CN115426109A - Encryption mobile storage system with access control function - Google Patents

Encryption mobile storage system with access control function Download PDF

Info

Publication number
CN115426109A
CN115426109A CN202211073537.1A CN202211073537A CN115426109A CN 115426109 A CN115426109 A CN 115426109A CN 202211073537 A CN202211073537 A CN 202211073537A CN 115426109 A CN115426109 A CN 115426109A
Authority
CN
China
Prior art keywords
data
module
storage device
mobile storage
mobile terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211073537.1A
Other languages
Chinese (zh)
Inventor
王龙
周涛
章鹏飞
黄峰
熊君
吴小鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Aurora Intelligent Technology Co ltd
Original Assignee
Anhui Aurora Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Aurora Intelligent Technology Co ltd filed Critical Anhui Aurora Intelligent Technology Co ltd
Priority to CN202211073537.1A priority Critical patent/CN115426109A/en
Publication of CN115426109A publication Critical patent/CN115426109A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明公开了一种具备访问控制的加密移动存储系统,涉及移动存储数据加密技术领域,设置分发注册模块与密钥分发模块通过移动终端在量子专网平台注册账号并获得分发的量子密钥;通过匹配密码设置模块在用户首次连接移动存储设备时,设置验证密码并生成公私钥;设置身份验证模块在用户存储以及读取数据前,对用户的身份进行验证;设置数据加密模块在用户进行数据存储时,预先通过身份验证并使用量子密钥对数据进行加密;设置数据读取解密模块在用户进行数据读取时,预先通过身份验证并使用量子密钥对数据进行解密;解决了移动存储设备的数据安全问题。

Figure 202211073537

The invention discloses an encrypted mobile storage system with access control, and relates to the technical field of mobile storage data encryption. A distribution registration module and a key distribution module are set to register an account on a quantum private network platform through a mobile terminal and obtain a distributed quantum key; By matching the password setting module, when the user connects to the mobile storage device for the first time, set the verification password and generate a public and private key; set the identity verification module to verify the user's identity before the user stores and reads the data; set the data encryption module before the user's data When storing, pre-authenticate and use the quantum key to encrypt the data; set the data reading and decryption module to pre-authenticate and use the quantum key to decrypt the data when the user reads data; solve the problem of mobile storage devices data security issues.

Figure 202211073537

Description

一种具备访问控制的加密移动存储系统An encrypted mobile storage system with access control

技术领域technical field

本发明属于移动存储领域,涉及加密存储技术,具体是一种具备访问控制的加密移动存储系统。The invention belongs to the field of mobile storage, relates to encrypted storage technology, and in particular relates to an encrypted mobile storage system with access control.

背景技术Background technique

信息时代数据是海量的,众多数据涉及到个人隐私、数据安全已经影响我们日常生活各个方面,面对个人隐私、工作、生活数据都需要有安全有效的保护;In the information age, there are massive amounts of data. Many data involve personal privacy, and data security has affected all aspects of our daily life. Personal privacy, work, and life data all need safe and effective protection;

尤其是目前大量的数据被保存在个人移动存储设备中,需要对移动存储设备中的数据进行加密;而目前的大多数加密算法的密钥容易被量子计算机破解;或者对存储数据采用暴力破解的方法进行解密;Especially at present, a large amount of data is stored in personal mobile storage devices, and the data in mobile storage devices needs to be encrypted; the keys of most current encryption algorithms are easily cracked by quantum computers; method to decrypt;

因此,需要一个带有访问控制且密钥无法被破解的移动存储系统;Therefore, a mobile storage system with access control and keys that cannot be cracked is required;

为此,提出一种具备访问控制的加密移动存储系统。Therefore, an encrypted mobile storage system with access control is proposed.

发明内容Contents of the invention

本发明旨在至少解决现有技术中存在的技术问题之一。为此,本发明提出一种具备访问控制的加密移动存储系统,该一种具备访问控制的加密移动存储系统设置分发注册模块与密钥分发模块通过移动终端在量子专网平台注册账号并获得分发的量子密钥;通过匹配密码设置模块在用户首次连接移动存储设备时,设置验证密码并生成公私钥;设置身份验证模块在用户存储以及读取数据前,对用户的身份进行验证;设置数据加密模块在用户进行数据存储时,预先通过身份验证并使用量子密钥对数据进行加密;设置数据读取解密模块在用户进行数据读取时,预先通过身份验证并使用量子密钥对数据进行解密;解决了移动存储设备的数据安全问题。The present invention aims to solve at least one of the technical problems existing in the prior art. For this reason, the present invention proposes an encrypted mobile storage system with access control. The encrypted mobile storage system with access control sets a distribution registration module and a key distribution module to register an account on the quantum private network platform through a mobile terminal and obtain distribution Quantum key; by matching the password setting module, when the user connects to the mobile storage device for the first time, set the verification password and generate a public and private key; set the identity verification module to verify the user's identity before the user stores and reads data; set data encryption When the user stores data, the module passes the identity verification in advance and uses the quantum key to encrypt the data; the data reading and decryption module is set to pass the identity verification in advance and use the quantum key to decrypt the data when the user reads the data; The data security problem of the mobile storage device is solved.

为实现上述目的,根据本发明的第一方面的实施例提出一种具备访问控制的加密移动存储系统,包括分发注册模块、密钥分发模块、匹配密码设置模块、身份验证模块、数据加密模块、以及数据读取解密模块;其中,各个模块之间通过电气和/或无线网络方式连接;In order to achieve the above object, according to the embodiment of the first aspect of the present invention, an encrypted mobile storage system with access control is proposed, including a distribution registration module, a key distribution module, a matching password setting module, an identity verification module, a data encryption module, and a data reading and decryption module; wherein, the modules are connected through electrical and/or wireless networks;

其中,所述分发注册模块主要用于预先通过手机APP在密钥分发平台注册密钥分发账号;Wherein, the distribution registration module is mainly used to register the key distribution account on the key distribution platform through the mobile APP in advance;

所述密钥分发平台为量子专网平台;该量子专网平台利用量子特性生成量子密钥;并通过量子专网将量子密钥发送至用户的移动终端;所述分发注册模块通过在移动终端远程注册账号的方式获取量子专网平台的量子密钥分发权限;The key distribution platform is a quantum private network platform; the quantum private network platform uses quantum characteristics to generate a quantum key; and sends the quantum key to the user's mobile terminal through the quantum private network; the distribution registration module passes through the mobile terminal Obtain the quantum key distribution authority of the quantum private network platform by remotely registering an account;

其中,所述密钥分发模块主要用于通过量子专网向用户分发量子密钥;Wherein, the key distribution module is mainly used to distribute quantum keys to users through the quantum private network;

所述密钥分发模块在用户通过移动终端,向量子专网平台发送密钥分发请求后,量子专网平台利用量子的物理特性为用户生成一个量子密钥;所述量子专网平台将量子密钥通过量子专网发送至用户的移动终端;移动终端将接收到的量子密钥发送至身份验证模块;After the key distribution module sends a key distribution request to the quantum private network platform through the mobile terminal, the quantum private network platform generates a quantum key for the user by using the physical characteristics of the quantum; The key is sent to the user's mobile terminal through the quantum private network; the mobile terminal sends the received quantum key to the identity verification module;

其中,所述匹配密码设置模块主要用于为用户移动终端与移动存储设备设置一个验证密码;Wherein, the matching password setting module is mainly used to set a verification password for the user's mobile terminal and the mobile storage device;

所述匹配密码设置模块设置验证密码的方式为:所述移动终端与移动存储设备以短距离无线网络方式连接;所述移动终端在首次与移动存储设备无线连接时,用户通过移动终端输入验证密码;并将验证密码通过短距离无线网络方式发送至移动存储终端;进一步的,移动终端生成一组非对称加密算法的公钥与私钥;并通过短距离无线网络方式将公钥发送至移动存储设备;移动终端保存私钥;在验证密码以及公私钥设置或生成后,用户可向移动存储设备中存储数据并进行加密;The method for setting the verification password by the matching password setting module is: the mobile terminal is connected to the mobile storage device in a short-distance wireless network; when the mobile terminal is wirelessly connected to the mobile storage device for the first time, the user enters the verification password through the mobile terminal ; and the verification password is sent to the mobile storage terminal through a short-distance wireless network; further, the mobile terminal generates a public key and a private key of a set of asymmetric encryption algorithms; and the public key is sent to the mobile storage terminal through a short-distance wireless network device; the mobile terminal saves the private key; after the verification password and the public-private key are set or generated, the user can store and encrypt data in the mobile storage device;

其中,所述身份验证模块主要用于用户在进行数据存储以及数据读取前,对用户身份进行验证;Wherein, the identity verification module is mainly used for the user to verify the identity of the user before data storage and data reading;

为了保证移动存储设备中的内容的保密性与安全性;无论是用户输入数据或读取数据,均需要预先进行身份验证;保证移动终端与移动存储设备的匹配;In order to ensure the confidentiality and security of the content in the mobile storage device; whether the user inputs data or reads the data, identity verification is required in advance; to ensure the matching between the mobile terminal and the mobile storage device;

所述身份验证模块进行身份验证的方式包括以下步骤:The manner in which the identity verification module performs identity verification includes the following steps:

步骤S1:移动终端将验证密码通过哈希算法获得验证密码的哈希值;Step S1: The mobile terminal obtains the hash value of the verification password through a hash algorithm through the verification password;

步骤S2:移动终端使用私钥对验证密码的哈希值进行加密;Step S2: the mobile terminal uses the private key to encrypt the hash value of the verification password;

步骤S3:移动终端将加密后的哈希值发送至移动存储设备;Step S3: the mobile terminal sends the encrypted hash value to the mobile storage device;

步骤S4:移动存储设备使用相同的哈希算法计算出验证密码的哈希值;将该哈希值标记为H1;Step S4: the mobile storage device uses the same hash algorithm to calculate the hash value of the verification password; mark the hash value as H1;

步骤S5:移动存储设备使用公钥对移动终端发送的加密的哈希值进行解密;将解密后的哈希值标记为H2;Step S5: the mobile storage device uses the public key to decrypt the encrypted hash value sent by the mobile terminal; mark the decrypted hash value as H2;

步骤S6:移动存储设备对比哈希值H1以及哈希值H2;若哈希值H1与哈希值H2相同,则身份验证成功;否则,身份验证失败;Step S6: The mobile storage device compares the hash value H1 and the hash value H2; if the hash value H1 is the same as the hash value H2, the identity verification is successful; otherwise, the identity verification fails;

其中,所述数据加密模块主要用于对用户传输进移动存储设备的数据进行加密;Wherein, the data encryption module is mainly used to encrypt the data transmitted by the user into the mobile storage device;

移动存储设备通过电气方式与其他数据存储设备连接,且数据存储设备向移动存储设备传输数据前,预先通过身份验证模块完成对用户身份的验证;在验证通过后,数据存储设备通过电气方式向移动存储设备传输数据,移动存储设备接收到数据后,使用量子密码对移动存储设备内的数据进行加密;可以理解的是,加密后的数据可通过数据读取解密模块进行读取并解密;The mobile storage device is electrically connected to other data storage devices, and before the data storage device transmits data to the mobile storage device, the user identity verification is completed through the identity verification module in advance; after the verification is passed, the data storage device is electrically connected to the mobile storage device. The storage device transmits data, and after receiving the data, the mobile storage device encrypts the data in the mobile storage device using quantum cryptography; it can be understood that the encrypted data can be read and decrypted by the data reading and decryption module;

其中,所述数据读取解密模块主要用于对移动存储设备内的数据进行解密并传输;Wherein, the data reading and decryption module is mainly used to decrypt and transmit the data in the mobile storage device;

所述数据读取解密模块对移动存储设备内数据进行读取解密包括以下步骤:The data reading and decryption module reads and decrypts the data in the mobile storage device, including the following steps:

步骤P1:所述移动存储设备通过电气方式连接数据读取设备后,将移动终端与数据读取设备以短距离无线方式连接,移动终端通过身份验证模块完成对移动存储设备的身份认证;Step P1: After the mobile storage device is electrically connected to the data reading device, the mobile terminal is connected to the data reading device in a short-distance wireless manner, and the mobile terminal completes the identity authentication of the mobile storage device through the identity verification module;

步骤P2:移动终端获取数据读取设备的物理地址;并将数据读取设备的物理地址发送至移动存储设备;Step P2: the mobile terminal obtains the physical address of the data reading device; and sends the physical address of the data reading device to the mobile storage device;

步骤P3:移动存储设备读取数据读取设备的物理地址;并将读取的物理地址与移动终端发送的物理地址进行对比;若两个物理地址相同,则转至步骤P4;否则,发送设备有误信息至移动终端;Step P3: The mobile storage device reads the physical address of the data reading device; and compares the read physical address with the physical address sent by the mobile terminal; if the two physical addresses are the same, go to step P4; otherwise, the sending device There is an error message to the mobile terminal;

步骤P4:移动存储设备使用量子密钥对存储的数据进行解密,并通过电气方式传输至数据读取模块。Step P4: The mobile storage device uses the quantum key to decrypt the stored data, and transmits it to the data reading module through electrical means.

与现有技术相比,本发明的有益效果是:Compared with prior art, the beneficial effect of the present invention is:

本发明通过设置分发注册模块与密钥分发模块通过移动终端在量子专网平台注册账号并获得分发的量子密钥;通过匹配密码设置模块在用户首次连接移动存储设备时,设置验证密码并生成公私钥;设置身份验证模块在用户存储以及读取数据前,对用户的身份进行验证;设置数据加密模块在用户进行数据存储时,预先通过身份验证并使用量子密钥对数据进行加密;设置数据读取解密模块在用户进行数据读取时,预先通过身份验证并使用量子密钥对数据进行解密;解决了移动存储设备的数据安全问题。In the present invention, by setting the distribution registration module and the key distribution module, the mobile terminal registers an account on the quantum private network platform and obtains the distributed quantum key; by matching the password setting module, when the user first connects to the mobile storage device, the verification password is set and public and private are generated. key; set the identity verification module to verify the user's identity before the user stores and reads the data; set the data encryption module to pass the identity verification in advance and use the quantum key to encrypt the data when the user stores data; set the data read When the user reads the data, the access and decryption module passes the identity verification in advance and uses the quantum key to decrypt the data; it solves the data security problem of the mobile storage device.

附图说明Description of drawings

图1为本发明的原理图。Fig. 1 is a schematic diagram of the present invention.

具体实施方式detailed description

下面将结合实施例对本发明的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。The technical solutions of the present invention will be clearly and completely described below in conjunction with the embodiments. Apparently, the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

如图1所示,一种具备访问控制的加密移动存储系统,包括分发注册模块、密钥分发模块、匹配密码设置模块、身份验证模块、数据加密模块、以及数据读取解密模块;其中,各个模块之间通过电气和/或无线网络方式连接;As shown in Figure 1, an encrypted mobile storage system with access control includes a distribution registration module, a key distribution module, a matching password setting module, an identity verification module, a data encryption module, and a data reading and decryption module; wherein, each The modules are connected by electrical and/or wireless network;

其中,所述分发注册模块主要用于预先通过手机APP在密钥分发平台注册密钥分发账号;Wherein, the distribution registration module is mainly used to register the key distribution account on the key distribution platform through the mobile APP in advance;

在一个优选的实施例中,所述密钥分发平台为量子专网平台;该量子专网平台利用量子特性生成量子密钥;并通过量子专网将量子密钥发送至用户的移动终端;所述分发注册模块通过在移动终端远程注册账号的方式获取量子专网平台的量子密钥分发权限;用户通过移动终端在注册量子专网账号后,即可通过密钥分发模块获得量子密钥;In a preferred embodiment, the key distribution platform is a quantum private network platform; the quantum private network platform uses quantum characteristics to generate a quantum key; and sends the quantum key to the user's mobile terminal through the quantum private network; The distribution registration module obtains the quantum key distribution authority of the quantum private network platform by remotely registering an account on the mobile terminal; after the user registers the quantum private network account through the mobile terminal, the quantum key can be obtained through the key distribution module;

其中,所述密钥分发模块主要用于通过量子专网向用户分发量子密钥;Wherein, the key distribution module is mainly used to distribute quantum keys to users through the quantum private network;

在一个优选的实施例中,所述密钥分发模块在用户通过移动终端,向量子专网平台发送密钥分发请求后,量子专网平台利用量子的物理特性为用户生成一个量子密钥;所述量子专网平台将量子密钥通过量子专网发送至用户的移动终端;移动终端将接收到的量子密钥发送至身份验证模块;可以理解的是,通过量子专网发送量子密钥的方式,可有效避免密钥被监听或窃取;In a preferred embodiment, after the key distribution module sends a key distribution request to the quantum private network platform through the mobile terminal, the quantum private network platform generates a quantum key for the user by using the physical characteristics of quantum; The quantum private network platform described above sends the quantum key to the user's mobile terminal through the quantum private network; the mobile terminal sends the received quantum key to the identity verification module; it can be understood that the way of sending the quantum key through the quantum private network , which can effectively prevent the key from being monitored or stolen;

其中,所述匹配密码设置模块主要用于为用户移动终端与移动存储设备设置一个验证密码;Wherein, the matching password setting module is mainly used to set a verification password for the user's mobile terminal and the mobile storage device;

可以理解的是,当用户初次使用移动存储设备时,移动存储设备尚未确定所属用户;因此,需要预先为移动终端与移动存储设备确定一个验证密码,用以验证用户身份;It can be understood that when the user uses the mobile storage device for the first time, the mobile storage device has not yet identified the user; therefore, it is necessary to determine a verification password for the mobile terminal and the mobile storage device in advance to verify the user's identity;

在一个优选的实施例中,所述匹配密码设置模块设置验证密码的方式为:所述移动终端与移动存储设备以短距离无线网络方式连接;所述短距离无线网络可以是蓝牙连接方式;所述移动终端在首次与移动存储设备无线连接时,用户通过移动终端输入验证密码;并将验证密码通过短距离无线网络方式发送至移动存储终端;进一步的,移动终端生成一组非对称加密算法的公钥与私钥;并通过短距离无线网络方式将公钥发送至移动存储设备;移动终端保存私钥;所述非对称加密算法可以是RSA算法或椭圆曲线加密算法等;在验证密码以及公私钥设置或生成后,用户可向移动存储设备中存储数据并进行加密;In a preferred embodiment, the method for setting the verification password by the matching password setting module is as follows: the mobile terminal and the mobile storage device are connected in a short-distance wireless network; the short-distance wireless network may be in a Bluetooth connection; When the mobile terminal is wirelessly connected to the mobile storage device for the first time, the user enters the verification password through the mobile terminal; and sends the verification password to the mobile storage terminal through a short-distance wireless network; further, the mobile terminal generates a set of asymmetric encryption algorithms public key and private key; and send the public key to a mobile storage device through a short-distance wireless network; the mobile terminal stores the private key; the asymmetric encryption algorithm can be an RSA algorithm or an elliptic curve encryption algorithm; After the key is set or generated, the user can store and encrypt data in the mobile storage device;

其中,所述身份验证模块主要用于用户在进行数据存储以及数据读取前,对用户身份进行验证;Wherein, the identity verification module is mainly used for the user to verify the identity of the user before data storage and data reading;

可以理解的是,为了保证移动存储设备中的内容的保密性与安全性;无论是用户输入数据或读取数据,均需要预先进行身份验证;保证移动终端与移动存储设备的匹配;It can be understood that, in order to ensure the confidentiality and security of the content in the mobile storage device; no matter whether the user is inputting data or reading data, it is necessary to perform identity verification in advance; to ensure the matching between the mobile terminal and the mobile storage device;

在一个优选的实施例中,所述身份验证模块进行身份验证的方式包括以下步骤:In a preferred embodiment, the manner of performing identity verification by the identity verification module includes the following steps:

步骤S1:移动终端将验证密码通过哈希算法获得验证密码的哈希值;Step S1: The mobile terminal obtains the hash value of the verification password through a hash algorithm through the verification password;

步骤S2:移动终端使用私钥对验证密码的哈希值进行加密;Step S2: the mobile terminal uses the private key to encrypt the hash value of the verification password;

步骤S3:移动终端将加密后的哈希值发送至移动存储设备;Step S3: the mobile terminal sends the encrypted hash value to the mobile storage device;

步骤S4:移动存储设备使用相同的哈希算法计算出验证密码的哈希值;将该哈希值标记为H1;Step S4: the mobile storage device uses the same hash algorithm to calculate the hash value of the verification password; mark the hash value as H1;

步骤S5:移动存储设备使用公钥对移动终端发送的加密的哈希值进行解密;将解密后的哈希值标记为H2;Step S5: the mobile storage device uses the public key to decrypt the encrypted hash value sent by the mobile terminal; mark the decrypted hash value as H2;

步骤S6:移动存储设备对比哈希值H1以及哈希值H2;若哈希值H1与哈希值H2相同,则身份验证成功;否则,身份验证失败;Step S6: The mobile storage device compares the hash value H1 and the hash value H2; if the hash value H1 is the same as the hash value H2, the identity verification is successful; otherwise, the identity verification fails;

其中,所述数据加密模块主要用于对用户传输进移动存储设备的数据进行加密;Wherein, the data encryption module is mainly used to encrypt the data transmitted by the user into the mobile storage device;

在一个优选的实施例中,移动存储设备通过电气方式与其他数据存储设备连接,且数据存储设备向移动存储设备传输数据前,预先通过身份验证模块完成对用户身份的验证;在验证通过后,数据存储设备通过电气方式向移动存储设备传输数据,移动存储设备接收到数据后,使用量子密码对移动存储设备内的数据进行加密;可以理解的是,加密后的数据可通过数据读取解密模块进行读取并解密;In a preferred embodiment, the mobile storage device is electrically connected to other data storage devices, and before the data storage device transmits data to the mobile storage device, the user identity verification is completed through the identity verification module in advance; after the verification is passed, The data storage device transmits data to the mobile storage device through electrical means. After receiving the data, the mobile storage device uses quantum cryptography to encrypt the data in the mobile storage device; it can be understood that the encrypted data can be read through the data decryption module read and decrypt;

其中,所述数据读取解密模块主要用于对移动存储设备内的数据进行解密并传输;Wherein, the data reading and decryption module is mainly used to decrypt and transmit the data in the mobile storage device;

在一个优选的实施例中,所述数据读取解密模块对移动存储设备内数据进行读取解密包括以下步骤:In a preferred embodiment, the data reading and decryption module reads and decrypts the data in the mobile storage device, including the following steps:

步骤P1:所述移动存储设备通过电气方式连接数据读取设备后,将移动终端与数据读取设备以短距离无线方式连接,移动终端通过身份验证模块完成对移动存储设备的身份认证;Step P1: After the mobile storage device is electrically connected to the data reading device, the mobile terminal is connected to the data reading device in a short-distance wireless manner, and the mobile terminal completes the identity authentication of the mobile storage device through the identity verification module;

步骤P2:移动终端获取数据读取设备的物理地址;并将数据读取设备的物理地址发送至移动存储设备;Step P2: the mobile terminal obtains the physical address of the data reading device; and sends the physical address of the data reading device to the mobile storage device;

步骤P3:移动存储设备读取数据读取设备的物理地址;并将读取的物理地址与移动终端发送的物理地址进行对比;若两个物理地址相同,则转至步骤P4;否则,发送设备有误信息至移动终端;Step P3: The mobile storage device reads the physical address of the data reading device; and compares the read physical address with the physical address sent by the mobile terminal; if the two physical addresses are the same, go to step P4; otherwise, the sending device There is an error message to the mobile terminal;

步骤P4:移动存储设备使用量子密钥对存储的数据进行解密,并通过电气方式传输至数据读取模块;Step P4: The mobile storage device uses the quantum key to decrypt the stored data, and electrically transmits it to the data reading module;

可以理解的是,通过移动终端以及移动存储设备对数据读取设备的双重验证,保证了数据读取以及解密的安全性和准确性。It can be understood that the double verification of the data reading device by the mobile terminal and the mobile storage device ensures the security and accuracy of data reading and decryption.

以上实施例仅用以说明本发明的技术方法而非限制,尽管参照较佳实施例对本发明进行了详细说明,本领域的普通技术人员应当理解,可以对本发明的技术方法进行修改或等同替换,而不脱离本发明技术方法的精神和范围。The above embodiments are only used to illustrate the technical method of the present invention without limitation. Although the present invention has been described in detail with reference to the preferred embodiments, those of ordinary skill in the art should understand that the technical method of the present invention can be modified or equivalently replaced. Without departing from the spirit and scope of the technical method of the present invention.

Claims (6)

1.一种具备访问控制的加密移动存储系统,其特征在于,包括分发注册模块、密钥分发模块、匹配密码设置模块、身份验证模块、数据加密模块以及数据读取解密模块;其中,各个模块之间通过电气和/或无线网络方式连接;1. An encrypted mobile storage system with access control is characterized in that it includes a distribution registration module, a key distribution module, a matching password setting module, an identity verification module, a data encryption module and a data reading and decryption module; wherein each module connected by electrical and/or wireless network; 所述分发注册模块用于预先通过手机APP在密钥分发平台注册密钥分发账号;用户通过移动终端在注册量子专网账号后,通过密钥分发模块获得量子密钥;The distribution registration module is used to register the key distribution account on the key distribution platform through the mobile APP in advance; after the user registers the quantum private network account through the mobile terminal, obtain the quantum key through the key distribution module; 所述密钥分发模块用于通过量子专网向用户分发量子密钥;移动终端将接收到的量子密钥发送至身份验证模块;The key distribution module is used to distribute the quantum key to users through the quantum private network; the mobile terminal sends the received quantum key to the identity verification module; 所述匹配密码设置模块用于为用户移动终端与移动存储设备设置一个验证密码;The matching password setting module is used to set a verification password for the user's mobile terminal and the mobile storage device; 所述身份验证模块用于用户在进行数据存储以及数据读取前,使用匹配密码设置模块生成的验证密码以及公私钥对用户身份进行验证;The identity verification module is used for the user to use the verification password and public and private keys generated by the matching password setting module to verify the identity of the user before data storage and data reading; 所述数据加密模块用于在经过身份验证模块对用户身份验证成功后,对用户传输进移动存储设备的数据进行加密;The data encryption module is used to encrypt the data transmitted by the user into the mobile storage device after the identity verification module successfully authenticates the user; 所述数据读取解密模块用于在经过身份验证模块对用户身份验证成功后,对移动存储设备内的数据进行解密并传输。The data reading and decrypting module is used for decrypting and transmitting the data in the mobile storage device after the identity verification module successfully authenticates the user. 2.根据权利要求1所述的一种具备访问控制的加密移动存储系统,其特征在于,所述密钥分发平台为量子专网平台;该量子专网平台利用量子特性生成量子密钥;并通过量子专网将量子密钥发送至用户的移动终端;所述分发注册模块通过在移动终端远程注册账号的方式获取量子专网平台的量子密钥分发权限。2. A kind of encrypted mobile storage system with access control according to claim 1, characterized in that, the key distribution platform is a quantum private network platform; the quantum private network platform utilizes quantum characteristics to generate quantum keys; and The quantum key is sent to the user's mobile terminal through the quantum private network; the distribution registration module obtains the quantum key distribution authority of the quantum private network platform by remotely registering an account on the mobile terminal. 3.根据权利要求1所述的一种具备访问控制的加密移动存储系统,其特征在于,所述匹配密码设置模块设置验证密码的方式为:所述移动终端与移动存储设备以短距离无线网络方式连接;所述移动终端在首次与移动存储设备无线连接时,用户通过移动终端输入验证密码;并将验证密码通过短距离无线网络方式发送至移动存储终端;移动终端生成一组非对称加密算法的公钥与私钥;并通过短距离无线网络方式将公钥发送至移动存储设备;移动终端保存私钥。3. A kind of encrypted mobile storage system with access control according to claim 1, characterized in that, the mode of setting the verification password by the matching password setting module is: the mobile terminal and the mobile storage device are connected via a short-distance wireless network When the mobile terminal is wirelessly connected to the mobile storage device for the first time, the user enters the verification password through the mobile terminal; and the verification password is sent to the mobile storage terminal through a short-distance wireless network; the mobile terminal generates a set of asymmetric encryption algorithms public key and private key; and send the public key to the mobile storage device through a short-distance wireless network; the mobile terminal stores the private key. 4.根据权利要求1所述的一种具备访问控制的加密移动存储系统,其特征在于,所述身份验证模块进行身份验证的方式包括以下步骤:4. A kind of encrypted mobile storage system with access control according to claim 1, characterized in that, the mode of identity verification by the identity verification module comprises the following steps: 步骤S1:移动终端将验证密码通过哈希算法获得验证密码的哈希值;Step S1: The mobile terminal obtains the hash value of the verification password through a hash algorithm through the verification password; 步骤S2:移动终端使用私钥对验证密码的哈希值进行加密;Step S2: the mobile terminal uses the private key to encrypt the hash value of the verification password; 步骤S3:移动终端将加密后的哈希值发送至移动存储设备;Step S3: the mobile terminal sends the encrypted hash value to the mobile storage device; 步骤S4:移动存储设备使用相同的哈希算法计算出验证密码的哈希值;将该哈希值标记为H1;Step S4: the mobile storage device uses the same hash algorithm to calculate the hash value of the verification password; mark the hash value as H1; 步骤S5:移动存储设备使用公钥对移动终端发送的加密的哈希值进行解密;将解密后的哈希值标记为H2;Step S5: the mobile storage device uses the public key to decrypt the encrypted hash value sent by the mobile terminal; mark the decrypted hash value as H2; 步骤S6:移动存储设备对比哈希值H1以及哈希值H2;若哈希值H1与哈希值H2相同,则身份验证成功;否则,身份验证失败。Step S6: The mobile storage device compares the hash value H1 and the hash value H2; if the hash value H1 is the same as the hash value H2, the identity verification is successful; otherwise, the identity verification fails. 5.根据权利要求1所述的一种具备访问控制的加密移动存储系统,其特征在于,所述数据加密模块对数据进行加密的方式为:移动存储设备通过电气方式与其他数据存储设备连接,且数据存储设备向移动存储设备传输数据前,预先通过身份验证模块完成对用户身份的验证;在验证通过后,数据存储设备通过电气方式向移动存储设备传输数据,移动存储设备接收到数据后,使用量子密码对移动存储设备内的数据进行加密。5. An encrypted mobile storage system with access control according to claim 1, wherein the data encryption module encrypts data in the following manner: the mobile storage device is electrically connected to other data storage devices, And before the data storage device transmits data to the mobile storage device, the user identity verification is completed through the identity verification module in advance; after the verification is passed, the data storage device transmits data to the mobile storage device through electrical means, and after the mobile storage device receives the data, Use quantum cryptography to encrypt data in mobile storage devices. 6.根据权利要求1所述的一种具备访问控制的加密移动存储系统,其特征在于,所述数据读取解密模块对移动存储设备内数据进行读取解密包括以下步骤:6. The encrypted mobile storage system with access control according to claim 1, wherein said data reading and decryption module reads and decrypts the data in the mobile storage device comprising the following steps: 步骤P1:所述移动存储设备通过电气方式连接数据读取设备后,将移动终端与数据读取设备以短距离无线方式连接,移动终端通过身份验证模块完成对移动存储设备的身份认证;Step P1: After the mobile storage device is electrically connected to the data reading device, the mobile terminal is connected to the data reading device in a short-distance wireless manner, and the mobile terminal completes the identity authentication of the mobile storage device through the identity verification module; 步骤P2:移动终端获取数据读取设备的物理地址;并将数据读取设备的物理地址发送至移动存储设备;Step P2: the mobile terminal obtains the physical address of the data reading device; and sends the physical address of the data reading device to the mobile storage device; 步骤P3:移动存储设备读取数据读取设备的物理地址;并将读取的物理地址与移动终端发送的物理地址进行对比;若两个物理地址相同,则转至步骤P4;否则,发送设备有误信息至移动终端;Step P3: The mobile storage device reads the physical address of the data reading device; and compares the read physical address with the physical address sent by the mobile terminal; if the two physical addresses are the same, go to step P4; otherwise, the sending device There is an error message to the mobile terminal; 步骤P4:移动存储设备使用量子密钥对存储的数据进行解密,并通过电气方式传输至数据读取模块。Step P4: The mobile storage device uses the quantum key to decrypt the stored data, and transmits it to the data reading module through electrical means.
CN202211073537.1A 2022-09-02 2022-09-02 Encryption mobile storage system with access control function Pending CN115426109A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211073537.1A CN115426109A (en) 2022-09-02 2022-09-02 Encryption mobile storage system with access control function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211073537.1A CN115426109A (en) 2022-09-02 2022-09-02 Encryption mobile storage system with access control function

Publications (1)

Publication Number Publication Date
CN115426109A true CN115426109A (en) 2022-12-02

Family

ID=84201709

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211073537.1A Pending CN115426109A (en) 2022-09-02 2022-09-02 Encryption mobile storage system with access control function

Country Status (1)

Country Link
CN (1) CN115426109A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118862105A (en) * 2024-06-04 2024-10-29 青岛浩谦信息科技有限公司 A data encryption and identity authentication method and system in a trusted computing environment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004215232A (en) * 2002-12-19 2004-07-29 Buffalo Inc Encryption key setting system, access point, and encryption key setting method, and authentication code setting system
CN106407825A (en) * 2016-10-13 2017-02-15 深圳市魔样科技有限公司 Bracelet and terminal-based U disk encryption method and system
CN109714166A (en) * 2019-03-07 2019-05-03 山东鲁能软件技术有限公司 A kind of mobile distribution method, system, terminal and storage medium based on quantum key
CN110650011A (en) * 2019-10-29 2020-01-03 江苏亨通问天量子信息研究院有限公司 Encryption storage method and encryption storage card based on quantum key
CN114697039A (en) * 2020-12-31 2022-07-01 科大国盾量子技术股份有限公司 Identity authentication method of quantum cipher network expansion network equipment
CN114765543A (en) * 2020-12-31 2022-07-19 科大国盾量子技术股份有限公司 Encryption communication method and system of quantum cryptography network expansion equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004215232A (en) * 2002-12-19 2004-07-29 Buffalo Inc Encryption key setting system, access point, and encryption key setting method, and authentication code setting system
CN106407825A (en) * 2016-10-13 2017-02-15 深圳市魔样科技有限公司 Bracelet and terminal-based U disk encryption method and system
CN109714166A (en) * 2019-03-07 2019-05-03 山东鲁能软件技术有限公司 A kind of mobile distribution method, system, terminal and storage medium based on quantum key
CN110650011A (en) * 2019-10-29 2020-01-03 江苏亨通问天量子信息研究院有限公司 Encryption storage method and encryption storage card based on quantum key
CN114697039A (en) * 2020-12-31 2022-07-01 科大国盾量子技术股份有限公司 Identity authentication method of quantum cipher network expansion network equipment
CN114765543A (en) * 2020-12-31 2022-07-19 科大国盾量子技术股份有限公司 Encryption communication method and system of quantum cryptography network expansion equipment

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
周鸿铎: "新传播学教程", 30 April 2018, 中国国际广播出版社 *
林熹: "区块链导论", 31 January 2022, 机械工业出版社 *
熊君: "企业内网移动存储设备安全保密管理研究", 保密科学技术, 10 April 2015 (2015-04-10) *
许定国: "量子信息学导论", 30 November 2015, 西安电子科技大学出版社 *
雷敏等: "网络空间安全专业规划教材 应用密码学 第3版", vol. 3, 30 April 2022, 北京邮电大学出版社 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118862105A (en) * 2024-06-04 2024-10-29 青岛浩谦信息科技有限公司 A data encryption and identity authentication method and system in a trusted computing environment
CN118862105B (en) * 2024-06-04 2025-06-10 青岛浩谦信息科技有限公司 A data encryption and identity authentication method and system in a trusted computing environment

Similar Documents

Publication Publication Date Title
CN113038468B (en) A quantum key distribution and negotiation method for wireless terminals in the Internet of Things
CN108270571B (en) Blockchain-based Internet of Things identity authentication system and its method
JP6976949B2 (en) Methods and systems for key distribution between servers and medical devices
US9847882B2 (en) Multiple factor authentication in an identity certificate service
JP4638990B2 (en) Secure distribution and protection of cryptographic key information
CN106656503B (en) Method for storing cipher key, data encryption/decryption method, electric endorsement method and its device
CN109688585B (en) Car-to-ground wireless communication encryption method and device applied to train monitoring system
US7689211B2 (en) Secure login method for establishing a wireless local area network connection, and wireless local area network system
US8806206B2 (en) Cooperation method and system of hardware secure units, and application device
CN112165386B (en) Data encryption method and system based on ECDSA
CN102480713A (en) Method, system and device for communication between sink node and mobile communication network
CN110493177B (en) Method and system for quantum communication service station AKA key negotiation based on asymmetric key pool pair and serial number
CN101640590A (en) Method for obtaining identification cipher algorithm private key and cipher center
CN101515319A (en) Cipher key processing method, cipher key cryptography service system and cipher key consultation method
CN110944327A (en) Information security method and device for rail transit zone controller
CN101944216A (en) Double-factor online transaction security authentication method and system
CN110740116A (en) multi-application identity authentication system and method
CN115426109A (en) Encryption mobile storage system with access control function
CN103944721A (en) Method and device for protecting terminal data security on basis of web
CN110572825A (en) A wearable device authentication device and authentication encryption method
CN105554759A (en) Authentication method and authentication system
CN108881300A (en) A kind of file encryption that supporting mobile phone terminal security cooperation and sharing method and system
CN101521571B (en) Method for authenticating safety unit and server side of mobile hardware
CN111263360A (en) Wireless encryption device and method using public key to protect variable mechanical authentication password
CN117041956A (en) Communication authentication method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination