CN117272346A - Disk data access method, device, equipment and storage medium - Google Patents

Disk data access method, device, equipment and storage medium Download PDF

Info

Publication number
CN117272346A
CN117272346A CN202311413984.1A CN202311413984A CN117272346A CN 117272346 A CN117272346 A CN 117272346A CN 202311413984 A CN202311413984 A CN 202311413984A CN 117272346 A CN117272346 A CN 117272346A
Authority
CN
China
Prior art keywords
data
disk
preset
target
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311413984.1A
Other languages
Chinese (zh)
Inventor
张圣龙
李卫明
倪飞
武珂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Flk Information Safety Technology Co ltd
Original Assignee
Hangzhou Flk Information Safety Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Flk Information Safety Technology Co ltd filed Critical Hangzhou Flk Information Safety Technology Co ltd
Priority to CN202311413984.1A priority Critical patent/CN117272346A/en
Publication of CN117272346A publication Critical patent/CN117272346A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a disk data access method, a device, equipment and a storage medium, which relate to the technical field of cryptographic algorithms and comprise the following steps: acquiring a data access request of a target user for target disk data, and performing identity verification on the target user by using a preset key management server and the data access request to judge whether the target user has data access rights; if the target user has the data access authority, acquiring an access key corresponding to the target disk data through the preset key management server; encrypting and decrypting the target disk data based on a preset virtual encryption disk, the access key and a preset national encryption algorithm to obtain processed data so as to finish disk data access operation based on the processed data; the preset virtual encryption disk is a virtual disk created based on the dm-crypt architecture. Thus, the safety of the disk data in the using process can be ensured.

Description

Disk data access method, device, equipment and storage medium
Technical Field
The present invention relates to the field of cryptographic algorithm technologies, and in particular, to a method, an apparatus, a device, and a storage medium for accessing disk data.
Background
With further enhancement of public cryptographic security awareness, but international general cryptographic algorithms have risks of cracking, and most operating systems and chips are foreign products and technologies, so that a call for securing data security by domestic autonomous cryptographic technology is increasing. The traditional disk encryption technology is mainly used for encrypting the whole disk of the disk in the using process, and cannot distinguish authorities for multi-user operation, so that other users can read the disk data as well; meanwhile, the computer speed is reduced because the authentication key is needed to decrypt each time the data is read and written; there are also cases where the key is lost and cannot be decrypted resulting in data loss. Therefore, how to improve the security of disk data access is needed to be solved.
Disclosure of Invention
In view of the foregoing, an object of the present invention is to provide a method, apparatus, device, and storage medium for accessing disk data, which can improve security of disk data access. The specific scheme is as follows:
in a first aspect, the present application discloses a disk data access method, including:
acquiring a data access request of a target user for target disk data, and performing identity verification on the target user by using a preset key management server and the data access request to judge whether the target user has data access rights;
if the target user has the data access authority, acquiring an access key corresponding to the target disk data through the preset key management server;
encrypting and decrypting the target disk data based on a preset virtual encryption disk, the access key and a preset national encryption algorithm to obtain processed data so as to finish disk data access operation based on the processed data; the preset virtual encryption disk is a virtual disk created based on the dm-crypt architecture.
Optionally, the performing authentication on the target user by using a preset key management server and the data access request to determine whether the target user has the data access right includes:
and carrying out identity verification on the target user by using a preset key management server and a national encryption algorithm certificate in the data access request so as to judge whether the target user has data access authority.
Optionally, if the target user has the data access right, the obtaining, by the preset key management server, the access key corresponding to the target disk data includes:
and if the target user has a disk data writing request in the data access request, acquiring an access key corresponding to the target disk data through the preset key management server and the disk data writing request.
Optionally, the encrypting and decrypting the target disk data based on the preset virtual encrypted disk, the access key and the preset cryptographic algorithm to obtain processed data, so as to complete the disk data access operation based on the processed data, including:
and encrypting the target disk data based on a preset virtual encryption disk, the access key and a preset national encryption algorithm to obtain encrypted data so as to write the encrypted data into the corresponding position of the target disk.
Optionally, after writing the encrypted data to the corresponding location of the target disk, the method further includes:
carrying out hash calculation on the encrypted data by the preset virtual encryption disk to obtain a standard check value corresponding to the encrypted data, and storing the standard check value into a preset encryption check disk; the preset encryption check disk is a virtual disk created based on the dm-crypt architecture.
Optionally, if the target user has the data access right, the obtaining, by the preset key management server, the access key corresponding to the target disk data includes:
and if the target user has a disk data reading request in the data access request, acquiring an access key corresponding to the target disk data through the preset key management server and the disk data reading request.
Optionally, the encrypting and decrypting the target disk data based on the preset virtual encrypted disk, the access key and the preset cryptographic algorithm to obtain processed data, so as to complete the disk data access operation based on the processed data, including:
reading the target disk data from a target disk based on a preset virtual encryption disk and the access key;
carrying out hash calculation on the target disk data by utilizing the virtual encryption disk to obtain a current check value corresponding to the target disk data;
judging whether the current check value is consistent with a standard check value corresponding to the target disk data in a preset encryption check disk or not;
and if the data are consistent, carrying out decryption operation on the target disk data based on the preset virtual encryption disk, the access key and a preset national encryption algorithm to obtain decrypted data and reading the decrypted data.
In a second aspect, the present application discloses a disk data access apparatus, including:
the access request acquisition module is used for acquiring a data access request of a target user for target disk data, and carrying out identity verification on the target user by utilizing a preset key management server and the data access request so as to judge whether the target user has data access permission;
the key acquisition module is used for acquiring an access key corresponding to the target disk data through the preset key management server if the target user has the data access authority;
the data access module is used for encrypting and decrypting the target disk data based on a preset virtual encryption disk, the access key and a preset national encryption algorithm to obtain processed data so as to perform disk data access operation on the processed data; the preset virtual encryption disk is a virtual disk created based on the dm-crypt architecture.
In a third aspect, the present application discloses an electronic device comprising:
a memory for storing a computer program;
and the processor is used for executing the computer program to realize the disk data access method.
In a fourth aspect, the present application discloses a computer readable storage medium storing a computer program which, when executed by a processor, implements the aforementioned disk data access method.
In the application, a data access request of a target user for target disk data is firstly obtained, and identity verification is carried out on the target user by utilizing a preset key management server and the data access request so as to judge whether the target user has data access authority; if the target user has the data access authority, acquiring an access key corresponding to the target disk data through the preset key management server; encrypting and decrypting the target disk data based on a preset virtual encryption disk, the access key and a preset national encryption algorithm to obtain processed data so as to finish disk data access operation based on the processed data; the preset virtual encryption disk is a virtual disk created based on the dm-crypt architecture. In this way, the virtual data storage disk is combined with the national encryption algorithm to construct the password module, and the password module is used for realizing the read-write operation of the data in the physical disk, so that the encryption and decryption of the data in the use process are ensured to be automatically carried out, the encryption and decryption and the integrity check operation cannot be perceived by the application, and meanwhile, the operations of data disclosure and illegal file modification caused by the reasons of disk loss or illegal user file copying can be avoided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for accessing disk data disclosed in the present application;
FIG. 2 is a flowchart of a specific disk data writing method disclosed in the present application;
FIG. 3 is a flowchart of a specific disk data writing method disclosed in the present application;
FIG. 4 is a flowchart of a specific method for reading disk data disclosed in the present application;
FIG. 5 is a flowchart of a specific method for reading disk data disclosed in the present application;
FIG. 6 is a schematic diagram of a disk data access apparatus disclosed in the present application;
fig. 7 is a block diagram of an electronic device disclosed in the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The traditional disk encryption technology is mainly used for encrypting the whole disk of the disk in the using process, and cannot distinguish authorities for multi-user operation, so that other users can read the disk data as well; meanwhile, the computer speed is reduced because the authentication key is needed to decrypt each time the data is read and written; there are also cases where the key is lost and cannot be decrypted resulting in data loss. The embodiment specifically introduces a disk data access method which can not slow down the computer speed and can also protect the data security.
Referring to fig. 1, an embodiment of the present application discloses a disk data access method, including:
step S11: and acquiring a data access request of a target user for target disk data, and carrying out identity verification on the target user by utilizing a preset key management server and the data access request so as to judge whether the target user has data access authority.
In this embodiment, a data access request of a target user for target disk data is obtained, and identity verification is performed on the target user by using a preset key management server and the data access request, so as to determine whether the target user has data access rights. Wherein the data access request includes a disk data write request and a disk data read request. The step of verifying the identity of the target user by using a preset key management server and the data access request to judge whether the target user has the data access authority comprises the following steps: and carrying out identity verification on the target user by using a preset key management server and a national encryption algorithm certificate in the data access request so as to judge whether the target user has data access authority. Firstly, the identification is realized through SM2 national secret certificate Key login at the front end interface of the application layer, and the application side calls an identification security gateway to analyze the certificate and signature information so as to judge whether the target user has data access authority.
Step S12: and if the target user has the data access authority, acquiring an access key corresponding to the target disk data through the preset key management server.
In this embodiment, if the target user has the data access right, the access key corresponding to the target disk data is obtained through the preset key management server. Namely, after identity authentication, retrieving and decrypting the data encryption key from the database according to the service data; and after the data is retrieved, encrypting the data by using the session key of the client to form a data encryption key ciphertext.
Step S13: encrypting and decrypting the target disk data based on a preset virtual encryption disk, the access key and a preset national encryption algorithm to obtain processed data so as to finish disk data access operation based on the processed data; the preset virtual encryption disk is a virtual disk created based on the dm-crypt architecture.
In this embodiment, after the access key is obtained, encryption and decryption operations may be performed on the target disk data in a preset virtual encrypted disk by using a preset cryptographic algorithm and the access key, so as to obtain processed data, and then the data access operation is completed on the processed data. Wherein the cryptographic algorithm may be the SM4 algorithm. It should be noted that the virtual encrypted disk is a virtual disk created based on the dm-crypt architecture. The virtual storage disk is used for storing encrypted data, so that confidentiality of the data is ensured. And the virtual disk is created by adopting the dm-crypt architecture, so that the encryption speed is high, the usability is strong, the application range is wide, and the provided kernel password application programming interface realizes the transparent encryption function.
In this embodiment, a data access request of a target user for target disk data is obtained first, and identity verification is performed on the target user by using a preset key management server and the data access request, so as to determine whether the target user has data access rights; if the target user has the data access authority, acquiring an access key corresponding to the target disk data through the preset key management server; encrypting and decrypting the target disk data based on a preset virtual encryption disk, the access key and a preset national encryption algorithm to obtain processed data so as to finish disk data access operation based on the processed data; the preset virtual encryption disk is a virtual disk created based on the dm-crypt architecture. In this way, the virtual data storage disk is combined with the national encryption algorithm to construct the password module, and the password module is used for realizing the read-write operation of the data in the physical disk, so that the encryption and decryption of the data in the use process are ensured to be automatically carried out, the encryption and decryption and the integrity check operation cannot be perceived by the application, and meanwhile, the operations of data disclosure and illegal file modification caused by the reasons of disk loss or illegal user file copying can be avoided.
The above embodiments introduce a disk data access method that does not slow down the computer speed and also protects the data security. The present embodiment will specifically describe a process of writing disk data.
Referring to fig. 2, an embodiment of the present application discloses a specific disk data access method, which includes:
step S21: and acquiring a data access request of a target user for target disk data, and carrying out identity verification on the target user by utilizing a preset key management server and the data access request so as to judge whether the target user has data access authority.
Step S22: and if the target user has a disk data writing request in the data access request, acquiring an access key corresponding to the target disk data through the preset key management server and the disk data writing request.
In this embodiment, after identity authentication, if the target user owns a disk data write request in the data access request, the data encryption key is retrieved from the database according to the service data and decrypted; and after the data is retrieved, encrypting the data by using the session key of the client to form a data encryption key ciphertext.
Step S23: and encrypting the target disk data based on a preset virtual encryption disk, the access key and a preset national encryption algorithm to obtain encrypted data so as to write the encrypted data into the corresponding position of the target disk.
In this embodiment, after the access key is obtained, the target disk data may be encrypted in a preset virtual encrypted disk by using a preset cryptographic algorithm and the access key, so as to obtain encrypted data, and then the encrypted data is written into the target disk. At this time, the target disk data is plaintext data for which encryption operation is not performed. Wherein, the cryptographic algorithm may be an SM4 algorithm. It should be noted that the virtual encrypted disk is a virtual disk created based on the dm-crypt architecture. The virtual storage disk is used for storing encrypted data, so that confidentiality of the data is ensured. And the virtual disk is created by adopting the dm-crypt architecture, so that the encryption speed is high, the usability is strong, the application range is wide, and the provided kernel password application programming interface realizes the transparent encryption function.
Step S24: carrying out hash calculation on the encrypted data by the preset virtual encryption disk to obtain a standard check value corresponding to the encrypted data, and storing the standard check value into a preset encryption check disk; the preset encryption check disk is a virtual disk created based on the dm-crypt architecture.
In this embodiment, after the data to be written is encrypted and protected by using the SM4 algorithm and stored in the physical disk, the check value obtained by performing hamc calculation on the data to be written is stored in a preset encrypted check disk for integrity protection. It should be noted that, the preset encryption check disk is a virtual disk created based on dm-crypt architecture. Furthermore, when the user accesses the encryption disk, a secure channel is established after the communication layer passes through the secret key of identity authentication and going, and the SM4 algorithm is used for storing and encrypting the data to be written.
The specific process of the step S21 may refer to the corresponding content disclosed in the foregoing embodiment, and will not be described herein.
As shown in fig. 3, the disk encryption technology is mainly used for encrypting the disk by the kernel layer of the operating system to ensure the security of the internal data, and when the system writes data on the disk, the data to be written is encrypted first and then written on the disk. By adopting the dm-crypt framework to create a virtual disk technology and a cryptographic algorithm to encrypt and decrypt data and the key management server to authenticate and distribute keys, the disk security can be ensured, and the security problems of data transmission, storage, processing, use and the like can be effectively solved.
The above embodiment specifically describes the process of writing data to the disk. The present embodiment will specifically describe a process of reading disk data.
Referring to fig. 4, an embodiment of the present application discloses a specific disk data access method, which includes:
step S31: acquiring a data access request of a target user for target disk data, and performing identity verification on the target user by using a preset key management server and the data access request to judge whether the target user has data access rights;
step S32: and if the target user has a disk data reading request in the data access request, acquiring an access key corresponding to the target disk data through the preset key management server and the disk data reading request.
In this embodiment, after identity authentication, if the target user owns a disk data read request in the data access request, the data encryption key is retrieved from the database according to the service data and decrypted; and after the data is retrieved, encrypting the data by using the session key of the client to form a data encryption key ciphertext.
Step S33: and reading the target disk data from the target disk based on a preset virtual encryption disk and the access key, and carrying out hash calculation on the target disk data by utilizing the virtual encryption disk to obtain a current check value corresponding to the target disk data.
In this embodiment, the target disk data is read from the target disk. At this time, the target disk data is encrypted disk data. After the target disk data are read out, hash calculation is carried out on the target disk data based on the virtual encryption disk so as to obtain a current check value corresponding to the target disk data.
Step S34: judging whether the current check value is consistent with a standard check value corresponding to the target disk data in a preset encryption check disk, if so, decrypting the target disk data based on the preset virtual encryption disk, the access key and a preset national encryption algorithm to obtain decrypted data, and reading the decrypted data.
In this embodiment, after the current check value corresponding to the target disk data is obtained, the standard check value corresponding to the target disk data may be read from a preset encrypted check disk. And judging whether the current check value is consistent with a standard check value corresponding to the target disk data in a preset encryption check disk, if so, decrypting the target disk data based on the preset virtual encryption disk, the access key and a preset national encryption algorithm to obtain decrypted data, and reading the decrypted data. If the decryption errors are inconsistent, the prompt information such as decryption errors is returned.
The specific process of the step S31 may refer to the corresponding content disclosed in the foregoing embodiment, and will not be described herein.
As can be seen, as shown in fig. 5, when the cryptographically stored data needs to be read, the service system will send a key request; after the cipher module confirms the cipher key, adopting SM4 encryption algorithm to decrypt the encrypted data, carrying out hamc calculation on the encrypted data to obtain a check value, reading the check value from the corresponding position of the partition of the virtual check disk, and comparing whether the check values are consistent; if the data plaintext is consistent, returning the data plaintext to the service system; if the decryption errors are inconsistent, the prompt information such as decryption errors is returned. In this way, by creating a virtual check disk, storing the data check value, and comparing the check value first during reading, the integrity of the check data and the confidentiality of the data can be ensured.
As described with reference to fig. 6, the embodiment of the present application further correspondingly discloses a disk data access device, including:
the access request acquisition module 11 is configured to acquire a data access request of a target user for target disk data, and perform identity verification on the target user by using a preset key management server and the data access request to determine whether the target user has data access rights;
the key obtaining module 12 is configured to obtain, if the target user has the data access right, an access key corresponding to the target disk data through the preset key management server;
the data access module 13 is configured to perform encryption and decryption operations on the target disk data based on a preset virtual encryption disk, the access key and a preset cryptographic algorithm to obtain processed data, so as to perform disk data access operations on the processed data; the preset virtual encryption disk is a virtual disk created based on the dm-crypt architecture.
In this way, the virtual data storage disk is combined with the national encryption algorithm to construct the password module, and the password module is used for realizing the read-write operation of the data in the physical disk, so that the encryption and decryption of the data in the use process are ensured to be automatically carried out, the encryption and decryption and the integrity check operation cannot be perceived by the application, and meanwhile, the operations of data disclosure and illegal file modification caused by the reasons of disk loss or illegal user file copying can be avoided.
In some specific embodiments, the access request obtaining module 11 may specifically include:
and the certificate verification unit is used for carrying out identity verification on the target user by utilizing a preset key management server and a national cryptographic algorithm certificate in the data access request so as to judge whether the target user has data access authority.
In some specific embodiments, the key obtaining module 12 may be specifically configured to obtain, if the target user owns a disk data write request in the data access request, an access key corresponding to the target disk data through the preset key management server and the disk data write request.
In some specific embodiments, the data access module 13 may specifically include:
and the data writing unit is used for carrying out encryption operation on the target disk data based on a preset virtual encryption disk, the access key and a preset national encryption algorithm to obtain encrypted data so as to write the encrypted data into the corresponding position of the target disk.
In some specific embodiments, the disk data access apparatus may further include:
the check value storage module is used for facilitating the preset virtual encryption disk to carry out hash calculation on the encrypted data to obtain a standard check value corresponding to the encrypted data, and storing the standard check value into the preset encryption check disk; the preset encryption check disk is a virtual disk created based on the dm-crypt architecture.
In some specific embodiments, the key obtaining module 12 may be specifically configured to obtain, if the target user owns a disk data read request in the data access request, an access key corresponding to the target disk data through the preset key management server and the disk data read request.
In some specific embodiments, the data access module 13 may specifically include:
the data reading unit is used for reading the target disk data from the target disk based on a preset virtual encryption disk and the access key;
the verification value calculation unit is used for carrying out hash calculation on the target disk data by utilizing the virtual encryption disk so as to obtain a current verification value corresponding to the target disk data;
the check value comparison unit is used for judging whether the current check value is consistent with a standard check value corresponding to the target disk data in a preset encryption check disk;
and the decrypted data reading unit is used for carrying out decryption operation on the target disk data and the preset national encryption algorithm based on the preset virtual encryption disk, the access key and the preset national encryption algorithm if the decrypted data is consistent so as to obtain decrypted data and reading the decrypted data.
Further, the embodiment of the present application further discloses an electronic device, and fig. 7 is a block diagram of the electronic device 20 according to an exemplary embodiment, where the content of the figure is not to be considered as any limitation on the scope of use of the present application.
Fig. 7 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present application. The electronic device 20 may specifically include: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. The memory 22 is configured to store a computer program, which is loaded and executed by the processor 21 to implement relevant steps in the disk data access method disclosed in any of the foregoing embodiments. In addition, the electronic device 20 in the present embodiment may be specifically an electronic computer.
In this embodiment, the power supply 23 is configured to provide an operating voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and an external device, and the communication protocol to be followed is any communication protocol applicable to the technical solution of the present application, which is not specifically limited herein; the input/output interface 25 is used for acquiring external input data or outputting external output data, and the specific interface type thereof may be selected according to the specific application requirement, which is not limited herein.
The memory 22 may be a carrier for storing resources, such as a read-only memory, a random access memory, a magnetic disk, or an optical disk, and the resources stored thereon may include an operating system 221, a computer program 222, and the like, and the storage may be temporary storage or permanent storage.
The operating system 221 is used for managing and controlling various hardware devices on the electronic device 20 and computer programs 222, which may be Windows Server, netware, unix, linux, etc. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the disk data access method performed by the electronic device 20 as disclosed in any of the previous embodiments.
Further, the application also discloses a computer readable storage medium for storing a computer program; wherein the computer program when executed by a processor implements the disk data access method disclosed above. For specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, and no further description is given here.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing has outlined the detailed description of the preferred embodiment of the present application, and the detailed description of the principles and embodiments of the present application has been provided herein by way of example only to facilitate the understanding of the method and core concepts of the present application; meanwhile, as those skilled in the art will have modifications in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.

Claims (10)

1. A method for accessing disk data, comprising:
acquiring a data access request of a target user for target disk data, and performing identity verification on the target user by using a preset key management server and the data access request to judge whether the target user has data access rights;
if the target user has the data access authority, acquiring an access key corresponding to the target disk data through the preset key management server;
encrypting and decrypting the target disk data based on a preset virtual encryption disk, the access key and a preset national encryption algorithm to obtain processed data so as to finish disk data access operation based on the processed data; the preset virtual encryption disk is a virtual disk created based on the dm-crypt architecture.
2. The method according to claim 1, wherein the authenticating the target user with the preset key management server and the data access request to determine whether the target user has the data access right, comprises:
and carrying out identity verification on the target user by using a preset key management server and a national encryption algorithm certificate in the data access request so as to judge whether the target user has data access authority.
3. The method for accessing disc data according to claim 1 or 2, wherein if the target user has the data access right, obtaining, by the preset key management server, an access key corresponding to the target disc data, includes:
and if the target user has a disk data writing request in the data access request, acquiring an access key corresponding to the target disk data through the preset key management server and the disk data writing request.
4. The disc data access method according to claim 3, wherein the encrypting and decrypting the target disc data based on the preset virtual encrypted disc, the access key and the preset cryptographic algorithm to obtain processed data so as to complete the disc data access operation based on the processed data, comprises:
and encrypting the target disk data based on a preset virtual encryption disk, the access key and a preset national encryption algorithm to obtain encrypted data so as to write the encrypted data into the corresponding position of the target disk.
5. The method for accessing data on a disk according to claim 4, further comprising, after writing the encrypted data to the corresponding location on the target disk:
carrying out hash calculation on the encrypted data by the preset virtual encryption disk to obtain a standard check value corresponding to the encrypted data, and storing the standard check value into a preset encryption check disk; the preset encryption check disk is a virtual disk created based on the dm-crypt architecture.
6. The method for accessing disc data according to claim 1 or 2, wherein if the target user has the data access right, obtaining, by the preset key management server, an access key corresponding to the target disc data, includes:
and if the target user has a disk data reading request in the data access request, acquiring an access key corresponding to the target disk data through the preset key management server and the disk data reading request.
7. The method according to claim 6, wherein encrypting and decrypting the target disk data based on the preset virtual encryption disk, the access key, and a preset cryptographic algorithm to obtain processed data so as to complete the disk data access operation based on the processed data, comprises:
reading the target disk data from a target disk based on a preset virtual encryption disk and the access key;
carrying out hash calculation on the target disk data by utilizing the virtual encryption disk to obtain a current check value corresponding to the target disk data;
judging whether the current check value is consistent with a standard check value corresponding to the target disk data in a preset encryption check disk or not;
and if the data are consistent, carrying out decryption operation on the target disk data based on the preset virtual encryption disk, the access key and a preset national encryption algorithm to obtain decrypted data and reading the decrypted data.
8. A disk data access apparatus, comprising:
the access request acquisition module is used for acquiring a data access request of a target user for target disk data, and carrying out identity verification on the target user by utilizing a preset key management server and the data access request so as to judge whether the target user has data access permission;
the key acquisition module is used for acquiring an access key corresponding to the target disk data through the preset key management server if the target user has the data access authority;
the data access module is used for encrypting and decrypting the target disk data based on a preset virtual encryption disk, the access key and a preset national encryption algorithm to obtain processed data so as to perform disk data access operation on the processed data; the preset virtual encryption disk is a virtual disk created based on the dm-crypt architecture.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the disk data access method of any one of claims 1 to 7.
10. A computer readable storage medium for storing a computer program which when executed by a processor implements the disk data access method of any of claims 1 to 7.
CN202311413984.1A 2023-10-27 2023-10-27 Disk data access method, device, equipment and storage medium Pending CN117272346A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311413984.1A CN117272346A (en) 2023-10-27 2023-10-27 Disk data access method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311413984.1A CN117272346A (en) 2023-10-27 2023-10-27 Disk data access method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117272346A true CN117272346A (en) 2023-12-22

Family

ID=89214437

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311413984.1A Pending CN117272346A (en) 2023-10-27 2023-10-27 Disk data access method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117272346A (en)

Similar Documents

Publication Publication Date Title
US11470054B2 (en) Key rotation techniques
JP6941146B2 (en) Data security service
US8462955B2 (en) Key protectors based on online keys
CA2899027C (en) Data security service
US9020149B1 (en) Protected storage for cryptographic materials
US9300639B1 (en) Device coordination
CN107317677B (en) Secret key storage and equipment identity authentication method and device
EP2251810B1 (en) Authentication information generation system, authentication information generation method, and authentication information generation program utilizing a client device and said method
CN104333545B (en) The method that cloud storage file data is encrypted
US20200136816A1 (en) Authentication using asymmetric cryptography key pairs
US11044105B2 (en) System, method, and computer program product for sensitive data recovery in high security systems
CN106992978B (en) Network security management method and server
CN116244750A (en) Secret-related information maintenance method, device, equipment and storage medium
CN117272346A (en) Disk data access method, device, equipment and storage medium
CN106992976B (en) Network security management method and server
US20240048532A1 (en) Data exchange protection and governance system
CN118101189A (en) Data encryption and decryption method, device, equipment and storage medium
CN118821104A (en) Data authorization management method applied to trusted data space and related equipment
WO2024030308A1 (en) Data exchange protection and governance system
CN117313144A (en) Sensitive data management method and device, storage medium and electronic equipment
CN115442136A (en) Application system access method and device
KR20170100235A (en) System and method for security of certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination