WO2010060319A1 - Store equipment, authentication device and control method of the store device - Google Patents

Store equipment, authentication device and control method of the store device Download PDF

Info

Publication number
WO2010060319A1
WO2010060319A1 PCT/CN2009/074117 CN2009074117W WO2010060319A1 WO 2010060319 A1 WO2010060319 A1 WO 2010060319A1 CN 2009074117 W CN2009074117 W CN 2009074117W WO 2010060319 A1 WO2010060319 A1 WO 2010060319A1
Authority
WO
WIPO (PCT)
Prior art keywords
storage device
verification
information
server
key
Prior art date
Application number
PCT/CN2009/074117
Other languages
French (fr)
Chinese (zh)
Inventor
肖飞
徐君
Original Assignee
成都市华为赛门铁克科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 成都市华为赛门铁克科技有限公司 filed Critical 成都市华为赛门铁克科技有限公司
Publication of WO2010060319A1 publication Critical patent/WO2010060319A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a storage device, a verification device, and a control method for a storage device.
  • BACKGROUND OF THE INVENTION With the widespread development of computer technology, enterprises and state agencies are increasingly focusing on the importance of information security. Once the information is compromised, its loss will not be estimated. Under normal circumstances, information is stored on a Solid State Disk (SSD), a normal hard disk, and a removable storage medium. In the general information security operation, the above storage device is encrypted and protected.
  • SSD Solid State Disk
  • the prior art has at least the following disadvantages:
  • the storage device is usually encrypted by a certain computer, but the encrypted storage device is easily stolen by the thief.
  • the data is carried out by the company or the state agency and decrypted on the computer in other places, so that the data of the storage device is read and written. Therefore, the security performance of the storage device in this case is very low.
  • the present invention provides a storage device, a verification device, and a control method of the storage device, which can improve the security performance of the storage device.
  • a method of controlling a storage device including:
  • the storage device is activated.
  • a verification apparatus applied to a control storage device,
  • the verification device is connected to the server through a network, and includes:
  • a transceiver module configured to send, by using the network, verification information that carries parameters of the storage device to the server for verification, and receive activation information corresponding to the verification information that is sent after the server is successfully verified, where
  • the parameter includes at least a key of the storage device, and a control module, configured to verify the activation information and a key of the storage device, and start the storage device after the verification succeeds.
  • a storage device is further provided, wherein the storage device is in communication connection with a server through a network, and includes: a verification device and a storage device;
  • the verification device is configured to send, by using the network, verification information carrying parameters of the storage device to the server for verification, and receiving an activation corresponding to the verification information sent after the server is successfully verified.
  • the storage device is for storing data.
  • the storage device in the storage device is restricted to be used in a wireless local area network, and the verification is performed twice before the storage device is started, so that the storage device is in another The read and write operations cannot be started in the WLAN, thereby improving the security performance of the storage device.
  • FIG. 1 is an application environment diagram of a storage device according to an embodiment of the present invention.
  • FIG. 2 is a structural diagram of a storage device according to an embodiment of the present invention.
  • FIG. 3 is a flowchart of a method for controlling a storage device according to an embodiment of the present invention.
  • the technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. example. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
  • FIG. 1 is a diagram of an application environment of a storage device according to an embodiment of the present invention.
  • a plurality of storage devices 10 are communicatively connected to the server 30 through the network 20.
  • the plurality of storage devices 10 may constitute an area, and form a wireless local area network system of the storage device with the network 20 and the server 30.
  • the server 30 is configured to manage parameters of the plurality of storage devices 10 and manage the plurality of storage devices 10. Parameters can include, but are not limited to, production model information, or a key set by the user.
  • the parameters of the storage device 10 are parameters of the device with the storage function in the storage device 10.
  • the parameters of the new storage device need to be sent to the server 30 for storage, which is equivalent to registering the new storage device in the server of the WLAN, or
  • the storage device 10 in the WLAN system may send new parameters of the storage device to the server 30 for updating during normal use.
  • the storage device 10 needs to perform verification every time the storage device 10 is restarted. After the verification is successful, the storage device in the storage device 10 can perform the read and write operations normally.
  • the storage device 10 includes a verification device 12 and a storage device 14.
  • the verification device 12 is configured to, when the storage device 10 is restarted, send verification information carrying the parameters of the storage device 14 to the server 30 for verification, and receive activation information corresponding to the verification information sent after the server 30 successfully authenticates, And verifying the activation information with the key of the storage device 14.
  • the storage device 14 is activated to perform read and write operations on the storage device 14.
  • the storage device 14 is for storing data.
  • the verification device 12 includes a database 120, a transceiver module 122, and a control module 124.
  • the database 120 is used to store parameters of the storage device 14, which may include, but are not limited to, production model information of the storage device 14, or a key set by the user.
  • the transceiver module 122 is configured to when the storage device 10 is restarted, The verification information carrying the parameters of the storage device 14 held by the database 120 is transmitted to the server 30 via the network 20 for verification, and the activation information corresponding to the verification information transmitted after the server 30 is successfully authenticated is received.
  • the transceiver module 122 transmits the production model information carrying the storage device 14 and the verification information of the key set by the user to the server 30.
  • the transceiver module 122 can also transmit other parameters of the storage device 14, first ensuring that the server 30 also stores the other parameters.
  • the transceiver module 122 can be in the form of Radio Frequency Identification (RFID), and can be sent to the server 30 through the network 20 in the form of a normal transmission signal.
  • RFID Radio Frequency Identification
  • the server 30 compares the received verification information carrying the production model information of the storage device 14 and the key set by the user with the stored production model information of the storage device 14 and the key information set by the user, when the two If they are all the same, that is, the verification is successful, and the activation information corresponding to the verification information is returned to the transceiver module 122.
  • the activation information is an activation code corresponding to the key in the verification information, and may also be referred to as another key.
  • the control module 124 is configured to verify the key set by the user of the storage device 14 and the received activation information.
  • the verification method used by the control module 124 to verify the user-set key and the received activation information is not limited to the verification method in the prior art, such as the Internet encryption and authentication system algorithm ( Ri ves t Shamir Adlemen (RSA), a secret key or a Data Encryption Standard (DES), a Digital Signature Algorithm (DSA), etc., are not specifically described herein. In the present embodiment, it is only necessary to obtain the verification result of the control module 124.
  • the control module 124 is further configured to: after the verification is successful, start the storage device 14 to perform a read/write operation, and after the verification is unsuccessful, the storage device 14 is not activated.
  • the storage device 14 may be a Solid State Disk (SSD) solid state disk, a normal hard disk, a flash memory medium, or a device with a storage function.
  • SSD Solid State Disk
  • the storage device and the verification device provided by the embodiments of the present invention limit the storage device in the storage device to use in a wireless local area network, and perform verification twice before performing the read/write operation, so that the storage device cannot be in other wireless local area networks.
  • the read and write operations are initiated to improve the security performance of the storage device. For example, if the storage device is taken away from the wireless local area network established by the company, then the storage The device not only fails to obtain the successful verification of the server of the local area network, but since the verification of the storage device itself is performed after the server verification is successful, the verification of the storage device itself cannot be performed, so that the read and write operations cannot be started, and finally the storage device is improved. Security performance.
  • FIG. 3 is a flowchart of a method for controlling a storage device according to an embodiment of the present invention.
  • the method is applied to the verification of the verification device of the storage device before the storage device is restarted, that is, before the read/write operation of the storage device of the storage device is initiated.
  • Step S200 Send verification information carrying parameters of the storage device to the server for verification.
  • the parameters may include, but are not limited to, production model information of the storage device, or a key set by the user.
  • the parameter is the production model information of the storage device, and the key set by the user. In other embodiments, this may also send other parameters, but make sure that the server also stores the other parameters.
  • Step S202 The server verifies the received verification information and the stored information of the storage device. When both are the same, that is, if the verification is successful, the process proceeds to step S206. If there is a difference, if the risk certificate is unsuccessful, the process proceeds to step S204.
  • Step S204 Receive information that the verification sent by the server is unsuccessful, and perform step S210.
  • Step S206 Receive activation information corresponding to the verification information sent by the server.
  • the activation information is an activation code corresponding to the key in the verification information, and may also be referred to as another key. And the process proceeds to step S208.
  • Step S208 Verify the key set by the user of the storage device and the received activation information.
  • the authentication method used is not limited to the authentication method in the prior art, such as the Internet Encryption and Authentication System Algorithm (Rivest Shamir Adlemen, RSA), the secret key or the symmetric key encryption algorithm (Data Encryption Standard, DES). ), Digital Signature Algorithm (DSA), etc.
  • the verification is unsuccessful, the process proceeds to step S210.
  • the verification is successful, the process proceeds to step S212.
  • Step S210 The storage device of the storage device is not started.
  • Step S212 starting a storage device of the storage device to perform a read/write operation.
  • the control method of the storage device provided by the embodiment of the present invention limits the storage device in the storage device to use in a wireless local area network, and performs verification twice before performing the read/write operation, so that the storage device cannot be in other wireless local area networks.
  • the read and write operations are initiated to improve the security performance of the storage device. For example, if the storage device is taken out of the wireless local area network established by the company, the storage device not only cannot successfully verify the server of the local area network, but the verification of the storage device itself is based on the successful verification of the server, so it cannot pass. The storage device itself is verified, so that the read and write operations cannot be started, and the security performance of the storage device is finally improved.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A control method of a store device comprises: transmitting the authentication information carrying parameters of the store device to a server for authentication, the parameters at least including a key of the store device; receiving the activating information which is transmitted by the server after authenticating successfully and is corresponding to the authentication information; authenticating the activating information with the key of the store device; after authenticating successfully, starting the store device. Embodiments of the present invention also provide a store equipment and an authentication device, the store device of the store equipment is limited for using in a certain wireless local area network, so that the security performance of the store device is improved.

Description

一种存储设备、 验证装置及存储装置的控制方法 技术领域 本发明实施例涉及通信技术领域, 特别是涉及一种存储设备、 验证装置 及存储装置的控制方法。 背景技术 随着计算机技术的广泛发展, 企业和国家机构越来越看重信息安全的重 要性。 一旦信息被泄密, 其损失将无法估计。 在通常情况下, 将信息存储于 固态盘(Solid State Disk, SSD )、 普通硬盘、 以及移动的存储介质中。 在一般 信息安全的操作中, 会对上述存储装置进行加密保护。  The present invention relates to the field of communications technologies, and in particular, to a storage device, a verification device, and a control method for a storage device. BACKGROUND OF THE INVENTION With the widespread development of computer technology, enterprises and state agencies are increasingly focusing on the importance of information security. Once the information is compromised, its loss will not be estimated. Under normal circumstances, information is stored on a Solid State Disk (SSD), a normal hard disk, and a removable storage medium. In the general information security operation, the above storage device is encrypted and protected.
发明人在实现本发明的过程中, 发现现有技术至少存在以下缺点: 在对存储装置进行加密时, 通常通过某台电脑对存储装置进行加密, 但加密后的存储装置很容易被偷窃者从公司或国家机构中携带出, 并在其 他地方的电脑上进行解密操作, 从而对存储装置的数据进行读写, 因此, 这种情况下的存储装置的安全性能很低。 发明内容  In the process of implementing the present invention, the inventors have found that the prior art has at least the following disadvantages: When encrypting a storage device, the storage device is usually encrypted by a certain computer, but the encrypted storage device is easily stolen by the thief. The data is carried out by the company or the state agency and decrypted on the computer in other places, so that the data of the storage device is read and written. Therefore, the security performance of the storage device in this case is very low. Summary of the invention
本发明提供一种存储设备、 验证装置及存储装置的控制方法, 可提高存 储装置的安全性能。  The present invention provides a storage device, a verification device, and a control method of the storage device, which can improve the security performance of the storage device.
根据本发明的一方面, 提供一种存储装置的控制方法, 包括:  According to an aspect of the present invention, a method of controlling a storage device is provided, including:
向服务器发送携带有所述存储装置的参数的验证信息以进行验证, 所述 参数至少包括所述存储装置的密钥;  And transmitting, to the server, verification information carrying a parameter of the storage device, where the parameter includes at least a key of the storage device;
接收所述服务器验证成功后发送的与所述验证信息对应的激活信息; 将所述激活信息与所述存储装置的密钥进行验证;  Receiving activation information corresponding to the verification information sent after the server is successfully verified; and verifying the activation information and the key of the storage device;
当验证成功后, 启动所述存储装置。  When the verification is successful, the storage device is activated.
根据本发明的另一方面, 还提供一种应用于控制存储装置的验证装置, 所述验证装置通过网络与服务器通信连接, 包括: According to another aspect of the present invention, there is also provided a verification apparatus applied to a control storage device, The verification device is connected to the server through a network, and includes:
收发模块, 用于通过所述网络向所述服务器发送携带有所述存储装置的 参数的验证信息以进行验证, 并接收所述服务器验证成功后发送的与所述验 证信息对应的激活信息, 其中, 所述参数至少包括所述存储装置的密钥; 控制模块, 用于将所述激活信息与所述存储装置的密钥进行验证, 并当 验证成功后, 启动所述存储装置。  a transceiver module, configured to send, by using the network, verification information that carries parameters of the storage device to the server for verification, and receive activation information corresponding to the verification information that is sent after the server is successfully verified, where The parameter includes at least a key of the storage device, and a control module, configured to verify the activation information and a key of the storage device, and start the storage device after the verification succeeds.
根据本发明的再一方面, 还提供一种存储设备, 所述存储设备通过网络 与服务器通信连接, 包括: 验证装置及存储装置;  According to still another aspect of the present invention, a storage device is further provided, wherein the storage device is in communication connection with a server through a network, and includes: a verification device and a storage device;
其中, 所述验证装置用于通过所述网络向所述服务器发送携带有所述存 储装置的参数的验证信息以进行验证, 并接收所述服务器验证成功后发送的 与所述验证信息对应的激活信息, 将所述激活信息与所述存储装置的密钥进 行验证, 及当验证成功后启动所述存储装置;  The verification device is configured to send, by using the network, verification information carrying parameters of the storage device to the server for verification, and receiving an activation corresponding to the verification information sent after the server is successfully verified. Information, verifying the activation information with a key of the storage device, and starting the storage device after the verification is successful;
所述存储装置用于存储数据。  The storage device is for storing data.
釆用上述提供的存储设备、 验证装置及存储装置的控制方法, 将存储设 备中的存储装置限制在某个无线局域网内进行使用, 并在启动存储装置前进 行两次验证, 使得存储装置在其他无线局域网中无法进行启动读写操作, 从 而提高了存储装置的安全性能。 附图说明 为了更清楚地说明本发明实施例或现有技术中的技术方案, 下面将对实 施例或现有技术描述中所需要使用的附图作简单地介绍, 显而易见地, 下面 描述中的附图仅仅是本发明的一些实施例, 对于本领域普通技术人员来讲, 在不付出创造性劳动性的前提下, 还可以根据这些附图获得其他的附图。  Using the storage device, the verification device, and the storage device control method provided above, the storage device in the storage device is restricted to be used in a wireless local area network, and the verification is performed twice before the storage device is started, so that the storage device is in another The read and write operations cannot be started in the WLAN, thereby improving the security performance of the storage device. BRIEF DESCRIPTION OF THE DRAWINGS In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings to be used in the embodiments or the description of the prior art will be briefly described below, and obviously, in the following description The drawings are only some of the embodiments of the present invention, and other drawings may be obtained from those skilled in the art without departing from the drawings.
图 1为本发明实施例的存储设备的应用环境图;  1 is an application environment diagram of a storage device according to an embodiment of the present invention;
图 2为本发明实施例的存储设备的结构图;  2 is a structural diagram of a storage device according to an embodiment of the present invention;
图 3为本发明实施例的存储装置的控制方法的流程图。 具体实施方式 下面将结合本发明实施例中的附图, 对本发明实施例中的技术方案进行 清楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明一部分实施例, 而 不是全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没有作 出创造性劳动前提下所获得的所有其他实施例, 都属于本发明保护的范围。 FIG. 3 is a flowchart of a method for controlling a storage device according to an embodiment of the present invention. The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. example. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
图 1 为本发明实施例的存储设备的应用环境图。 在本实施例中, 多个存 储设备 10通过网络 20与服务器 30通信相连, 多个存储设备 10可以构成一 个区域, 并与网络 20、 服务器 30构成一个存储设备的无线局域网络体系。 服 务器 30用于管理多个存储设备 10的参数, 并管理该多个存储设备 10。 参数 可以包括但不限于生产型号信息, 或用户设置的密钥。 在本实施例中, 存储 设备 10的参数为存储设备 10中带有存储功能的装置的参数。 当一个新的存 储设备要进入该无线局域网络体系中, 需将该新的存储设备的参数发送至服 务器 30进行存储,相当于在该无线局域网络的服务器中注册该新的存储设备, 或该无线局域网络体系中的存储设备 10在正常使用的过程中, 可以将该存储 设备的新的参数发送至服务器 30进行更新。 在该无线局域网络体系中时, 在 存储设备 10每次重新启动时, 存储设备 10需要进行验证, 当验证成功后, 该存储设备 10中的存储装置才可以正常进行读写操作。  FIG. 1 is a diagram of an application environment of a storage device according to an embodiment of the present invention. In this embodiment, a plurality of storage devices 10 are communicatively connected to the server 30 through the network 20. The plurality of storage devices 10 may constitute an area, and form a wireless local area network system of the storage device with the network 20 and the server 30. The server 30 is configured to manage parameters of the plurality of storage devices 10 and manage the plurality of storage devices 10. Parameters can include, but are not limited to, production model information, or a key set by the user. In the present embodiment, the parameters of the storage device 10 are parameters of the device with the storage function in the storage device 10. When a new storage device is to enter the WLAN system, the parameters of the new storage device need to be sent to the server 30 for storage, which is equivalent to registering the new storage device in the server of the WLAN, or The storage device 10 in the WLAN system may send new parameters of the storage device to the server 30 for updating during normal use. In the WLAN system, the storage device 10 needs to perform verification every time the storage device 10 is restarted. After the verification is successful, the storage device in the storage device 10 can perform the read and write operations normally.
图 2为本发明实施例的存储设备的结构图。 在本实施例中, 存储设备 10 包括验证装置 12及存储装置 14。验证装置 12用于当存储设备 10重新启动时, 向服务器 30发送携带有存储装置 14的参数的验证信息以进行验证, 并接收 服务器 30验证成功后发送的与该验证信息相对应的激活信息, 及将该激活信 息与存储装置 14的密钥进行验证, 当验证成功后, 启动该存储装置 1 4 , 以对 存储装置 14进行读写操作。 所述存储装置 14用于存储数据。  2 is a structural diagram of a storage device according to an embodiment of the present invention. In the present embodiment, the storage device 10 includes a verification device 12 and a storage device 14. The verification device 12 is configured to, when the storage device 10 is restarted, send verification information carrying the parameters of the storage device 14 to the server 30 for verification, and receive activation information corresponding to the verification information sent after the server 30 successfully authenticates, And verifying the activation information with the key of the storage device 14. After the verification is successful, the storage device 14 is activated to perform read and write operations on the storage device 14. The storage device 14 is for storing data.
验证装置 12包括数据库 120、 收发模块 122及控制模块 124。数据库 120 用于保存存储装置 14的参数, 参数可以包括但不限于存储装置 1 4的生产型 号信息, 或用户设置的密钥。 收发模块 122用于当存储设备 10重新启动时, 通过网络 20向服务器 30发送携带有数据库 120保存的该存储装置 14的参数 的验证信息进行验证, 并接收服务器 30验证成功后发送的与该验证信息相对 应的激活信息。 在本实施例中, 收发模块 122将携带该存储装置 14的生产型 号信息及用户设置的密钥的验证信息发送至服务器 30。 当然, 收发模块 122 也可发送存储装置 14的其他参数, 首先要确保服务器 30也存储该其他参数。 在本实施例中, 收发模块 122 可以釆用射频识别技术 (Radio Frequency Identification, RFID ) 的形式, 可以釆用普通发送信号的形式, 通过网络 20 发送至服务器 30。 服务器 30将接收到的携带该存储装置 14的生产型号信息 及用户设置的密钥的验证信息与存储的该存储装置 14的生产型号信息及用户 设置的密钥信息进行比对验证, 当两者皆相同时, 即验证成功, 返回与该验 证信息相对应的激活信息至收发模块 122。在本实施例中, 该激活信息为与验 证信息中的密钥相对应的激活码, 也可以称为另一个密钥。 The verification device 12 includes a database 120, a transceiver module 122, and a control module 124. The database 120 is used to store parameters of the storage device 14, which may include, but are not limited to, production model information of the storage device 14, or a key set by the user. The transceiver module 122 is configured to when the storage device 10 is restarted, The verification information carrying the parameters of the storage device 14 held by the database 120 is transmitted to the server 30 via the network 20 for verification, and the activation information corresponding to the verification information transmitted after the server 30 is successfully authenticated is received. In this embodiment, the transceiver module 122 transmits the production model information carrying the storage device 14 and the verification information of the key set by the user to the server 30. Of course, the transceiver module 122 can also transmit other parameters of the storage device 14, first ensuring that the server 30 also stores the other parameters. In this embodiment, the transceiver module 122 can be in the form of Radio Frequency Identification (RFID), and can be sent to the server 30 through the network 20 in the form of a normal transmission signal. The server 30 compares the received verification information carrying the production model information of the storage device 14 and the key set by the user with the stored production model information of the storage device 14 and the key information set by the user, when the two If they are all the same, that is, the verification is successful, and the activation information corresponding to the verification information is returned to the transceiver module 122. In this embodiment, the activation information is an activation code corresponding to the key in the verification information, and may also be referred to as another key.
控制模块 124用于将存储装置 14的用户设置的密钥与所接收的激活信息 进行验证。 在本实施例中, 控制模块 124对用户设置的密钥与所接收的激活 信息进行验证时所釆用的验证方法不限于公知技术中的验证方法, 比如因特 网加密和认证体系算法( Rivest Shamir Adlemen, RSA )、 保密密钥或对称密 钥加密算法 (Data Encryption Standard, DES)、数字签名算法( Digital Signature Algorithm, DSA )等等, 此处不进行具体描述。 在本实施方式中, 只需要获 得控制模块 124的验证结果即可。 控制模块 124还用于当验证成功后, 启动 存储装置 14以进行读写操作, 并当验证不成功后, 不启动存储装置 14。 The control module 124 is configured to verify the key set by the user of the storage device 14 and the received activation information. In this embodiment, the verification method used by the control module 124 to verify the user-set key and the received activation information is not limited to the verification method in the prior art, such as the Internet encryption and authentication system algorithm ( Ri ves t Shamir Adlemen (RSA), a secret key or a Data Encryption Standard (DES), a Digital Signature Algorithm (DSA), etc., are not specifically described herein. In the present embodiment, it is only necessary to obtain the verification result of the control module 124. The control module 124 is further configured to: after the verification is successful, start the storage device 14 to perform a read/write operation, and after the verification is unsuccessful, the storage device 14 is not activated.
在本实施例中, 存储装置 14可以为(Solid State Disk, SSD ) 固态盘, 也 可以为普通硬盘, 也可以为闪存介质, 或带有存储功能的装置。  In this embodiment, the storage device 14 may be a Solid State Disk (SSD) solid state disk, a normal hard disk, a flash memory medium, or a device with a storage function.
本发明实施例提供的存储设备和验证装置, 将存储设备中的存储装置限 制在某个无线局域网内进行使用, 并在进行读写操作前进行两次验证, 使得 存储装置在其他无线局域网中无法进行启动读写操作, 从而提高了存储装置 的安全性能。 比如, 若存储装置被带离出公司建立的无线局限域网, 则存储 装置不仅得不到该局域网的服务器的成功验证, 由于存储设备自身的验证是 基于服务器验证成功后进行, 所以也无法通过存储设备自身的验证, 从而不 能被启动读写操作, 最终提高了存储装置的安全性能。 The storage device and the verification device provided by the embodiments of the present invention limit the storage device in the storage device to use in a wireless local area network, and perform verification twice before performing the read/write operation, so that the storage device cannot be in other wireless local area networks. The read and write operations are initiated to improve the security performance of the storage device. For example, if the storage device is taken away from the wireless local area network established by the company, then the storage The device not only fails to obtain the successful verification of the server of the local area network, but since the verification of the storage device itself is performed after the server verification is successful, the verification of the storage device itself cannot be performed, so that the read and write operations cannot be started, and finally the storage device is improved. Security performance.
图 3 为本发明实施例的存储装置的控制方法的流程图。 在本实施例中, 该方法应用于存储设备重新启动时, 即在启动对存储设备的存储装置进行读 写操作前, 需要通过存储设备的验证装置的验证。  FIG. 3 is a flowchart of a method for controlling a storage device according to an embodiment of the present invention. In this embodiment, the method is applied to the verification of the verification device of the storage device before the storage device is restarted, that is, before the read/write operation of the storage device of the storage device is initiated.
步骤 S200,向服务器发送携带有存储装置的参数的验证信息以进行验证。 在本实施例中, 参数可以包括但不限于存储装置的生产型号信息, 或用户设 置的密钥。 在本实施例中, 该参数为存储装置的生产型号信息, 及用户设置 的密钥。 在其他实施例中, 该也可发送其他参数, 但要确保服务器也存储该 其他参数。  Step S200: Send verification information carrying parameters of the storage device to the server for verification. In this embodiment, the parameters may include, but are not limited to, production model information of the storage device, or a key set by the user. In this embodiment, the parameter is the production model information of the storage device, and the key set by the user. In other embodiments, this may also send other parameters, but make sure that the server also stores the other parameters.
步骤 S202 , 服务器将接收的验证信息与存储的该存储装置的信息进行验 证。 当两者皆相同时, 即判断验证成功, 则进入步骤 S206。 若有一个不相同 时, 则判断险证不成功, 则进入步骤 S204。  Step S202: The server verifies the received verification information and the stored information of the storage device. When both are the same, that is, if the verification is successful, the process proceeds to step S206. If there is a difference, if the risk certificate is unsuccessful, the process proceeds to step S204.
步骤 S204 , 接收服务器发送的验证不成功的信息, 并执行步骤 S210。 步骤 S206 , 接收服务器发送的与验证信息相对应的激活信息。 在本实施 例中, 该激活信息为与验证信息中的密钥相对应的激活码, 也可以称为另一 个密钥。 并进入步骤 S208。  Step S204: Receive information that the verification sent by the server is unsuccessful, and perform step S210. Step S206: Receive activation information corresponding to the verification information sent by the server. In this embodiment, the activation information is an activation code corresponding to the key in the verification information, and may also be referred to as another key. And the process proceeds to step S208.
步骤 S208 , 将存储装置的用户设置的密钥与接收的激活信息进行验证。 在本实施例中, 釆用的验证方法不限于公知技术中的验证方法, 比如因特网 加密和认证体系算法(Rivest Shamir Adlemen, RSA )、 保密密钥或对称密钥 加密算法 (Data Encryption Standard, DES)、 数字签名算法( Digital Signature Algorithm, DSA )等等。 在本实施方式中, 只需要获得验证结果即可。 当验 证不成功, 则进入步骤 S210。 当验证成功, 则进入步骤 S212。  Step S208: Verify the key set by the user of the storage device and the received activation information. In this embodiment, the authentication method used is not limited to the authentication method in the prior art, such as the Internet Encryption and Authentication System Algorithm (Rivest Shamir Adlemen, RSA), the secret key or the symmetric key encryption algorithm (Data Encryption Standard, DES). ), Digital Signature Algorithm (DSA), etc. In the present embodiment, it is only necessary to obtain a verification result. When the verification is unsuccessful, the process proceeds to step S210. When the verification is successful, the process proceeds to step S212.
步骤 S210, 不启动存储设备的存储装置。  Step S210: The storage device of the storage device is not started.
步骤 S212 , 启动存储设备的存储装置, 以进行读写操作。 本发明实施例提供的存储设备的控制方法, 将存储设备中的存储装置限 制在某个无线局域网内进行使用, 并在进行读写操作前进行两次验证, 使得 存储装置在其他无线局域网中无法进行启动读写操作, 从而提高了存储装置 的安全性能。 比如, 若存储装置被带离出公司建立的无线局限域网, 则存储 装置不仅得不到该局域网的服务器的成功验证, 由于存储设备自身的验证是 基于服务器验证成功后进行, 所以也无法通过存储设备自身的验证, 从而不 能被启动读写操作, 最终提高了存储装置的安全性能。 Step S212, starting a storage device of the storage device to perform a read/write operation. The control method of the storage device provided by the embodiment of the present invention limits the storage device in the storage device to use in a wireless local area network, and performs verification twice before performing the read/write operation, so that the storage device cannot be in other wireless local area networks. The read and write operations are initiated to improve the security performance of the storage device. For example, if the storage device is taken out of the wireless local area network established by the company, the storage device not only cannot successfully verify the server of the local area network, but the verification of the storage device itself is based on the successful verification of the server, so it cannot pass. The storage device itself is verified, so that the read and write operations cannot be started, and the security performance of the storage device is finally improved.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流 程, 是可以通过计算机程序来指令相关的硬件来完成, 所述的程序可存储于 一计算机可读取存储介质中, 该程序在执行时, 可包括如上述各方法的实施 例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory, ROM )或随机存 己忆体 ( Random Access Memory, RAM )等。  A person skilled in the art can understand that all or part of the process of implementing the above embodiment method can be completed by a computer program to instruct related hardware, and the program can be stored in a computer readable storage medium. In execution, the flow of an embodiment of the methods as described above may be included. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).
最后应说明的是: 以上实施例仅用以说明本发明的技术方案而非对其进 行限制, 尽管参照较佳实施例对本发明进行了详细的说明, 本领域的普通技 术人员应当理解: 其依然可以对本发明的技术方案进行修改或者等同替换, 而这些修改或者等同替换亦不能使修改后的技术方案脱离本发明技术方案的 ^"神和范围。  It should be noted that the above embodiments are only intended to illustrate the technical solutions of the present invention and are not to be construed as limiting the embodiments of the present invention. The technical solutions of the present invention may be modified or equivalently replaced, and the modified technical solutions may not deviate from the technical scope of the present invention.

Claims

权 利 要求 书 Claim
1、 一种存储装置的控制方法, 其特征在于, 包括:  A control method for a storage device, comprising:
向服务器发送携带有所述存储装置的参数的验证信息以进行验证, 所述参 数至少包括所述存储装置的密钥;  Sending verification information carrying parameters of the storage device to the server for verification, the parameters including at least a key of the storage device;
接收所述服务器验证成功后发送的与所述验证信息对应的激活信息; 将所述激活信息与所述存储装置的密钥进行验证;  Receiving activation information corresponding to the verification information sent after the server is successfully verified; and verifying the activation information and the key of the storage device;
当验证成功后, 启动所述存储装置。  When the verification is successful, the storage device is activated.
2、 根据权利要求 1所述的方法, 其特征在于, 所述激活信息与所述验证信 息中的密钥相对应。  2. The method according to claim 1, wherein the activation information corresponds to a key in the verification information.
3、 一种应用于控制存储装置的验证装置, 其特征在于, 所述验证装置通过 网络与服务器通信连接, 包括:  3. A verification device for controlling a storage device, wherein the verification device is in communication connection with a server through a network, and includes:
收发模块, 用于通过所述网络向所述服务器发送携带有所述存储装置的参 数的验证信息以进行验证, 并接收所述服务器验证成功后发送的与所述验证信 息对应的激活信息, 其中, 所述参数至少包括所述存储装置的密钥;  a transceiver module, configured to send, by using the network, verification information that carries parameters of the storage device to the server for verification, and receive activation information corresponding to the verification information that is sent after the server is successfully verified, where The parameter includes at least a key of the storage device;
控制模块, 用于将所述激活信息与所述存储装置的密钥进行验证, 并当验 证成功后, 启动所述存储装置。  And a control module, configured to verify the activation information and the key of the storage device, and start the storage device after the verification is successful.
4、 根据权利要求 3所述的验证装置, 其特征在于, 还包括:  4. The verification device according to claim 3, further comprising:
数据库, 用于存储所述存储装置的参数。  a database, configured to store parameters of the storage device.
5、 根据权利要求 3或 4所述的验证装置, 其特征在于, 所述激活信息与所 述验证信息中的密钥相对应。  The verification apparatus according to claim 3 or 4, wherein the activation information corresponds to a key in the verification information.
6、 一种存储设备, 其特征在于, 所述存储设备通过网络与服务器通信连接, 包括: 验证装置及存储装置;  A storage device, wherein the storage device is in communication with a server through a network, and includes: a verification device and a storage device;
其中 , 所述验证装置用于通过所述网络向所述服务器发送携带有所述存储 装置的参数的验证信息以进行验证, 并接收所述服务器验证成功后发送的与所 述验证信息对应的激活信息, 将所述激活信息与所述存储装置的密钥进行验证, 及当验证成功后启动所述存储装置; 所述存储装置用于存储数据。 The verification device is configured to send, by using the network, verification information carrying parameters of the storage device to the server for verification, and receiving an activation corresponding to the verification information sent after the server is successfully verified. Information, verifying the activation information with a key of the storage device, and starting the storage device after the verification is successful; The storage device is for storing data.
7、 根据权利要求 6所述的存储设备, 其特征在于, 所述参数至少包括所述 存储装置的密钥。  The storage device according to claim 6, wherein the parameter includes at least a key of the storage device.
8、 根据权利要求 6或 7所述的存储设备, 其特征在于, 所述激活信息与所 述验证信息中的密钥相对应。  The storage device according to claim 6 or 7, wherein the activation information corresponds to a key in the verification information.
PCT/CN2009/074117 2008-11-29 2009-09-22 Store equipment, authentication device and control method of the store device WO2010060319A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810217794.1 2008-11-29
CN 200810217794 CN101753532B (en) 2008-11-29 2008-11-29 Method for controlling storage equipment, verifying device and storage device

Publications (1)

Publication Number Publication Date
WO2010060319A1 true WO2010060319A1 (en) 2010-06-03

Family

ID=42225235

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/074117 WO2010060319A1 (en) 2008-11-29 2009-09-22 Store equipment, authentication device and control method of the store device

Country Status (2)

Country Link
CN (1) CN101753532B (en)
WO (1) WO2010060319A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101916233B (en) * 2010-09-14 2013-04-10 湖南源科高新技术有限公司 Computer and data elimination method thereof
CN102446251B (en) * 2011-08-24 2015-01-14 杭州华三通信技术有限公司 Device activation realizing method and equipment
CN110502186B (en) * 2019-07-05 2022-08-09 苏州浪潮智能科技有限公司 Whole machine disc locking method, system and disc locking device under local area network
CN111143409A (en) * 2019-12-13 2020-05-12 中国航空工业集团公司西安飞机设计研究所 Aluminum alloy material design verification method for airworthiness certification
CN111949967B (en) * 2020-08-31 2024-06-18 Oppo广东移动通信有限公司 Device authentication method, device, electronic device, server and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1512360A (en) * 2002-12-31 2004-07-14 台均实业有限公司 Safety authentication method for movable storage device and read and write identification device
CN1894749A (en) * 2003-12-19 2007-01-10 皇家飞利浦电子股份有限公司 Method of accessing data content in storage devices
CN101051292A (en) * 2007-01-08 2007-10-10 中国信息安全产品测评认证中心 Reliable U disc, method for realizing reliable U disc safety and its data communication with computer

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1889426B (en) * 2005-06-30 2010-08-25 联想(北京)有限公司 Method and system for realizing network safety storing and accessing
CN101252433A (en) * 2008-04-03 2008-08-27 张晶 Method for combining mobile memory apparatus with network verification

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1512360A (en) * 2002-12-31 2004-07-14 台均实业有限公司 Safety authentication method for movable storage device and read and write identification device
CN1894749A (en) * 2003-12-19 2007-01-10 皇家飞利浦电子股份有限公司 Method of accessing data content in storage devices
CN101051292A (en) * 2007-01-08 2007-10-10 中国信息安全产品测评认证中心 Reliable U disc, method for realizing reliable U disc safety and its data communication with computer

Also Published As

Publication number Publication date
CN101753532B (en) 2013-09-25
CN101753532A (en) 2010-06-23

Similar Documents

Publication Publication Date Title
US10382485B2 (en) Blockchain-assisted public key infrastructure for internet of things applications
US10708062B2 (en) In-vehicle information communication system and authentication method
WO2018050081A1 (en) Device identity authentication method and apparatus, electric device, and storage medium
WO2015180691A1 (en) Key agreement method and device for verification information
JP6633228B2 (en) Data security system with encryption
JP2018121328A (en) Event certificate for electronic device
CN108462710B (en) Authentication and authorization method, device, authentication server and machine-readable storage medium
US20190165947A1 (en) Signatures for near field communications
CN105516948B (en) A kind of apparatus control method and device
WO2015192670A1 (en) User identity authentication method, terminal and service terminal
WO2015180689A1 (en) Method and apparatus for acquiring verification information
CA2969332C (en) A method and device for authentication
CN112396735B (en) Internet automobile digital key safety authentication method and device
WO2019033822A1 (en) Methods for generating and authenticating digital certificate, communication device, and storage medium
WO2014177076A1 (en) Terminal, network locking and network unlocking method for same, and storage medium
WO2014187206A1 (en) Method and system for backing up private key in electronic signature token
WO2012072001A1 (en) Safe method for card issuing, card issuing device and system
CN113556230B (en) Data security transmission method, certificate related method, server, system and medium
CN111541716A (en) Data transmission method and related device
JP2017152880A (en) Authentication system, key processing coordination method, and key processing coordination program
WO2010060319A1 (en) Store equipment, authentication device and control method of the store device
CN110838919B (en) Communication method, storage method, operation method and device
WO2006026925A1 (en) A method for setting the authentication key
CN113766450A (en) Vehicle virtual key sharing method, mobile terminal, server and vehicle
CN111147501A (en) Bluetooth key inquiry method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09828580

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC OF 130911

122 Ep: pct application non-entry in european phase

Ref document number: 09828580

Country of ref document: EP

Kind code of ref document: A1