CN114942729A - Data safety storage and reading method for computer system - Google Patents
Data safety storage and reading method for computer system Download PDFInfo
- Publication number
- CN114942729A CN114942729A CN202210701883.3A CN202210701883A CN114942729A CN 114942729 A CN114942729 A CN 114942729A CN 202210701883 A CN202210701883 A CN 202210701883A CN 114942729 A CN114942729 A CN 114942729A
- Authority
- CN
- China
- Prior art keywords
- data
- instruction
- computer system
- storage
- storage partition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/0644—Management of space entities, e.g. partitions, extents, pools
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention relates to a data security storage and reading method of a computer system, which comprises the following steps: constructing a safe storage space for storing data, wherein the safe storage space comprises two protection partitions which are a high-speed storage partition and an online storage partition respectively, and each storage partition is operated by a Unified Extensible Firmware Interface (UEFI); establishing a data copying and returning mechanism, and implanting the data copying and returning mechanism into a high-speed storage partition and an online storage partition; configuring access authority of a safe storage space, and encrypting an instruction which is sent by a sending end and is related to the access authority; carrying out authentication and decryption processing on the received instruction; and hierarchically storing or reading the data according to the authenticated and decrypted instruction. The invention further improves the safety of data storage and reading of the computer system, and hardware equipment is not required to be additionally arranged independently for the computer system, thereby reducing the overall cost of the computer system to a certain extent.
Description
Technical Field
The invention relates to the technical field of computer data processing, in particular to a data security storage and reading method of a computer system.
Background
At present, a computer not only becomes one of important tools for daily life and work of people, but also is widely applied to national important departments such as civil aviation, railway, electric power, banks, military command control and the like, and if some important data in the system is damaged or some sensitive information is leaked, the consequences are unreasonable. At present, with the continuous development of computer technology, the following information security problem has attracted more and more attention and attention. Computers are used as information carriers, and have various information security problems, such as hacking, virus invasion, denial of service and the like, and potential security hazards caused by management of storage devices for high-confidential information. Among these computer security issues, the security of computer stored data is of paramount importance, and the major threats it faces include computer viruses, illegal access, wire tapping, data copying, hardware damage, and the like. For the security of computer storage data, people often avoid the loss of the storage data by means of redundant backup data, but this increases the cost of the computer system to a certain extent, and for the reading of the data, the storage space of the data important for users often has no authority, which results in that this part of the data is easily stolen, or even if the authority is set for the storage space, the access instruction is still counterfeited, which results in that the data is illegally accessed and read.
Disclosure of Invention
Therefore, it is necessary to provide a method for securely storing and reading data of a computer system, aiming at the problem of security of the stored data of the computer system at present.
In order to solve the problems, the invention adopts the following technical scheme:
a data security storage and reading method of a computer system comprises the following steps:
the method comprises the following steps: constructing a safe storage space for storing data, wherein the safe storage space comprises two protection partitions which are a high-speed storage partition and an online storage partition respectively, and each storage partition is operated by a Unified Extensible Firmware Interface (UEFI);
step two: establishing a data copy back-transmission mechanism, and implanting the data copy back-transmission mechanism into the high-speed storage partition and the online storage partition;
step three: configuring the access authority of the safe storage space, and encrypting an instruction which is sent by a sending end and is related to the access authority;
step four: carrying out authentication and decryption processing on the received instruction;
step five: and hierarchically storing or reading the data according to the authenticated and decrypted instruction.
Compared with the prior art, the invention has the following beneficial effects:
the data security storage and reading method of the computer system further improves the security of the data storage and reading of the computer system by the data copying and returning mechanism and the process processing of configuring the access authority, authenticating, decrypting and encrypting the related instructions on the basis of establishing the security storage space, does not need the independent additional arrangement of hardware equipment for the computer system, reduces the overall cost of the computer system to a certain extent, and is suitable for the computer system under various application scenes.
Drawings
FIG. 1 is a flow chart illustrating a method for securely storing and reading data in a computer system according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of configuring access rights of a secure storage space.
Detailed Description
The technical solution of the present invention will be described in detail with reference to the accompanying drawings and preferred embodiments.
In one embodiment, as shown in fig. 1, the present invention provides a method for securely storing and reading data of a computer system, the method comprising the steps of:
step one (S100): and constructing a safe storage space for storing data, wherein the safe storage space comprises two protection partitions, namely a high-speed storage partition and an online storage partition, and the high-speed storage partition and the online storage partition are operated by a unified extensible firmware interface UEFI. The high-speed storage partition is used for mounting the high-speed computing nodes to realize data storage; the online storage partition is used for mounting a user login node and a data operation management node.
Step two (S200): and establishing a data copy back mechanism, and implanting the data copy back mechanism into the high-speed storage partition and the online storage partition.
Further, the data copy returning mechanism in step S200 includes the following processes:
when copying the data stored in the high-speed storage partition, the data is automatically copied from the high-speed storage partition to the online storage partition, and the information of the copied data is recorded and then is transmitted back to the computer system.
Step three (S300): and configuring the access authority of the secure storage space, and encrypting the instruction which is sent by the sending end and is related to the access authority. Wherein the instruction related to the access authority comprises an access instruction, a call instruction and a close instruction,
the process of configuring the access right of the secure storage space in this step specifically includes the following steps:
step three one (S310): receiving an instruction related to the access right sent by a sending end, and acquiring a user identifier corresponding to the sending end and a device identifier corresponding to the terminal device from the received instruction;
step three (S320): sequentially and respectively authenticating the equipment identification and the user identification, and inquiring and determining corresponding data blocks of each level in the high-speed storage partition according to the received instruction after the two authentications are passed;
step three (S330): and calculating a storage path according to each level data block, and feeding back the storage path to the sending end.
Further, the process of calculating the storage path according to each hierarchical data block in step three includes the following steps:
calculating the hash value of each level data block according to the user identification and the level constant of each level data block;
performing residue operation on the hash values of the data blocks of each level obtained by calculation to obtain a residue;
and combining the remainders of the data blocks of each level to generate a storage path corresponding to the user identification.
By configuring the access authority of the storage space, the reliability, stability and safety of process authority authentication can be improved, and processes are effectively prevented from being illegally replaced and tampered, and data resources are illegally accessed.
When the instruction related to the access right sent by the sending end is encrypted in step S300, the instruction is encrypted and decrypted by using the asymmetric key, and the asymmetric key is stored in the trusted platform module TPM of the computer system.
Further, the process of encryption includes the steps of:
encrypting the instruction for n-1 times to obtain an n-1-time ciphertext of the instruction;
and encrypting the ciphertext of the instruction for n-1 times again by using the public key of the asymmetric key to obtain the ciphertext for n times.
Step four (S400): and carrying out authentication and decryption processing on the received instruction.
In correspondence with the encryption process, the process of performing decryption processing on the received instruction in step S400 includes:
decrypting the n-time ciphertext by using a private key of the asymmetric key to obtain a corresponding n-1-time ciphertext;
and decrypting the n-1-time ciphertext to obtain a corresponding instruction.
After step S300 and before step S400, the method further includes the following steps:
the integrity and the credibility of the received instruction related to the access authority are checked, and if the instruction is judged to be incomplete or not credible, the safe storage space is kept in an unopened state; otherwise, executing step four. The integrity and the credibility of the instruction are checked, so that the safety of data storage and reading is further improved.
Step five (S500): and hierarchically storing or reading the data according to the authenticated and decrypted instruction.
The method for safely storing and reading data of the computer system further improves the safety of data storage and reading of the computer system by the data copying and returning mechanism and the process processing of configuring access authority, authenticating, decrypting and encrypting related instructions on the basis of establishing a safe storage space, does not need the computer system to be additionally provided with hardware equipment, reduces the overall cost of the computer system to a certain extent, improves the safety of data storage and reading of the computer system, and is suitable for the computer system in various application scenes.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A data security storage and reading method of a computer system is characterized by comprising the following steps:
the method comprises the following steps: constructing a safe storage space for storing data, wherein the safe storage space comprises two protection partitions which are a high-speed storage partition and an online storage partition respectively, and each storage partition is operated by a Unified Extensible Firmware Interface (UEFI);
step two: establishing a data copy back-transmission mechanism, and implanting the data copy back-transmission mechanism into the high-speed storage partition and the online storage partition;
step three: configuring the access authority of the safe storage space, and encrypting an instruction which is sent by a sending end and is related to the access authority;
step four: carrying out authentication and decryption processing on the received instruction;
step five: and hierarchically storing or reading the data according to the authenticated and decrypted instruction.
2. The method according to claim 1, wherein the data copy returning mechanism comprises the following processes:
when copying the data stored in the high-speed storage partition, the data is automatically copied from the high-speed storage partition to the online storage partition, and the information of the copied data is recorded and then transmitted back to the computer system.
3. The method for securely storing and reading data of a computer system according to claim 1 or 2, wherein the process of configuring the access right of the secure storage space comprises the following steps:
receiving an instruction related to the access right sent by a sending end, and acquiring a user identifier corresponding to the sending end and a device identifier corresponding to the terminal device from the received instruction;
sequentially and respectively authenticating the equipment identification and the user identification, and inquiring and determining corresponding data blocks of each layer in the high-speed storage partition according to the received instruction after the two authentications are passed;
and calculating a storage path according to each level data block, and feeding back the storage path to a sending end.
4. The method for securely storing and reading data of a computer system according to claim 3, wherein the step of calculating the storage path according to each hierarchical data block comprises the steps of:
calculating the hash value of each level data block according to the user identification and the level constant of each level data block;
performing remainder operation on the hash values of the data blocks of each level obtained by calculation to obtain a remainder;
and combining the remainders of the data blocks of each level to generate a storage path corresponding to the user identification.
5. The method for securely storing and reading data of a computer system according to claim 1 or 2, further comprising the following steps after the third step and before the fourth step:
checking the integrity and the credibility of the received instruction related to the access authority, and if the instruction is judged to be incomplete or not credible, keeping the security storage space in an unopened state; otherwise, executing step four.
6. The method for securely storing and reading data of a computer system according to claim 1 or 2, wherein the instruction is encrypted and decrypted by using an asymmetric key, and the asymmetric key is stored inside a Trusted Platform Module (TPM) of the computer system.
7. The method for securely storing and reading data of a computer system according to claim 6, wherein the process of encrypting the instruction related to the access right transmitted from the transmitting end comprises the steps of:
encrypting the instruction for n-1 times to obtain an n-1-time ciphertext of the instruction;
and encrypting the ciphertext of the instruction for n-1 times again by using the public key of the asymmetric key to obtain the ciphertext for n times.
8. The method as claimed in claim 6, wherein the step of decrypting the received command comprises:
decrypting the n-time ciphertext by using a private key of the asymmetric key to obtain a corresponding n-1-time ciphertext;
and decrypting the n-1-time ciphertext to obtain a corresponding instruction.
9. The method for securely storing and reading data of a computer system according to claim 1 or 2, wherein the instructions related to the access rights comprise an access instruction, a call instruction and a close instruction.
10. The method for safely storing and reading the data of the computer system as claimed in claim 1 or 2, wherein the high-speed storage partition mounts the high-speed computing node, and the online storage partition mounts the user login node and the data operation management node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210701883.3A CN114942729A (en) | 2022-06-21 | 2022-06-21 | Data safety storage and reading method for computer system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210701883.3A CN114942729A (en) | 2022-06-21 | 2022-06-21 | Data safety storage and reading method for computer system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114942729A true CN114942729A (en) | 2022-08-26 |
Family
ID=82910990
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210701883.3A Pending CN114942729A (en) | 2022-06-21 | 2022-06-21 | Data safety storage and reading method for computer system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114942729A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116702216A (en) * | 2023-08-07 | 2023-09-05 | 菏泽市自然资源和规划局 | Multi-level access control method and device for real estate data |
| CN117094041A (en) * | 2023-10-19 | 2023-11-21 | 湖北华中电力科技开发有限责任公司 | Automatic storage method and system for digital power grid data |
-
2022
- 2022-06-21 CN CN202210701883.3A patent/CN114942729A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116702216A (en) * | 2023-08-07 | 2023-09-05 | 菏泽市自然资源和规划局 | Multi-level access control method and device for real estate data |
| CN116702216B (en) * | 2023-08-07 | 2023-11-03 | 菏泽市自然资源和规划局 | Multi-level access control method and device for real estate data |
| CN117094041A (en) * | 2023-10-19 | 2023-11-21 | 湖北华中电力科技开发有限责任公司 | Automatic storage method and system for digital power grid data |
| CN117094041B (en) * | 2023-10-19 | 2024-01-02 | 湖北华中电力科技开发有限责任公司 | Automatic storage method and system for digital power grid data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| FI115257B (en) | Method for Processing Information in an Electronic Device, System, Electronic Device, and Processor Block | |
| JP6370722B2 (en) | Inclusive verification of platform to data center | |
| KR100737628B1 (en) | Attestation using both fixed token and portable token | |
| Dwoskin et al. | Hardware-rooted trust for secure key management and transient trust | |
| CN109361668A (en) | A kind of data trusted transmission method | |
| US20130124861A1 (en) | Shielding a sensitive file | |
| CN104618096B (en) | Protect method, equipment and the TPM key administrative center of key authorization data | |
| WO2021164166A1 (en) | Service data protection method, apparatus and device, and readable storage medium | |
| CN110489996B (en) | Database data security management method and system | |
| CN114942729A (en) | Data safety storage and reading method for computer system | |
| KR20150045790A (en) | Method and Apparatus for authenticating and managing an application using trusted platform module | |
| US10635826B2 (en) | System and method for securing data in a storage medium | |
| WO2022052665A1 (en) | Wireless terminal and interface access authentication method for wireless terminal in uboot mode | |
| CN109474431B (en) | Client authentication method and computer readable storage medium | |
| Jabbar et al. | Design and Implementation of Hybrid EC-RSA Security Algorithm Based on TPA for Cloud Storage | |
| US9135449B2 (en) | Apparatus and method for managing USIM data using mobile trusted module | |
| CN111343421B (en) | Video sharing method and system based on white-box encryption | |
| CN114553557A (en) | Key calling method, key calling device, computer equipment and storage medium | |
| US20210111870A1 (en) | Authorizing and validating removable storage for use with critical infrastrcture computing systems | |
| CN110378133B (en) | File protection method and device, electronic equipment and storage medium | |
| KR100952300B1 (en) | Terminal and Memory for secure data management of storage, and Method the same | |
| CN116992494B (en) | Security protection method, equipment and medium for scenic spot data circulation | |
| CN111831978A (en) | Method and device for protecting configuration file | |
| CN113536291B (en) | Data security classification white-box password generation and management method, device and equipment | |
| TWI790745B (en) | Data backup carrier and backup system having the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |