WO2011011952A1 - Method for protecting storage devices based on mobile communication network - Google Patents

Method for protecting storage devices based on mobile communication network Download PDF

Info

Publication number
WO2011011952A1
WO2011011952A1 PCT/CN2009/075952 CN2009075952W WO2011011952A1 WO 2011011952 A1 WO2011011952 A1 WO 2011011952A1 CN 2009075952 W CN2009075952 W CN 2009075952W WO 2011011952 A1 WO2011011952 A1 WO 2011011952A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile communication
communication network
storage device
user
ssd
Prior art date
Application number
PCT/CN2009/075952
Other languages
French (fr)
Chinese (zh)
Inventor
王德高
向前
Original Assignee
Wang Degao
Xiang Qian
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wang Degao, Xiang Qian filed Critical Wang Degao
Publication of WO2011011952A1 publication Critical patent/WO2011011952A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • Storage device based on mobile communication network
  • the present invention relates to storage device protection, and more particularly to a storage device protection method based on a mobile communication network. Background technique
  • the protection technologies of existing storage devices are diverse, such as Quantum's data protection system DPS, Maxtor's data protection system Maxsafe, and Western Digital's Data SafeGuide.
  • the future development trend of storage devices is represented by Solid State Disk (SSD). Its interface specifications and definitions, functions and usage methods are exactly the same as those of ordinary storage devices. Basically, the shape and size of products are also common.
  • the storage devices are consistent, including 3.5", 2.5" and 1.8".
  • the current Chinese patents only see "A Data Security Protection Method and Device” published by CN101403996A, and a static type disclosed in CN 101398749A.
  • the basic geographic location is determined according to the IP address of the illegal user; the file system is restored for the legitimate user and the protected data is restored, the firmware of the storage device is upgraded online, and the illegal user is effectively denied the storage device of the legitimate user.
  • This kind of protection method cannot be implemented in a special area with access to the Internet.
  • the method of wireless message remote system (WMRS) involving SSD has not been reported.
  • a new mobile communication network-based storage device protection method Help legitimate users to protect their storage devices online through the mobile communication network, and provide online technical support and device loss information for legitimate users. For example, the basic geographic location is determined according to the cellular base station address of the illegal user. The file system and the restoration site are also restored for legitimate users. Protected data, online upgrade management of storage device firmware, and effective rejection of illegal users using legitimate user storage devices.
  • This mobile communication network-based storage device protection method is particularly suitable for implementing protection for SSDs.
  • the storage device protection method based on the mobile communication network protects the storage device, performs global online authentication by using the network, performs data security read and write protection on the protected object, encrypts the data, and authenticates the identity of the legal identity holder. And refuse to use illegal users.
  • the network is a mobile communication network.
  • a global online lock is also implemented using a mobile communication network.
  • the mobile communication network is one of a 2.5G mobile communication network, a 3G mobile communication network, a 4G mobile communication network, and a 5G mobile communication network.
  • the 2.5G mobile communication network is one of GSM, EDGE and CDMA.
  • the 3G mobile communication network is one of WIFI, WCDMA and TD-SCDMA.
  • the 4G mobile communication network is one of a mobile communication network using Long Term Evolution (LTE) and a mobile communication network using World Interoperability for Microwave Access (WiMAX).
  • LTE Long Term Evolution
  • WiMAX World Interoperability for Microwave Access
  • the 5G mobile communication network is one of a mobile communication network using LTE Advanced and a mobile communication network using 802.16m-based mobile WiMAX.
  • the mobile communication network-based storage device protection method further includes password protection for authentic user identity authentication in the data of the protection target device control program area.
  • password protection for authentic user identity authentication in the data of the protection target device control program area.
  • Existing partitioning tools and operating systems simply cannot manipulate the data in the device control program area. Even if the machine code can be read, the exact byte position of the key cannot be known.
  • the network implements global online authentication, including publishing a user registration system on the mobile communication network and the Internet, and after the user applies for the WMRS successfully, the real-time network online monitoring is enabled by the server-side to the client protection object, that is, the real-time mobile communication network is enabled. Regulatory procedures.
  • the implementation of the global online lock is once the protected object is lost or stolen, and the illegal user possesses it.
  • the WMRS security protection lock can be activated, refused to continue to use, or self-destruct data by means of remote short message control for the protected object that is in the possession state, so as to ensure the data security of legitimate users and prevent illegal disclosure and use of data; and only legitimate users
  • the use of internal data can be restored.
  • the identity identification of the legal identity holder includes providing a lifelong identity registration information management service to the user who legally holds the protection object, and ensuring the security and legality of the legal user identity of the legal identity holder of the protection object.
  • the identity identification of the legal identity holder also includes the security password and the binding authorization family number for online identity authentication by the user who legally holds the protection object, and is saved after dynamic encryption by using the MD5 irreversible encryption algorithm.
  • double authentication and update are performed from the client and the server side, and it is extremely difficult to ensure that the legal user identity information of the owner of the protection object is extremely difficult to crack.
  • the technical problem of the present invention is solved by the following technical solution: the user who legally holds the protection object is provided with the lifelong identity registration information management service, and the registration information is electronically registered through the Tiger Alliance Network as a legitimate user after-sales upgrade. Lifetime credentials for the service.
  • the registration information includes the identity of the legal identity holder, the mail, the contact method, the product code of the protected object, the product serial number, the product software, the user key, the binding authorized family number, and the user information.
  • the protected object is a storage device, generally referred to as a device for satisfying a permanent storage form for a computer or system to save and restore the used software programs and data files.
  • the storage device is one of a hard disk, a floppy disk, a flash unit storage device, and a rewritable tape.
  • the hard disk is one of a disk type hard disk and an SSD.
  • the hard disk is an SSD including a control unit and a flash memory unit.
  • the method of the invention adopts a global mobile communication network to implement global online authentication, and is more widely applicable than the global online authentication implemented by the Internet, including a special area that does not have access to the Internet.
  • the password authentication is used to authenticate the legitimate user identity in the data of the protected object device program control area, and all illegal user groups are displayed and supervised in the manufacturer server management platform.
  • the invention protects all the data of the storage device and the rights of the holder of the legal identity feature, and provides the lifelong identity registration information management service to the legal identity feature holder to ensure protection.
  • the security and legality of the identity of the legal identity of the object; the user who legally holds the protected object fills in the security code for network identity security authentication online, and after the dynamic encryption converted by the MD5 irreversible encryption algorithm, the protection is preserved.
  • the server database of the object manufacturer performs double comparison authentication and update from the client side and the server side to ensure that the identity information of the legal identity holder of the protected object is extremely difficult to crack. It also provides protection for user data security and protects the working state of protected objects. When the protected object is lost or used by an illegal user, the legal identity holder can be provided with information for recourse and rights protection.
  • FIG. 1 is a schematic diagram of a client process when the SNS protection is applied for registration in the first embodiment of the present invention
  • FIG. 1b is a schematic diagram of a process of a terminal product (ie, SSD) when the SNS protection is applied for registration in the first embodiment of the present invention
  • Figure lc is a schematic diagram of the client process when the SNS protection is applied for registration in the first embodiment of the present invention
  • Figure 2a is a schematic diagram of the client process when the user alarms according to the embodiment of the present invention
  • 2b is a schematic diagram of a server end flow when a user alarms according to an embodiment of the present invention
  • 2c is a schematic diagram of a process for automatically identifying an illegal user by using the owner information reported by the server in the embodiment of the present invention
  • FIG. 3 is a flow chart showing a typical working process of an SSN protected by an SNS according to Embodiment 1 of the present invention.
  • a SSD protection method based on mobile communication network :
  • the client has the following steps in order:
  • the SSD receives the server command and activates the lock, immediately enters the automatic protection program, the system restarts, the next time the power is turned on, the current user is an illegal user, and the contact information of the legitimate user is displayed, and the system cannot be accessed later, even if the SSD is installed. In other PCs, the slave disk is still considered to be an empty disk and cannot read any data.
  • the manufacturer server has the following steps in order:
  • the client terminal 4) enables the WMRS real-time uploading of the SSD machine main information to perform legal user identity verification in real time, and uploads the dynamically encrypted security password converted by the MD5 irreversible encryption algorithm, and performs online real-time double ratio with the client.
  • the password is compared with the authentication result. If the comparison result is correct, repeat the comparison. If the comparison result is incorrect, go to step 5). The comparison result is saved in the comparison.
  • Manufacturer server database to ensure the uniqueness and confidentiality of user information
  • the client is uploaded 5)
  • the owner of the uploaded user is the illegal user's prompt and the registration information stored in the WMRS database is compared and verified, and the identity of the owner is confirmed twice. If the identity of the owner is confirmed to be an illegal user, enter the step 6);
  • the remotely activate the activation lock SSD command to activate the locking of the illegal target terminal including establishing a server-side warning announcement broadcast mechanism, and actively patrolling the real-time scan illegal user.
  • Device start WMRS to effectively protect the SSD of legitimate users, will be used in the first time when the illegal user is powered on, command the client
  • the SSD refuses to operate normally, and performs data security protection and encrypted backup on the entire storage device including the SSD.
  • the user usage data and the file system keyword section are sampled, backed up, compressed into a file, and encrypted and written in a specific manufacturing.
  • the device control program area after the backup is completed, the OXFFFF is filled in the partition information table of the SSD and the original keyword node of the client user data to ensure that the SSD is regarded as an empty disk even if it is installed on another PC; Then change the manufacturer master work order in the SSD to fail to start, make it in a fault state or empty factory, and all users can not use it. If the violence is forced to open, the SSD master CPU enters the self-destruction program, and the storage unit fails, so that the illegal user cannot use it normally. Only the legitimate user returns the SSD to the original manufacturer for repair or data recovery.
  • Example 1 This is shown in Figures la to 3.
  • Figure la, lb, and lc show the flowchart of the registration application SNS protection. It can be seen from the figure that when registering the application, the server side interacts with the client on one hand, accepts the user's request and the information input by the user, and returns to the user.
  • Registration result information on the other hand, is handed over to the SSD, instructing the SSD to automatically upload the SN, PN number and receive it, and enable SNS protection on the SSD, and install the "real-time Internet remote supervision program" on the SSD (if it is already installed, this is In the step, "Install” is changed to "Open".
  • Registration applications can be made via the Internet or via mobile messaging.
  • the flowchart is shown in Figure 2a and 2b.
  • the method of manual alarm can also be used for alarms such as telephone, fax, and SMS. According to the needs, the customer can also open the SSD directly by using the mobile communication SMS.
  • the server determines whether the SSD is stolen based on the owner information uploaded by the SSD in real time. In this way, even if the SSD is stolen, the user has not noticed it, and the server can find it early. As shown in Figure 2c.
  • the way of discovery is mainly based on the machine hardware information uploaded by the SSD to determine whether the hardware environment of the SSD is changed. If it changes, it is considered to be stolen. At this time, an illegal user can be marked, and the authorized SSD can be activated. The legitimate user can also be notified by e-mail, instant messaging, SMS, telephone, fax, etc.
  • FIG. 3 A typical workflow for an SNS with SNS protection enabled is shown in Figure 3.
  • the SSD After accessing the computer, the SSD first uses the mobile communication network to find the network and shake hands with the server (that is, the SSD and the server exchange information and confirm the SSD identity information), and upload the main information (mainly including the owner's hardware information) to the server in real time, and real-time. Query whether the lock SSD instruction is activated. If the verification passes as a legitimate user and the lock SSD instruction is not activated, it enters the normal working state. Otherwise, the SSD enters the protection state: Refuse to operate normally, and perform data security protection and encrypted backup on the entire storage device of the SSD.
  • the self-destruction program can use the self-destruction technology in the prior art, and the so-called "violent unraveling" includes, for example, attempts to repeatedly access the server authentication exceeding a threshold number of times, hardware circuit connections are changed, mechanical damage, and the like.
  • the SSD can enter the above protection state even if the lock SSD command is not activated.

Abstract

A method for protecting a storage device based on a mobile communication network is provided. The object to be protected is a storage device. Global on-line authentication is enabled through a network. The method can provide data-safe read-write protection for the protected object, data encryption, identity authentication for holders of legal identity features, and refusal of use by illegal users. The said network is a mobile communication network, and is utilized to enable global on-line locking. Authentication of legal user identity information held in the data of the program control area of the protected object is password protected, while all illegal user groups are inventoried, displayed in real-time and monitored on the management platform of a manufacture's server. The present invention protects all data on a storage device as well as the interests of holders of legal identity features, and provides lifelong management service for the registration information of such holders. Additionally, the invention also protects user data and the working state of a protected object. When a protected object is lost or used illegally, the method provides information on tracking and rights protection for a holder of legal identity features.

Description

说 明 书  Description
一种基于移动通讯网的存储 i殳备保护方法 技术领域 Storage device based on mobile communication network
本发明涉及存储设备保护, 特别是涉及一种基于移动通讯网的存储设 备保护方法。 背景技术  The present invention relates to storage device protection, and more particularly to a storage device protection method based on a mobile communication network. Background technique
现有存储设备的保护技术多种多样, 如昆腾公司的数据保护系统 DPS, 迈拓公司的数据保护系统 Maxsafe, 以及西部数据的保护系统数据 卫士(Data SafeGuide)。未来存储设备发展的趋势的代表是固态硬盘(Solid State Disk, 缩略词为 SSD) , 其接口规范和定义、 功能及使用方法与普通 存储设备完全相同, 在产品外形和尺寸上也基本与普通存储设备一致, 包 括 3.5 " 、 2.5 " 和 1.8 " 等类型。 有关固态硬盘的保护技术, 目前中国专 利仅见有 CN101403996A 公开的 《一种数据安全保护方法及装置》、 CN 101398749A 公开的 《一种静态损耗均衡的方法、 装置和系统》、 CN101149664A 公开的 《固态硬盘及处理其管理数据的方法》, 以及 CN101030167A公开的 《闪存的区块管理方法》。 这些 SSD的保护方法对 合法用户未进行注册管理, 且只是对 SSD用户本地可操作区的数据中的 合法用户身份鉴别使用密码保护, 存在易复制、 易破解的问题。 本申请人 的在先专利 《一种基于互联网的存储设备保护方法》 (中国专利申请号: 200910107860.4 ) 是一种涉及 SSD 的网络在线保护 ( storage network safeguard, 缩略词为 SNS )方法, 可以帮助合法用户网络在线保护其使用 的存储设备, 为合法用户提供在线技术支持和设备遗失信息, 例如根据非 法用户的 IP地址判断基本地理位置; 还为合法用户恢复文件系统及还原 所保护的数据, 在线升级管理存储设备的固件, 并有效拒绝非法用户使用 合法用户的存储设备。 但是, 在未具备接入互联网条件的特殊地域, 这种 保护方法就不能实施。 涉及 SSD 的移动通讯网络在线保护 (wireless message remote system, 缩略词为 WMRS ) 方法尚未见有报导。 发明内容  The protection technologies of existing storage devices are diverse, such as Quantum's data protection system DPS, Maxtor's data protection system Maxsafe, and Western Digital's Data SafeGuide. The future development trend of storage devices is represented by Solid State Disk (SSD). Its interface specifications and definitions, functions and usage methods are exactly the same as those of ordinary storage devices. Basically, the shape and size of products are also common. The storage devices are consistent, including 3.5", 2.5" and 1.8". For the protection technology of solid state drives, the current Chinese patents only see "A Data Security Protection Method and Device" published by CN101403996A, and a static type disclosed in CN 101398749A. "Method, device and system for wear leveling", "Solid State Drive and Method for Processing Management Data" disclosed in CN101149664A, and "Block Management Method for Flash Memory" disclosed in CN101030167A. These SSD protection methods are not registered for legitimate users. It only uses password protection for the identification of legitimate users in the data of the local operable area of the SSD user, and there is a problem of easy copying and easy cracking. The applicant's prior patent "An Internet-based storage device protection method" ( Chinese Patent Application No.: 200910107860 .4) is a method of online network protection (SNS) involving SSDs, which can help legitimate users to protect their storage devices online, and provide online technical support and device loss information for legitimate users. For example, the basic geographic location is determined according to the IP address of the illegal user; the file system is restored for the legitimate user and the protected data is restored, the firmware of the storage device is upgraded online, and the illegal user is effectively denied the storage device of the legitimate user. This kind of protection method cannot be implemented in a special area with access to the Internet. The method of wireless message remote system (WMRS) involving SSD has not been reported.
本发明所要解决的技术问题是弥补上述现有技术的不足,提出一种创 新的基于移动通讯网的存储设备保护方法。帮助合法用户通过移动通讯网 络在线保护其使用的存储设备,为合法用户提供在线技术支持和设备遗失 信息, 例如根据非法用户的蜂窝基站地址判断基本地理位置; 还为合法用 户恢复文件系统及还原所保护的数据, 在线升级管理存储设备的固件, 并 有效拒绝非法用户使用合法用户的存储设备。这种基于移动通讯网的存储 设备保护方法尤其适用于对 SSD实施保护。 The technical problem to be solved by the present invention is to make up for the deficiencies of the above prior art and propose an innovation. A new mobile communication network-based storage device protection method. Help legitimate users to protect their storage devices online through the mobile communication network, and provide online technical support and device loss information for legitimate users. For example, the basic geographic location is determined according to the cellular base station address of the illegal user. The file system and the restoration site are also restored for legitimate users. Protected data, online upgrade management of storage device firmware, and effective rejection of illegal users using legitimate user storage devices. This mobile communication network-based storage device protection method is particularly suitable for implementing protection for SSDs.
本发明的技术问题采用以下技术方案予以解决:  The technical problem of the present invention is solved by the following technical solutions:
这种基于移动通讯网的存储设备保护方法, 保护对象是存储设备, 采 用网络实行全球在线鉴定, 对保护对象进行数据安全读写保护, 对数据进 行加密, 对合法身份特征持有者进行身份鉴别, 以及拒绝非法用户使用。  The storage device protection method based on the mobile communication network protects the storage device, performs global online authentication by using the network, performs data security read and write protection on the protected object, encrypts the data, and authenticates the identity of the legal identity holder. And refuse to use illegal users.
这种基于移动通讯网的存储设备保护方法的特点是:  The characteristics of this mobile communication network-based storage device protection method are:
所述网络是移动通讯网。  The network is a mobile communication network.
还采用移动通讯网实行全球在线锁定。  A global online lock is also implemented using a mobile communication network.
本发明的技术问题采用以下进一歩的技术方案予以解决:  The technical problem of the present invention is solved by the following technical solutions:
所述移动通讯网是 2.5G移动通讯网、 3G移动通讯网、 4G移动通讯网 和 5G移动通讯网中的一种。  The mobile communication network is one of a 2.5G mobile communication network, a 3G mobile communication network, a 4G mobile communication network, and a 5G mobile communication network.
所述 2.5G移动通讯网是 GSM、 EDGE和 CDMA中的一种。  The 2.5G mobile communication network is one of GSM, EDGE and CDMA.
所述 3G移动通讯网是 WIFI、 WCDMA和 TD-SCDMA中的一种。 所述 4G移动通讯网是采用长期演进技术(Long Term Evolution, 简称 LTE) 的移动通讯网和采用全球微波接入互操作性 (World Interoperability for Microwave Access, 简称 WiMAX ) 的移动通讯网中的一种。  The 3G mobile communication network is one of WIFI, WCDMA and TD-SCDMA. The 4G mobile communication network is one of a mobile communication network using Long Term Evolution (LTE) and a mobile communication network using World Interoperability for Microwave Access (WiMAX).
所述 5G移动通讯网是采用 LTE Advanced和的移动通讯网和采用基于 802.16m的移动 WiMAX的移动通讯网中的一种。  The 5G mobile communication network is one of a mobile communication network using LTE Advanced and a mobile communication network using 802.16m-based mobile WiMAX.
这种基于移动通讯网的存储设备保护方法,还包括对保护对象设备控 制程序区的数据中的合法用户身份鉴别使用密码保护。现有的分区工具和 操作系统根本无法对设备控制程序区的数据进行操作,即使能读出机器码 也无法知晓其密匙的准确字节位置。  The mobile communication network-based storage device protection method further includes password protection for authentic user identity authentication in the data of the protection target device control program area. Existing partitioning tools and operating systems simply cannot manipulate the data in the device control program area. Even if the machine code can be read, the exact byte position of the key cannot be known.
所述采用网络实行全球在线鉴定,包括在移动通讯网和互联网上发布 用户注册系统, 以及在用户申请 WMRS成功后, 由服务器端对客户端的 保护对象即时启用实时网络在线监测,即启用实时移动通讯网远程监管程 序。  The network implements global online authentication, including publishing a user registration system on the mobile communication network and the Internet, and after the user applies for the WMRS successfully, the real-time network online monitoring is enabled by the server-side to the client protection object, that is, the real-time mobile communication network is enabled. Regulatory procedures.
所述实行全球在线锁定是一旦保护对象遗失或被盗、 非法用户占有, 即可激活 WMRS安全保护锁, 拒绝继续使用, 或者对非法占有正在使用 状态的保护对象以远程短信控制方式自毁数据, 以保证合法用户的数据安 全, 防止数据非法泄露及使用; 且只有合法用户才能以远程短信控制方式 向保护对象制造商办理恢复使用权限和其它所有权限,恢复其内部数据的 使用权。 The implementation of the global online lock is once the protected object is lost or stolen, and the illegal user possesses it. The WMRS security protection lock can be activated, refused to continue to use, or self-destruct data by means of remote short message control for the protected object that is in the possession state, so as to ensure the data security of legitimate users and prevent illegal disclosure and use of data; and only legitimate users In order to restore the use rights and all other rights to the protected object manufacturer in remote SMS control mode, the use of internal data can be restored.
所述合法身份特征持有者身份鉴别,包括对合法持有保护对象的用户 提供终身身份注册信息管理服务,确保保护对象的合法身份特征持有者的 合法用户身份的安全性和合法性。  The identity identification of the legal identity holder includes providing a lifelong identity registration information management service to the user who legally holds the protection object, and ensuring the security and legality of the legal user identity of the legal identity holder of the protection object.
所述合法身份特征持有者身份鉴别,还包括由合法持有保护对象的用 户在线填写进行网络身份安全认证的保密码和绑定授权亲情号码,经过采 用 MD5不可逆加密算法转换的动态加密后保存在保护对象制造商的服务 器数据库, 从客户端和服务器端实行双重比对鉴定和更新, 确保保护对象 的主人的合法用户身份信息极难破解。  The identity identification of the legal identity holder also includes the security password and the binding authorization family number for online identity authentication by the user who legally holds the protection object, and is saved after dynamic encryption by using the MD5 irreversible encryption algorithm. In the server database of the protection object manufacturer, double authentication and update are performed from the client and the server side, and it is extremely difficult to ensure that the legal user identity information of the owner of the protection object is extremely difficult to crack.
本发明的技术问题采用以下再进一歩的技术方案予以解决: 所述对合法持有保护对象的用户提供终身身份注册信息管理服务,是 将注册信息通过虎联网络电子注册,作为合法用户售后升级服务的终身凭 证。  The technical problem of the present invention is solved by the following technical solution: the user who legally holds the protection object is provided with the lifelong identity registration information management service, and the registration information is electronically registered through the Tiger Alliance Network as a legitimate user after-sales upgrade. Lifetime credentials for the service.
所述注册信息包括合法身份特征持有者身份、 邮件、 联络方式, 保护 对象的产品编码、 产品序号、 产品软件、 用户密钥、 绑定授权亲情号码, 以及用户信息。  The registration information includes the identity of the legal identity holder, the mail, the contact method, the product code of the protected object, the product serial number, the product software, the user key, the binding authorized family number, and the user information.
所述保护对象是存储设备,泛指用于为计算机或系统满足永久的存储 形式以保存和恢复所使用的软件程序和数据文件的设备。  The protected object is a storage device, generally referred to as a device for satisfying a permanent storage form for a computer or system to save and restore the used software programs and data files.
所述存储设备是硬盘、软盘、 闪存单元存储设备和可擦写磁带中的一 种。  The storage device is one of a hard disk, a floppy disk, a flash unit storage device, and a rewritable tape.
所述硬盘是磁碟型硬盘和 SSD中的一种。  The hard disk is one of a disk type hard disk and an SSD.
优选的, 所述硬盘是包括控制单元、 闪存存储单元的 SSD。  Preferably, the hard disk is an SSD including a control unit and a flash memory unit.
本发明与现有技术对比的有益效果是:  The beneficial effects of the present invention compared to the prior art are:
本发明方法采用遍布全球的移动通讯网实行全球在线鉴定,相比采用 互联网实行的全球在线鉴定, 适用范围更加广泛, 包括未具备接入互联网 条件的特殊地域。对保护对象设备程序控制区的数据中的合法用户身份鉴 别使用密码保护, 并在制造商服务器管理平台统计、 实时显示和监管所有 非法用户群体。本发明保护存储设备的全部数据和合法身份特征持有者的 权益, 对合法身份特征持有者提供终身身份注册信息管理服务, 确保保护 对象的合法身份特征持有者身份的安全性和合法性; 由合法持有保护对象 的用户在线填写进行网络身份安全认证的保密码, 经过采用 MD5不可逆 加密算法转换的动态加密后, 保存在保护对象制造商的服务器数据库, 从 用户端和服务器端实行双重比对鉴定和更新,确保保护对象的合法身份特 征持有者身份信息极难破解。还对用户数据安全提供保护, 对保护对象的 工作状态进行保护。在保护对象遗失或非法用户使用时, 可为合法身份特 征持有者提供追索、 维权的信息。 The method of the invention adopts a global mobile communication network to implement global online authentication, and is more widely applicable than the global online authentication implemented by the Internet, including a special area that does not have access to the Internet. The password authentication is used to authenticate the legitimate user identity in the data of the protected object device program control area, and all illegal user groups are displayed and supervised in the manufacturer server management platform. The invention protects all the data of the storage device and the rights of the holder of the legal identity feature, and provides the lifelong identity registration information management service to the legal identity feature holder to ensure protection. The security and legality of the identity of the legal identity of the object; the user who legally holds the protected object fills in the security code for network identity security authentication online, and after the dynamic encryption converted by the MD5 irreversible encryption algorithm, the protection is preserved. The server database of the object manufacturer performs double comparison authentication and update from the client side and the server side to ensure that the identity information of the legal identity holder of the protected object is extremely difficult to crack. It also provides protection for user data security and protects the working state of protected objects. When the protected object is lost or used by an illegal user, the legal identity holder can be provided with information for recourse and rights protection.
附图说明 DRAWINGS
图 la是本发明实施例一注册申请 SNS保护时客户端流程示意图; 图 lb是本发明实施例一注册申请 SNS保护时终端产品 (即 SSD)流程 示意图;  FIG. 1 is a schematic diagram of a client process when the SNS protection is applied for registration in the first embodiment of the present invention; FIG. 1b is a schematic diagram of a process of a terminal product (ie, SSD) when the SNS protection is applied for registration in the first embodiment of the present invention;
图 lc是本发明实施例一注册申请 SNS保护时客户端流程示意图; 图 2a是本发明实施例一用户报警时客户端流程示意图;  Figure lc is a schematic diagram of the client process when the SNS protection is applied for registration in the first embodiment of the present invention; Figure 2a is a schematic diagram of the client process when the user alarms according to the embodiment of the present invention;
图 2b是本发明实施例一用户报警时服务器端流程示意图;  2b is a schematic diagram of a server end flow when a user alarms according to an embodiment of the present invention;
图 2c是本发明实施例一服务器端利用 SSD上报的机主信息自动标识 非法用户流程示意图;  2c is a schematic diagram of a process for automatically identifying an illegal user by using the owner information reported by the server in the embodiment of the present invention;
图 3是本发明实施例一中一个受到 SNS保护的 SSD的典型工作过程 流图。  FIG. 3 is a flow chart showing a typical working process of an SSN protected by an SNS according to Embodiment 1 of the present invention.
具体实施方式 detailed description
下面将结合具体实施方式对本发明作进一歩说明。  The invention will now be further described in conjunction with specific embodiments.
一种基于移动通讯网的 SSD保护方法:  A SSD protection method based on mobile communication network:
客户端依次有以下歩骤:  The client has the following steps in order:
1 ) 自动运行网络注册单元;  1) Automatically run the network registration unit;
2 ) 自动读取 SSD的 SN、 PN码, 机主填写注册信息上传服务器; 3 ) 填写机主保护密码及其它信息上传服务器, 向服务器端申请 2) Automatically read the SN and PN code of the SSD, and the owner fills in the registration information uploading server; 3) Fill in the main protection password and other information uploading server, and apply to the server
WMRS保护; WMRS protection;
4 ) 接收服务器端下传的确认注册成功信息, 被确认为合法用户的机 主开启 WMRS , 向服务器实时上传 SSD的机主信息;  4) Receiving the confirmation registration success message transmitted by the server, and confirming that the owner of the legitimate user opens the WMRS, and uploads the owner information of the SSD to the server in real time;
5 )在实时接收服务器端下传的保密码比对鉴定结果后,一旦发现 SSD 遗失或被盗、被非法用户占有, 立即将机主是非法用户的提示上传服务器 5) After the real-time receiving the password transmitted by the server is compared with the authentication result, once the SSD is found to be lost or stolen and occupied by an illegal user, the prompt owner of the illegal user is uploaded to the server.
¾ ; 3⁄4 ;
6 )合法用户启用实时在线保护, 激活 WMRS安全保护锁; 启用实时 在线保护方式是登录制造商的 WMRS-G主页管理系统报警、 通过制造商 指定的服务热线进行电话或传真报警, 以及用户自行向 SSD设备发送锁 机指令中的任意一种; 6) Legitimate users enable real-time online protection, activate WMRS security protection lock; Enable real-time online protection mode is to log in to the manufacturer's WMRS-G homepage management system alarm, through the manufacturer The designated service hotline performs a telephone or fax alarm, and the user sends any one of the lock instructions to the SSD device;
7 ) SSD接收到服务器指令并激活锁定, 立即进入自动保护程序, 系 统重启,下次开机提示目前用户是非法用户,并显示合法用户的联系方式, 以后再启动系统无法进入,即使将本 SSD安装在其它 PC机做从盘仍然视 为空盘, 不能读取任何数据。  7) The SSD receives the server command and activates the lock, immediately enters the automatic protection program, the system restarts, the next time the power is turned on, the current user is an illegal user, and the contact information of the legitimate user is displayed, and the system cannot be accessed later, even if the SSD is installed. In other PCs, the slave disk is still considered to be an empty disk and cannot read any data.
制造商服务器端依次有以下歩骤:  The manufacturer server has the following steps in order:
1 ) 在移动通讯网和互联网上发布用户注册系统, 由用户通过手机向 设备制造商提供的特服短信接收中心进行短信注册或者登陆互联网 WMRS注册中心注册;  1) Publish the user registration system on the mobile communication network and the Internet, and the user can register the SMS through the mobile phone to the device manufacturer's special service SMS receiving center or log in to the Internet WMRS registration center to register;
2) 将客户端歩骤 2) 上传的注册信息与制造商的产品出厂信息进行 对比验证, 且将验证正确的注册信息记录到 WMRS数据库;  2) Compare the registration information uploaded by the client 2) with the manufacturer's product information, and record the correct registration information to the WMRS database;
3 )将客户端歩骤 3 ) 上传的申请 WMRS保护的机主保护密码及其它 信息进行对比验证, 且将通过验证申请 WMRS成功的用户予以标示, 对 客户端的保护对象即时启用实时网络在线监测,即启用实时移动通讯网远 程监管程序, 指令客户端实时将 SSD运行状态上传制造商服务器, 通过 制造商服务器对 SSD进行技术比对和升级管理固件;  3) Compare and verify the owner protection password and other information of the application WMRS protection uploaded by the client terminal 3), and mark the user who successfully authenticates the application for WMRS, and enable real-time online monitoring of the client's protection object immediately, ie Enable the real-time mobile communication network remote supervision program, instruct the client to upload the SSD running status to the manufacturer server in real time, and perform technical comparison and upgrade management firmware on the SSD through the manufacturer server;
4)将客户端歩骤 4)开启 WMRS实时上传的 SSD机主信息实时进行 合法用户身份验证, 将上传来的采用 MD5不可逆加密算法转换的动态加 密的保密码, 与客户端进行网络在线实时双重比对认证, 即将保密码比对 认证结果下传客户端,如果比对认证结果正确,再重复进行一次比对认证, 如果比对认证结果不正确, 进入歩骤 5 ), 比对认证结果保存在制造商服 务器数据库, 确保用户信息唯一性和保密性;  4) The client terminal 4) enables the WMRS real-time uploading of the SSD machine main information to perform legal user identity verification in real time, and uploads the dynamically encrypted security password converted by the MD5 irreversible encryption algorithm, and performs online real-time double ratio with the client. For authentication, the password is compared with the authentication result. If the comparison result is correct, repeat the comparison. If the comparison result is incorrect, go to step 5). The comparison result is saved in the comparison. Manufacturer server database to ensure the uniqueness and confidentiality of user information;
5 )将客户端歩骤 5 ) 上传的机主是非法用户的提示与存入 WMRS数 据库的注册信息进行对比验证, 二次确认机主的身份, 如果确认机主的身 份是非法用户, 进入歩骤 6);  5) The client is uploaded 5) The owner of the uploaded user is the illegal user's prompt and the registration information stored in the WMRS database is compared and verified, and the identity of the owner is confirmed twice. If the identity of the owner is confirmed to be an illegal user, enter the step 6);
6) 应对机主的身份确认是非法用户, 以及客户端歩骤 6) 上传的要 求激活 WMRS安全保护锁的报警, 标示非法用户, 等待机授权激活远程 锁定 SSD;  6) The identity of the owner should be confirmed as an illegal user, and the client needs to activate the alarm of the WMRS security protection lock, indicating the illegal user, waiting for the machine to activate the remote locking SSD;
7 ) 收到合法身份特征持有者授权, 且由制造商服务器审核通过后, 立即远程发布激活锁定 SSD指令, 激活锁定非法目标终端, 包括建立服 务器端预警公告广播机制、主动巡逻实时扫描非法用户装置,启动 WMRS 有效保护合法用户的 SSD,将在非法用户开机使用第一时间,命令客户端 SSD拒绝正常运行, 并对包括 SSD的整个存储设备进行数据安全保护及 加密备份: 先对用户使用数据及文件系统关键字节进行抽样、 备份, 压缩 成一个文件, 经加密后写在特定的制造商设备控制程序区, 备份完成后对 SSD的分区信息表、 客户端用户数据原来的关键字节位进行 OXFFFF填 充, 以保证即使将本 SSD安装在其它 PC机做从盘仍然视为空盘; 再将 SSD中制造商主控工作指令更改为启动失败,使其处于故障状态或空盘出 厂状态, 所有用户均无法使用。 如果暴力强制解开运行, SSD主控 CPU 进入自毁程序, 存储单元失效, 使非法用户无法正常使用, 只有由合法用 户将 SSD返回原制造商进行修复或数据恢复。 7) After receiving the authorization of the legal identity holder and being approved by the manufacturer server, the remotely activate the activation lock SSD command to activate the locking of the illegal target terminal, including establishing a server-side warning announcement broadcast mechanism, and actively patrolling the real-time scan illegal user. Device, start WMRS to effectively protect the SSD of legitimate users, will be used in the first time when the illegal user is powered on, command the client The SSD refuses to operate normally, and performs data security protection and encrypted backup on the entire storage device including the SSD. First, the user usage data and the file system keyword section are sampled, backed up, compressed into a file, and encrypted and written in a specific manufacturing. The device control program area, after the backup is completed, the OXFFFF is filled in the partition information table of the SSD and the original keyword node of the client user data to ensure that the SSD is regarded as an empty disk even if it is installed on another PC; Then change the manufacturer master work order in the SSD to fail to start, make it in a fault state or empty factory, and all users can not use it. If the violence is forced to open, the SSD master CPU enters the self-destruction program, and the storage unit fails, so that the illegal user cannot use it normally. Only the legitimate user returns the SSD to the original manufacturer for repair or data recovery.
实施方式举例:  Examples of implementations:
例一: 本例如图 la至图 3所示。 其中图 la、 lb、 lc示出了注册申请 SNS保护的流程图, 由图可见, 注册申请时, 服务器端一方面与客户端进 行交互,接受用户的请求及用户输入的信息,并向用户返回注册结果信息, 另一方面与 SSD交到, 指示 SSD自动上传 SN、 PN号并接收, 并在 SSD 上开启 SNS保护, 在 SSD上安装 "实时互联网远程监管程序"(如果原已 安装, 则此歩骤中 "安装"改为 "开启")。注册申请可以通过互联网实现, 也可以通过移动通讯短信实现。  Example 1: This is shown in Figures la to 3. Figure la, lb, and lc show the flowchart of the registration application SNS protection. It can be seen from the figure that when registering the application, the server side interacts with the client on one hand, accepts the user's request and the information input by the user, and returns to the user. Registration result information, on the other hand, is handed over to the SSD, instructing the SSD to automatically upload the SN, PN number and receive it, and enable SNS protection on the SSD, and install the "real-time Internet remote supervision program" on the SSD (if it is already installed, this is In the step, "Install" is changed to "Open". Registration applications can be made via the Internet or via mobile messaging.
注册成功并且在 SSD上开启 SNS保护后, 如果用户发现 SSD丢失, 可主动向服务器端报警, 其流程图如图 2a和 2b所示。 人工报警的方式也 可以采用电话、 传真、 手机短信等报警的方式。 根据需要, 也可以开通客 户自行通过通过移动通讯短信实现直接锁定 SSD。  After the registration is successful and the SNS protection is enabled on the SSD, if the user finds that the SSD is lost, the user can actively report the alarm to the server. The flowchart is shown in Figure 2a and 2b. The method of manual alarm can also be used for alarms such as telephone, fax, and SMS. According to the needs, the customer can also open the SSD directly by using the mobile communication SMS.
另一方面, 在 SSD使用过程中, 服务器还实时根据 SSD实时上传的 机主信息确定 SSD是否被盗。 这样, 即使 SSD被盗后用户还没有发觉, 服务器端也可以及早发现。 如图 2c所示。 其发现的方式主要是根据 SSD 上传的机主硬件信息, 确定 SSD使在的硬件环境是否被改变。 如果变改 变, 则认为有被盗可能, 此时可标示非法用户, 等待授权激活锁定 SSD, 也可通过电子邮件、 即时通讯、 手机短信、 电话、 传真等手段通知合法用 户。  On the other hand, during the use of the SSD, the server also determines whether the SSD is stolen based on the owner information uploaded by the SSD in real time. In this way, even if the SSD is stolen, the user has not noticed it, and the server can find it early. As shown in Figure 2c. The way of discovery is mainly based on the machine hardware information uploaded by the SSD to determine whether the hardware environment of the SSD is changed. If it changes, it is considered to be stolen. At this time, an illegal user can be marked, and the authorized SSD can be activated. The legitimate user can also be notified by e-mail, instant messaging, SMS, telephone, fax, etc.
一个开启 SNS保护的 SSD的典型工作流程见图 3。 SSD接入电脑后首先 利用移动通讯网络寻找网络并与服务器端握手 (即 SSD和服务器互发信息 并确认 SSD身份信息),实时向服务器上传机主信息(主要包括机主硬件信 息) ,并实时查询锁定 SSD指令是否激活。 如果验证通过为合法用户且锁 定 SSD指令没有激活, 则进入正常工作状态。 否则, SSD进入保护状态: 拒绝正常运行, 并对 SSD的整个存储设备进行数据安全保护及加密备份, 还可对 SSD主控进行禁止读写操作限制, 保证 SSD无论作为主、 从盘时 主板均不能发现, 使 SSD处于故障状态或空盘出厂状态, 如果遇到暴力 解开, 则启动自毁程序。 其中自毁程序可用现有技术中的自毁技术, 而所 谓 "暴力解开", 包括比如: 超过阈值次数的试图重复接入服务器认证、 硬件电路连接被改变、 机械损伤, 等等。 A typical workflow for an SNS with SNS protection enabled is shown in Figure 3. After accessing the computer, the SSD first uses the mobile communication network to find the network and shake hands with the server (that is, the SSD and the server exchange information and confirm the SSD identity information), and upload the main information (mainly including the owner's hardware information) to the server in real time, and real-time. Query whether the lock SSD instruction is activated. If the verification passes as a legitimate user and the lock SSD instruction is not activated, it enters the normal working state. Otherwise, the SSD enters the protection state: Refuse to operate normally, and perform data security protection and encrypted backup on the entire storage device of the SSD. It can also prohibit the read and write operations of the SSD master control, ensuring that the SSD can not be found when the SSD is used as the master or slave, and the SSD is faulty. State or empty factory condition, if a violent disintegration occurs, start the self-destruction program. The self-destruction program can use the self-destruction technology in the prior art, and the so-called "violent unraveling" includes, for example, attempts to repeatedly access the server authentication exceeding a threshold number of times, hardware circuit connections are changed, mechanical damage, and the like.
如果是用户直接利用手机短信方式通知 SSD进入锁定状态, 则 SSD 即使没有查询到锁定 SSD指令激活, 也可以进入上述保护状态。  If the user directly uses the mobile phone short message to notify the SSD to enter the locked state, the SSD can enter the above protection state even if the lock SSD command is not activated.
以上内容是结合具体的优选实施方式对本发明所作的进一歩详细说 明, 不能认定本发明的具体实施只局限于这些说明。对于本发明所属技术 领域的普通技术人员来说,在不脱离本发明构思的前提下做出若干等同替 代或明显变型,而且性能或用途相同,都应当视为属于本发明的保护范围。  The above is a detailed description of the present invention in connection with the specific preferred embodiments, and the specific embodiments of the present invention are not limited to the description. It will be apparent to those skilled in the art that <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt;

Claims

权 利 要 求 书 Claim
1、一种基于移动通讯网的存储设备保护方法, 保护对象是存储设备, 采用网络实行全球在线鉴定, 对保护对象进行数据安全读写保护, 对数据 进行加密,对合法身份特征持有者进行身份鉴别,以及拒绝非法用户使用, 其特征在于:。 1. A storage device protection method based on a mobile communication network, the protection object is a storage device, adopts a network to implement global online authentication, performs data security read and write protection on the protected object, encrypts the data, and performs identity on the legal identity feature holder. Identification, and denial of illegal user use, are characterized by:
这种基于移动通讯网的存储设备保护方法的特点是:  The characteristics of this mobile communication network-based storage device protection method are:
所述网络是移动通讯网;  The network is a mobile communication network;
还采用移动通讯网实行全球在线锁定。  A global online lock is also implemented using a mobile communication network.
2、如权利要求 1所述的基于移动通讯网的存储设备保护方法, 其特征 在于:  2. The mobile communication network based storage device protection method according to claim 1, wherein:
所述移动通讯网是 2.5G移动通讯网、 3G移动通讯网、 4G移动通讯网 和 5G移动通讯网中的一种;  The mobile communication network is one of a 2.5G mobile communication network, a 3G mobile communication network, a 4G mobile communication network, and a 5G mobile communication network;
3、如权利要求 1或 2所述的基于移动通讯网的存储设备保护方法, 其 特征在于:  The mobile communication network-based storage device protection method according to claim 1 or 2, wherein:
还包括对保护对象设备控制程序区的用户身份鉴别使用密码保护。 It also includes password protection for user identity authentication of the protected object device control program area.
4、如权利要求 3所述的基于移动通讯网的存储设备保护方法, 其特征 在于: 4. The mobile communication network-based storage device protection method according to claim 3, wherein:
所述采用网络实行全球在线鉴定,包括在移动通讯网和互联网上发布 用户注册系统, 以及在用户申请 WMRS成功后, 由服务器端对客户端的 保护对象即时启用实时移动通讯网络在线监测,即启用实时移动通讯网远 程监管程序。  The network implements global online authentication, including publishing a user registration system on the mobile communication network and the Internet, and after the user applies for the WMRS successfully, the server-side protection object of the client instantly enables real-time mobile communication network online monitoring, that is, enabling real-time mobile Communication network remote monitoring procedures.
5、如权利要求 4所述的基于移动通讯网的存储设备保护方法, 其特征 在于:  5. The mobile communication network-based storage device protection method according to claim 4, wherein:
所述实行全球在线锁定是一旦保护对象遗失或被盗、 非法用户占有, 即可激活 WMRS安全保护锁, 拒绝继续使用, 或者对非法占有正在使用 状态的保护对象以远程短信控制方式自毁数据,且只有合法用户才能以远 程网络控制方式向保护对象制造商办理恢复使用权限和其它所有权限,恢 复其内部数据的使用权。  The implementation of the global online lock is to activate the WMRS security protection lock once the protected object is lost or stolen, and the illegal user possesses, refuses to continue to use, or self-destructs the data by remote SMS control for the illegally possessed protected object. Only legitimate users can use the remote network control method to recover the use rights and all other rights to the protected object manufacturer, and restore the use rights of their internal data.
6、如权利要求 5所述的基于移动通讯网的存储设备保护方法, 其特征 在于: 所述合法身份特征持有者身份鉴别,包括对合法持有保护对象的用户 提供终身身份注册信息管理服务, 以及由合法持有保护对象的用户在线填 写进行网络身份安全认证的保密码和绑定授权亲情号码, 经过采用 MD5 不可逆加密算法转换的动态加密后保存在保护对象制造商的服务器数据 库, 从客户端和服务器端实行双重比对鉴定和更新。 6. The mobile communication network-based storage device protection method according to claim 5, wherein: The identity identification of the legal identity holder includes providing a lifelong identity registration information management service for the user who legally holds the protection object, and the security password and binding for the online identity security authentication by the user who legally holds the protection object online. The authorized family number is stored in the server database of the protected object manufacturer after dynamic encryption using the MD5 irreversible encryption algorithm, and double authentication and update are performed from the client and the server.
7、如权利要求 6所述的基于移动通讯网的存储设备保护方法, 其特征 在于:  The mobile communication network-based storage device protection method according to claim 6, wherein:
所述对合法持有保护对象的用户提供终身身份注册信息管理服务,是 将注册信息通过网络电子注册, 作为合法用户售后升级服务的终身凭证; 所述注册信息包括合法身份特征持有者身份、 邮件、 联络方式, 保护 对象的产品编码、 产品序号、 产品软件、 用户密钥、 绑定授权亲情号码以 及用户信息。  Providing the lifelong identity registration information management service to the user who legally holds the protection object is a life certificate that registers the registration information through the network electronically as a legitimate user after-sales upgrade service; the registration information includes the identity of the legal identity feature holder, Mail, contact information, product code of the protected object, product serial number, product software, user key, binding authorization family number, and user information.
8、如权利要求 7所述的基于移动通讯网的存储设备保护方法, 其特征 在于:  8. The mobile communication network-based storage device protection method according to claim 7, wherein:
所述存储设备是硬盘、软盘、 闪存单元存储设备和可擦写磁带中的一 种。  The storage device is one of a hard disk, a floppy disk, a flash unit storage device, and a rewritable tape.
9、如权利要求 8所述的基于移动通讯网的存储设备保护方法, 其特征 在于:  9. The mobile communication network-based storage device protection method according to claim 8, wherein:
所述硬盘是磁碟型硬盘和 SSD中的一种。  The hard disk is one of a disk type hard disk and an SSD.
10、 如权利要求 9所述的基于移动通讯网的存储设备保护方法, 其特 征在于:  10. The mobile communication network-based storage device protection method according to claim 9, wherein:
所述硬盘是包括控制单元、 闪存存储单元的 SSD。  The hard disk is an SSD including a control unit and a flash memory unit.
11、 一种固态硬盘保护方法, 其特征是包括如下歩骤 :  11. A method for protecting a solid state hard disk, comprising the following steps:
A、 SSD接入电脑后首先通过移动通讯网络寻找网络并与服务器端握 手,然后实时向服务器上传机主硬件信息,并实时查询锁定 SSD指令是否激 活;  A. After accessing the computer, the SSD first finds the network through the mobile communication network and grips with the server, then uploads the main hardware information to the server in real time, and queries whether the locked SSD command is activated in real time;
B、如果验证通过为合法用户且锁定 SSD指令没有激活, 则进入正常 工作状态, 否则进入歩骤 C中的保护状态;  B. If the verification is valid and the locked SSD instruction is not activated, the normal working state is entered, otherwise the protection state in step C is entered;
C、 SSD拒绝正常运行。  C, SSD refused to run normally.
12、 如权利要求 11所述的固态硬盘保护方法, 其特征是, 在歩骤 C 中还包括如下歩骤中的至少一者: Cl、 对 SSD的整个存储设备进行数据安全保护及加密备份; The method for protecting a solid state disk according to claim 11, wherein at least one of the following steps is further included in the step C: Cl, data security protection and encrypted backup of the entire storage device of the SSD;
C2、 对 SSD主控进行禁止读写操作限制, 保证 SSD无论作为主、 从 盘时主板均不能发现;  C2. The SSD master control is forbidden to read and write operations, ensuring that the SSD cannot be found on the motherboard when it is used as the master or slave.
C3、 使 SSD处于故障状态或空盘出厂状态。  C3. Make the SSD in a fault state or an empty state.
13、 如权利要求 11或 12所述的固态硬盘保护方法, 其特征是, 如果 遇到暴力解开, 则启动自毁程序;所述 "暴力解开"包括: 超过阈值次数 的试图重复接入服务器认证、 硬件电路连接被改变、 机械损伤。  The solid state hard disk protection method according to claim 11 or 12, wherein if the violent disintegration is encountered, the self-destruction program is started; the "violent unraveling" includes: attempting to repeatedly access exceeding a threshold number of times Server authentication, hardware circuit connections are changed, and mechanical damage.
13、 如权利要求 11或 12所述的固态硬盘保护方法, 其特征是, 在歩 骤 A 中, 服务器接收到机主硬件信息后, 判断机主是否非法, 如果为非 法, 则标示非法用户, 等待授权激活锁定 SSD;或者通过电子邮件、 即时 通讯手段通知合法用户。  The method for protecting a solid state disk according to claim 11 or 12, wherein in the step A, after the server receives the hardware information of the machine, the server determines whether the owner is illegal, and if it is illegal, marks the illegal user. Wait for the authorization to activate the lock SSD; or notify the legitimate user by email or instant messaging.
PCT/CN2009/075952 2009-07-31 2009-12-24 Method for protecting storage devices based on mobile communication network WO2011011952A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910109258.4 2009-07-31
CN2009101092584A CN101635921B (en) 2009-07-31 2009-07-31 Protection method of memory device based on mobile communication network

Publications (1)

Publication Number Publication Date
WO2011011952A1 true WO2011011952A1 (en) 2011-02-03

Family

ID=41594936

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/075952 WO2011011952A1 (en) 2009-07-31 2009-12-24 Method for protecting storage devices based on mobile communication network

Country Status (3)

Country Link
CN (1) CN101635921B (en)
HK (1) HK1136143A1 (en)
WO (1) WO2011011952A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113343322A (en) * 2021-04-27 2021-09-03 杨万里 Financial data storage system based on internet
CN115277844A (en) * 2022-06-13 2022-11-01 杭州猎火传媒科技有限公司 Big data background data processing method and system
CN113343322B (en) * 2021-04-27 2024-05-10 泽鹿视界数字科技(郑州)有限公司 Financial data storage system based on internet

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102542189B (en) * 2010-12-31 2015-07-29 联想(北京)有限公司 A kind of method of certification, device and electronic equipment
CN103246617B (en) * 2012-02-07 2016-08-17 宇龙计算机通信科技(深圳)有限公司 Mobile terminal and data save method based on android system
CN102768718B (en) * 2012-07-12 2016-01-27 江苏和乔科技股份有限公司 A kind of fiscal data self-destruction system and its implementation
CN105873054B (en) * 2016-04-01 2019-06-11 宇龙计算机通信科技(深圳)有限公司 A kind of communication management method, system and multi-card mobile terminal

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101132557A (en) * 2007-09-28 2008-02-27 赵颜 Method providing equipment and data safety service for mobile phone users
CN101252433A (en) * 2008-04-03 2008-08-27 张晶 Method for combining mobile memory apparatus with network verification
CN101403996A (en) * 2008-10-28 2009-04-08 成都市华为赛门铁克科技有限公司 Data security protection method and device
CN101588371A (en) * 2009-06-11 2009-11-25 王德高 Method based on internet for protecting memory device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100433910C (en) * 2005-05-12 2008-11-12 中兴通讯股份有限公司 Method for protecting mobile terminal identity in mobile communication system
CN1980420B (en) * 2005-12-02 2010-12-29 中兴通讯股份有限公司 Networking locking method of CDMA2000 terminal apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101132557A (en) * 2007-09-28 2008-02-27 赵颜 Method providing equipment and data safety service for mobile phone users
CN101252433A (en) * 2008-04-03 2008-08-27 张晶 Method for combining mobile memory apparatus with network verification
CN101403996A (en) * 2008-10-28 2009-04-08 成都市华为赛门铁克科技有限公司 Data security protection method and device
CN101588371A (en) * 2009-06-11 2009-11-25 王德高 Method based on internet for protecting memory device

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113343322A (en) * 2021-04-27 2021-09-03 杨万里 Financial data storage system based on internet
CN113343322B (en) * 2021-04-27 2024-05-10 泽鹿视界数字科技(郑州)有限公司 Financial data storage system based on internet
CN115277844A (en) * 2022-06-13 2022-11-01 杭州猎火传媒科技有限公司 Big data background data processing method and system
CN115277844B (en) * 2022-06-13 2024-03-26 杭州猎火传媒科技有限公司 Big data background data processing method and system

Also Published As

Publication number Publication date
CN101635921A (en) 2010-01-27
HK1136143A1 (en) 2010-06-18
CN101635921B (en) 2012-06-27

Similar Documents

Publication Publication Date Title
JP6170115B2 (en) Network-assisted fraud detection apparatus and method
TWI451773B (en) Apparatus and methods for distributing and storing electronic access clients
US8419806B2 (en) Discriminating data protection system
CN103514386B (en) Permission control and management method of application program and electronic device
WO2011029254A1 (en) Internet–based protection method for universal serial bus (usb) portable storage device
CN102508791B (en) Method and device for encrypting hard disk partition
US20160028725A1 (en) Integrated circuit for determining whether data stored in external nonvolative memory is valid
US20050050363A1 (en) Secure data management apparatus
US8707444B2 (en) Systems and methods for implementing application control security
JP2008546253A (en) Security protection method and information service provision method
US20110113242A1 (en) Protecting mobile devices using data and device control
US8571522B2 (en) Authentication method for the mobile terminal and a system thereof
JP2014533411A (en) How to secure a computing device
WO2011011952A1 (en) Method for protecting storage devices based on mobile communication network
CN102571823A (en) Remote security protection method for data of flash disk
WO2013185689A1 (en) Authentication method, authentication apparatus and authentication device
JP2006319432A (en) Portable terminal and information management system
JP6344170B2 (en) Device, management module, program, and control method
WO2018163774A1 (en) Terminal device, registration processing program and registration processing method
CN110866288A (en) Data protection method, system and terminal based on block chain
JP2009288911A (en) Access control method of external storage medium with radio function
CN117353903A (en) Device authentication method, authentication device, storage medium, and product
JP2013175071A (en) File access control method
JP4747137B2 (en) File device, file control program, and file control method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09847738

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09847738

Country of ref document: EP

Kind code of ref document: A1