CN118364488A - SSD data backup method and device based on intelligent password key - Google Patents
SSD data backup method and device based on intelligent password key Download PDFInfo
- Publication number
- CN118364488A CN118364488A CN202410478000.6A CN202410478000A CN118364488A CN 118364488 A CN118364488 A CN 118364488A CN 202410478000 A CN202410478000 A CN 202410478000A CN 118364488 A CN118364488 A CN 118364488A
- Authority
- CN
- China
- Prior art keywords
- key
- ssd
- data
- solid state
- intelligent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 239000007787 solid Substances 0.000 claims abstract description 111
- 238000005192 partition Methods 0.000 claims abstract description 48
- 238000004590 computer program Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 3
- 230000015654 memory Effects 0.000 description 34
- 238000010586 diagram Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004904 shortening Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of data encryption, in particular to an SSD data backup method and device based on an intelligent cipher key, wherein the method comprises the following steps: firstly, the SSD solid state disk divides a target symmetric key into a first symmetric key and a second symmetric key, when the intelligent password key is identified to be inserted into a host, a public key in the intelligent password key is obtained, identity authentication is carried out on the intelligent password key based on the public key, and after authentication is passed, the first symmetric key stored in the SSD solid state disk is combined with the second symmetric key stored in the intelligent password key, so that a complete encryption key is generated; and then, the encryption partition of the SSD is decrypted through the complete encryption key. According to the scheme, the secret key of the SSD is segmented, so that only a part of secret key is stored in the SSD, the fact that the SSD is lost is guaranteed, data in an encrypted partition cannot be leaked, and the safety of the data is improved.
Description
Technical Field
The invention relates to the technical field of data encryption, in particular to an SSD data backup method and device based on an intelligent password key.
Background
With the increasing importance of information security, users are also increasingly focusing on data protection, and it is important to ensure the security, integrity and usability of data.
In the field of storage devices, SSDs (solid state drives) are becoming the first choice for data storage and processing due to their high speed, high efficiency and low latency characteristics. However, SSDs, like ordinary storage media, store data in the form of plaintext, meaning that if unencrypted sensitive data is stored on the SSD, the data is very vulnerable to leakage once the device is stolen or lost, or attacked by malware.
Therefore, in order to protect sensitive data stored on SSDs, effective security measures must be taken.
Disclosure of Invention
In view of the above, the invention provides an SSD data backup method and device based on an intelligent password key, so as to solve the problem that sensitive data on an SSD solid state disk is easy to leak.
In a first aspect, the present invention provides an SSD data backup method based on an intelligent cryptographic key, where the method is applied to a host of an SSD data backup system based on an intelligent cryptographic key, the system further includes the intelligent cryptographic key and an SSD solid state disk, and the method includes:
Obtaining a public key inserted into an intelligent password key of the host, and carrying out identity authentication on the intelligent password key based on the public key;
After passing the authentication, combining a first symmetric key stored in the SSD solid state disk with a second symmetric key stored in the intelligent cipher key to generate a complete encryption key; the first symmetric key and the second symmetric key are obtained by splitting a target symmetric key by the SSD;
And decrypting the encrypted partition of the SSD through the complete encryption key to execute data backup operation or data reading operation.
According to the scheme, the target symmetric key encrypted by the SSD is segmented, so that only a part of the key is stored in the SSD, the loss of the SSD is guaranteed, the data in the encrypted partition cannot be leaked, the protection of sensitive data is enhanced, the safety of the data is improved, and the data is prevented from being tampered or lost maliciously.
In an alternative embodiment, the method further comprises:
And if the intelligent password key inserted into the host is identified to be inserted for the first time, acquiring a public key generated by the intelligent password key, and generating a key pair matched with the public key through the SSD.
According to the scheme, the key pair matched with the public key of the intelligent cipher key is generated, the intelligent cipher key is bound through the key pair, effective identity identification of the intelligent cipher key is achieved, and the safety of data is improved.
In an alternative embodiment, the authenticating the smart key based on the public key includes:
and authenticating the intelligent password key through the key pair in the SSD solid state disk and the public key in the intelligent password key.
In an alternative embodiment, the method further comprises:
when the intelligent password key is detected to be separated from the host or the system power failure is detected, controlling the SSD solid state disk to execute encryption partition hiding operation so as to enable stored data in the SSD solid state disk to be converted into a ciphertext state.
According to the scheme, after the intelligent password key is pulled out or the system is powered off, the encryption partition can be hidden, the data stored in the encryption partition is changed into the ciphertext state, the protection of sensitive data is further enhanced, and malicious tampering or loss is avoided.
In an alternative embodiment, in performing the data backup operation, the method further comprises:
Backing up the data to be backed up to the encrypted partition of the SSD solid state disk to form reference backup data;
creating a file snapshot to record file attributes of the reference backup data;
Acquiring an incremental backup trigger instruction;
acquiring current incremental data to be backed up based on the incremental backup trigger instruction and the reference backup data;
and carrying out backup update on the reference backup data based on the current incremental data to be backed up.
The method for using the incremental backup is faster than the full backup, so that the storage space is saved, and the backup time is shortened.
In a second aspect, the present invention provides an SSD data backup device based on an intelligent cryptographic key, where the device is applied to a host of an SSD data backup system based on an intelligent cryptographic key, the system further includes the intelligent cryptographic key and an SSD solid state disk, and the device includes:
The identity authentication module is used for acquiring a public key inserted into the intelligent password key of the host and authenticating the identity of the intelligent password key based on the public key;
the complete encryption key generation module is used for combining the first symmetric key stored in the SSD solid state disk with the second symmetric key stored in the intelligent cipher key after the authentication is passed, so as to generate a complete encryption key; the first symmetric key and the second symmetric key are obtained by splitting a target symmetric key by the SSD;
And the partition decryption module is used for decrypting the encrypted partition of the SSD through the complete encryption key so as to execute data backup operation or data reading operation.
In a third aspect, the invention provides the system comprising an intelligent password key, an SSD solid state disk and a host;
The intelligent cipher key is used for generating a pair of public key and private key based on a target asymmetric encryption mode;
The SSD solid state disk is used for generating a target symmetric key based on a target symmetric encryption mode and dividing the target symmetric key into the first symmetric key and the second symmetric key;
The host is used for acquiring a public key inserted into the intelligent password key of the host and carrying out identity authentication on the intelligent password key based on the public key; after passing the authentication, combining a first symmetric key stored in the SSD solid state disk with a second symmetric key stored in the intelligent cipher key to generate a complete encryption key; and decrypting the encrypted partition of the SSD through the complete encryption key to execute data backup operation or data reading operation.
In a fourth aspect, the present invention provides a computer device comprising: the SSD data backup method based on the intelligent cipher key according to the first aspect or any one of the corresponding embodiments is implemented by the processor and the memory, the memory and the processor are in communication connection with each other, the memory stores computer instructions, and the processor executes the computer instructions.
In a fifth aspect, the present invention provides a computer readable storage medium, where computer instructions are stored on the computer readable storage medium, where the computer instructions are configured to cause a computer to perform an SSD data backup method based on the first aspect or any one of the corresponding embodiments of the first aspect.
In a sixth aspect, the present invention provides a computer program product, including computer instructions for causing a computer to execute an SSD data backup method based on the first aspect or any implementation manner corresponding to the first aspect.
The technical scheme provided by the invention can comprise the following beneficial effects:
The SSD solid state disk is characterized in that a target symmetric key is firstly segmented into a first symmetric key and a second symmetric key, the first symmetric key is stored in the SSD solid state disk, the second symmetric key is stored in an intelligent password key, when the intelligent password key is identified to be inserted into a host, a public key in the intelligent password key is obtained, identity authentication is carried out on the intelligent password key based on the public key, and after the authentication is passed, the first symmetric key stored in the SSD solid state disk is combined with the second symmetric key stored in the intelligent password key to generate a complete encryption key; and then, the encryption partition of the SSD is decrypted through the complete encryption key so as to execute data backup operation or data reading operation. According to the scheme, encryption of the encryption partition of the SSD is combined with identity authentication of the intelligent password key, compared with simple software encryption, the encryption is safer and more reliable, the SSD is used for segmenting the target symmetric key, the keys stored in the SSD are only part of the keys, and the fact that data of the encryption area cannot be leaked even if the SSD is lost is guaranteed; in addition, because the hardware encryption of the SSD solid state disk has a special chip for running and accelerating an encryption algorithm, the encryption efficiency of the hardware encryption technology of the SSD solid state disk on file data is higher than that of software, and the mode of incremental backup is faster than that of full backup, so that the storage space is saved, and the backup time is shortened.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the present invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of an SSD data backup system based on a smart key according to an embodiment of the present invention;
FIG. 2 is a flowchart of an SSD data backup method based on smart key according to an embodiment of the present invention;
FIG. 3 is a flowchart of another SSD data backup method based on smart key according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of key association between a smart key and an SSD solid state disk according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a binding procedure of a smart key and an SSD solid state disk according to an embodiment of the present invention;
Fig. 6 is a schematic structural diagram of an SSD data backup device based on an intelligent cryptographic key according to an embodiment of the invention;
Fig. 7 is a schematic diagram of a hardware structure of a computer device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 1 is a schematic diagram of an SSD data backup system based on a smart key according to an exemplary embodiment. As shown in FIG. 1, the system comprises an intelligent password key, an SSD solid state disk and a host;
The intelligent cipher key is used for generating a pair of public key and private key based on a target asymmetric encryption mode;
The SSD solid state disk is used for generating a target symmetric key based on a target symmetric encryption mode and dividing the target symmetric key into a first symmetric key and a second symmetric key;
The host is used for acquiring a public key inserted into the intelligent password key of the host and carrying out identity authentication on the intelligent password key based on the public key; after the authentication is passed, combining a first symmetric key stored in the SSD solid state disk with a second symmetric key stored in the intelligent password key to generate a complete encryption key; and decrypting the encrypted partition of the SSD through the complete encryption key to execute data backup operation or data reading operation.
Specifically, the SSD solid state disk is further configured to obtain a public key in the smart key when the smart key is inserted into the host for the first time, and generate a key pair based on the public key;
The host is also used for carrying out identity authentication on the intelligent password key based on the key pair in the SSD solid state disk and the public key in the intelligent password key.
Specifically, the SSD solid state disk is connected with the host through m.2 interfaces, the intelligent password key is inserted into the host through USB interfaces or Type-C interfaces, and the intelligent password key is used for providing identity authentication.
Specifically, the SSD solid state disk comprises a security chip, a security memory, a random number generator and other main components. The safety chip is also called an encryption chip, and plays a role in protecting a hardware level in the SSD, so that an external person is prevented from tampering with the assembly and utilizing loopholes in the hardware.
The main functions of the security chip include:
1. Encryption/decryption engine: the powerful encryption algorithm is built in, data written into the SSD are encrypted in real time, and decryption is carried out when the data is read, so that the data stored on the SSD are always in an encrypted state, and even if the SSD is lost, an unauthorized user cannot directly read the data in the SSD.
2. Key management: various types of keys required for encryption, such as a data encryption key, a key encryption key, an authorization key, and the like, are generated and managed.
3. Authentication and access control: and a plurality of identity authentication mechanisms, such as user password authentication, hardware binding authentication, security certificate-based authentication and the like, are supported, so that only authorized users or devices can access data in the SSD solid state disk.
4. Secure boot and firmware protection: the integrity and the credibility of the firmware of the SSD solid state disk are ensured, and the tampering and the attack of malicious software are prevented.
Specifically, the secure memory is used for storing sensitive data, the secret key in the secure memory is actually stored and solidified in the memory unit of the chip, and the information of the secure memory is not lost even if the equipment is powered down, so that the security is greatly improved, and the secure memory has the following functions:
1. And (3) key storage: the secure memory is used for storing keys used by the secure chip and other secure subsystems, and adopts a hardware protection mechanism, so that the keys stored in the secure memory are not easy to be illegally acquired.
2. Security configuration data: configuration information relating to security is stored.
Specifically, the random number generator also plays an important role in the security of the SSD solid state disk, the quality of the random number is directly related to the security and strength of the cryptographic algorithm and protocol, the main function of the random number generator is key generation, a sufficient entropy source is provided for encryption operation, and the key is used for generating a strong encryption key, and has sufficient randomness and unpredictability so as to resist various attack operations of cracking the password.
In summary, in the SSD solid state disk of the present invention, the target symmetric key is first split into a first symmetric key and a second symmetric key, the first symmetric key is stored in the SSD solid state disk, the second symmetric key is stored in the smart key, when the smart key is identified to be inserted into the host, the public key in the smart key is obtained, and the identity of the smart key is authenticated based on the public key, after the authentication is passed, the first symmetric key stored in the SSD solid state disk is combined with the second symmetric key stored in the smart key, so as to generate the complete encryption key; and then, the encryption partition of the SSD is decrypted through the complete encryption key so as to execute data backup operation or data reading operation. According to the scheme, encryption of the encryption partition of the SSD is combined with identity authentication of the intelligent password key, compared with simple software encryption, the encryption is safer and more reliable, the SSD is used for segmenting the target symmetric key, the keys stored in the SSD are only part of the keys, and the fact that data of the encryption area cannot be leaked even if the SSD is lost is guaranteed; in addition, because the hardware encryption of the SSD solid state disk has a special chip for running and accelerating an encryption algorithm, the encryption efficiency of the hardware encryption technology of the SSD solid state disk for encrypting file data is higher than that of software.
According to an embodiment of the present invention, there is provided an embodiment of an SSD data backup method based on a smart key, it should be noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowchart, in some cases, the steps illustrated or described may be performed in an order different from that herein.
In this embodiment, an SSD data backup method based on an intelligent cryptographic key is provided, which may be used in a host of an SSD data backup system based on an intelligent cryptographic key as shown in fig. 1, where the system further includes an intelligent cryptographic key and an SSD solid state disk, and fig. 2 is a flowchart of an SSD data backup method based on an intelligent cryptographic key according to an embodiment of the invention, as shown in fig. 2, where the flowchart includes the following steps:
step S201, obtain the public key inserted into the smart key of the host, and perform identity authentication on the smart key based on the public key.
Specifically, when the intelligent password key is inserted into the host, the SSD solid state disk obtains a public key in the intelligent password key through the host, and stores the public key to perform identity authentication on the intelligent password key, wherein the public key is generated by the intelligent password key according to an asymmetric encryption algorithm, the intelligent password key generates a pair of public key and private key according to the asymmetric encryption algorithm, the private key is stored in the intelligent password key, and the public key is sent to the SSD solid state disk through the host to perform identity authentication.
Step S202, after passing authentication, combining a first symmetric key stored in the SSD solid state disk with a second symmetric key stored in the intelligent cryptographic key to generate a complete encryption key; the first symmetric key and the second symmetric key are obtained by splitting the target symmetric key by the SSD.
Specifically, after the host computer completes identity authentication of the intelligent password key, a second symmetric key in the intelligent password key is obtained, and the first symmetric key stored in the SSD solid state disk is combined with the second symmetric key stored in the intelligent password key to generate a complete encryption key. The first symmetric key and the second symmetric key are generated by the SSD solid state disk based on a symmetric encryption algorithm, the SSD solid state disk generates a target symmetric key based on the symmetric encryption algorithm, the target symmetric key is segmented into the first symmetric key and the second symmetric key, in subsequent identity authentication, the host or the SSD solid state disk directly combines the first symmetric key with the second symmetric key to generate a complete encryption key, and an encryption partition of the SSD solid state disk can be decrypted through the complete encryption key.
And step S203, the encryption partition of the SSD is decrypted through the complete encryption key so as to execute data backup operation or data reading operation.
Specifically, the host can decrypt the encrypted partition of the SSD through the complete encryption key, and after the SSD is decrypted, the data backup operation or the data reading operation can be performed on the decrypted encrypted partition, for example, the data in the host is backed up to the SSD, or the stored data in the SSD is read.
In summary, in the SSD solid state disk of the present invention, the target symmetric key is first split into a first symmetric key and a second symmetric key, the first symmetric key is stored in the SSD solid state disk, the second symmetric key is stored in the smart key, when the smart key is identified to be inserted into the host, the public key in the smart key is obtained, and the identity of the smart key is authenticated based on the public key, after the authentication is passed, the first symmetric key stored in the SSD solid state disk is combined with the second symmetric key stored in the smart key, so as to generate the complete encryption key; and then, the encryption partition of the SSD is decrypted through the complete encryption key so as to execute data backup operation or data reading operation. According to the scheme, encryption of the encryption partition of the SSD is combined with identity authentication of the intelligent password key, compared with simple software encryption, the encryption is safer and more reliable, the SSD is used for segmenting the target symmetric key, the keys stored in the SSD are only part of the keys, and the fact that data of the encryption area cannot be leaked even if the SSD is lost is guaranteed; in addition, because the hardware encryption of the SSD solid state disk has a special chip for running and accelerating an encryption algorithm, the encryption efficiency of the hardware encryption technology of the SSD solid state disk for encrypting file data is higher than that of software.
According to an embodiment of the present invention, there is provided an embodiment of an SSD data backup method based on a smart key, it should be noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowchart, in some cases, the steps illustrated or described may be performed in an order different from that herein.
In this embodiment, an SSD data backup method based on an intelligent cryptographic key is provided, which may be used in a host of an SSD data backup system based on an intelligent cryptographic key as shown in fig. 1, where the system further includes an intelligent cryptographic key and an SSD solid state disk, and fig. 3 is a flowchart of another SSD data backup method based on an intelligent cryptographic key according to an embodiment of the invention, as shown in fig. 3, the flowchart includes the following steps:
step S301, if it is identified that the smart key inserted into the host is inserted for the first time, a public key generated by the smart key is obtained, and a key pair matched with the public key is generated by the SSD solid state disk.
Specifically, after the intelligent password key is inserted, the identity authentication is performed through the verification key pair, firstly, the intelligent password key generates a pair of public keys and keys, wherein the public keys are used for communicating with the safety chip of the SSD solid state disk, the intelligent password key sends the public keys to the safety chip of the SSD solid state disk, the safety chip of the SSD solid state disk generates a key pair matched with the public key of the intelligent password key based on the public key of the intelligent password key, and then, during the identity authentication, the legitimacy of the intelligent password key is verified through the key pair.
Specifically, referring to the key association schematic diagram of the smart key and the SSD solid state disk shown in fig. 4, the smart key generates a pair of public key and private key based on an asymmetric encryption algorithm, the public key of the smart key is imported to the secure storage area of the SSD solid state disk in the process of binding the smart key and the SSD solid state disk, and a key pair matched with the public key of the smart key is generated through the secure chip in the SSD solid state disk, so that the binding of the smart key and the SSD solid state disk is realized.
Specifically, referring to the binding flow chart of the smart key and the SSD solid state disk shown in fig. 5, the smart key is first inserted into the USB interface of the host, the host identifies the smart key, a communication channel is established between the host and the smart key through a driver, the smart key generates a pair of public keys and private keys, the private keys are stored in the smart key, the public keys are used for binding with the security chip of the SSD solid state disk, after that, the host sends the public keys in the smart key to the security chip of the SSD solid state disk, and the security chip of the SSD solid state disk generates a key pair matched with the public keys of the smart key based on the received public keys, and the key pair authenticates the identity of the smart key in the subsequent use process. When the solid state disk is used later, the intelligent password key is required to be inserted first, the public key in the intelligent key is read by the safety chip of the solid state disk, the identity of the intelligent password key is authenticated based on the key pair, and the solid state disk of the SSD can be used after the authentication is passed.
Step S302, identity authentication is carried out on the intelligent password key through a key pair in the SSD and a public key in the intelligent password key.
Specifically, the SSD solid state disk performs matching authentication on a public key in the intelligent password key by using a key pair in the SSD solid state disk, the key pair authenticates the identity of the intelligent password key, a security chip in the SSD solid state disk performs matching authentication on the read public key and a key pair (the key pair includes a private key and a public key corresponding to the private key) stored in the SSD solid state disk, for example, the security chip uses the private key to perform operations such as decryption or signature verification on the public key in the intelligent key to confirm the matching of the public key and the public key, and after the matching is successful, the identity of the intelligent password key can be authenticated.
Step S303, after the authentication is passed, combining the first symmetric key stored in the SSD solid state disk with the second symmetric key stored in the intelligent cipher key to generate a complete encryption key; the first symmetric key and the second symmetric key are obtained by splitting the target symmetric key by the SSD.
Specifically, as shown in fig. 4, the SSD solid state disk generates a target symmetric key in advance based on a target asymmetric encryption mode, and segments the target symmetric key into two parts, namely, the first symmetric key and the second symmetric key, the first symmetric key is stored in a secure memory of the SSD solid state disk, the second symmetric key is stored in the smart key, and data in the SSD solid state disk can be decrypted only by taking the two parts of keys at the same time, thereby preventing the risk of data decryption leakage when the symmetric encryption key is only stored in the hard disk.
Specifically, after the authentication is passed, a first symmetric key stored in a secure memory of the SSD and a second symmetric key stored in the intelligent password key are combined to generate a complete encryption key, and then the complete encryption key is used for decrypting an encryption partition of the SSD.
And step S304, the encryption partition of the SSD is decrypted through the complete encryption key so as to execute data backup operation or data reading operation.
Specifically, when performing the data backup operation, the method further includes:
backing up the data to be backed up to the encrypted partition of the SSD to form reference backup data;
creating a file snapshot to record file attributes of the reference backup data;
Acquiring an incremental backup trigger instruction;
Acquiring current incremental data to be backed up based on the incremental backup trigger instruction and the reference backup data;
and carrying out backup update on the reference backup data based on the current incremental data to be backed up.
Specifically, after the intelligent password key is inserted and authentication is successful, the encrypted partition of the SSD solid state disk is displayed, and then file backup is performed. In this embodiment, the file backup may be performed in an incremental backup manner, that is, the data file to be backed up is copied to the encrypted partition at first, and is used as a reference backup for subsequent incremental backup, and a detailed file snapshot is created, and the attribute of the file backed up at the time, including the size, modification time, and the like, is recorded; after that, the user triggers the incremental backup, only the content which is changed based on the reference backup is needed to be backed up, the changed content and the established file snapshot are confirmed, the file snapshot is compared with the file attribute recorded in the file snapshot, the inconsistent part is the changed part, and the file snapshot is needed to be backed up and updated; and finally, updating the reference backup to be the current backup, and only needing to backup the change data from the last backup by the incremental backup, thereby saving the storage space, shortening the backup time and the like.
Step S305, when the intelligent password key is detected to be separated from the host or the system is detected to be powered off, the encryption partition hiding operation is executed, and the stored data in the SSD solid state disk is converted into a ciphertext state.
Specifically, after the intelligent password key is pulled out or the system is powered off, the SSD partition is hidden, and the data stored in the SSD is changed into a ciphertext state. That is, when the smart key is unplugged or the system is powered off, the host receives a corresponding signal or interrupt, based on a preset security policy and an encryption mechanism, the host communicates with the SSD solid state disk, and sends a corresponding operation code or instruction, which instructs the SSD solid state disk to perform operations of partition hiding and data encryption.
Specifically, the process of encrypting data stored on the SSD solid state disk by the SSD solid state disk is as follows: the hardware encryption and decryption key (namely the target symmetric key) is a complete encryption key formed by combining a part released by the intelligent cipher key and a part stored in the SSD solid state disk, and the complete encryption key is not stored in the SSD solid state disk, so that the encryption and decryption key cannot be obtained even if the SSD is lost, and the safety of data is ensured. The encryption mode of the target symmetric key is a national secret symmetric key encryption mode, namely a hardware encryption algorithm in the embodiment can use a national secret SM4 algorithm, the encryption strength of the algorithm is 128 bits, the algorithm is a grouping algorithm, the encryption algorithm and the key expansion algorithm both adopt a 32-round nonlinear iteration structure, and the encryption and decryption processes are completed in an SSD solid state disk, namely data fall into an encryption partition to be encrypted.
After the encryption partition is established, the encryption partition is invisible in the system by default, the encryption partition is invisible in the disk manager by a user, and data in the encryption partition is encrypted after being dropped, so that the data in the encryption partition cannot be read and written through a file manager of the system, cannot be read and written through common three-party software, can only be accessed through inserting a bound intelligent key and after identity authentication, and can be accessed through a complete encryption key after being integrated through a second symmetric key in the intelligent encryption key and a first symmetric key stored in the SSD solid state disk before the SSD solid state disk is accessed.
In summary, in the SSD solid state disk of the present invention, the target symmetric key is first split into a first symmetric key and a second symmetric key, the first symmetric key is stored in the SSD solid state disk, the second symmetric key is stored in the smart key, when the smart key is identified to be inserted into the host, the public key in the smart key is obtained, and the identity of the smart key is authenticated based on the public key, after the authentication is passed, the first symmetric key stored in the SSD solid state disk is combined with the second symmetric key stored in the smart key, so as to generate the complete encryption key; and then, the encryption partition of the SSD is decrypted through the complete encryption key so as to execute data backup operation or data reading operation. According to the scheme, encryption of the encryption partition of the SSD is combined with identity authentication of the intelligent password key, compared with simple software encryption, the encryption is safer and more reliable, the SSD is used for segmenting the target symmetric key, the keys stored in the SSD are only part of the keys, and the fact that data of the encryption area cannot be leaked even if the SSD is lost is guaranteed; in addition, because the hardware encryption of the SSD solid state disk has a special chip for running and accelerating an encryption algorithm, the encryption efficiency of the hardware encryption technology of the SSD solid state disk on file data is higher than that of software, and the mode of incremental backup is faster than that of full backup, so that the storage space is saved, and the backup time is shortened.
In this embodiment, an SSD data backup device based on an intelligent cryptographic key is further provided, and the device is used to implement the foregoing embodiments and preferred embodiments, which have been described and will not be repeated. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
The embodiment provides an SSD data backup device based on an intelligent cryptographic key, which is applied to a host of an SSD data backup system based on an intelligent cryptographic key as shown in fig. 1, and the system further includes the intelligent cryptographic key and an SSD solid state disk, as shown in fig. 6, including:
The identity authentication module 601 is configured to obtain a public key inserted into the smart key of the host, and perform identity authentication on the smart key based on the public key;
The complete encryption key generation module 602 is configured to combine the first symmetric key stored in the SSD solid state disk and the second symmetric key stored in the smart key after the authentication is passed, so as to generate a complete encryption key; the first symmetric key and the second symmetric key are obtained by splitting the target symmetric key by the SSD;
the partition decryption module 603 is configured to decrypt the encrypted partition of the SSD solid state disk by using the full encryption key, so as to perform a data backup operation or a data reading operation.
In some alternative embodiments, the apparatus is further for:
If the intelligent password key inserted into the host is identified to be inserted for the first time, a public key generated by the intelligent password key is obtained, and a key pair matched with the public key is generated through the SSD.
In some alternative embodiments, the identity authentication module 601 is further configured to:
and authenticating the identity of the intelligent password key through the key pair in the SSD solid state disk and the public key in the intelligent password key.
In some alternative embodiments, the apparatus is further for:
When the intelligent password key is detected to be separated from the host or the system is detected to be powered off, the SSD solid state disk is controlled to execute encryption partition hiding operation, so that stored data in the SSD solid state disk is converted into a ciphertext state.
In some alternative embodiments, the apparatus is further for:
When data backup operation is executed, the data to be backed up is backed up to an encryption partition of the SSD to form reference backup data;
creating a file snapshot to record file attributes of the reference backup data;
Acquiring an incremental backup trigger instruction;
Acquiring current incremental data to be backed up based on the incremental backup trigger instruction and the reference backup data;
and carrying out backup update on the reference backup data based on the current incremental data to be backed up.
Further functional descriptions of the above respective modules and units are the same as those of the above corresponding embodiments, and are not repeated here.
An SSD data backup device based on a smart key in this embodiment is presented in the form of a functional unit, where the unit refers to an ASIC (Application SPECIFIC INTEGRATED Circuit) Circuit, a processor and a memory that execute one or more software or fixed programs, and/or other devices that can provide the above functions.
The embodiment of the invention also provides computer equipment, which is provided with the SSD data backup device based on the intelligent password key shown in the figure 6.
Referring to fig. 7, fig. 7 is a schematic structural diagram of a computer device according to an alternative embodiment of the present invention, as shown in fig. 7, the computer device includes: one or more processors 10, memory 20, and interfaces for connecting the various components, including high-speed interfaces and low-speed interfaces. The various components are communicatively coupled to each other using different buses and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions executing within the computer device, including instructions stored in or on memory to display graphical information of the GUI on an external input/output device, such as a display device coupled to the interface. In some alternative embodiments, multiple processors and/or multiple buses may be used, if desired, along with multiple memories and multiple memories. Also, multiple computer devices may be connected, each providing a portion of the necessary operations (e.g., as a server array, a set of blade servers, or a multiprocessor system). One processor 10 is illustrated in fig. 7.
The processor 10 may be a central processor, a network processor, or a combination thereof. The processor 10 may further include a hardware chip, among others. The hardware chip may be an application specific integrated circuit, a programmable logic device, or a combination thereof. The programmable logic device may be a complex programmable logic device, a field programmable gate array, a general-purpose array logic, or any combination thereof.
Wherein the memory 20 stores instructions executable by the at least one processor 10 to cause the at least one processor 10 to perform the methods shown in implementing the above embodiments.
The memory 20 may include a storage program area that may store an operating system, at least one application program required for functions, and a storage data area; the storage data area may store data created according to the use of the computer device, etc. In addition, the memory 20 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid-state storage device. In some alternative embodiments, memory 20 may optionally include memory located remotely from processor 10, which may be connected to the computer device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
Memory 20 may include volatile memory, such as random access memory; the memory may also include non-volatile memory, such as flash memory, hard disk, or solid state disk; the memory 20 may also comprise a combination of the above types of memories.
The computer device also includes a communication interface 30 for the computer device to communicate with other devices or communication networks.
The embodiments of the present invention also provide a computer readable storage medium, and the method according to the embodiments of the present invention described above may be implemented in hardware, firmware, or as a computer code which may be recorded on a storage medium, or as original stored in a remote storage medium or a non-transitory machine readable storage medium downloaded through a network and to be stored in a local storage medium, so that the method described herein may be stored on such software process on a storage medium using a general purpose computer, a special purpose processor, or programmable or special purpose hardware. The storage medium can be a magnetic disk, an optical disk, a read-only memory, a random access memory, a flash memory, a hard disk, a solid state disk or the like; further, the storage medium may also comprise a combination of memories of the kind described above. It will be appreciated that a computer, processor, microprocessor controller or programmable hardware includes a storage element that can store or receive software or computer code that, when accessed and executed by the computer, processor or hardware, implements the methods illustrated by the above embodiments.
Portions of the present invention may be implemented as a computer program product, such as computer program instructions, which when executed by a computer, may invoke or provide methods and/or aspects in accordance with the present invention by way of operation of the computer. Those skilled in the art will appreciate that the form of computer program instructions present in a computer readable medium includes, but is not limited to, source files, executable files, installation package files, etc., and accordingly, the manner in which the computer program instructions are executed by a computer includes, but is not limited to: the computer directly executes the instruction, or the computer compiles the instruction and then executes the corresponding compiled program, or the computer reads and executes the instruction, or the computer reads and installs the instruction and then executes the corresponding installed program. Herein, a computer-readable medium may be any available computer-readable storage medium or communication medium that can be accessed by a computer.
Although embodiments of the present invention have been described in connection with the accompanying drawings, various modifications and variations may be made by those skilled in the art without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope of the invention as defined by the appended claims.
Claims (10)
1. The SSD data backup method based on the intelligent cipher key is characterized by being applied to a host of an SSD data backup system based on the intelligent cipher key, wherein the system further comprises the intelligent cipher key and an SSD solid state disk, and the method comprises the following steps:
Obtaining a public key inserted into an intelligent password key of the host, and carrying out identity authentication on the intelligent password key based on the public key;
After passing the authentication, combining a first symmetric key stored in the SSD solid state disk with a second symmetric key stored in the intelligent cipher key to generate a complete encryption key; the first symmetric key and the second symmetric key are obtained by splitting a target symmetric key by the SSD;
and carrying out decryption processing on the encrypted partition of the SSD by the complete encryption key so as to execute data backup operation or data reading operation.
2. The method according to claim 1, wherein the method further comprises:
And if the intelligent password key inserted into the host is identified to be inserted for the first time, acquiring a public key generated by the intelligent password key, and generating a key pair matched with the public key through the SSD.
3. The method of claim 2, wherein the authenticating the smart key based on the public key comprises:
and authenticating the intelligent password key through the key pair in the SSD solid state disk and the public key in the intelligent password key.
4. The method according to claim 1, wherein the method further comprises:
when the intelligent password key is detected to be separated from the host or the system power failure is detected, controlling the SSD solid state disk to execute encryption partition hiding operation so as to enable stored data in the SSD solid state disk to be converted into a ciphertext state.
5. The method of any of claims 1 to 4, wherein, in performing a data backup operation, the method further comprises:
Backing up the data to be backed up to the encrypted partition of the SSD solid state disk to form reference backup data;
creating a file snapshot to record file attributes of the reference backup data;
Acquiring an incremental backup trigger instruction;
acquiring current incremental data to be backed up based on the incremental backup trigger instruction and the reference backup data;
and carrying out backup update on the reference backup data based on the current incremental data to be backed up.
6. SSD data backup device based on intelligent cipher key, its characterized in that, the device is applied to the host computer of an SSD data backup system based on intelligent cipher key, the system still includes intelligent cipher key and SSD solid state disk, the device includes:
The identity authentication module is used for acquiring a public key inserted into the intelligent password key of the host and authenticating the identity of the intelligent password key based on the public key;
the complete encryption key generation module is used for combining the first symmetric key stored in the SSD solid state disk with the second symmetric key stored in the intelligent cipher key after the authentication is passed, so as to generate a complete encryption key; the first symmetric key and the second symmetric key are obtained by splitting a target symmetric key by the SSD;
And the partition decryption module is used for decrypting the encrypted partition of the SSD through the complete encryption key so as to execute data backup operation or data reading operation.
7. An SSD data backup system based on an intelligent password key is characterized by comprising the intelligent password key, an SSD solid state disk and a host;
The intelligent cipher key is used for generating a pair of public key and private key based on a target asymmetric encryption mode;
The SSD solid state disk is used for generating a target symmetric key based on a target symmetric encryption mode and dividing the target symmetric key into a first symmetric key and a second symmetric key;
The host is used for acquiring a public key inserted into the intelligent password key of the host and carrying out identity authentication on the intelligent password key based on the public key; after passing the authentication, combining a first symmetric key stored in the SSD solid state disk with a second symmetric key stored in the intelligent cipher key to generate a complete encryption key; and carrying out decryption processing on the encrypted partition of the SSD by the complete encryption key so as to execute data backup operation or data reading operation.
8. A computer device, comprising:
the SSD data backup method based on the intelligent cipher key according to any one of claims 1 to 5 is executed by the processor by executing the computer instructions.
9. A computer-readable storage medium having stored thereon computer instructions for causing a computer to perform the method for backing up SSD data based on a smart key according to any one of claims 1 to 5.
10. A computer program product comprising computer instructions for causing a computer to perform a smart key based SSD data backup method as claimed in any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410478000.6A CN118364488A (en) | 2024-04-19 | 2024-04-19 | SSD data backup method and device based on intelligent password key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410478000.6A CN118364488A (en) | 2024-04-19 | 2024-04-19 | SSD data backup method and device based on intelligent password key |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118364488A true CN118364488A (en) | 2024-07-19 |
Family
ID=91887317
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410478000.6A Pending CN118364488A (en) | 2024-04-19 | 2024-04-19 | SSD data backup method and device based on intelligent password key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118364488A (en) |
-
2024
- 2024-04-19 CN CN202410478000.6A patent/CN118364488A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2020192406A1 (en) | Method and apparatus for data storage and verification | |
| CN112187544B (en) | Firmware upgrading method, device, computer equipment and storage medium | |
| WO2021164166A1 (en) | Service data protection method, apparatus and device, and readable storage medium | |
| CN107908574B (en) | Safety protection method for solid-state disk data storage | |
| CN113545006A (en) | Remote authorized access locked data storage device | |
| CN112560058B (en) | SSD partition encryption storage system based on intelligent password key and implementation method thereof | |
| WO2015042981A1 (en) | Encryption and decryption processing method, apparatus and device | |
| CN113557689B (en) | Initializing a data storage device with a manager device | |
| CN110414248B (en) | Method for debugging microprocessor and microprocessor | |
| CN111614467B (en) | System backdoor defense method and device, computer equipment and storage medium | |
| CN109766731B (en) | Encrypted data processing method and device based on solid state disk and computer equipment | |
| CN113545021B (en) | Registration of pre-authorized devices | |
| CN113383335B (en) | Secure logging of data storage device events | |
| CN110837634B (en) | Electronic signature method based on hardware encryption machine | |
| CN115314253A (en) | Data processing method, device, system, equipment and working machine | |
| CN112968774B (en) | Method, device storage medium and equipment for encrypting and decrypting configuration file | |
| CN109891823B (en) | Method, system, and non-transitory computer readable medium for credential encryption | |
| CN110932853B (en) | Key management device and key management method based on trusted module | |
| CN115310136B (en) | Data security guarantee method based on SATA bridging chip | |
| CN111327429A (en) | Terminal starting processing method and device | |
| KR101711024B1 (en) | Method for accessing temper-proof device and apparatus enabling of the method | |
| CN118364488A (en) | SSD data backup method and device based on intelligent password key | |
| CN116451188B (en) | Software program operation safety protection method, system and storage medium | |
| CN113194090B (en) | Authentication method, authentication device, terminal device and computer readable storage medium | |
| CN117910057A (en) | Operation method of trusted execution environment, computer architecture system and encrypted hard disk |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |