CN1940803A - Data encryption storage method - Google Patents
Data encryption storage method Download PDFInfo
- Publication number
- CN1940803A CN1940803A CN 200510107419 CN200510107419A CN1940803A CN 1940803 A CN1940803 A CN 1940803A CN 200510107419 CN200510107419 CN 200510107419 CN 200510107419 A CN200510107419 A CN 200510107419A CN 1940803 A CN1940803 A CN 1940803A
- Authority
- CN
- China
- Prior art keywords
- proof box
- user
- data
- storage
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
A method for enciphering and storing data includes receiving request to set up data storage proof box from user, generating user status verification information based on user biological character information, setting up HPA on storage unit and using it as space to set up said proof box as well as storing user status verification information in proof box by enciphering mode, receiving request to make access on proof box from user and collecting user biological character information as well as carrying out status verification, receiving and processing operation information from user on data stored in proof box if verification is passed or otherwise refusing access request from user on proof box.
Description
Technical field
The present invention relates to the electronic data storage technology, especially relate to a kind of data encryption storage means that is applied to electronic data processing system.
Background technology
Along with the development of infotech, comprise that the application of various electronic data processing systems of computing machine, server etc. is increasingly extensive, the data of daily contact of people and processing are more and more.Meanwhile, a safety of data problem problem also becoming people gradually and paid close attention to.
In the prior art, there is multiple method of data being encrypted the back storage.For example; adopt numeral, literal, letter or other symbols that the individual selects for use or its combination etc. as password by the user; be used for file is protected; when the user need open file; need submit to password to carry out authentication to system; checking is passed through, and then allows the user to open file, otherwise forbids the operation of user to file.But the defective of the prior art is that this password as authentication is forgotten easily, and ease for use has much room for improvement.
For this reason, the technical scheme that exists some to adopt special hardware to carry out authentication in the prior art, described hardware can be USB flash disk, ID card etc.But also there is defective in the prior art, and promptly corresponding authentication hardware is lost easily, and uses hardware must carry this hardware as the user of authentication thing, trouble comparatively, and ease for use is not high.
And there is a common defective in above-mentioned this dual mode, that be exactly since deposit data at common storage space, in case after the system crash, might the restore data file, thus bring irretrievable loss to the user.
In view of this, need develop the method that a kind of novel data encryption is stored.
Summary of the invention
At the deficiencies in the prior art, the technical matters that the present invention solves is to provide a kind of method of data encryption storage, and its ease for use is higher, and in the data that still can find after the system crash after encrypting storage.
For this reason, the method for data encryption storage provided by the invention comprises step:
1) receives the request that the user creates the data storage proof box;
2) biological information based on this user generates subscriber authentication information;
3) create HPA in storage unit, as the space of creating the data storage proof box; In proof box, preserve user's authentication information with cipher mode;
4) request of reception user capture proof box;
5) biological information of gathering the user carries out authentication; If the verification passes, then enter step 6); Otherwise, enter step 7);
6) receive the user to proof box and to the operation information of the data of proof box stored, handle accordingly;
7) refusing user's is to the visit of proof box.
Adopt first One-way encryption algorithm to carry out when generating subscriber authentication information preferably, described step 2).
Preferably, described step 3) further comprises: based on user's biological information, adopt second One-way encryption algorithm that is different from first One-way encryption algorithm, generate the key that the data of being stored are encrypted, deciphered.
Preferably, described step 2) biological information of Cai Yonging is different from the biological information that step 5) adopts.
Preferably, described biological information is portrait characteristic information or finger print information.
Preferably, in step 2) and step 3) between also comprise and receive the backup access code that the user is provided with; In described step 3), also be included in this backup access code of storage in the proof box; Between described step 5) and step 7), also comprise checking backup access code; If do not pass through, then enter step 7); If pass through, then enter step 6).
Preferably, in described step 2) detect the proof box whether there is current system user account correspondence before; If not, then enter step 2); If, the step of then claiming proof box.
Preferably, the described proof box of claiming comprises:
81) biological information of gathering the user carries out authentication; If the verification passes, then enter step 83); Otherwise, enter step 82);
82) checking backup access code; If pass through, then enter step 83); If not, then enter step 84);
83) claim successfully, set up the related of proof box and this system user account;
84) claim failure.
Preferably, also comprise receiving the instruction that the user deletes proof box, delete the named peril case of this user account correspondence.
Preferably, comprise also between described step 4) and step 5) whether detection exists the proof box of current system user account correspondence; If then enter step 5); If not, then create new proof box.
With respect to prior art, the invention has the beneficial effects as follows: owing to the present invention is based on the authentication information that user's biological information generates the user capture proof box, can solve therefore that the password that is used for authentication in the prior art is forgotten easily or corresponding authentication hardware is lost easily, the not high defective of ease for use.And data storage in the HPA space, is made the data file that can recover to store after system crash.Simultaneously, utilize the generation source of the key that biological information adds/separate as data, make the uniqueness of key be improved.
In preferred version of the present invention, feature to be carried out obtaining after the computing by One-way encryption algorithm based on the enciphering/deciphering of biological characteristic, two cryptographic algorithm can access two data messages, and one of them is the user rs authentication identity, is referred to as authentication information; Can be saved in the HPA, even if in use be decrypted, also because its use be One-way encryption algorithm and can't obtain primitive character information.Another is in order to enciphered data, is referred to as encryption key, because be not used in checking, therefore is difficult to crack.Because primitive character information is can not be acquired, therefore just can guarantee the safety of data simultaneously.
In addition, in preferred version, adopt two kinds of different biological informations to generate authentication information and encryption key respectively, security is further improved.
Description of drawings
Fig. 1 is the process flow diagram of data encryption storage means of the present invention;
Fig. 2 is a process flow diagram of creating and claim proof box among the embodiment of data encryption storage means of the present invention;
Fig. 3 is a process flow diagram of opening proof box among the embodiment of data encryption storage means of the present invention;
Fig. 4 is the synoptic diagram of encrypting based on figure information among the embodiment of data encryption storage means of the present invention;
Fig. 5 is another synoptic diagram of encrypting based on figure information among the embodiment of data encryption storage means of the present invention.
Embodiment
Seeing also Fig. 1, is the process flow diagram of data encryption storage means of the present invention.
Step S110 obtains user's biological information.
Step S120 receives the request that the user creates the data storage proof box.
Step S130 generates subscriber authentication information based on aforementioned biological information.
Step S140 creates HPA in storage unit, as the space of creating storage data assurance case.
Wherein, create described HPA (Host Protected Area, hard disk and host protection zone) on hard disk, HPA is a disclosed standard.
Step S150 receives the request of user capture proof box, and the biological information of gathering the user carries out authentication; If the verification passes, then enter step S160; Otherwise, entering step S170, refusing user's is to the visit of proof box.
Step S160 receives the user to proof box and to the operation information of the data of proof box stored, handles accordingly, comprises encryption, deciphering and/or accessing operation to data.
Those skilled in the art will appreciate that among the described step S160 that class of operation to proof box is similar to the operation to general file, for example, the user can will copy to literary composition the inside, also can directly open file and edit.
Need to prove that the data in the proof box are through encrypting the back storage, encrypted secret key is to change by user's biological information process to get.Wherein, can be by to adopting two kinds of different cryptographic algorithm to obtain two data messages with a kind of biological information, one as authentication information, and one as data encryption key.Certainly, also can use two kinds of different biological information extractive techniques, obtain two kinds of different biological informations, generate authentication information and data encryption key thereby be respectively applied for.
In addition, because the proof box of storage data is HPA spaces, therefore after system crash, the data of proof box and Qi Nei all can not lost.But need the user to claim (step S180) again this moment.Certainly, also allow the user to delete this proof box (step S190), and change step S130 over to, to create new proof box.
For the ease of the understanding of the present invention, the present invention will be described in detail below in conjunction with embodiment.
Seeing also Fig. 2, is the process flow diagram of creating and claim proof box among the embodiment of data encryption storage means of the present invention.
Step S211 receives the request that the user creates proof box.
Step S212 detects the proof box that whether has corresponding current system user account.If then enter step S221 or step S331; If not, then enter step S213.
Wherein, described system user account is meant the user account of the operating system of data handling system, for example the Windows account.
Step S213 obtains user's biological information.
In the present embodiment, the end user that is to say that as the portrait masterplate sample of recognizer establishment validated user described biological information is meant user's portrait characteristic information.Certainly, described biological information fingerprint that also can be the user etc. has the information of uniqueness.
Described portrait characteristic information is gathered in step S201 before this, and generates data message by step S202 storage, is stored in the database of system.
Described portrait characteristic information can adopt multiple prior art computing to obtain, and for example can adopt the Verilook Identification of Images algorithm of Neurotechnologija of the prior art company.
Step S214 receives the backup access code that the user is provided with.
When the user uses function of the present invention for the first time, need the user that a backup access code is set.
Step S215 receives the information that the user is provided with the proof box size.
After the user set the backup access code, the user also needed to set the size of proof box, such as 50MB.If the user is not provided with, then adopt the space size of acquiescence.
Step S216 creates the HPA space, as the proof box of storage data.In proof box, preserve current system user accounts information, that information of biological characteristic, backup password simultaneously with the form of encrypting.
The process of the establishment in HPA space adopts prior art, to the hard disk transmission maximum address instruction SetMax Address is set and gets final product.This order is used to be provided with the maximum address that hard disk can be used, and this maximum address is less than hard disk actual physics maximum address (Native Max).Hard disk can with maximum address be provided with successfully after, become HPA greater than maximum address less than the hard drive space of hard disk actual physics maximum address, i.e. guard space.This space can't be comprised that OS and BIOS visit by any software.Thereby after guaranteeing that the protection subregion is locked, realized the security of data storage.Be user's free space and maximum address following hard drive space in back is set, can be visited by normal software, and show the size that this maximum address is current hard disk.
After above-mentioned steps was all finished, the user just can bring into use the proof box function of this system.
In addition, when custom system collapse, after reinstalling, its proof box can not lost, but the user need claim its proof box again one time, and what need at first before claiming that the user confirms is last Windows user's accounts information (step S212).
Step S221 receives the request that the user claims proof box.
Step S222, after the user chose used accounts information, system can require to check the figure information in the proper account information, checks and does not pass through, and then enters step S223; If pass through, then enter step S224.
Step S223 requires input backup access code in order to identity verification, and is if coupling then enters step S224, that this proof box is related with the active user; If do not match, then refusal is related, and gives the power that can delete this proof box of user.
Step S224, this proof box is related with the active user.
Step S231, the user can delete this proof box according to actual conditions or self-demand.
Seeing also Fig. 3, is the process flow diagram of opening proof box among the embodiment of data encryption storage means of the present invention.
Step S311 receives the request that the user opens proof box.
Step S312 verifies the proof box that whether has current system user account correspondence in the HPA.If exist, then enter step S313; If there is no, then abandon the use of proof box function or enter step S321, create new proof box.
Step S313, checking user's portrait characteristic information.
When the user need open proof box, system can extract the figure information that is stored in the proof box, and checking user's figure information if pass through, then enters step S314; If do not pass through, then enter step S315.
Step S314 successfully opens proof box, allows the user to carry out various operations.
Open proof box, when promptly wishing to have access to guard space HPA, need utilize Set MaxAddress instruction again, with hard disk can with maximum address be set to hard disk actual physics maximum address and just can visit.
After opening proof box, the mode of operation proof box is the same with the mode of operation file folder, and the user can will copy to literary composition the inside, also can directly open file and edit.
After the data manipulation of proof box and storage thereof finished, carry out and close the HPA operation, most hard disks is closed HPA automatically after powering up again.
Step S315 requires the user to import the backup access code, extracts the backup access code that the user is provided with from proof box, in order to identifying user identity.If coupling then enters step S314, open proof box; If do not match, then enter step S316 or step S317.
Step S316, the refusing user's visit.
Step S317, the deletion proof box.
Seeing also Fig. 4, is the synoptic diagram of encrypting based on figure information among the embodiment of data encryption storage means of the present invention.
Wherein, the portrait feature is carried out obtaining after the computing by One-way encryption algorithm based on the enciphering/deciphering of portrait, two cryptographic algorithm can access two data messages, and one of them is the user rs authentication identity, is referred to as the portrait characteristic information; Can be saved in the HPA, even if in use be decrypted, also because its use be One-way encryption algorithm and can't obtain the primitive man as characteristic information.Another is in order to enciphered data, is referred to as the portrait encryption key, because be not used in checking, therefore is difficult to crack.Because the primitive man is can not be acquired as characteristic information, therefore just can guarantee the safety of data simultaneously.
Described One-way encryption algorithm can adopt prior art.For example, can adopt MD5 (MessageDigest Algorithm 5), this is a kind of one-way hash algorithm of RSA data security company exploitation, and MD5 is widely used, and can be used for that the data block of different length is carried out the private mark computing and become one 128 numerical value.Also can adopt SHA (Secure Hash Algorithm), this is a kind of newer hashing algorithm, can generate one 160 numerical value to the data operation of random length.
Seeing also Fig. 5, is another synoptic diagram of encrypting based on figure information among the embodiment of data encryption storage means of the present invention.
It will be appreciated by those skilled in the art that, if when implementing this method, the hardware device of portrait collection has two or more functions, so by after the computing of Identification of Images algorithm, can obtain two or more portrait characteristic informations, like this, just can use these two or more portrait characteristic informations to be respectively applied for different demands.
For example, can gather the lineup as information by the equipment of subsidiary infrared lens, by obtaining portrait characteristic information A after the algorithm computation, we can be applied to identification; After hot outer camera lens is replaced by common lens, then can collect another group figure information, can obtain different portrait characteristic information B again so after calculating, we can be applied to the generation of encryption key.Otherwise, also can.Like this, its security just can reach higher level.
In sum, the present invention relates to a kind of data confidentiality memory technology, especially related to a kind of method and technology that is stored in the interior file that passes through the Identification of Images encryption in HPA space by Identification of Images authentication visit.Because present portrait recognition technology has accuracy preferably, ease for use, hard disk HPA technology is also more and more ripe simultaneously, makes that method of the present invention can accomplished and application.
In a word, the present invention uses the method for portrait recognition technology as identifying user identity, the information source that the end user generates as key as characteristic information, use the storage area of HPA space simultaneously as data file, have ease for use preferably, the key that the portrait characteristic information produces can make that again uniqueness is strengthened, and security is improved, owing to used HPA, can make the user after system crash, can also find the private data file simultaneously as storage space.
The above only is a preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (10)
1. the method for a data encryption storage is characterized in that, comprises step:
1) receives the request that the user creates the data storage proof box;
2) biological information based on this user generates subscriber authentication information;
3) create HPA in storage unit, as the space of creating the data storage proof box; In proof box, preserve user's authentication information with cipher mode;
4) request of reception user capture proof box;
5) biological information of gathering the user carries out authentication; If the verification passes, then enter step 6); Otherwise, enter step 7);
6) receive the user to proof box and to the operation information of the data of proof box stored, handle accordingly;
7) refusing user's is to the visit of proof box.
2. the method for data encryption according to claim 1 storage is characterized in that described step 2) in adopt first One-way encryption algorithm to carry out when generating subscriber authentication information.
3. the method for data encryption storage according to claim 2, it is characterized in that, described step 3) further comprises: based on user's biological information, employing is different from second One-way encryption algorithm of first One-way encryption algorithm, generates the key that the data of being stored are encrypted, deciphered.
4. according to the method for each described data encryption storage of claim 1 to 3, it is characterized in that described step 2) biological information that adopts is different from the biological information that step 5) adopts.
5. the method for data encryption storage according to claim 4 is characterized in that described biological information is portrait characteristic information or finger print information.
6. the method for data encryption according to claim 4 storage is characterized in that, in step 2) and step 3) between also comprise and receive the backup access code that the user is provided with; In described step 3), also be included in this backup access code of storage in the proof box; Between described step 5) and step 7), also comprise checking backup access code; If do not pass through, then enter step 7); If pass through, then enter step 6).
7. the method for data encryption according to claim 6 storage is characterized in that, also is included in described step 2) detect the proof box that whether has current system user account correspondence before; If not, then enter step 2); If, the step of then claiming proof box.
8. the method for data encryption storage according to claim 7 is characterized in that the described proof box of claiming comprises:
81) biological information of gathering the user carries out authentication; If the verification passes, then enter step 83); Otherwise, enter step 82);
82) checking backup access code; If pass through, then enter step 83); If not, then enter step 84);
83) claim successfully, set up the related of proof box and this system user account;
84) claim failure.
9. the method for data encryption storage according to claim 8 is characterized in that, also comprises receiving the instruction that the user deletes proof box, deletes the named peril case of this user account correspondence.
10. the method for data encryption storage according to claim 4 is characterized in that, comprises also between described step 4) and step 5) whether detection exists the proof box of current system user account correspondence; If then enter step 5); If not, then create new proof box.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101074198A CN100428108C (en) | 2005-09-30 | 2005-09-30 | Data encryption storage method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101074198A CN100428108C (en) | 2005-09-30 | 2005-09-30 | Data encryption storage method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1940803A true CN1940803A (en) | 2007-04-04 |
| CN100428108C CN100428108C (en) | 2008-10-22 |
Family
ID=37959037
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005101074198A Expired - Fee Related CN100428108C (en) | 2005-09-30 | 2005-09-30 | Data encryption storage method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100428108C (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101369892B (en) * | 2008-08-08 | 2010-10-13 | 西安电子科技大学 | Method for reinforcing fingerprint Fuzzy Vault system security |
| CN101547219B (en) * | 2009-05-05 | 2012-09-05 | 汤淼 | System and method for data storage |
| CN103870744A (en) * | 2012-12-13 | 2014-06-18 | 联想(北京)有限公司 | Method and electronic device for verifying password |
| CN105323059A (en) * | 2014-07-31 | 2016-02-10 | 三星电子株式会社 | Device and method of setting or removing security on content |
| CN105760733A (en) * | 2016-01-29 | 2016-07-13 | 上海摩软通讯技术有限公司 | Data encrypting method and module and data accessing method and module |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1319217A (en) * | 1998-09-22 | 2001-10-24 | 西门子公司 | Method and device for verifying authorization to log onto system |
| GB0004287D0 (en) * | 2000-02-23 | 2000-04-12 | Leeper Kim | System and method for authenticating electronic documents |
| US6775776B1 (en) * | 2000-06-27 | 2004-08-10 | Intel Corporation | Biometric-based authentication in a nonvolatile memory device |
| CN1284090C (en) * | 2003-12-05 | 2006-11-08 | 瀚群科技股份有限公司 | Storage store device containing finger print senser and method for protecting its stored document |
-
2005
- 2005-09-30 CN CNB2005101074198A patent/CN100428108C/en not_active Expired - Fee Related
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101369892B (en) * | 2008-08-08 | 2010-10-13 | 西安电子科技大学 | Method for reinforcing fingerprint Fuzzy Vault system security |
| CN101547219B (en) * | 2009-05-05 | 2012-09-05 | 汤淼 | System and method for data storage |
| CN103870744A (en) * | 2012-12-13 | 2014-06-18 | 联想(北京)有限公司 | Method and electronic device for verifying password |
| CN103870744B (en) * | 2012-12-13 | 2018-04-27 | 联想(北京)有限公司 | A kind of method and electronic equipment for verifying password |
| CN105323059A (en) * | 2014-07-31 | 2016-02-10 | 三星电子株式会社 | Device and method of setting or removing security on content |
| CN105323059B (en) * | 2014-07-31 | 2018-11-13 | 三星电子株式会社 | Be arranged or remove content safety measure device and method |
| CN105760733A (en) * | 2016-01-29 | 2016-07-13 | 上海摩软通讯技术有限公司 | Data encrypting method and module and data accessing method and module |
| CN105760733B (en) * | 2016-01-29 | 2018-11-23 | 上海摩软通讯技术有限公司 | Data ciphering method and module, data access method and module |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100428108C (en) | 2008-10-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8676046B2 (en) | Fingerprint scanning systems and methods | |
| CN1256633C (en) | A system and method for authenticating electronic documents | |
| CN1229705C (en) | Biometric-based authentication in nonvolatile memory device | |
| CN1295625C (en) | Bimetrics parameters protected computer serial bus interface protable data storage device and method of proprietary biometrics enrollment | |
| CN102624699B (en) | Method and system for protecting data | |
| CN1825341A (en) | Biometric authentication apparatus, terminal device and automatic transaction machine | |
| US20070237366A1 (en) | Secure biometric processing system and method of use | |
| US20110225652A1 (en) | Identity theft countermeasures | |
| CN1281608A (en) | Cryptographic key generation using biometric data | |
| US20100215175A1 (en) | Methods and systems for stripe blind encryption | |
| JP2009151788A (en) | Secure off-chip processing of biometric data | |
| US20070226514A1 (en) | Secure biometric processing system and method of use | |
| CN1610888A (en) | Data access method and apparatus for storing safety key enciphering (SAKE) equipment to control network | |
| CN1976281A (en) | Information processing device and authentication method | |
| CN1496073A (en) | Information check equipment | |
| CN1940803A (en) | Data encryption storage method | |
| CN109190389A (en) | A kind of solid state hard disk data guard method based on USB flash disk authentication | |
| US20090222912A1 (en) | Identification device and authentication method through such a device | |
| EP2037389A1 (en) | An electronic file protection system having one or more removeable memory devices | |
| CN1991800A (en) | Fingerprint identification storage device and fingerprint identification method | |
| US20070226515A1 (en) | Secure biometric processing system and method of use | |
| EP2037392A1 (en) | A system and method of protecting content of an electronic file using a computer | |
| CN1282051C (en) | Safety industrial control system with fingerprint encryption | |
| US20100031048A1 (en) | Data authenticator | |
| EP2037390A1 (en) | System and method of protecting content of an electronic file for sending and receiving |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20081022 Termination date: 20200930 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |