CN117811743A

CN117811743A - Access verification method, device, equipment and medium based on solid state disk

Info

Publication number: CN117811743A
Application number: CN202311740856.8A
Authority: CN
Inventors: 崔佳宁; 尹作刚; 张琪
Original assignee: Shandong Yunhai Guochuang Cloud Computing Equipment Industry Innovation Center Co Ltd
Current assignee: Shandong Yunhai Guochuang Cloud Computing Equipment Industry Innovation Center Co Ltd
Priority date: 2023-12-15
Filing date: 2023-12-15
Publication date: 2024-04-02

Abstract

The invention discloses an access verification method, device, equipment and medium based on a solid state disk, and relates to the technical field of solid state disks. The method comprises the following steps: the user obtains and sends a user signature certificate to the solid state disk; the solid state disk verifies the user signature in the user signature certificate; when the user signature is confirmed to pass verification, the user sends an access request for characterizing a safe storage area for accessing the solid state disk; at the moment, the user accessing the solid state disk can be recorded through the user signature certificate; the server sends a transmission request so that the server can transmit the solid state disk signature certificate to the solid state disk according to the transmission request; and accessing the solid state disk according to the access request so that the solid state disk can encrypt and decrypt data in the solid state disk through the solid state disk signature certificate and the user signature certificate transmitted by the server after responding to the access request, and at the moment, the safety of the data in the solid state disk can be ensured.

Description

Access verification method, device, equipment and medium based on solid state disk

Technical Field

The present invention relates to the field of solid state disk technologies, and in particular, to a method, apparatus, device, and medium for access verification based on a solid state disk.

Background

With the rapid development of information technology, solid state disks are also developed at a high speed in order to adapt to the rapid change of technology. In order to protect data security, further security protection is required to be implemented on the solid state disk storing data. The solid state disk is generally provided with a secure access area and an unsafe access area, wherein the secure access area is used for storing data with high security level, and the unsafe access area is used for storing data with low security level.

The existing data security storage mode realizes data security access and recording on application software in an operating system layer, but the method depends on a host environment, and a portable movable multi-user shared solid state disk can be used on a plurality of hosts, so that users accessing the solid state disk cannot be recorded at the moment, and inconvenience is caused. At present, the access to the safe access area and the unsafe access area is realized on the solid state disk according to the set safety level, wherein the corresponding safety levels of different users are different, and the storage areas which can access the solid state disk are different, but the storage areas can be read and written after verification is passed, and the users accessing the solid state disk are not recorded.

In view of the above-mentioned problems, it is a problem to be solved by a person skilled in the art to find an authentication method capable of recording a user accessing a solid state disk.

Disclosure of Invention

The invention aims to provide an access verification method, device, equipment and medium based on a solid state disk, which are used for solving the problem that a user accessing the solid state disk is not recorded after access verification and cannot be obligated when a problem occurs.

In order to solve the technical problems, the invention provides an access verification method based on a solid state disk, which comprises the following steps:

the user obtains and sends a user signature certificate to the solid state disk;

the solid state disk verifies the user signature in the user signature certificate;

when the user signature is confirmed to pass verification, the user sends an access request for representing access to a preset safe storage area of the solid state disk to the solid state disk;

the server sends a transmission request so that the server can transmit the solid state disk signature certificate to the solid state disk according to the transmission request;

the user side accesses the solid state disk according to the access request, so that the solid state disk can encrypt and decrypt data in the solid state disk through the solid state disk signature certificate and the user signature certificate transmitted by the server side after responding to the access request.

On the other hand, before the user side obtains and sends the user signature certificate to the solid state disk, the method further comprises the following steps:

judging whether the solid state disk is used for the first time;

if not, the step of acquiring and sending the user signature certificate to the solid state disk is entered;

if so, sending a public and private key pair generating request representing the generated management public key and the management private key to the server, so that the server can transmit the management public key to the solid state disk and receive the solid state disk public key and the solid state disk private key generated by the solid state disk after responding to the public and private key pair generating request;

sending an acquisition request for representing acquisition information to the solid state disk so that after the solid state disk responds to the acquisition request, a first sequence is generated and transmitted to a server according to the basic information of the solid state disk and the solid state disk public key;

sending a first signature request representing the signature of the first sequence to the server so that the server can call the management public key to sign the first sequence and obtain a solid state disk signature after responding to the first signature request;

and sending a first signing certificate generation request for representing the signing certificate of the solid state disk to the server side so that the server side can generate the signing certificate of the solid state disk according to the first sequence and the signing of the solid state disk after responding to the first signing certificate generation request.

generating a user public key and a user private key and transmitting the user public key to the solid state disk;

generating a second sequence through the basic information of the user and the public key of the user, which are acquired through the solid state disk;

sending a second signature request for representing the signature of the second sequence to the solid state disk so as to control the solid state disk to sign the second sequence according to the management private key after the solid state disk responds to the second signature request, and obtaining a user signature;

and sending a second signature certificate generation request for characterizing the generated user signature certificate to the solid state disk so that the solid state disk can generate the user signature certificate according to the second sequence and the user signature after responding to the second signature certificate generation request.

On the other hand, the solid state disk verifying the user signature in the user signature certificate includes:

judging whether the basic information of the user in the second sequence is correct or not by the solid state disk;

if not, ending;

if yes, the solid state disk receives a user verification request for verifying the user signature by the characterization, so that the solid state disk can verify the user signature according to the management public key after responding to the user verification request;

Correspondingly, when the user signature is confirmed to pass verification, the step of sending the access request for representing the preset safe storage area for accessing the solid state disk to the solid state disk by the user terminal comprises the following steps:

the user terminal sets a verification mark for representing that the user signature passes verification; so that the solid state disk responds to the access request according to the verification identification.

On the other hand, the user side accesses the solid state disk according to the access request, so that after the solid state disk responds to the access request, the encryption and decryption of the data in the solid state disk through the solid state disk signature certificate and the user signature certificate transmitted by the server side comprises:

controlling the solid state disk to generate a symmetric key according to the access request;

encrypting the symmetric key by a user public key in a user signature certificate acquired through the solid state disk;

the solid state disk is controlled to sign the encrypted symmetric key through the solid state disk private key, so that a symmetric key signature is obtained;

generating a third sequence in the solid state disk through the encrypted symmetric key, the symmetric key signature and the solid state disk signature certificate;

acquiring a third sequence from the solid state disk, and verifying whether the basic information of the solid state disk is correct;

if not, ending;

if yes, acquiring a management public key to verify the solid state disk signature;

When the solid state disk signature verification is successful, the solid state disk public key verification symmetric key signature is obtained through the solid state disk;

and when the symmetric key signature verification is successful, decrypting the encrypted symmetric private key by using the user private key.

On the other hand, when the solid state disk is accessed with read data, the user terminal accesses the solid state disk according to the access request, including:

acquiring a starting address of a target access storage area, an ending address of the target access storage area and the current time;

generating a fourth sequence according to the starting address, the ending address and the current time;

signing the fourth sequence by using a user private key to obtain a read data access signature;

generating a fifth sequence according to the fourth sequence and the read data access signature, and transmitting the fifth sequence to the solid state disk;

verifying the read data access signature using the user public key;

when the read data access signature verification is successful, reading data in the solid state disk according to the starting address of the target access storage area and the ending address of the target access storage area;

correspondingly, after reading data in the solid state disk according to the start address of the target access storage area and the end address of the target access storage area, the method further comprises:

The solid state disk is controlled to encrypt the read data by using the symmetric key so as to obtain encrypted data;

acquiring a read command code of the solid state disk for reading data access;

generating a sixth sequence in the solid state disk according to the read command code, the user signature certificate and the fifth sequence;

and transmitting the sixth sequence to the solid state disk so as to store the sixth sequence to the solid state disk.

On the other hand, when the solid state disk is accessed by writing data, the user terminal accesses the solid state disk according to the access request, including:

acquiring data written into a solid state disk, a starting address of a target writing storage area, an ending address of the target writing storage area and current time;

carrying out hash operation on the data and determining a hash value corresponding to the data;

generating a seventh sequence according to the starting address of the target writing storage area, the ending address of the target writing storage area, the current time and the hash value;

signing the seventh sequence by using a user private key to obtain a write data access signature;

the method comprises the steps of obtaining a symmetric key of a solid state disk and encrypting data written into the solid state disk;

generating an eighth sequence according to the encrypted data, the write data access signature and the seventh sequence, and transmitting the eighth sequence to the solid state disk;

The solid state disk verifies the write data access signature by using the user public key;

when the write data access signature verification is successful, the solid state disk uses the symmetric key to decrypt the data written into the solid state disk;

performing hash operation on the decrypted data to determine a decrypted hash value corresponding to the decrypted data;

judging whether the decrypted hash value is consistent with the hash value or not;

if the two types of data are inconsistent, ending;

if the data are consistent, writing the data into a target writing storage area;

correspondingly, after writing the data into the target write memory area, further comprising:

acquiring a write command code for writing data access of the solid state disk;

generating a ninth sequence in the solid state disk according to the write command code, the user signature certificate, the write data access signature and the seventh sequence;

transmitting the ninth sequence to the solid state disk so as to store the ninth sequence to the solid state disk

the method comprises the steps that a solid state disk receives a user signature certificate sent by a user;

verifying the user signature in the user signature certificate;

correspondingly, after the solid state disk verifies the user signature in the user signature certificate, the method further comprises the following steps:

When the user signature is confirmed to pass verification, the solid state disk receives an access request for characterizing a safe storage area for accessing the solid state disk;

the method comprises the steps that a solid state disk receives a solid state disk signature certificate, wherein the solid state disk signature certificate is obtained by a server in response to a transmission request of a user side;

the solid state disk responds to the access request so as to facilitate data encryption and decryption through the solid state disk signature certificate and the user signature certificate.

In order to solve the technical problem, the invention also provides an access verification device based on the solid state disk, which comprises:

the first acquisition module is used for acquiring and sending the user signature certificate to the solid state disk by the user side;

the first verification module is used for verifying the user signature in the user signature certificate by the solid state disk;

the first sending module is used for sending an access request for representing access to a preset safe storage area of the solid state disk to the solid state disk by the user side when the user signature is confirmed to pass verification;

the second sending module is used for sending a transmission request by the server side so that the server side can conveniently transmit the solid state disk signature certificate to the solid state disk according to the transmission request;

the access module is used for the user side to access the solid state disk according to the access request, so that the solid state disk can encrypt and decrypt data in the solid state disk through the solid state disk signature certificate and the user signature certificate transmitted by the server side after responding to the access request.

The device also comprises the following modules:

the first judging module is used for judging whether the solid state disk is used for the first time;

if yes, triggering a third sending module, which is used for sending a public and private key pair generating request for representing and generating a management public key and a management private key to a server, so that the server can conveniently transmit the management public key to the solid state disk after responding to the public and private key pair generating request, and receive the solid state disk public key and the solid state disk private key generated by the solid state disk;

the fourth sending module is used for sending an acquisition request for representing acquisition information to the solid state disk so that the solid state disk can generate and transmit a first sequence to the server according to the basic information of the solid state disk and the solid state disk public key after responding to the acquisition request;

the fifth sending module is used for sending a first signature request for representing the signature of the first sequence to the server side so that the server side can call the management public key to sign the first sequence and obtain a solid state disk signature after responding to the first signature request;

the sixth sending module is configured to send a first signing certificate generation request for generating a signing certificate of the solid state disk to the server, so that the server responds to the first signing certificate generation request and then generates the signing certificate of the solid state disk according to the first sequence and the signing of the solid state disk.

the first generation module is used for generating a user public key and a user private key and transmitting the user public key to the solid state disk;

the second generation module is used for generating a second sequence through the basic information of the user and the public key of the user, which are acquired through the solid state disk;

the seventh sending module is configured to send a second signature request for characterizing the signing of the second sequence to the solid state disk, so that after the solid state disk responds to the second signature request, the solid state disk is controlled to sign the second sequence according to the management private key, and a user signature is obtained;

and the eighth sending module is used for sending a second signature certificate generation request for representing the generated user signature certificate to the solid state disk so that the solid state disk can generate the user signature certificate according to the second sequence and the user signature after responding to the second signature certificate generation request.

the second judging module is used for judging whether the basic information of the user in the second sequence is correct or not by the solid state disk;

if not, ending;

if yes, triggering a ninth sending module, wherein the ninth sending module is used for sending a user verification request for verifying the user signature by the representation through the solid state disk, so that after the solid state disk responds to the user verification request, the user signature is verified according to the management public key;

the setting module is used for setting a verification mark for representing that the user signature passes verification by the user terminal; so that the solid state disk responds to the access request according to the verification identification.

the symmetric key generation module is used for controlling the solid state disk to generate a symmetric key according to the access request;

the second acquisition module is used for encrypting the symmetric key through the user public key in the user signature certificate acquired by the solid state disk;

the symmetric key signature module is used for controlling the solid state disk to sign the encrypted symmetric key through the solid state disk private key to obtain a symmetric key signature;

the third generation module is used for generating a third sequence in the solid state disk through the encrypted symmetric key, the symmetric key signature and the solid state disk signature certificate;

The third acquisition module is used for acquiring a third sequence from the solid state disk and verifying whether the basic information of the solid state disk is correct or not;

if not, ending;

if yes, triggering a fourth acquisition module for acquiring and managing the public key to verify the solid state disk signature;

the second verification module is used for acquiring a public key verification symmetric key signature of the solid state disk through the solid state disk when the solid state disk signature verification is successful;

and the decryption module is used for decrypting the encrypted symmetric private key by using the user private key when the symmetric private key signature verification is successful.

the fifth acquisition module is used for acquiring the starting address of the target access storage area, the ending address of the target access storage area and the current time;

the fourth generation module is used for generating a fourth sequence according to the starting address, the ending address and the current time;

the first signature module is used for signing the fourth sequence by utilizing a user private key to obtain a read data access signature;

the fifth generation module is used for generating a fifth sequence according to the fourth sequence and the read data access signature and transmitting the fifth sequence to the solid state disk;

The read data access signature verification module is used for verifying the read data access signature by using the public key of the user;

the data reading module is used for reading data in the solid state disk according to the starting address of the target access storage area and the ending address of the target access storage area when the data reading access signature is successfully verified;

the read data encryption module is used for encrypting the read data by the solid state disk by using the symmetric key so as to obtain the encrypted data;

the sixth acquisition module is used for acquiring a read command code for reading data access of the solid state disk;

the sixth generation module is used for generating a sixth sequence in the solid state disk according to the read command code, the user signature certificate and the fifth sequence;

the first storage module is used for transmitting the sixth sequence to the solid state disk so as to store the sixth sequence to the solid state disk.

the seventh acquisition module is used for acquiring the data written into the solid state disk, the initial address of the target writing storage area, the end address of the target writing storage area and the current time;

The first hash operation module is used for carrying out hash operation on the data and determining a hash value corresponding to the data;

a seventh generating module, configured to generate a seventh sequence according to the start address of the target writing storage area, the end address of the target writing storage area, the current time, and the hash value;

the second signature module is used for signing the seventh sequence by using a user private key to obtain a write data access signature;

the eighth acquisition module is used for acquiring the symmetric key of the solid state disk and encrypting the data written into the solid state disk;

the eighth generation module is used for generating an eighth sequence according to the encrypted data, the write data access signature and the seventh sequence, and transmitting the eighth sequence to the solid state disk;

the verification write data signature module is used for controlling the solid state disk to verify the write data access signature by using the user public key;

the write data decryption module is used for controlling the solid state disk to decrypt the data written into the solid state disk by using the symmetric key when the write data access signature verification is successful;

the second hash operation module is used for carrying out hash operation on the decrypted data and determining a decryption hash value corresponding to the decrypted data;

the third judging module is used for judging whether the decryption hash value is consistent with the hash value or not;

If the two types of data are inconsistent, ending;

if the data is consistent, triggering a data writing module for writing the data into the target writing storage area;

a ninth acquisition module, configured to acquire a write command code for performing write data access on the solid state disk;

the ninth generation module is used for generating a ninth sequence in the solid state disk according to the write command code, the user signature certificate, the write data access signature and the seventh sequence;

and the second storage module is used for transmitting the ninth sequence to the solid state disk so as to store the ninth sequence to the solid state disk.

the first receiving module is used for receiving the user signature certificate sent by the user side through the solid state disk;

the third verification module is used for verifying the user signature in the user signature certificate;

the second receiving module is used for receiving an access request for characterizing the access to the safe storage area of the solid state disk when the user signature is confirmed to pass verification;

The third receiving module is used for receiving the solid state disk signature certificate, wherein the solid state disk signature certificate is obtained by the server in response to the transmission request of the user side;

and the response module is used for responding to the access request by the solid state disk so as to encrypt and decrypt data through the solid state disk signature certificate and the user signature certificate.

In order to solve the technical problem, the invention also provides access verification equipment based on the solid state disk, which comprises:

a memory for storing a computer program;

and the processor is used for pointing to the computer program and realizing the steps of the access verification method based on the solid state disk.

In order to solve the technical problem, the invention also provides a computer readable storage medium, wherein the computer readable storage medium is stored with a computer program, and when the computer program is executed by a processor, the steps of the access verification method based on the solid state disk are realized.

The access verification method based on the solid state disk provided by the invention comprises the following steps: the user obtains and sends a user signature certificate to the solid state disk; the solid state disk verifies the user signature in the user signature certificate; when the user signature is confirmed to pass verification, the user sends an access request for representing access to a preset safe storage area of the solid state disk to the solid state disk; the server sends a transmission request so that the server can transmit the solid state disk signature certificate to the solid state disk according to the transmission request; and accessing the solid state disk according to the access request so that the solid state disk can encrypt and decrypt data in the solid state disk through the solid state disk signature certificate and the user signature certificate transmitted by the server after responding to the access request. Because the user signature certificate is introduced, the signature of the user accessing the solid state disk can be recorded in the process of accessing the solid state disk through the user signature certificate, so that the user to which the illegally executed operation belongs can be found out and the responsibility can be tracked under the condition that the illegally executed operation appears according to the signature; in addition, the solid state disk signature certificate and the user signature certificate can be used for encrypting and decrypting the data in the solid state disk, so that the safety of the data in the solid state disk can be ensured.

The invention also provides an access verification device, equipment and medium based on the solid state disk, and the effect is the same as that of the access verification device.

Drawings

For a clearer description of embodiments of the present invention, the drawings that are required to be used in the embodiments will be briefly described, it being apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to the drawings without inventive effort for those skilled in the art.

FIG. 1 is a flowchart of an access verification method based on a solid state disk according to an embodiment of the present invention;

FIG. 2 is a flowchart of interaction among a security host, a solid state disk, and a user host according to an embodiment of the present invention;

FIG. 3 is a block diagram of an access verification device based on a solid state disk according to an embodiment of the present invention;

fig. 4 is a block diagram of an access verification device based on a solid state disk according to an embodiment of the present invention.

Detailed Description

The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without making any inventive effort are within the scope of the present invention.

The invention provides an access verification method, device, equipment and medium based on a solid state disk, which can be used for recording a user accessing the solid state disk after access verification so as to realize the problem of responsibility following when the problem occurs.

In order to better understand the aspects of the present invention, the present invention will be described in further detail with reference to the accompanying drawings and detailed description.

Firstly, it should be noted that the access verification method based on the solid state disk mentioned in the application relates to mutual interaction among three terminals, wherein the three terminals are a user terminal, a solid state disk terminal and a server terminal respectively; the user end is generally composed of a plurality of user hosts, the solid state disk end is generally only provided with the solid state disk, and the server end is generally composed of a management host, wherein the management host is used as an absolute safety host and can be generally called a safety host. The safety host, the solid state disk and the user host generally need to be used for configuring various information when the solid state disk is accessed and verified for the first time, and at least comprise a public and private key pair corresponding to the safety host, a public and private key pair corresponding to the solid state disk and a public and private key pair corresponding to the user host; the safety host can directly transmit the configured information to the solid state disk, store the corresponding obtained file in the solid state disk, and directly call the pre-configured information for access when the solid state disk is connected with other user hosts to access data.

Fig. 1 is a flowchart of an access verification method based on a solid state disk, provided by an embodiment of the present invention, as shown in fig. 1, where the method includes:

s10: the user obtains and sends a user signature certificate to the solid state disk;

the user signature certificate at least comprises a user signature, and the user signature can record the user name of the data accessing the solid state disk;

s11: the solid state disk verifies the user signature in the user signature certificate;

s12: when the user signature is confirmed to pass verification, the user sends an access request for characterizing a safe storage area for accessing the solid state disk;

s13: the server side sends a transmission request;

the server transmits the solid state disk signature certificate to the solid state disk according to the transmission request;

s14: accessing the solid state disk according to the access request;

after the solid state disk responds to the access request, the data in the solid state disk is encrypted and decrypted through the solid state disk signature certificate and the user signature certificate transmitted by the server.

In this embodiment, if the user host accesses the non-secure storage area of the solid state disk according to the access request, the solid state disk is normally accessed without performing access verification; if the user host accesses the safe storage area of the solid state disk according to the access request, the user host performs access verification on the solid state disk; in the process of access verification, the solid state disk can inquire whether a user host is provided with a verification identifier auth_pass_flag for representing that a user signature passes verification, and if the verification identifier exists, the user host is allowed to access the solid state disk; if the verification identifier does not exist, the user host is not allowed to access the solid state disk, and an error access state is put back to the user host.

Because the user signature certificate is introduced in the embodiment, the signature of the user accessing the solid state disk can be recorded in the process of accessing the solid state disk through the user signature certificate, so that the user to which the illegally executed operation belongs can be found out and overtaking is performed under the condition that the illegally executed operation appears according to the signature; in addition, the solid state disk signature certificate and the user signature certificate can be used for encrypting and decrypting the data in the solid state disk, so that the safety of the data in the solid state disk can be ensured.

Before the user side obtains and sends the user signature certificate to the solid state disk, the method further comprises the following steps:

judging whether the solid state disk is used for the first time;

Similarly, before the user side obtains and sends the user signature certificate to the solid state disk, the method further comprises:

Fig. 2 is a flowchart of interaction among a security host, a solid state disk and a user host, provided by an embodiment of the present invention, as shown in fig. 2, and the specific process is as follows:

firstly, the solid state disk is divided into a safe storage area and a non-safe storage area; because the data level stored in the non-secure storage area is lower, encryption of the data in the non-secure storage area is not needed, and verification is not needed when a user host accesses the non-secure storage area in the solid state disk; correspondingly, the secure storage area in the solid state disk is used for storing data with higher security level, and at this time, access verification is needed when the user host accesses the secure storage area in the solid state disk.

When the solid state disk is used for the first time, setting the solid state disk, setting key information related to the solid state disk, a safe storage area range and other information; at this time, the security host generates a management public key Administrator_pubKey and a management private key Administrator_priKey, and the security host needs to store the management private key in the security host to ensure that the management private key cannot be acquired through various channels; and transmitting the management public key to the solid state disk through a private command, and writing the management public key into a nonvolatile memory of the solid state disk so as to facilitate the follow-up signature verification operation.

The safety host transmits the management public key to the solid state disk through the private command, and simultaneously enables the solid state disk to generate a solid state disk public key ssd_pubKey and a solid state disk private key ssd_priKey, wherein the solid state disk needs to store the solid state disk private key in the solid state disk, so that the solid state disk private key cannot be acquired through various channels; transmitting the solid state disk public key to the safety host, wherein the solid state disk needs to generate a first sequence according to the basic information of the solid state disk and the solid state disk public key, and the first sequence is expressed as: { first serial number, serial number of solid state disk, module number of solid state disk, capacity of solid state disk, solid state disk public key }; the security host signs the first sequence according to the management private key to obtain a solid state disk signature ssd_sig; generating a solid state disk signature certificate according to the first sequence and the solid state disk signature, wherein the solid state disk signature certificate ssd_cert is expressed as: ssd_cert= { serial number of solid state disk, module number of solid state disk, capacity of solid state disk, solid state disk public key, solid state disk signature }; and the security host sends the obtained solid state disk signature certificate to the solid state disk, and stores the solid state disk signature certificate in a nonvolatile memory of the solid state disk.

In addition, it should be noted that the security host may generate a new solid state hard disk signature certificate through a specific request by using the discarded solid state hard disk signature certificate, where the serial number of the discarded solid state hard disk signature certificate is different from the serial number of the new solid state hard disk signature certificate.

When a user host accesses a solid state disk for the first time, a user public key user_pubKey and a user private key user_priKey are generated, and the user host needs to store the user private key in the user host so as to ensure that the user private key cannot be acquired through various channels; the user public key is sent to the solid state disk, at the moment, the solid state disk generates a second sequence according to the basic information of the user host, and at the moment, the second sequence is expressed as: { second serial number, signature identifier, issuer name, validity period, user name, user public key }; the solid state disk signs the second sequence according to the management private key to generate a user signature; and generating a user signature certificate using the second sequence and the user signature, where the user signature certificate user_cert is represented as: user_cert= { second sequence number, signature identifier, issuer name, validity period, user name, user public key, user signature }; at the moment, the solid state disk sends the obtained user signature certificate to the user host. At this time, it can be known that the solid state disk signature certificate and the user signature certificate are both stored in the solid state disk, and the user signature certificate is also stored in the user host.

On the basis of the above embodiment, there is further provided an embodiment, where verifying, by the solid state disk, the user signature in the user signature certificate includes:

if not, ending;

The user host sends a user signature certificate to the solid state disk, and when the solid state disk receives the user signature certificate, the user host judges whether the information in the user signature certificate is correct, for example: judging whether the validity period is valid, whether the user name is a user name in the system, whether the second serial number is valid, and the like; when the information in the user signature certificate is determined to be correct, the user signature in the user signature certificate is verified by using the management public key, if the verification is passed, the user signature certificate is considered to be trusted, and a verification identifier auth_pass_flag representing that the user signature is passed the verification is set at the moment. In addition, it should be noted that the verification identifier is cleared after the solid state disk initiates the reset of the controller level, and the re-access authentication is required.

In addition, in this embodiment, the user side accesses the solid state disk according to the access request, so that after the solid state disk responds to the access request, encrypting and decrypting the data in the solid state disk through the solid state disk signature certificate and the user signature certificate transmitted by the server side includes:

if not, ending;

A group of random data randomly generated by the solid state disk is obtained as a symmetric key, and in order to ensure the safety of the data in the solid state disk, the data in the solid state disk is required to be encrypted and decrypted by using the solid state disk, and the specific process is as follows:

The obtained symmetric key is encrypted by using the user public key, and the fact that the data encrypted by the user public key can be decrypted only by using the user private key, the user private key can be stored in the user host, and the data can not be obtained through the Charpy channel, so that the safety of the data in the solid state disk is ensured; the solid state disk uses the solid state disk private key to execute signature operation on the encrypted symmetric key to obtain a symmetric key signature key_sig; at this time, the symmetric key signature is used to verify whether the symmetric key is sent by the solid state disk, so that the encrypted symmetric key, symmetric key signature and solid state disk signature certificate are used to generate a third sequence in the solid state disk, where the third sequence is expressed as: { symmetric key after encryption, symmetric key signature, solid state disk signature certificate }; after receiving the third sequence, the user host verifies the basic information of the solid state disk in the solid state disk signature certificate, and is used for determining whether the solid state disk sending the third sequence is the solid state disk corresponding to the information in the third sequence; meanwhile, verifying the solid state disk signature in the solid state disk signature certificate by using the management public key; if the verification is passed, the solid state disk signature certificate is indicated to be an authorized certificate, in addition, the user host uses the solid state disk public key in the solid state disk signature certificate to verify the symmetric key signature, if the verification is passed, the encrypted symmetric key is indicated to be complete and effective, and after the symmetric key is determined to be effective, the user host uses the user private key to decrypt the encrypted symmetric key.

It can be understood that the access to the solid state disk can be divided into read data access to the solid state disk and write data access to the solid state disk;

when the read data access is performed on the solid state disk, the user terminal accesses the solid state disk according to the access request, including:

the fourth sequence at this time is expressed as: { starting address of target access memory area, ending address of target access memory area, current time };

at this time, the read data access signature is marked as read_info_sig;

the fifth sequence at this time is expressed as: { starting address of target access storage area, ending address of target access storage area, current time, read data access signature };

verifying the read data access signature using the user public key;

acquiring a read command code of the solid state disk for reading data access;

the sixth sequence at this time is: { user signature certificate, read command code, start address of target access storage area, end address of target access storage area, current time, read data access signature };

It is understood that the sixth sequence is stored in the non-volatile memory of the solid state disk.

When the solid state disk is accessed by writing data, the user terminal accesses the solid state disk according to the access request, and the method comprises the following steps:

recording the data written into the solid state disk as data;

at this time, the seventh sequence is expressed as { the start address of the target writing memory area, the end address of the target writing memory area, the current time, the hash value };

at this time, the write data access signature is written as write_info_sig;

recording the encrypted data as enc_data;

controlling the solid state disk to verify the write data access signature by using the user public key;

when the write data access signature verification is successful, the solid state disk is controlled to decrypt the data written into the solid state disk by using the symmetric key;

If the two types of data are inconsistent, ending;

correspondingly, after the writing of the data into the target writing storage area, further comprising:

the memory area mentioned at this time is determined based on the start address of the target writing memory area and the end address of the target writing memory area;

acquiring a write command code for writing data access of the solid state disk;

the ninth sequence at this time is: { user signature certificate, write command code, start address of target write storage area, end address of target write storage area, current time, hash value, write data access signature };

and transmitting the ninth sequence to the solid state disk so as to store the ninth sequence to the solid state disk.

According to the above all access verification methods based on the solid state disk, when the solid state disk is recovered, it can be determined according to the information recorded therein which users have performed which operations, the signature of the user is kept in the solid state disk, at this time, the signature of the user accessing the solid state disk can be recorded in the process of accessing the solid state disk through the user signature certificate, so that according to the signature, under the condition that the illegally performed operations occur, the user to which the illegally performed operations belong is found, and the responsibility is pursued; in addition, the solid state disk signature certificate and the user signature certificate can be used for encrypting and decrypting the data in the solid state disk, so that the safety of the data in the solid state disk can be ensured.

On the basis of the above-described embodiments,

the verifying the user signature in the user signature certificate by the solid state disk comprises the following steps:

verifying the user signature in the user signature certificate;

In the above embodiments, the present invention further provides an embodiment corresponding to the access verification device based on the solid state disk, where the access verification method based on the solid state disk is described in detail. It should be noted that the present invention describes an embodiment of the device portion from two angles, one based on the angle of the functional module and the other based on the angle of the hardware.

Fig. 3 is a structural diagram of an access verification device based on a solid state disk, provided by an embodiment of the present invention, and as shown in fig. 3, the present invention also provides an access verification device based on a solid state disk, including:

the first obtaining module 30 is configured to obtain and send a user signature certificate to the solid state disk by using the user terminal;

the first verification module 31 is configured to verify a user signature in the user signature certificate by using the solid state disk;

the first sending module 32 is configured to send, when it is determined that the user signature passes verification, an access request indicating that the user accesses a preset secure storage area of the solid state disk to the solid state disk;

the second sending module 33 is configured to send a transmission request by the server, so that the server transmits the solid state disk signature certificate to the solid state disk according to the transmission request;

the access module 34 is configured to enable the user side to access the solid state disk according to the access request, so that the solid state disk can encrypt and decrypt data in the solid state disk through the solid state disk signature certificate and the user signature certificate transmitted by the server side after responding to the access request.

The device also comprises the following modules:

in some embodiments, before the user side obtains and sends the user signature certificate to the solid state disk, the method further includes:

In some embodiments, the solid state disk verifying the user signature in the user signature certificate comprises:

if not, ending;

In some embodiments, the user accesses the solid state disk according to the access request, so that after the solid state disk responds to the access request, encrypting and decrypting the data in the solid state disk through the solid state disk signature certificate and the user signature certificate transmitted by the server comprises:

if not, ending;

In some embodiments, when performing read data access to the solid state disk, the accessing, by the user side, the solid state disk according to the access request includes:

In some embodiments, when performing write data access to the solid state disk, the accessing, by the user side, the solid state disk according to the access request includes:

if the two types of data are inconsistent, ending;

Since the embodiments of the apparatus portion and the embodiments of the method portion correspond to each other, the embodiments of the apparatus portion are referred to the description of the embodiments of the method portion, and are not repeated herein.

Fig. 4 is a structural diagram of an access verification device based on a solid state disk, provided in an embodiment of the present invention, as shown in fig. 4, an access verification device based on a solid state disk includes:

a memory 40 for storing a computer program;

The processor 41 is configured to implement the steps of the solid state disk based access authentication method as mentioned in the above embodiments when executing the computer program.

The access verification device based on the solid state disk provided in the embodiment may include, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, or the like.

Processor 41 may include one or more processing cores, such as a 4-core processor, an 8-core processor, etc., among others. The processor 41 may be implemented in at least one hardware form of digital signal processing (Digital Signal Processing, DSP), field programmable gate array (Field-Programmable Gate Array, FPGA), programmable logic array (Programmable Logic Array, PLA). The processor 41 may also comprise a main processor, which is a processor for processing data in an awake state, also called central processor (Central Processing Unit, CPU), and a coprocessor; a coprocessor is a low-power processor for processing data in a standby state. In some embodiments, the processor 41 may be integrated with an image processor (Graphics Processing Unit, GPU) for taking care of rendering and rendering of the content that the display screen is required to display. In some embodiments, the processor 41 may also include an artificial intelligence (Artificial Intelligence, AI) processor for processing computing operations related to machine learning.

Memory 40 may include one or more computer-readable storage media, which may be non-transitory. Memory 40 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 40 is at least used to store a computer program, where the computer program, after being loaded and executed by the processor 41, can implement the relevant steps of the access verification method based on a solid state disk disclosed in any one of the foregoing embodiments. In addition, the resources stored in the memory 40 may also include an operating system, data, etc., and the storage manner may be transient storage or permanent storage. The operating system may include Windows, unix, linux, among others. The data may include, but is not limited to, solid state disk based access verification methods, and the like.

In some embodiments, the access verification device based on the solid state disk may further comprise a display screen, an input-output interface, a communication interface, a power supply and a communication bus.

Those skilled in the art will appreciate that the structure shown in FIG. 4 is not limiting of a solid state disk-based access verification device and may include more or fewer components than illustrated.

The access verification device based on the solid state disk provided by the embodiment of the invention comprises the memory 40 and the processor 41, wherein the processor 41 can realize the access verification method based on the solid state disk when executing the program stored in the memory 40.

Finally, the invention also provides a corresponding embodiment of the computer readable storage medium. The computer readable storage medium stores a computer program, and when the computer program is executed by the processor, the steps described in the above method embodiments (may be a method corresponding to the user side, a method corresponding to the solid state disk side, or a method corresponding to the user side and the solid state disk side) are implemented.

It will be appreciated that the methods of the above embodiments, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored on a computer readable storage medium. Based on this understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium for performing all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random-access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

The access verification method, the device, the equipment and the medium based on the solid state disk provided by the invention are described in detail. In the description, each embodiment is described in a progressive manner, and each embodiment is mainly described by the differences from other embodiments, so that the same similar parts among the embodiments are mutually referred. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section. It should be noted that it will be apparent to those skilled in the art that various modifications and adaptations of the invention can be made without departing from the principles of the invention and these modifications and adaptations are intended to be within the scope of the invention as defined in the following claims.

It should also be noted that in this specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

Claims

1. An access verification method based on a solid state disk is characterized by comprising the following steps:

when the user signature is confirmed to pass the verification, the user side sends an access request for representing access to a preset safe storage area of the solid state disk to the solid state disk;

the server sends a transmission request so that the server can conveniently transmit the solid state disk signature certificate to the solid state disk according to the transmission request;

2. The solid state disk-based access verification method according to claim 1, wherein before the user side obtains and sends the user signature certificate to the solid state disk, the method further comprises:

judging whether the solid state disk is used for the first time;

If not, entering the step of acquiring and sending the user signature certificate to the solid state disk;

if yes, sending a public and private key pair generating request for representing and generating a management public key and a management private key to the server, so that the server can conveniently transmit the management public key to the solid state disk after responding to the public and private key pair generating request, and receive a solid state disk public key and a solid state disk private key generated by the solid state disk;

sending an acquisition request for characterizing acquisition information to the solid state disk so that the solid state disk can generate and transmit a first sequence to the server according to the basic information of the solid state disk and the solid state disk public key after responding to the acquisition request;

sending a first signature request for representing the signature of the first sequence to the server side, so that the server side can call the management public key to sign the first sequence after responding to the first signature request, and obtain a solid state disk signature;

and sending a first signing certificate generation request for representing and generating a solid state disk signing certificate to the server side, so that the server side can conveniently respond to the first signing certificate generation request and then generate the solid state disk signing certificate according to the first sequence and the solid state disk signing.

3. The solid state disk-based access verification method according to claim 2, wherein before the user side obtains and sends the user signature certificate to the solid state disk, the method further comprises:

generating a second sequence through the basic information of the user and the user public key, which are acquired through the solid state disk;

sending a second signature request for representing the signature of the second sequence to the solid state disk, so that the solid state disk is controlled to sign the second sequence according to the management private key after responding to the second signature request, and a user signature is obtained;

and sending a second signature certificate generation request for representing the generated user signature certificate to the solid state disk, so that the solid state disk can generate the user signature certificate according to the second sequence and the user signature after responding to the second signature certificate generation request.

4. The solid state disk-based access verification method according to claim 3, wherein the verifying the user signature in the user signature certificate by the solid state disk comprises:

The solid state disk judges whether the basic information of the user in the second sequence is correct or not;

if not, ending;

if yes, the solid state disk receives a user verification request for verifying the user signature by the characterization, so that the solid state disk can conveniently verify the user signature according to the management public key after responding to the user verification request;

correspondingly, when the user signature is determined to pass the verification, the sending, by the user side, an access request for characterizing access to a preset secure storage area of the solid state disk to the solid state disk includes:

the user terminal sets a verification mark for representing that the user signature passes the verification; so as to respond to the access request according to the authentication identification.

5. The access verification method based on the solid state disk of claim 3, wherein the user terminal accesses the solid state disk according to the access request, so that after the solid state disk responds to the access request, encrypting and decrypting the data in the solid state disk through the solid state disk signature certificate and the user signature certificate transmitted by the server terminal comprises:

encrypting the symmetric key by the user public key in the user signature certificate acquired through the solid state disk;

the solid state disk private key is used for controlling the solid state disk to sign the encrypted symmetric key, so that a symmetric key signature is obtained;

acquiring the third sequence from the solid state disk, and verifying whether the basic information of the solid state disk is correct or not;

if not, ending;

if yes, acquiring the management public key to verify the solid state disk signature;

when the solid state disk signature verification is successful, acquiring the solid state disk public key through the solid state disk to verify the symmetric key signature;

6. The access verification method based on the solid state disk of claim 5, wherein when the solid state disk is read and accessed, the user terminal accesses the solid state disk according to the access request comprises:

signing the fourth sequence by using the user private key to obtain a read data access signature;

verifying the read data access signature using the user public key;

correspondingly, after the data is read from the solid state disk according to the start address of the target access storage area and the end address of the target access storage area, the method further comprises:

the solid state disk is controlled to encrypt the read data by utilizing the symmetric key so as to obtain the encrypted data;

acquiring a read command code of the solid state disk for the read data access;

7. The access verification method based on the solid state disk of claim 5, wherein when performing write data access to the solid state disk, the user terminal accessing the solid state disk according to the access request comprises:

acquiring data written into the solid state disk, a starting address of a target writing storage area, an ending address of the target writing storage area and current time;

signing the seventh sequence by using the user private key to obtain a write data access signature;

the symmetric key of the solid state disk is obtained to encrypt the data written into the solid state disk;

judging whether the decryption hash value is consistent with the hash value or not;

if the two types of data are inconsistent, ending;

if the data are consistent, writing the data into the target writing storage area;

acquiring a write command code of the solid state disk for the write data access;

8. The solid state disk-based access verification method according to claim 1, wherein the verifying the user signature in the user signature certificate by the solid state disk comprises:

The solid state disk receives a user signature certificate sent by the user;

verifying the user signature in the user signature certificate;

when the user signature is confirmed to pass the verification, the solid state disk receives an access request for characterizing a safe storage area accessed to the solid state disk;

the solid state disk receives a solid state disk signature certificate, wherein the solid state disk signature certificate is the solid state disk signature certificate obtained by a server side in response to a transmission request of the user side;

and the solid state disk responds to the access request so as to encrypt and decrypt data through the solid state disk signature certificate and the user signature certificate.

9. An access verification device based on a solid state disk, which is characterized by comprising:

the first sending module is used for sending an access request for representing access to a preset safe storage area of the solid state disk to the solid state disk by the user side when the user signature is confirmed to pass the verification;

and the access module is used for the user side to access the solid state disk according to the access request so that the solid state disk can encrypt and decrypt data in the solid state disk through the solid state disk signature certificate and the user signature certificate transmitted by the server side after responding to the access request.

10. An access verification device based on a solid state disk, comprising:

a memory for storing a computer program;

a processor for implementing the steps of the solid state disk-based access verification method according to any one of claims 1 to 8 when executing the computer program.

11. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the solid state disk based access authentication method according to any of claims 1 to 8.