; and the plaintext password comparison operation can be executed on the solid state disk. Generally, the plaintext password is stored in the solid state disk after being subjected to hash operation, so that the plaintext password of the user can be hashed first during comparison, and then compared with the hash value corresponding to the plaintext password stored in the solid state disk. The comparison process can be implemented according to the existing comparison algorithm. The user's plaintext password verification process is thus complete.
The embodiment of the present application further provides a solid state disk 1, as shown in fig. 2, which may include a first processor 11 and a first computer-readable storage medium 12, where the first computer-readable storage medium 12 stores instructions, and when the instructions are executed by the first processor 11, the method for verifying a password applied to a solid state disk side as described in any one of the above items is implemented.
In the exemplary embodiment of the present application, any embodiment of the foregoing password authentication method applied to the solid state disk side is applicable to the solid state disk embodiment, and details are not repeated here.
An embodiment of the present application further provides a password authentication method, which is applied to an upper computer side, as shown in fig. 3, the method may include steps S201 to S206:
s201, acquiring initial verification data stored in a solid state disk at a card opening stage of the solid state disk from the solid state disk; the initial verification data includes: a password protection public key and a password protection public key signature;
s202, verifying the validity of the password protection public key;
s203, when the verification result shows that the password protection public key is legal, acquiring a random number from the solid state disk; the solid state disk is generated according to the received instruction during the random number;
s204, carrying out security processing on the random number and a preset plaintext password to obtain password processing data;
s205, encrypting the password processing data by using the password protection public key to obtain ciphertext password verification data;
s206, the ciphertext password verification data are sent to the solid state disk, so that the solid state disk decrypts the ciphertext password verification data according to a password protection private key to obtain the password processing data, and reverse security processing is performed on the password processing data to obtain the plaintext password.
In an exemplary embodiment of the present application, in a use stage of the solid state disk, a program of the upper computer may obtain a password protection public key, a disk serial number (i.e., the first disk serial number described above), and a password protection public key signature from the solid state disk. The host computer here may be a host system program or a BIOS (basic input output system) or the like.
In an exemplary embodiment of the present application, the program of the upper computer may perform validity verification on the acquired password protection public key by using the root public key. If the password protection public key is failed in validity verification, the solid state disk is an illegal solid state disk or the risk of man-in-the-middle attack exists, and the operation process of the solid state disk can be quitted at the moment. And if the password protection public key passes the verification, the solid state disk is a legal solid state disk and has no man-in-the-middle attack.
In an exemplary embodiment of the present application, the initial verification data may further include: a first hard disk serial number; before acquiring the random number from the solid state disk, the method may further include:
comparing the obtained first hard disk serial number with a second hard disk serial number which is preset on the solid state disk; and judging whether the serial number of the first hard disk is consistent with the serial number of the second hard disk.
In the exemplary embodiment of the present application, generally, when the obtained password protection public key is subjected to validity verification, the information source may be further ensured by comparing the read hard disk serial number (i.e., the first hard disk serial number) with a hard disk serial number (a second hard disk serial number) attached to the solid state disk.
In an exemplary embodiment of the present application, the initial verification data may further include: and when the verification result is that the password protection public key is illegal, exiting the operation process of the solid state disk.
In the exemplary embodiment of the present application, if the password protection public key fails to verify, it indicates that the solid state disk is an illegal solid state disk, or there is a man-in-the-middle attack risk, and at this time, the operation flow may be exited.
In the exemplary embodiment of the present application, if the password protection public key passes the verification, it indicates that the solid state disk is a legal solid state disk, and there is no man-in-the-middle attack. After the solid state disk is verified to be a legal solid state disk, the upper computer acquires a random number from the solid state disk, wherein the random number can be generated after the solid state disk receives an instruction and can be temporarily stored in an RAM (random access memory) of the solid state disk; the host computer can perform security processing on the random number and the plaintext password.
In an exemplary embodiment of the present application, the performing security processing on the random number and a preset plaintext password may include:
encrypting the plaintext password by using the random number as a key; or,
performing preset logic operation by adopting the random number and the plaintext password; the logical operation comprises an exclusive or operation.
In an exemplary embodiment of the present application, the upper computer may obtain password processing data after performing security processing on the random number and the plaintext password. The upper computer encrypts the obtained password processing data by using a password protection public key to obtain encrypted password verification data (recorded as ciphertext password verification data); and the upper computer sends the ciphertext password verification data to the solid state disk.
In an exemplary embodiment of the application, after receiving the ciphertext password verification data, the solid state disk decrypts the ciphertext password verification data by using a password protection private key, and if decryption fails, exits from the current use process of the solid state disk; if the decryption is successful and the password processing data is obtained, the password processing data is subjected to reverse security processing according to the random number stored in the RAM.
In an exemplary embodiment of the present application, the performing reverse security processing on the password processing data may include:
decrypting the password processing data by using the random number as a key; or,
performing preset logic operation by adopting the random number and the password processing data; the logical operation comprises an exclusive or operation.
In an exemplary embodiment of the present application, a clear text password (or clear text user password) may be obtained by reverse security processing the password processing data.
In an exemplary embodiment of the present application, after acquiring the plaintext password, the method may further include:
checking the strength of the personal identification number PIN of the plaintext password; and the number of the first and second groups,
and comparing the obtained plaintext password with the plaintext password stored in the solid state disk.
In the exemplary embodiment of the application, the solid state disk can perform security processing such as weak PIN check on the obtained plaintext password as required; and the plaintext password comparison operation can be executed on the solid state disk. Generally, the plaintext password is stored in the solid state disk after being subjected to hash operation, so that the plaintext password of the user can be hashed first during comparison, and then compared with the hash value corresponding to the plaintext password stored in the solid state disk. The comparison process can be implemented according to the existing comparison algorithm. The user's plaintext password verification process is thus complete.
The embodiment of the present application further provides an upper computer 2, as shown in fig. 4, which may include a second processor 21 and a second computer-readable storage medium 22, where the second computer-readable storage medium 22 stores instructions, and when the instructions are executed by the second processor 21, the method for verifying a password applied to the upper computer side as described in any one of the above items is implemented.
In the exemplary embodiment of the present application, any embodiment of the foregoing password authentication method applied to the upper computer side is applicable to the upper computer embodiment, and details are not repeated here.
In an exemplary embodiment of the present application, detailed flows of the card opening stage and the trial stage of the solid state disk are respectively given below.
The card opening stage comprises the steps of 1-1-1-4:
1-1, after the solid state disk is powered on for the first time, generating a pair of password protection asymmetric key pairs, such as an SM2 key pair, and storing the pair in the solid state disk;
1-2, a card opening tool acquires a password protection public key and a solid state disk serial number (a first disk serial number) from the solid state disk, and signs the protection public key and the serial number by using a root private key;
1-3, importing a protection public key signature into the solid state disk by a card opening tool;
1-4, ending the card opening stage.
The use stage comprises steps 2-1-2-11:
2-1, the upper computer program acquires a password protection public key, a hard disk serial number (a first hard disk serial number) and a password protection public key signature from the solid state disk;
2-2, the upper computer program uses the root public key to carry out validity verification on the password protection public key; the read hard disk serial number (first hard disk serial number) can be compared with a hard disk serial number (second hard disk serial number) pasted on the hard disk, so that the information source is further ensured.
2-3, the password protection public key fails to verify, and the operation flow is quitted;
2-4, the password protection public key passes verification, the upper computer acquires a random number from the solid state disk, and the random number is generated after the solid state disk receives an instruction and is temporarily stored in the RAM of the solid state disk;
2-5, the upper computer carries out security processing on the random number and the plaintext password, for example, the random number is used as a secret key to encrypt the password; or, carrying out XOR operation and the like by using the random number and a plaintext password to obtain password processing data;
2-6, encrypting the password processing data by the upper computer by using a password protection public key to obtain encrypted password verification data, and recording the encrypted password verification data as ciphertext password verification data;
2-7, the upper computer sends the ciphertext password verification data to the solid state disk;
2-8, after the solid state disk receives the password, decrypting the ciphertext password verification data by using a password protection private key;
2-9, if the decryption fails, quitting the use flow; if the decryption is successful, password processing data is obtained, and the password processing data is reversely processed according to the random number stored in the RAM, for example, the random number is used as a secret key to decrypt the password processing data; or, carrying out XOR operation on the random number and the password processing data to obtain a plaintext password;
2-10, the solid state disk can perform security processing such as weak PIN inspection on the password according to the requirement; and/or after the plaintext password is obtained, the solid state disk executes password comparison operation;
2-11, the user password authentication process ends.
In the exemplary embodiments of the present application, the embodiments of the present application include at least the following advantages:
1. the password verification process adopts asymmetric key encryption, so that the security strength is improved;
2. the method comprises the following steps of carrying out validity verification on a public key of the solid state disk to prevent man-in-the-middle attack;
3. random numbers are added in the verification process to prevent replay attack;
4. the user plaintext and the random number are processed by a digital envelope scheme, the solid state disk can acquire a user plaintext password and can perform security check such as weak PIN check on the password;
5. by means of asymmetric key encryption, random number participation, public key validity verification and the like, the security of the user password verification process is reinforced, security risks such as replay attack of attackers, man-in-the-middle attack and the like are effectively prevented, and the security of user data is further protected.
It will be understood by those of ordinary skill in the art that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
Claims (10)
1. A password authentication method, applied to a solid state disk side, the method comprising:
after the solid state disk is placed into an upper computer, storing initial verification data of the solid state disk, which are stored in a card opening stage of the solid state disk, into the solid state disk, and sending the initial verification data to the upper computer; the initial verification data includes: a password protection public key and a password protection public key signature; so that the upper computer verifies the validity of the password protection public key;
when the verification result of the upper computer indicates that the password protection public key is legal, generating a random number according to a received instruction of the upper computer, and sending the random number to the upper computer so that the upper computer verifies data according to the random number ciphertext password;
receiving the ciphertext password verification data sent by the upper computer, decrypting according to the password verification data and a password protection private key, and acquiring password processing data;
and carrying out reverse security processing on the password processing data to obtain a plaintext password.
2. The password authentication method of claim 1, wherein said reverse security processing of said password processing data comprises:
decrypting the password processing data by using the random number as a key; or,
performing preset logic operation by adopting the random number and the password processing data; the logical operation comprises an exclusive or operation.
3. The password authentication method according to claim 1 or 2, wherein the method further comprises:
after the solid state disk is electrified for the first time, generating a password protection asymmetric key pair and storing the password protection asymmetric key pair in the solid state disk; the password protected asymmetric key pair comprises: a password-protected public key and a password-protected private key.
4. The password authentication method of claim 3, further comprising:
sending the password protection asymmetric key pair and a first hard disk serial number stored in the solid state disk to a preset card opening tool, so that the card opening tool sends the password protection public key and the first hard disk serial number to a preset server, and signing the password protection public key and the first hard disk serial number by adopting a root private key stored in the server to obtain a password protection public key signature;
receiving initial verification data returned by the card opening tool; the initial verification data includes: the password protects the public key signature.
5. A solid state disk comprising a first processor and a first computer readable storage medium having stored therein instructions that, when executed by the first processor, implement the password authentication method of any of claims 1-4.
6. A password authentication method is applied to the upper computer side, and the method comprises the following steps:
acquiring initial verification data stored in a solid state disk at a card opening stage of the solid state disk from the solid state disk; the initial verification data includes: a password protection public key and a password protection public key signature;
verifying the validity of the password protection public key;
when the verification result shows that the password protection public key is legal, acquiring a random number from the solid state disk; the solid state disk is generated according to the received instruction during the random number;
carrying out security processing on the random number and a preset plaintext password to obtain password processing data;
encrypting the password processing data by adopting the password protection public key to obtain ciphertext password verification data;
and sending the ciphertext password verification data to the solid state disk so that the solid state disk decrypts the ciphertext password verification data according to a password protection private key to obtain the password processing data, and performing reverse security processing on the password processing data to obtain the plaintext password.
7. The password authentication method of claim 6, wherein the initial authentication data further comprises: a first hard disk serial number; before acquiring the random number from the solid state disk, the method further includes:
comparing the obtained first hard disk serial number with a second hard disk serial number which is preset on the solid state disk; and judging whether the serial number of the first hard disk is consistent with the serial number of the second hard disk.
8. The password authentication method according to claim 6 or 7, wherein the initial authentication data further comprises: and when the verification result is that the password protection public key is illegal, exiting the operation process of the solid state disk.
9. The password authentication method according to claim 6 or 7, wherein the security processing of the random number and the predetermined plaintext password comprises:
encrypting the plaintext password by using the random number as a key; or,
performing preset logic operation by adopting the random number and the plaintext password; the logical operation comprises an exclusive or operation.
10. A host computer comprising a second processor and a second computer-readable storage medium having instructions stored therein which, when executed by the second processor, implement the password authentication method of any of claims 6-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111543549.1A CN114297673A (en) | 2021-12-16 | 2021-12-16 | Password verification method, solid state disk and upper computer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111543549.1A CN114297673A (en) | 2021-12-16 | 2021-12-16 | Password verification method, solid state disk and upper computer |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114297673A true CN114297673A (en) | 2022-04-08 |
Family
ID=80968091
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111543549.1A Pending CN114297673A (en) | 2021-12-16 | 2021-12-16 | Password verification method, solid state disk and upper computer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114297673A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115544578A (en) * | 2022-11-24 | 2022-12-30 | 苏州浪潮智能科技有限公司 | Solid state disk reading and writing method and device, electronic equipment and readable storage medium |
-
2021
- 2021-12-16 CN CN202111543549.1A patent/CN114297673A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115544578A (en) * | 2022-11-24 | 2022-12-30 | 苏州浪潮智能科技有限公司 | Solid state disk reading and writing method and device, electronic equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110519260B (en) | Information processing method and information processing device | |
| CN109067524B (en) | Public and private key pair generation method and system | |
| US9537657B1 (en) | Multipart authenticated encryption | |
| CN100468438C (en) | Encryption and decryption method for realizing hardware and software binding | |
| EP2204008B1 (en) | Credential provisioning | |
| US9043610B2 (en) | Systems and methods for data security | |
| CN105144626B (en) | The method and apparatus of safety is provided | |
| US8995653B2 (en) | Generating a secret key from an asymmetric private key | |
| CN110490008B (en) | Security device and security chip | |
| CN111917535B (en) | Data encryption storage method and device and server | |
| CN112953707A (en) | Key encryption method, decryption method, data encryption method and decryption method | |
| CN103246842A (en) | Methods and devices for authentication and data encryption | |
| CN110868291B (en) | Data encryption transmission method, device, system and storage medium | |
| CN103684766A (en) | Private key protection method and system for terminal user | |
| US20180204004A1 (en) | Authentication method and apparatus for reinforced software | |
| US9215070B2 (en) | Method for the cryptographic protection of an application | |
| CN103546289A (en) | USB (universal serial bus) Key based secure data transmission method and system | |
| CN103269271A (en) | Method and system for back-upping private key in electronic signature token | |
| CN103544453A (en) | USB (universal serial bus) KEY based virtual desktop file protection method and device | |
| CN110233729A (en) | A kind of encryption solid-state disk key management method based on PUF | |
| CN106792669A (en) | Information of mobile terminal encryption method and device based on Hybrid Encryption algorithm | |
| CN114297673A (en) | Password verification method, solid state disk and upper computer | |
| CN105873043B (en) | Method and system for generating and applying network private key for mobile terminal | |
| CN114189862A (en) | Wireless terminal and interface access authentication method of wireless terminal in Uboot mode | |
| CN103281188A (en) | Method and system for backing up private key in electronic signature token |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |