CN117725628A - Sensitive data leakage prevention method, system, server cipher machine and storage medium - Google Patents
Sensitive data leakage prevention method, system, server cipher machine and storage medium Download PDFInfo
- Publication number
- CN117725628A CN117725628A CN202311451845.8A CN202311451845A CN117725628A CN 117725628 A CN117725628 A CN 117725628A CN 202311451845 A CN202311451845 A CN 202311451845A CN 117725628 A CN117725628 A CN 117725628A
- Authority
- CN
- China
- Prior art keywords
- server
- soc chip
- signal
- condition
- target signal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 230000002265 prevention Effects 0.000 title claims abstract description 27
- 230000002159 abnormal effect Effects 0.000 claims abstract description 60
- 238000004891 communication Methods 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 9
- 238000001514 detection method Methods 0.000 claims description 5
- 210000001503 joint Anatomy 0.000 claims description 5
- 239000000758 substrate Substances 0.000 claims 1
- 230000006399 behavior Effects 0.000 description 11
- 230000008569 process Effects 0.000 description 11
- 238000012545 processing Methods 0.000 description 7
- 238000012795 verification Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000013461 design Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 210000004556 brain Anatomy 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The application provides a sensitive data leakage prevention method, a system, a server cipher machine and a storage medium, and relates to the technical field of data protection, wherein the method comprises the following steps: the trigger switch generates a target signal when the case is opened, and transmits the target signal to the SOC chip and the password card; under the condition that the SOC chip receives the target signal, the server cipher machine is controlled to carry out identity authentication, and under the condition that user authentication fails, the main processor and the cipher card respectively send abnormal disassembly signals; under the condition that the main processor receives an abnormal disassembly signal, the server cipher machine is controlled to delete sensitive data stored on the storage device; and deleting the key data stored in the password card under the condition that the password card receives the target signal and the abnormal dismounting signal. The sensitive data leakage prevention method, the system, the server cipher machine and the storage medium are used for preventing sensitive data and key data in the server cipher machine from being acquired in a disassembling mode.
Description
Technical Field
The present disclosure relates to the field of data protection technologies, and in particular, to a method and system for preventing sensitive data from being leaked, a server crypto machine, and a storage medium.
Background
A server crypto machine is typically a device that encrypts and decrypts user data stored on a server with an encryption key stored on a crypto card. A architecture employing a server in combination with a high speed serial computer expansion bus standard (peripheral component interconnect express, PCIe) cryptographic card is typically employed.
The password card is used as a carrier of a private key, the server is used as a carrier of sensitive data, the security of a server case is critical, if a case cover of the password machine is illegally opened, the private key stored in the password card and related sensitive data stored in the server can be illegally acquired, and further digital signatures are forged, so that a signature verification platform constructed by public key infrastructure (public key infrastructure, PKI) technology can be cracked.
Based on this, there is an urgent need for a method capable of preventing leakage of sensitive data including an encryption key to prevent acquisition of the sensitive data in a server crypto-engine and key data by a split-engine.
Disclosure of Invention
The application aims to provide a sensitive data leakage prevention method, a sensitive data leakage prevention system, a server cipher machine and a storage medium, which are used for preventing sensitive data and key data in the server cipher machine from being acquired in a disassembling mode.
The application provides a sensitive data anti-leakage method, which is applied to a sensitive data anti-leakage system, wherein the sensitive data anti-leakage system is arranged on a server cipher machine, and the sensitive data anti-leakage system comprises: the system on chip SOC chip comprises a trigger switch, a main processor and a password card; the trigger switch is in communication connection with the SOC chip and the password card, the password card is in communication connection with the SOC chip, and the method comprises the following steps:
the trigger switch generates a target signal when the case is opened, and transmits the target signal to the SOC chip and the password card; the SOC chip controls the server crypto machine to carry out identity authentication under the condition of receiving the target signal, and sends an abnormal dismounting signal to the main processor and the crypto card respectively under the condition of failure of user authentication; the main processor controls the server crypto-engine to delete the sensitive data stored on the storage device under the condition that the abnormal dismounting signal is received; and deleting the key data stored in the password card under the condition that the target signal and the abnormal dismounting signal are received by the password card.
Optionally, the trigger switch generates a target signal when the chassis is opened, and transmits the target signal to the SOC chip and the cryptographic card, including: the trigger switch generates a low-level signal when the case is opened, and transmits the low-level signal as the target signal to the SOC chip and the password card; the trigger switch is communicated with the SOC chip through a general purpose input/output (GPIO) interface on the SOC chip; the trigger switch is connected with the password card through four groups of SDI interfaces of the password card.
Optionally, the SOC chip controls the server crypto-engine to perform identity authentication when receiving the target signal, and sends an abnormal disassembly signal to the main processor and the crypto-card when user authentication fails, including: the SOC chip sends a first interrupt signal to the main processor and controls the server crypto-engine to carry out identity authentication under the condition that the target signal is received in the power-on detection stage; the first interrupt signal is used for interrupting the starting task of the server cipher machine.
Optionally, the SOC chip controls the server crypto-engine to perform identity authentication when receiving the target signal, and sends an abnormal disassembly signal to the main processor and the crypto-card when user authentication fails, including: the SOC chip sends a second interrupt signal to the main processor and controls the server crypto machine to carry out identity authentication if the target signal is received under the condition that the server crypto machine normally operates; wherein the second interrupt signal is used to interrupt a task being performed by the server crypto-engine.
Optionally, the SOC chip controls the server crypto-engine to perform identity authentication when receiving the target signal, and sends an abnormal disassembly signal to the main processor and the crypto-card when user authentication fails, including: and the SOC chip is used for determining the user authentication failure under the condition that the user authentication failure times exceed a preset threshold value, and respectively sending the abnormal machine disassembly signals to the main processor and the password card under the condition that the user authentication fails.
Optionally, after the SOC chip controls the server crypto-engine to perform identity authentication under the condition that the target signal is received, the method further includes: and under the condition that the user authentication is successful, the SOC chip sends authentication success information to the main processor chip, and the task that the server cipher machine is interrupted is recovered.
Optionally, the trigger switch is a spring type micro-switch, one end of the trigger switch is in butt joint with a buckle of a case cover of the server crypto-machine, and the other end of the trigger switch is connected with a GPIO interface on the SOC chip and an SDI interface of the crypto card respectively; under the condition that the case cover is not opened, the trigger switch generates a high-level signal; the trigger switch generates a low level signal when the cabinet cover is opened.
The application also provides a sensitive data anti-leakage system, comprising: the system on chip SOC chip comprises a trigger switch, a main processor and a password card; the trigger switch is connected with the SOC chip and the password card, and the password card is connected with the SOC chip in a communication way;
the trigger switch is used for generating a target signal when the case is opened and transmitting the target signal to the SOC chip and the password card; the SOC chip is used for controlling the server cipher machine to carry out identity authentication under the condition of receiving the target signal, and respectively sending abnormal disassembling signals to the main processor and the cipher card under the condition of failure of user authentication; the main processor is used for controlling the server crypto-engine to delete the sensitive data stored on the storage device under the condition that the abnormal dismounting signal is received; the password card is used for deleting the key data stored in the password card under the condition that the target signal and the abnormal dismounting signal are received.
Optionally, the trigger switch is specifically configured to generate a low-level signal when the chassis is opened, and transmit the low-level signal as the target signal to the SOC chip and the crypto card; the trigger switch is communicated with the SOC chip through a general purpose input/output (GPIO) interface on the SOC chip; the trigger switch is connected with the password card through four groups of SDI interfaces of the password card.
Optionally, the SOC chip is specifically configured to send a first interrupt signal to the main processor and control the server crypto-engine to perform identity authentication when the target signal is received in a power-on detection stage; the first interrupt signal is used for interrupting the starting task of the server cipher machine.
Optionally, the SOC chip is specifically configured to send a second interrupt signal to the main processor and control the server crypto-engine to perform identity authentication if the target signal is received under a condition that the server crypto-engine is running normally; wherein the second interrupt signal is used to interrupt a task being performed by the server crypto-engine.
Optionally, the SOC chip is specifically configured to determine that the user authentication fails when the number of times of user authentication failure exceeds a preset threshold, and send the abnormal power-on/off signal to the host processor and the password card respectively when the user authentication fails.
Optionally, the SOC chip is further configured to send authentication success information to the host processor chip in case that the user authentication is successful, and resume the task that the server crypto engine is interrupted.
Optionally, the trigger switch is a spring type micro-switch, one end of the trigger switch is in butt joint with a buckle of a case cover of the server crypto-machine, and the other end of the trigger switch is connected with a GPIO interface on the SOC chip and an SDI interface of the crypto card respectively; under the condition that the case cover is not opened, the trigger switch generates a high-level signal; the trigger switch generates a low level signal when the cabinet cover is opened.
The present application also provides a computer program product comprising computer programs/instructions which when executed by a processor implement the steps of a sensitive data anti-leakage method as described in any one of the above.
The application also provides a server cipher machine, on which the above sensitive data leakage preventing system is arranged, and the system can realize the steps of the sensitive data leakage preventing method.
The present application also provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the sensitive data leakage prevention method as described in any of the above.
According to the sensitive data leakage prevention method, the system, the server cipher machine and the storage medium, the trigger switch generates a target signal when the case is opened, and the target signal is transmitted to the SOC chip and the cipher card; the SOC chip controls the server crypto machine to carry out identity authentication under the condition of receiving the target signal, and sends an abnormal dismounting signal to the main processor and the crypto card respectively under the condition of failure of user authentication; the main processor controls the server crypto-engine to delete the sensitive data stored on the storage device under the condition that the abnormal dismounting signal is received; and deleting the key data stored in the password card under the condition that the target signal and the abnormal dismounting signal are received by the password card. Therefore, the method can effectively prevent the sensitive data and the key data in the server cipher machine from being acquired in a disassembling mode.
Drawings
In order to more clearly illustrate the technical solutions of the present application or the prior art, the following description will briefly introduce the drawings used in the embodiments or the description of the prior art, and it is obvious that, in the following description, the drawings are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a method for preventing sensitive data from leakage;
FIG. 2 is a second flow chart of the method for preventing sensitive data leakage provided by the present application;
FIG. 3 is a schematic diagram of a system for preventing leakage of sensitive data;
fig. 4 is a schematic structural diagram of an electronic device provided in the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the present application more apparent, the technical solutions in the present application will be clearly and completely described below with reference to the drawings in the present application, and it is apparent that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
The terms first, second and the like in the description and in the claims, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged, as appropriate, such that embodiments of the present application may be implemented in sequences other than those illustrated or described herein, and that the objects identified by "first," "second," etc. are generally of a type and not limited to the number of objects, e.g., the first object may be one or more. Furthermore, in the description and claims, "and/or" means at least one of the connected objects, and the character "/", generally means that the associated object is an "or" relationship.
The following description is made with respect to terms of art referred to in the examples of the present application:
server crypto-engine: is a device or software program for encrypting and decrypting user data stored on a server. Its principle of operation generally follows encryption algorithms and key management mechanisms. In the encryption process, the crypto-engine first receives data entered by the user and processes it by a cryptographic algorithm. Common cryptographic algorithms include hash functions, symmetric encryption algorithms, and the like. The hash function converts the data into a fixed-length hash value, while the symmetric encryption algorithm encrypts the data using a key. The encrypted data is stored on the server. In the decryption process, when the user inputs data for verification, the cipher machine processes the data input by the user by using the same cipher algorithm and key. It then compares the result after processing with the encrypted data stored on the server to verify the correctness of the data. The cryptographic engine may also support key management mechanisms including generating keys, storing keys, updating keys, and revoking keys. These operations may ensure the security and reliability of the server password.
Password card: a cryptographic card, also known as an encryption card, encryption module, or encryption chip, on a server cryptographic engine is a hardware device used to store and protect encryption keys. The role of the cryptographic card in the server cryptographic system is to store the encryption key and run encryption algorithms and cryptographic operations to ensure confidentiality, integrity and availability of the protected data. The cipher card is connected with the server cipher machine through an interface, so that the cipher machine can encrypt and decrypt data stored in the server by using a secret key stored in the cipher card. Password cards generally have higher security performance than software encryption schemes because they use specially designed encryption chips to store keys and access to keys is strongly physically and logically protected. In addition, many cryptographic cards also support a variety of encryption algorithms, and support functions such as generating random numbers, computing digital signatures, and securely storing certificates. These functions may improve the security and reliability of the server crypto-engine. In summary, the cryptographic card is an important hardware component of the server cryptographic engine, which provides security protection at the hardware level and efficient encryption processing capability, and is one of the key parts of the server cryptographic engine system.
SOC (System on a Chip) refers to a chip that integrates various computer system components. The system integrates a plurality of functional modules such as a Central Processing Unit (CPU), a memory controller, a Graphic Processor (GPU), an input/output interface, a memory, a network interface, an encryption engine, various peripheral controllers and the like on a chip. The design goal of SOC is to achieve higher integration and stronger performance, and to reduce power consumption and cost. A Processor (Processor) is one of the components of the core in a computer for executing various computing and control instructions. It is responsible for processing data and executing programs, the brain of a computer. Processors can be classified into Central Processing Units (CPUs), graphics Processors (GPUs), network processors, and the like according to the architecture. The difference between SOC and processor is in range and function. An SOC is a chip that integrates multiple functional modules, including not only a processor, but also other necessary system components, such as a memory controller, an input-output interface, and the like. The SOC provides a complete system solution by integrating these components together, which can simplify system design and improve performance and power consumption efficiency. The processor is a key component in the SOC, and is responsible for executing instructions and processing data, and is the core of the whole system. In short, an SOC is a chip that integrates multiple system components, while a processor is one of the components in the SOC, responsible for the computing and control tasks of the core. The SOC provides a complete system solution, with the processor being the core.
Aiming at the technical problems that key data and sensitive data stored in a server cipher machine are easy to leak in the related art, the embodiment of the application provides a sensitive data leakage prevention method, which can effectively prevent the sensitive data and the key data in the server cipher machine from being acquired in a disassembling mode.
The method for preventing sensitive data from being leaked provided by the embodiment of the application is described in detail below by means of specific embodiments and application scenes thereof with reference to the accompanying drawings.
As shown in fig. 2, the method for preventing leakage of sensitive data provided in the embodiment of the present application is applied to a sensitive data leakage preventing system, where the sensitive data leakage preventing system is disposed on a server crypto machine, and the sensitive data leakage preventing system includes: the system on chip SOC chip comprises a trigger switch, a main processor and a password card; the trigger switch is in communication connection with the SOC chip and the password card, and the password card is in communication connection with the SOC chip, and the method may include the following steps 101 to 104:
and step 101, the trigger switch generates a target signal when the case is opened, and transmits the target signal to the SOC chip and the password card.
The trigger switch may be a spring type micro-switch, where one end of the trigger switch is in butt joint with a buckle of a chassis cover of the server crypto-engine, and the other end of the trigger switch is connected with a GPIO interface on the SOC chip and an SDI interface of the crypto card respectively. Under the condition that the case cover is not opened, the trigger switch generates a high-level signal; the trigger switch generates a low level signal when the cabinet cover is opened. The SDI interface is a Self-destruct IO interface, namely a Self-destruct input/output interface arranged on the password card.
In an exemplary embodiment of the present application, whether the casing cover of the server crypto-engine is opened may be determined by a high-low level signal generated by triggering the switch.
Specifically, the step 101 may include the following step 101a:
and 101a, the trigger switch generates a low-level signal when the case is opened, and transmits the low-level signal as the target signal to the SOC chip and the password card.
The trigger switch is communicated with the SOC chip through a general purpose input/output (GPIO) interface on the SOC chip; the trigger switch is connected with the password card through four groups of SDI interfaces of the password card.
Step 102, the SOC chip controls the server crypto-engine to perform identity authentication when receiving the target signal, and sends an abnormal dismounting signal to the main processor and the crypto-card respectively when user authentication fails.
For example, when the SOC chip receives the low-level signal (i.e., the target signal) transmitted by the trigger switch, it can be confirmed that the casing cover of the server crypto-engine is opened, and at this time, it is necessary to determine whether the action is a normal opening action.
It should be noted that, the control server cryptographic machine performs identity authentication, and may be triggered by a target signal sent by the SOC chip, or may be triggered by other signals sent by the SOC chip. After the user identity authentication is completed, the server cipher machine can feed back the authentication result to the SOC chip through the main processor.
For example, in the embodiment of the application, different processing strategies may be adopted to process the action of opening the chassis during the startup process of the server crypto engine or during normal operation.
During the starting-up process:
for example, in the startup process, if it is detected that the casing cover of the server cryptographic engine is opened, the startup process or startup task needs to be interrupted, and the identity of the user needs to be verified.
Specifically, the step 102 may further include the following step 102a:
102a, under the condition that the SOC chip receives the target signal in the power-on detection stage, a first interrupt signal is sent to the main processor, and the server crypto machine is controlled to carry out identity authentication.
The first interrupt signal is used for interrupting the starting task of the server cipher machine.
In an exemplary embodiment, in the starting process of the server crypto machine, if the SOC chip receives the above target signal, a first interrupt signal may be sent to the main processor to interrupt the starting task of the server crypto machine, and the identity of the user is verified by letting the user input a system login password or a personal identification number (personal identification number, PIN), if the user cannot input correct verification information within a preset period of time, it is determined that the opening behavior of the case cover of the server crypto machine belongs to an abnormal opening behavior, and at this time, corresponding measures need to be taken to prevent leakage of sensitive information and key information.
During normal operation:
for example, in the normal running process of the server crypto-engine, if the case cover of the server crypto-engine is detected to be opened, the task being executed by the server crypto-engine needs to be interrupted, and the identity of the user needs to be verified.
Specifically, the step 102 may further include the following step 102b:
and under the condition that the server cipher machine normally operates, if the SOC chip receives the target signal, the SOC chip sends a second interrupt signal to the main processor and controls the server cipher machine to perform identity authentication.
Wherein the second interrupt signal is used to interrupt a task being performed by the server crypto-engine.
In an exemplary embodiment, if the SOC chip receives the target signal during normal operation of the server crypto, a second interrupt signal may be sent to the host processor to interrupt a task being executed by the server crypto, and verify the identity of the user by letting the user input a system login password or a personal identification code, and if the user cannot input correct verification information within a preset period of time, determine that the opening behavior of the case cover of the server crypto belongs to an abnormal opening behavior, and at this time, corresponding measures need to be taken to prevent leakage of sensitive information and key information.
The first interrupt signal and the second interrupt signal may be signals including the same information or signals including different information.
Specifically, based on the step 102a and the step 102b, the step 102 may further include the following step 102c:
step 102c, the SOC chip is configured to determine that the user authentication fails when the number of user authentication failures exceeds a preset threshold within a preset duration, and send the abnormal power-on/off signal to the main processor and the password card respectively when the user authentication fails.
For example, when the user cannot input the correct verification information within the preset time, it may be determined that the opening behavior of the chassis cover of the server cryptographic engine is an abnormal shutdown behavior, and the SOC chip may send an abnormal shutdown signal to the host processor and the cryptographic card at the same time.
If the target signal is detected, the sensitive information and the key information are deleted directly, which may cause erroneous deletion of the information, and therefore, after the target signal is detected, further verification of the validity of the user is required. In addition, in order to avoid that the user forgets the password or inputs the wrong password due to misoperation, a preset threshold value can be set to avoid that the password is cracked by violence.
Step 103, the main processor controls the server cipher machine to delete the sensitive data stored on the storage device of the server cipher machine under the condition that the abnormal disassembling signal is received.
For example, when it is determined that the opening behavior of the casing cover of the server crypto engine is an abnormal shutdown behavior, the SOC chip may send an abnormal shutdown signal to the host processor to enable the server crypto engine to delete the sensitive data stored in the storage device.
And 104, deleting the key data stored in the password card under the condition that the password card receives the target signal and the abnormal dismounting signal.
For example, when it is determined that the opening behavior of the casing cover of the server cryptographic engine is an abnormal shutdown behavior, the SOC chip may send an abnormal shutdown signal to the host processor, and the cryptographic card may delete the key data stored in the cryptographic card when the cryptographic card receives the abnormal shutdown signal and the target signal at the same time.
It should be noted that, the above steps 103 and 104 may be performed simultaneously, and the order of execution of the steps need not be considered.
Optionally, in the embodiment of the present application, if the user authentication is successful, the task of interrupting the server crypto machine may be recovered, and the recorded shutdown event may be deleted.
For example, after the SOC chip in the step 102 controls the server crypto-engine to perform identity authentication under the condition that the SOC chip receives the target signal, the method for preventing leakage of sensitive data provided in the embodiment of the present application may further include the following step 105:
and 105, sending authentication success information to the main processor chip by the SOC chip under the condition that user authentication is successful, and recovering the task of the server cipher machine which is interrupted.
For example, when the user authentication is successful, it may be determined that the disassembling action of the server cryptographic machine is normal at this time, and at this time, the task executed by the server cryptographic machine may be resumed.
Exemplary, as shown in fig. 2, a detailed flow chart of the sensitive data anti-leakage method provided in the embodiment of the present application is shown. And the SOC chip detects the signal state of the GPIO interface, and if a low-level signal is detected, the machine disassembly behavior is determined to occur. At this time, the SOC chip sends an interrupt signal to the main processor, the processor interrupts the task being executed by the server crypto-engine, and performs user identity authentication, and determines whether to detach the engine normally according to the result of the identity authentication. If yes, the task executed by the interrupt of the server cipher machine is restored. If the machine is judged to be abnormally disassembled, the SOC chip respectively sends an abnormal machine disassembling signal to the main processor and the password card, and after the main processor receives the abnormal machine disassembling signal, the password machine of the server is controlled to delete the sensitive data in the storage device. The cipher card needs to delete the key data stored in the cipher card under the condition that the target signal and the abnormal dismounting signal are received at the same time.
According to the sensitive data leakage prevention method provided by the embodiment of the application, when the chassis is opened, the trigger switch generates a target signal and transmits the target signal to the SOC chip and the password card; the SOC chip controls the server crypto machine to carry out identity authentication under the condition of receiving the target signal, and sends an abnormal dismounting signal to the main processor and the crypto card respectively under the condition of failure of user authentication; the main processor controls the server crypto-engine to delete the sensitive data stored on the storage device under the condition that the abnormal dismounting signal is received; and deleting the key data stored in the password card under the condition that the target signal and the abnormal dismounting signal are received by the password card. Therefore, the method can effectively prevent the sensitive data and the key data in the server cipher machine from being acquired in a disassembling mode.
It should be noted that, in the sensitive data leakage preventing method provided in the embodiment of the present application, the execution body may be a sensitive data leakage preventing system, or a control module in the sensitive data leakage preventing system for executing the sensitive data leakage preventing method. In the embodiment of the application, the sensitive data leakage prevention system provided by the embodiment of the application is described by taking the method for executing the sensitive data leakage prevention by the sensitive data leakage prevention system as an example.
In the embodiment of the application, the method is shown in the drawings. The sensitive data leakage prevention method is exemplified by a figure in combination with the embodiment of the application. In specific implementation, the sensitive data leakage preventing method shown in the above method drawings may be further implemented in combination with any other drawing that may be illustrated in the above embodiment, and will not be described herein.
The sensitive data leakage prevention system provided by the application is described below, and the sensitive data leakage prevention method described below and the sensitive data leakage prevention method described above can be referred to correspondingly.
Fig. 3 is a schematic structural diagram of a sensitive data leakage prevention system provided in an embodiment of the present application, as shown in fig. 3, specifically including: trigger switch 301, system on chip SOC chip 302, host processor 303, password card 304; the trigger switch 301 is in communication connection with the SOC chip 302 and the password card 304, and the password card 304 is in communication connection with the SOC chip 302;
the trigger switch 301 is configured to generate a target signal when the chassis is opened, and transmit the target signal to the SOC chip 302 and the cryptographic card 304; the SOC chip 302 is configured to control the server crypto-engine to perform identity authentication when receiving the target signal, and send an abnormal disassembly signal to the host processor 303 and the crypto card 304 when user authentication fails; the main processor 303 is configured to control the server crypto-engine to delete the sensitive data stored on the storage device when the abnormal power-on/power-off signal is received; the cryptographic card 304 is configured to delete key data stored in the cryptographic card 304 when the target signal and the abnormal shutdown signal are received.
Optionally, the trigger switch 301 is specifically configured to generate a low-level signal when the chassis is opened, and transmit the low-level signal as the target signal to the SOC chip 302 and the crypto card 304; wherein the trigger switch 301 communicates with the SOC chip 302 through a general purpose input/output GPIO interface on the SOC chip 302; the trigger switch 301 is communicatively connected to the cryptographic card 304 through four sets of SDI interfaces of the cryptographic card 304.
Optionally, the SOC chip 302 is specifically configured to send a first interrupt signal to the main processor 303 and control the server crypto-engine to perform identity authentication when the target signal is received in a power-on detection stage; the first interrupt signal is used for interrupting the starting task of the server cipher machine.
Optionally, the SOC chip 302 is specifically configured to, when the target signal is received under the condition that the server crypto engine is running normally, send a second interrupt signal to the main processor 303, and control the server crypto engine to perform identity authentication; wherein the second interrupt signal is used to interrupt a task being performed by the server crypto-engine.
Optionally, the SOC chip 302 is specifically configured to determine that the user authentication fails when the number of times of the user authentication failure exceeds a preset threshold, and send the abnormal power-on/off signal to the host processor 303 and the cryptographic card 304 when the user authentication fails.
Optionally, the SOC chip 302 is further configured to send authentication success information to the host processor 303 chip in case that the user authentication is successful, and resume the task that the server crypto machine is interrupted.
Optionally, the trigger switch 301 is a spring-type micro-switch, one end of the trigger switch 301 is in butt joint with a buckle of a chassis cover of the server crypto machine, and the other end of the trigger switch 301 is connected with a GPIO interface on the SOC chip 302 and an SDI interface of the crypto card 304 respectively; wherein, when the case cover is not opened, the trigger switch 301 generates a high level signal; the trigger switch 301 generates a low level signal in case of the opening of the cabinet cover.
According to the sensitive data leakage prevention system, when the chassis is opened, the trigger switch generates a target signal and transmits the target signal to the SOC chip and the password card; the SOC chip controls the server crypto machine to carry out identity authentication under the condition of receiving the target signal, and sends an abnormal dismounting signal to the main processor and the crypto card respectively under the condition of failure of user authentication; the main processor controls the server crypto-engine to delete the sensitive data stored on the storage device under the condition that the abnormal dismounting signal is received; and deleting the key data stored in the password card under the condition that the target signal and the abnormal dismounting signal are received by the password card. Therefore, the method can effectively prevent the sensitive data and the key data in the server cipher machine from being acquired in a disassembling mode.
Fig. 4 illustrates a physical schematic diagram of a server crypto-engine, as shown in fig. 4, the electronic device may include: processor 410, communication interface (Communications Interface) 420, memory 430 and communication bus 440, wherein processor 410, communication interface 420 and memory 430 communicate with each other via communication bus 440. Processor 410 may invoke logic instructions in memory 430 to perform a sensitive data leakage prevention method comprising: the trigger switch generates a target signal when the case is opened, and transmits the target signal to the SOC chip and the password card; the SOC chip controls the server crypto machine to carry out identity authentication under the condition of receiving the target signal, and sends an abnormal dismounting signal to the main processor and the crypto card respectively under the condition of failure of user authentication; the main processor controls the server crypto-engine to delete the sensitive data stored on the storage device under the condition that the abnormal dismounting signal is received; and deleting the key data stored in the password card under the condition that the target signal and the abnormal dismounting signal are received by the password card.
Further, the logic instructions in the memory 430 described above may be implemented in the form of software functional units and may be stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present application also provides a computer program product comprising a computer program stored on a computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the method for preventing leakage of sensitive data provided by the above methods, the method comprising: the trigger switch generates a target signal when the case is opened, and transmits the target signal to the SOC chip and the password card; the SOC chip controls the server crypto machine to carry out identity authentication under the condition of receiving the target signal, and sends an abnormal dismounting signal to the main processor and the crypto card respectively under the condition of failure of user authentication; the main processor controls the server crypto-engine to delete the sensitive data stored on the storage device under the condition that the abnormal dismounting signal is received; and deleting the key data stored in the password card under the condition that the target signal and the abnormal dismounting signal are received by the password card.
In yet another aspect, the present application further provides a computer readable storage medium having stored thereon a computer program which when executed by a processor is implemented to perform the above-provided sensitive data leakage prevention methods, the method comprising: the trigger switch generates a target signal when the case is opened, and transmits the target signal to the SOC chip and the password card; the SOC chip controls the server crypto machine to carry out identity authentication under the condition of receiving the target signal, and sends an abnormal dismounting signal to the main processor and the crypto card respectively under the condition of failure of user authentication; the main processor controls the server crypto-engine to delete the sensitive data stored on the storage device under the condition that the abnormal dismounting signal is received; and deleting the key data stored in the password card under the condition that the target signal and the abnormal dismounting signal are received by the password card.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and are not limiting thereof; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.
Claims (10)
1. The sensitive data leakage prevention method is characterized by being applied to a sensitive data leakage prevention system, wherein the sensitive data leakage prevention system is arranged on a server crypto machine and comprises the following steps: the system on chip SOC chip comprises a trigger switch, a main processor and a password card; the trigger switch is in communication connection with the SOC chip and the password card, the password card is in communication connection with the SOC chip, and the method comprises the following steps:
the trigger switch generates a target signal when the case is opened, and transmits the target signal to the SOC chip and the password card;
the SOC chip controls the server crypto machine to carry out identity authentication under the condition of receiving the target signal, and sends an abnormal dismounting signal to the main processor and the crypto card respectively under the condition of failure of user authentication;
the main processor controls the server cipher machine to delete sensitive data stored on a storage device of the server cipher machine under the condition that the abnormal disassembling signal is received;
and deleting the key data stored in the password card under the condition that the target signal and the abnormal dismounting signal are received by the password card.
2. The method of claim 1, wherein the triggering switch generates a target signal when the chassis is opened and transmits the target signal to the SOC chip and the cryptographic card, comprising:
the trigger switch generates a low-level signal when the case is opened, and transmits the low-level signal as the target signal to the SOC chip and the password card;
the trigger switch is communicated with the SOC chip through a general purpose input/output (GPIO) interface on the SOC chip; the trigger switch is connected with the password card through four groups of SDI interfaces of the password card.
3. The method of claim 1, wherein the SOC chip, upon receiving the target signal, controls the server crypto-engine to perform identity authentication, comprising:
the SOC chip sends a first interrupt signal to the main processor and controls the server crypto-engine to carry out identity authentication under the condition that the target signal is received in the power-on detection stage;
the first interrupt signal is used for interrupting the starting task of the server cipher machine.
4. The method of claim 1, wherein the SOC chip, upon receiving the target signal, controls the server crypto-engine to perform identity authentication, comprising:
the SOC chip sends a second interrupt signal to the main processor and controls the server crypto machine to carry out identity authentication if the target signal is received under the condition that the server crypto machine normally operates;
wherein the second interrupt signal is used to interrupt a task being performed by the server crypto-engine.
5. The method according to claim 3 or 4, wherein said sending an abnormal tear-down signal to the host processor and the cryptographic card, respectively, in case of a user authentication failure, comprises:
the SOC chip is used for determining that the user authentication fails under the condition that the number of times of user authentication failure exceeds a preset threshold value within a preset duration, and respectively sending the abnormal machine disassembly signals to the main processor and the password card under the condition that the user authentication fails.
6. The method of claim 5, wherein the SOC chip, upon receiving the target signal, controls the server crypto-engine for identity authentication, the method further comprising:
and under the condition that the user authentication is successful, the SOC chip sends authentication success information to the main processor chip, and the task that the server cipher machine is interrupted is recovered.
7. The method of claim 2, wherein the step of determining the position of the substrate comprises,
the trigger switch is a spring type micro-switch, one end of the trigger switch is in butt joint with a buckle of a case cover of the server cipher machine, and the other end of the trigger switch is connected with a GPIO interface on the SOC chip and an SDI interface of the cipher card respectively;
under the condition that the case cover is not opened, the trigger switch generates a high-level signal; the trigger switch generates a low level signal when the cabinet cover is opened.
8. A sensitive data leakage prevention system, the system comprising: the system on chip SOC chip comprises a trigger switch, a main processor and a password card; the trigger switch is connected with the SOC chip and the password card, and the password card is connected with the SOC chip in a communication way;
the trigger switch is used for generating a target signal when the case is opened and transmitting the target signal to the SOC chip and the password card;
the SOC chip is used for controlling the server cipher machine to carry out identity authentication under the condition of receiving the target signal, and respectively sending abnormal disassembling signals to the main processor and the cipher card under the condition of failure of user authentication;
the main processor is used for controlling the server crypto-engine to delete the sensitive data stored on the storage device under the condition that the abnormal dismounting signal is received;
the password card is used for deleting the key data stored in the password card under the condition that the target signal and the abnormal dismounting signal are received.
9. A server cryptographic engine having the sensitive data leakage prevention system of claim 8 disposed thereon.
10. A computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the steps of the sensitive data leakage prevention method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311451845.8A CN117725628A (en) | 2023-11-02 | 2023-11-02 | Sensitive data leakage prevention method, system, server cipher machine and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311451845.8A CN117725628A (en) | 2023-11-02 | 2023-11-02 | Sensitive data leakage prevention method, system, server cipher machine and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117725628A true CN117725628A (en) | 2024-03-19 |
Family
ID=90202311
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311451845.8A Pending CN117725628A (en) | 2023-11-02 | 2023-11-02 | Sensitive data leakage prevention method, system, server cipher machine and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117725628A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007121641A1 (en) * | 2006-04-24 | 2007-11-01 | Beijing E-Henxen Authentication Technologies Co., Ltd. | A cpk credibility authentication system using chip |
| CN108171090A (en) * | 2017-12-25 | 2018-06-15 | 山东渔翁信息技术股份有限公司 | Cipher card key protectors, cipher card and encryption system |
| WO2019127467A1 (en) * | 2017-12-29 | 2019-07-04 | 华为技术有限公司 | Data access method and device |
| CN111327422A (en) * | 2020-03-05 | 2020-06-23 | 中安云科科技发展(山东)有限公司 | Cipher machine with key destruction function and key destruction method |
| CN116566705A (en) * | 2023-05-24 | 2023-08-08 | 北京泰尔英福科技有限公司 | Authentication method, system, client and server based on key derivation function |
-
2023
- 2023-11-02 CN CN202311451845.8A patent/CN117725628A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007121641A1 (en) * | 2006-04-24 | 2007-11-01 | Beijing E-Henxen Authentication Technologies Co., Ltd. | A cpk credibility authentication system using chip |
| CN108171090A (en) * | 2017-12-25 | 2018-06-15 | 山东渔翁信息技术股份有限公司 | Cipher card key protectors, cipher card and encryption system |
| WO2019127467A1 (en) * | 2017-12-29 | 2019-07-04 | 华为技术有限公司 | Data access method and device |
| CN111327422A (en) * | 2020-03-05 | 2020-06-23 | 中安云科科技发展(山东)有限公司 | Cipher machine with key destruction function and key destruction method |
| CN116566705A (en) * | 2023-05-24 | 2023-08-08 | 北京泰尔英福科技有限公司 | Authentication method, system, client and server based on key derivation function |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7205883B2 (en) | Tamper detection and secure power failure recovery circuit | |
| US20210192090A1 (en) | Secure data storage device with security function implemented in a data security bridge | |
| US5960084A (en) | Secure method for enabling/disabling power to a computer system following two-piece user verification | |
| US7366916B2 (en) | Method and apparatus for an encrypting keyboard | |
| US7987374B2 (en) | Security chip | |
| US20080077807A1 (en) | Computer Hard Disk Security | |
| CN101788959A (en) | Solid state hard disk secure encryption system | |
| CN101351807A (en) | Methods and systems for associating an embedded security chip with a computer | |
| CN102722676A (en) | System provided with several electronic devices and a security module | |
| CN102316449B (en) | Security terminal system and authentication and interruption method thereof | |
| CN101650693A (en) | Security control method for mobile hard disk and security mobile hard disk | |
| CN101770559A (en) | Data protecting device and data protecting method | |
| CN101916346A (en) | Electronic device capable of preventing piracy and anti-piracy method thereof | |
| CN102792308B (en) | For method and the process of the personal identity number input in the consistance software stack in Automatic Teller Machine | |
| CN114785503B (en) | Cipher card, root key protection method thereof and computer readable storage medium | |
| US11531769B2 (en) | Information processing apparatus, information processing method, and computer program product | |
| US20190196981A1 (en) | Systems And Methods For Providing Connected Anti-Malware Backup Storage | |
| CN113111342A (en) | Control method, electronic equipment and control device | |
| CN111737773A (en) | Embedded secure memory with SE security module function | |
| CN112637172A (en) | Novel data security and confidentiality method | |
| CN104361298A (en) | Method and device for information safety and confidentiality | |
| CN110740036A (en) | Anti-attack data confidentiality method based on cloud computing | |
| CN117725628A (en) | Sensitive data leakage prevention method, system, server cipher machine and storage medium | |
| CN112968774B (en) | Method, device storage medium and equipment for encrypting and decrypting configuration file | |
| CN101727557B (en) | Secrecy isolation hard disk and secrecy method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |