WO2020073916A1 - Encryption method and apparatus for storage device, and storage medium - Google Patents

Encryption method and apparatus for storage device, and storage medium Download PDF

Info

Publication number
WO2020073916A1
WO2020073916A1 PCT/CN2019/110104 CN2019110104W WO2020073916A1 WO 2020073916 A1 WO2020073916 A1 WO 2020073916A1 CN 2019110104 W CN2019110104 W CN 2019110104W WO 2020073916 A1 WO2020073916 A1 WO 2020073916A1
Authority
WO
WIPO (PCT)
Prior art keywords
storage device
nfc
state
identity
encrypted
Prior art date
Application number
PCT/CN2019/110104
Other languages
French (fr)
Chinese (zh)
Inventor
刘维维
胡伟
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2020073916A1 publication Critical patent/WO2020073916A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C7/00Arrangements for writing information into, or reading information out from, a digital store
    • G11C7/10Input/output [I/O] data interface arrangements, e.g. I/O data control circuits, I/O data buffers

Definitions

  • the present invention requires the priority of the Chinese patent application filed on October 9, 2018 in the Chinese Patent Office with the application number 201811172068.2 and the invention titled "A storage device encryption method, device and storage medium”. The content is incorporated into the present invention by reference.
  • the invention relates to communication technology, in particular to an encryption method, device and storage medium of a storage device.
  • Encrypted U disk refers to the U disk that implements encryption and decryption protection on the contents of the U disk.
  • A. Fake encryption which is just to hide files, set a password, and only verify identity, there is no change in actual storage content.
  • B. Soft encryption built-in or attached software to encrypt data, generally use AES (Advanced Encryption Standard, Chinese name advanced encryption standard) encryption algorithm, can also be divided into encrypted area and non-encrypted area.
  • AES Advanced Encryption Standard, Chinese name advanced encryption standard
  • C Hardware encryption, built-in hardware encryption, transparent encryption, invisible, complete encryption, verification when reading, and some have some special functions, such as applying encryption to the hard disk, inserting the U disk to display the clear code, unplugging the display is encryption information.
  • the above three encryption methods have the following disadvantages: A. Fake encryption, without real encryption, you can read the files on the original U disk through a password cracking tool or install flash on other PCB boards, and the security is poor . B. Soft encryption, because the encryption process is completed on the PC side, there are still certain hidden security risks. C. Hardware encryption, the entire encryption process is completed inside the U disk, and the encrypted U disk is black boxed. Although this method has a high security level, it requires a special hardware encryption and decryption chip for encryption, and the encryption and decryption speed should reach 25MB / S or more The hardware cost is slightly higher than soft encryption.
  • U disks that use hardware encryption technology have the highest security, and need to implement encryption and decryption functions through physical methods.
  • U disks that use hardware encryption are mainly divided into two categories:
  • Fingerprint encryption U disk built-in fingerprint collection / recognizer, everyone's fingerprint is unique and unchanged for life. Relying on this uniqueness and stability, a person can be matched with his fingerprint to verify his true identity, and data encryption and decryption functions can be realized by this method.
  • the advantage is that the security level is very high, and the encryption / decryption speed is fast; the disadvantage is that some people or certain groups have few fingerprint characteristics, which is difficult to image.
  • Key encryption U disk built-in physical number / letter keys, realize the encryption / decryption function by manually inputting the preset password.
  • the password is stored in the encryption chip, which can realize the data decryption from the computer, and supports multiple accounts (management Staff, ordinary users), multiple permissions (read and write, read-only) and other functions.
  • the advantage is that the security level is high, and data can also be encrypted / decrypted in real time.
  • the disadvantage is that you must always remember the password, because once you forget the password, you cannot retrieve the data through other methods, and the key structure is complex, large, and costly.
  • an embodiment of the present invention provides an encryption method for a storage device, which is applied to an NFC storage device for short-range communication.
  • the method includes: obtaining a status indication of the NFC storage device; When the NFC storage device is in an encrypted state, based on the decryption information sent by the NFC terminal device, the NFC storage device is controlled to enter a decryption state; wherein, the decryption information includes at least the identity of the NFC terminal device; When the NFC storage device is in the decrypted state, the NFC storage device is controlled to enter the encrypted state based on the encrypted information sent by the NFC terminal device; wherein the encrypted information includes at least the identity of the NFC terminal device.
  • An embodiment of the present invention also provides an encryption device for a storage device, which is applied to an NFC storage device.
  • the encryption device includes: a processor and a memory; wherein the processor is used to execute a program stored in the memory, to The following steps are implemented: obtaining a status indication of the NFC storage device; when the status indication indicates that the NFC storage device is in an encrypted state, based on the decryption information sent by the NFC terminal device, controlling the NFC storage device to enter the decryption state; wherein, The decryption information includes at least the identity of the NFC terminal device; when the status indication characterizes that the NFC storage device is in the decrypted state, based on the encrypted information sent by the NFC terminal device, the NFC storage device is controlled to enter the encrypted state; wherein, The encrypted information includes at least the identity of the NFC terminal device.
  • An embodiment of the present invention also provides an electronic device, including: at least one processor; and a memory communicatively connected to the at least one processor; wherein the memory stores instructions executable by the at least one processor , The instruction is executed by the at least one processor, so that the at least one processor executes the method described in the above aspects.
  • An embodiment of the present invention further provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the steps of any one of the methods described above are implemented.
  • An embodiment of the present invention also provides a computer program product.
  • the computer program product includes a computer program stored on a non-transitory computer-readable storage medium.
  • the computer program includes program instructions. When the program instructions are executed by a computer When the computer is made to execute the method described in the above aspects.
  • FIG. 1 is a schematic flowchart of an encryption method of a storage device in an embodiment of the present invention
  • Figure 2 is a schematic diagram of the structure of a U disk in the prior art
  • FIG. 3 is a schematic diagram of the improved structure of the U disk in the embodiment of the present invention.
  • FIG. 4 is a schematic flowchart of a decryption process in an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of an improved structure of a U-disk I / O interface in an embodiment of the present invention
  • FIG. 6 is a first interaction schematic diagram of decryption processing in an embodiment of the present invention.
  • FIG. 7A is a second interaction schematic diagram of decryption processing in an embodiment of the present invention.
  • FIG. 7B is a third interaction schematic diagram of decryption processing in an embodiment of the present invention.
  • FIG. 8 is a schematic flowchart of an encryption process in an embodiment of the present invention.
  • FIG. 9 is a first interaction schematic diagram of encryption processing in an embodiment of the present invention.
  • 10A is a second interaction schematic diagram of encryption processing in an embodiment of the present invention.
  • 10B is a third interaction schematic diagram of encryption processing in an embodiment of the present invention.
  • FIG. 11 is a schematic structural diagram of an encryption device of a storage device in an embodiment of the present invention.
  • FIG. 12 is a schematic diagram of a hardware structure of an electronic device that executes an encryption method of a storage device according to an embodiment of the present invention.
  • the encryption method of the storage device includes: Step 101: Obtain the status indication of the NFC storage device; Step 102: When the status indication indicates that the NFC storage device is in an encrypted state, control NFC based on the decryption information sent by the NFC terminal The storage device enters the decryption state; wherein the decryption information includes at least the identity of the NFC terminal device; Step 103: When the status indication characterizes that the NFC storage device is in the decryption state, the NFC storage device is controlled to enter the encryption state based on the encrypted information sent by the NFC terminal device ; Wherein the encrypted information includes at least the identity of the NFC terminal device.
  • the execution subject of step 101 to step 103 may be the processor of the NFC storage device.
  • the NFC storage device may be a U disk with NFC function
  • the NFC terminal device may be a mobile phone, tablet computer, notebook computer, personal computer, etc. with NFC function.
  • the structure of the existing U disk is shown in Figure 2.
  • the USB interface in the U disk includes: 1.
  • the VBUS Red (red line) power supply is positive 5V; 2.
  • the D-White (white line) data line is negative; 3.
  • D + Green ( Green wire) The data wire is positive; 4.
  • IDnone (empty end) is divided into two interfaces, A and B.
  • the NFC storage device provided in the embodiment of the present invention includes at least an NFC chip, and the NFC chip is used to implement transmission of NFC signals with an NFC terminal device.
  • the U disk is provided with an NFC chip, and the USB interface structure in the U disk is the same as a general U disk. In the existing U disk structure, only the NFC chip needs to be added, and there is no need to do other things for the U disk structure. Changes, easy to implement.
  • step 101 specifically includes: obtaining the circuit state of the control circuit of the NFC storage device; wherein, when the circuit state is an open state, it indicates that the NFC storage device is in an encrypted state, and when the circuit state is a path state, it indicates that the NFC storage device is in a decrypted state.
  • the control circuit is used to control the on-off of the data line of the NFC storage device. When the data line is turned on, it can read and write normal data to the storage device, and when the data line is disconnected, the external device cannot read the storage device normally.
  • the storage device is in an encrypted state, the storage device does not work, even if the storage device is connected to an external device, there is no reaction, and illegal users cannot send USB commands to the storage device to read and write data through the USB bus debugging tool, and steal the internal data of the device .
  • controlling the NFC storage device to enter a decryption state includes: controlling the control circuit of the NFC storage device to be in a pass state; controlling the NFC storage device to enter an encryption state, including controlling the control circuit of the NFC storage device to be in an open state.
  • the method further includes: receiving the identity of at least one NFC terminal device in advance; and using the identity of the at least one NFC terminal device to establish an identity set.
  • the identity set is used as the basis for decrypting the NFC storage device. Since each terminal device has its own unique identity, for example, the ID of the mobile phone, IMEI code (International Mobile Equipment Identity, Chinese name international mobile device identification code), you can Use identification to distinguish between different terminal devices.
  • IMEI code International Mobile Equipment Identity, Chinese name international mobile device identification code
  • step 102 specifically includes: matching the identity identification in the decryption information with the identity identification set; when the matching is successful, controlling the NFC storage device to enter the decryption state; when the matching is unsuccessful, the NFC storage device maintains the encryption state.
  • the identity of the terminal device serves as the basis for decryption of the storage device.
  • the mobile phone is close to the U disk, the U disk will receive the identity sent by the mobile phone, and the U disk's processor matches the received identity with the identity stored by itself.
  • the U disk decryption operation can be performed, and the U disk can be read and written normally; if the matching is unsuccessful, the U disk is still in the encrypted state and cannot be used.
  • step 103 specifically includes: controlling the NFC storage device to enter an encrypted state, and storing the identity identification in the encrypted information in the identity identification set.
  • the terminal device when the terminal device encrypts the storage device, it is necessary to use the terminal device's identity tag to establish an identity tag set, so that the identity tag set serves as a basis for the decryption of the storage device later.
  • the identity tag set serves as a basis for the decryption of the storage device later.
  • the processor of the USB flash drive controls the NFC storage device to enter the encrypted state, and stores the mobile phone's identity to In the identity set, the mobile phone can be used to decrypt the U disk later.
  • a first prompt message is generated to prompt the user to perform a decryption process
  • a first prompt message is generated to prompt the user to perform Encrypted second prompt message.
  • the first prompt message and the second prompt message can be displayed on the NFC terminal device held by the user, which increases the user's flexibility in encryption / decryption control of the storage device.
  • the NFC terminal device supplies power to the NFC storage device through the NFC function, so that the NFC storage device can also realize encryption and decryption operations in a passive case.
  • the encryption method of a storage device is applied to a NFC storage device for short-range communication.
  • the method includes: acquiring a status indication of the NFC storage device; when the status indication indicates that the NFC storage device is in an encrypted state, based on the NFC terminal device Send the decryption information to control the NFC storage device to enter the decryption state; where the decryption information includes at least the identity of the NFC terminal device; when the status indication indicates that the NFC storage device is in the decryption state, based on the encrypted information sent by the NFC terminal device, control the NFC storage The device enters an encrypted state; where the encrypted information includes at least the identity of the NFC terminal device.
  • a storage device with NFC function can be encrypted / decrypted by one or more NFC terminal devices bound to it, and the identity of the NFC terminal device is used as the only basis for encryption / decryption so that the storage device has higher security It does not require users to set or record encryption / decryption information, simplifying the encryption / decryption process.
  • the encryption setting is performed on the storage device.
  • the encryption step specifically includes the following: Step 401: Obtain a status indication of the storage device.
  • Step 402 Determine that the storage device is in an encrypted state according to the status indication, and generate first prompt information.
  • an encryption process can be performed on the storage device.
  • the circuit state of the control circuit of the NFC storage device is obtained; wherein, when the circuit state is the open state, the NFC storage device is in the encrypted state, and when the circuit state is the path state, the NFC storage device is in the decrypted state.
  • the control circuit is used to control the on-off of the data line of the NFC storage device.
  • the data line When the data line is turned on, it can read and write normal data to the storage device, and when the data line is disconnected, the external device cannot read the storage device normally. Write, you can think that the storage device is in an encrypted state.
  • the control circuit may be a switch control circuit.
  • a switch 42 is provided on the data line between the pin 2 pin connected to the USB chip 41 and the USB interface 43.
  • the VI- The ID tab will automatically change to the Enable state, that is, the decryption state.
  • the pin2 pin connected to the NFC chip will trigger a state indication indicating the state of the channel; when the USB data line is disconnected, then the VI in the setting item -The ID tab will automatically change to the Disabled state, that is, the encrypted state.
  • the pin2 pin connected to the NFC chip will trigger a state indication indicating the disconnection state.
  • Step 403 Control the mobile phone and / or computer to display the first prompt message.
  • Step 404 Based on the first prompt message, determine whether a decryption instruction is detected; if yes, perform step 405; if no, perform step 408.
  • the first prompt message is used to prompt the user to perform the decryption process. After seeing the first prompt message, the user can perform the decryption process through the mobile phone.
  • the first prompt message may also be displayed on the user ’s mobile phone or other mobile terminal, such as “whether to perform U disk decryption”, and perform the next decryption step by detecting the decryption instruction.
  • the user can instruct to execute or refuse to execute the decryption process through different keys.
  • FIG. 7B when the U disk is successfully decrypted, the U disk can also return a "decryption successful" message to the mobile phone.
  • the decryption information includes a decryption instruction and the identity of the NFC terminal device; wherein the decryption instruction is used to instruct the storage device to perform the decryption process, and the identity is used as the basis for the current decryption process.
  • the user after seeing the first prompt message, the user sends a decryption instruction to the storage device through the NFC function of the terminal device; when the storage device detects the decryption instruction, it obtains the identity of the mobile phone to perform the decryption process.
  • Step 405 Obtain the identity of the mobile phone.
  • Step 406 Match the identity of the mobile phone with the identity set stored by itself, and determine whether the identity verification is successful according to the matching result; if yes, perform step 407; if no, perform step 408.
  • Step 407 Decrypt the storage device.
  • Step 408 Refuse to respond to data read and write instructions.
  • the storage device cannot be used.
  • the identification of the user's identity is completely controlled by the NFC signal command on the mobile phone, and is separated from the U disk, and the U disk does not need to install any driver program and user identity authentication software on the host, and is not subject to the software running on the USB host.
  • the intervention of the user's identity information and key information constitutes strong anti-software cracking protection.
  • the complexity of the product structure is directly proportional to the security.
  • the security By dividing the USB flash drive into two, even if the USB flash drive is lost or stolen, others cannot access the data in the USB flash drive. information security.
  • the user only performs one more decryption operation than the ordinary U disk when using it, which has no other impact on the user, so the user's ease of use is also guaranteed.
  • the storage device (the storage device mentioned in the embodiment of the present invention is an NFC storage device) is encrypted, and the encryption step specifically includes the following:
  • Step 801 Obtain a status indication of the storage device.
  • Step 802 Determine that the storage device is in a decrypted state according to the status indication, and generate second prompt information.
  • the storage device when it is judged that the storage device is in an encrypted state according to the status indication, the following encryption steps are ignored, and the storage device can be decrypted.
  • Step 803 Control the mobile phone and / or computer to display the second prompt message.
  • Step 804 Based on the second prompt message, determine whether an encryption instruction is detected; if yes, perform step 805; if no, perform step 807.
  • the second prompt message is used to prompt the user to perform the encryption process. After seeing the second prompt message, the user can perform the encryption process through the mobile phone.
  • the USB flash drive when the USB flash drive arrives at the insertion point, the USB flash drive is in the decrypted state by recognizing that the USB pin 2 is in the power-on state, that is, the data line path state; the second prompt message is displayed on the computer, for example, "U disk is connected, no identity authentication is required” to remind the user that the current storage device is in the decrypted state, and the user decides whether to perform encryption processing. Or, the second prompt message is "U disk connected". After seeing the second prompt message, the user determines that the U disk has been successfully connected, and can directly perform the processing operation without identity verification.
  • the second prompt message may also be displayed on the user ’s mobile phone or other mobile terminal, such as “whether to perform U disk encryption setting”, and perform the next encryption step by detecting the encryption instruction.
  • the user can instruct to execute or refuse to execute the encryption process through different keys.
  • FIG. 10B when the U disk is successfully encrypted, the U disk may also return a "encryption successful" message to the mobile phone.
  • the encrypted information includes an encryption instruction and an identity identification of the NFC terminal device; wherein, the encryption instruction is used to instruct the storage device to perform encryption processing, and the identity identification serves as a basis for performing decryption processing next time.
  • the user after seeing the second prompt message, the user sends an encryption instruction to the storage device through the NFC function of the terminal device; when the storage device detects the encryption instruction, it performs an encryption process and stores the identity of the mobile phone.
  • Step 805 Control the storage device to enter an encrypted state, obtain and store the identity of the mobile phone.
  • Step 806 Encryption is complete.
  • Step 807 Normally respond to data read and write instructions.
  • an embodiment of the present invention also provides an encryption device for a storage device, which is applied to an NFC storage device.
  • the encryption device includes: a processor 111 and a memory 112, wherein,
  • the processor 111 is used to execute the program stored in the memory 112 to achieve the following steps: obtain a status indication of the NFC storage device; when the status indication characterizes that the NFC storage device is in an encrypted state, control the NFC storage based on the decryption information sent by the NFC terminal device The device enters the decryption state; where the decryption information includes at least the identity of the NFC terminal device; when the status indication indicates that the NFC storage device is in the decryption state, the NFC storage device is controlled to enter the encrypted state based on the encrypted information sent by the NFC terminal device; wherein, encryption The information includes at least the identity of the NFC terminal device.
  • the processor 111 is further configured to execute a program stored in the memory 112 to implement the following steps: pre-receive the identity of at least one NFC terminal device; and use the identity of at least one NFC terminal device to establish an identity set.
  • the processor 111 is specifically configured to execute the program stored in the memory 112 to achieve the following steps: match the identity in the decryption information with the identity set; when the match is successful, control the NFC storage device to enter decryption status.
  • the processor 111 is specifically configured to execute the program stored in the memory 112 to implement the following steps: control the NFC storage device to enter an encrypted state, and store the identity in the encrypted information in the identity set.
  • the processor 111 is specifically configured to execute the program stored in the memory 112 to achieve the following steps: acquiring the circuit state of the control circuit of the NFC storage device; wherein, when the circuit state is the open state, the NFC storage device is in encryption State, when the circuit state is the path state, it means that the NFC storage device is in the decrypted state.
  • the processor 111 is specifically configured to execute the program stored in the memory 112 to achieve the following steps: the control circuit that controls the NFC storage device is in the on state; or, the control circuit that controls the NFC storage device is in the off state.
  • the processor 111 is further configured to execute a program stored in the memory 112 to implement the following steps: when the status indication indicates that the NFC storage device is in an encrypted state, a first prompt message for prompting the user to perform decryption processing is generated When the status indication indicates that the NFC storage device is in the decrypted state, a second prompt message for prompting the user to perform encryption processing is generated.
  • the above memory may be volatile memory (volatile memory), such as random access memory (RAM, Random-Access Memory); or non-volatile memory (non-volatile memory), such as read-only memory (ROM, Read-Only Memory), flash memory (flash memory), hard disk (HDD, Hard Disk Drive) or solid-state hard disk (SSD, Solid-State Drive); or a combination of the above types of memory, and provide instructions to the processor And data.
  • volatile memory such as random access memory (RAM, Random-Access Memory
  • non-volatile memory such as read-only memory (ROM, Read-Only Memory), flash memory (flash memory), hard disk (HDD, Hard Disk Drive) or solid-state hard disk (SSD, Solid-State Drive
  • SSD Solid-State Drive
  • the above processor may be an application specific integrated circuit (ASIC, Application Integrated Circuit), a digital signal processing device (DSPD, Digital Signal Processing), a programmable logic device (PLD, Programmable Logic Device), a field programmable gate array (Field -At least one of Programmable Gate Array (FPGA), DSP, CPU, controller, microcontroller, microprocessor. Understandably, for different devices, the electronic device used to implement the above-mentioned processor function may also be other, which is not specifically limited in the embodiment of the present invention.
  • Any one of the above encryption devices provided in the embodiments of the present invention can be applied to a storage device to make the storage device have higher security, and the encryption / decryption process is simple.
  • embodiments of the present invention also provide a computer-readable storage medium, such as a memory including a computer program, which can be executed by a processor of a terminal to complete the method in one or more of the foregoing embodiments step.
  • a computer-readable storage medium such as a memory including a computer program
  • the embodiments of the present invention may be provided as methods, systems, or computer program products. Therefore, the present invention may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware. Moreover, the present invention may take the form of a computer program product implemented on one or more computer usable storage media (including but not limited to disk storage and optical storage, etc.) containing computer usable program code.
  • a computer usable storage media including but not limited to disk storage and optical storage, etc.
  • each flow and / or block in the flow schematic diagram and / or block diagram and a combination of the flow and / or block in the flow schematic diagram and / or block diagram may be implemented by computer program instructions.
  • These computer program instructions can be provided to the processor of a general-purpose computer, special-purpose computer, embedded processing machine, or other programmable data processing device to produce a machine that enables the generation of instructions executed by the processor of the computer or other programmable data processing device A device for realizing the functions specified in one block or multiple blocks of a block diagram or a block diagram of a block diagram.
  • These computer program instructions may also be stored in a computer readable memory that can guide a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer readable memory produce an article of manufacture including an instruction device, the instructions The device implements the functions specified in the flow diagram one flow or multiple flows and / or the block diagram one block or multiple blocks.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device, so that a series of operating steps are performed on the computer or other programmable device to produce computer-implemented processing, which is executed on the computer or other programmable device
  • the instructions provide steps for implementing the functions specified in the flow diagram of a flow or flows and / or the block diagram of a block or flows of blocks.
  • An embodiment of the present invention provides a computer program product.
  • the computer program product includes a computer program stored on a non-transitory computer-readable storage medium.
  • the computer program includes program instructions. When the program instructions are executed by a computer To make the computer execute the method in any of the above method embodiments.
  • FIG. 12 is a schematic diagram of a hardware structure of an electronic device for executing a method according to an embodiment of the present invention.
  • the device includes one or more processors 1210 and a memory 1220. Take a processor 1210 as an example.
  • the device may also include: an input device 1230 and an output device 1240.
  • the processor 1210, the memory 1220, the input device 1230, and the output device 1240 may be connected through a bus or other means. In FIG. 12, connection through a bus is used as an example.
  • the memory 1220 is a non-transitory computer-readable storage medium that can be used to store non-transitory software programs, non-transitory computer executable programs, and modules.
  • the processor 1210 executes non-transitory software programs, instructions, and modules stored in the memory 1220 to execute various functional applications and data processing of the electronic device, that is, to implement the processing methods of the foregoing method embodiments.
  • the memory 1220 may include a storage program area and a storage data area, where the storage program area may store an operating system and application programs required by at least one function; the storage data area may store data, and the like.
  • the memory 1220 may include a high-speed random access memory, and may also include a non-transitory memory, such as at least one magnetic disk storage device, a flash memory device, or other non-transitory solid-state storage devices.
  • the memory 1220 may optionally include memories remotely provided with respect to the processor 1210, and these remote memories may be connected to the processing device through a network. Examples of the above network include but are not limited to the Internet, intranet, local area network, mobile communication network, and combinations thereof.
  • the input device 1230 can receive input digital or character information, and generate signal input.
  • the output device 1240 may include a display device such as a display screen.
  • the one or more modules are stored in the memory 1220, and when executed by the one or more processors 1210, execute: an encryption method of a storage device, which is applied to a NFC storage device for short-range communication.
  • the method includes: obtaining a status indication of an NFC storage device; when the status indication indicates that the NFC storage device is in an encrypted state, based on the decryption information sent by the NFC terminal device, controlling the NFC storage device to enter a decrypted state; wherein, The decryption information includes at least the identity of the NFC terminal device; when the status indication characterizes that the NFC storage device is in the decrypted state, based on the encrypted information sent by the NFC terminal device, the NFC storage device is controlled to enter the encrypted state; wherein, The encrypted information includes at least the identity of the NFC terminal device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

An encryption method for a storage device, applied to a near-field communication (NFC) storage device, the method comprising: acquiring a state indication of an NFC storage device (101); when the state indication indicates that the NFC storage device is in an encrypted state, controlling, on the basis of decryption information sent by the NFC terminal device, the NFC storage device to enter a decrypted state; the decryption information at least including an identity identifier of the NFC terminal device (102); when the state indication indicates that the NFC storage device is in the decrypted state, controlling, on the basis of the encrypted information sent by the NFC terminal device, the NFC storage device to enter the encrypted state; the encryption information at least including the identity identifier of the NFC terminal device (103). Further disclosed are an encryption apparatus for a storage device, and a storage medium.

Description

一种存储设备的加密方法、装置及存储介质Encryption method, device and storage medium of storage equipment
交叉引用cross reference
本发明要求在2018年10月9日提交至中国专利局、申请号为201811172068.2、发明名称为“一种存储设备的加密方法、装置及存储介质”的中国专利申请的优先权,该申请的全部内容通过引用结合在本发明中。The present invention requires the priority of the Chinese patent application filed on October 9, 2018 in the Chinese Patent Office with the application number 201811172068.2 and the invention titled "A storage device encryption method, device and storage medium". The content is incorporated into the present invention by reference.
技术领域Technical field
本发明涉及通信技术,尤其涉及一种存储设备的加密方法、装置及存储介质。The invention relates to communication technology, in particular to an encryption method, device and storage medium of a storage device.
背景技术Background technique
加密U盘是指对U盘内容实施加解密保护的U盘。目前市面上的加密U盘的加密方式主要有三种:A、假加密,仅仅是隐藏文件,设个密码,仅仅验证身份,实际存储内容没有任何变化。B、软加密,内置或附带软件,对数据进行加密,一般用AES(Advanced Encryption Standard,中文名称高级加密标准)加密算法,也可分加密区及非加密区。C、硬件加密,内置硬件加密,透明加密,无形之中,完成加密,读取时验证,有的具有一些特殊功能,例如将加密应用于硬盘,插上U盘显示明码,拔下显示就是加密信息。Encrypted U disk refers to the U disk that implements encryption and decryption protection on the contents of the U disk. At present, there are three main encryption methods for encrypted U disks on the market: A. Fake encryption, which is just to hide files, set a password, and only verify identity, there is no change in actual storage content. B. Soft encryption, built-in or attached software to encrypt data, generally use AES (Advanced Encryption Standard, Chinese name advanced encryption standard) encryption algorithm, can also be divided into encrypted area and non-encrypted area. C. Hardware encryption, built-in hardware encryption, transparent encryption, invisible, complete encryption, verification when reading, and some have some special functions, such as applying encryption to the hard disk, inserting the U disk to display the clear code, unplugging the display is encryption information.
以上三种加密方式具有以下缺点:A、假加密,没有实现真正意义上的加密,可以通过密码破解工具或者把flash装到其他的PCB板上就可以读出原来U盘上的文件,安全性差。B、软加密,由于加密过程在PC端完成,仍然存在一定被截获的安全隐患。C、硬件加密,整个加密过程在U盘内部完成,将加密U盘黑盒化,此方法虽然安全级别较高,但是需要专门的硬件加解密芯片进行加密,加解密速度要达到25MB/S以上,硬件成本比软加密略高。The above three encryption methods have the following disadvantages: A. Fake encryption, without real encryption, you can read the files on the original U disk through a password cracking tool or install flash on other PCB boards, and the security is poor . B. Soft encryption, because the encryption process is completed on the PC side, there are still certain hidden security risks. C. Hardware encryption, the entire encryption process is completed inside the U disk, and the encrypted U disk is black boxed. Although this method has a high security level, it requires a special hardware encryption and decryption chip for encryption, and the encryption and decryption speed should reach 25MB / S or more The hardware cost is slightly higher than soft encryption.
采用硬件加密技术的U盘安全性最高,需通过物理方法实现加解密功能,目前采用硬件加密方式的U盘主要分两大类:U disks that use hardware encryption technology have the highest security, and need to implement encryption and decryption functions through physical methods. Currently, U disks that use hardware encryption are mainly divided into two categories:
指纹加密U盘;内置指纹采集/识别器,每个人的指纹都是唯一的且终生不变。依靠这种唯一性和稳定性,就可以把一个人同他的指纹对应起来,从而验证他的真实身份,通过此方法来实现数据的加密、解密功能。优点是安全级别极高,加/解密速度快;缺点是某些人或某些群体的指纹特征少,难成 像。Fingerprint encryption U disk; built-in fingerprint collection / recognizer, everyone's fingerprint is unique and unchanged for life. Relying on this uniqueness and stability, a person can be matched with his fingerprint to verify his true identity, and data encryption and decryption functions can be realized by this method. The advantage is that the security level is very high, and the encryption / decryption speed is fast; the disadvantage is that some people or certain groups have few fingerprint characteristics, which is difficult to image.
按键加密U盘;内置物理数字/字母按键,通过手工输入预先设定好的密码来实现加密/解密功能,密码保存在加密芯片中,可以实现脱离电脑加解数据,同时支持多个帐户(管理员、普通用户)、多种权限(读写、只读)等功能。优点是安全级别高,同样能够实时加/解密数据。缺点是必须时刻牢记密码,因为一但忘记密码,无法通过其它方法重新获取数据,且按键结构复杂,体积大,成本高。Key encryption U disk; built-in physical number / letter keys, realize the encryption / decryption function by manually inputting the preset password. The password is stored in the encryption chip, which can realize the data decryption from the computer, and supports multiple accounts (management Staff, ordinary users), multiple permissions (read and write, read-only) and other functions. The advantage is that the security level is high, and data can also be encrypted / decrypted in real time. The disadvantage is that you must always remember the password, because once you forget the password, you cannot retrieve the data through other methods, and the key structure is complex, large, and costly.
发明内容Summary of the invention
为解决上述技术问题,本发明实施例提供了一种存储设备的加密方法,应用于近距离通信NFC存储设备中,所述方法包括:获取NFC存储设备的状态指示;当所述状态指示表征所述NFC存储设备处于加密状态时,基于NFC终端设备发送的解密信息,控制所述NFC存储设备进入解密状态;其中,所述解密信息至少包括NFC终端设备的身份标识;当所述状态指示表征所述NFC存储设备处于解密状态时,基于NFC终端设备发送的加密信息,控制所述NFC存储设备进入加密状态;其中,所述加密信息至少包括NFC终端设备的身份标识。To solve the above technical problems, an embodiment of the present invention provides an encryption method for a storage device, which is applied to an NFC storage device for short-range communication. The method includes: obtaining a status indication of the NFC storage device; When the NFC storage device is in an encrypted state, based on the decryption information sent by the NFC terminal device, the NFC storage device is controlled to enter a decryption state; wherein, the decryption information includes at least the identity of the NFC terminal device; When the NFC storage device is in the decrypted state, the NFC storage device is controlled to enter the encrypted state based on the encrypted information sent by the NFC terminal device; wherein the encrypted information includes at least the identity of the NFC terminal device.
本发明实施例中还提供了一种存储设备的加密装置,应用于NFC存储设备中,所述加密装置包括:处理器和存储器;其中所述处理器用于执行所述存储器中存储的程序,以实现以下步骤:获取NFC存储设备的状态指示;当所述状态指示表征所述NFC存储设备处于加密状态时,基于NFC终端设备发送的解密信息,控制所述NFC存储设备进入解密状态;其中,所述解密信息至少包括NFC终端设备的身份标识;当所述状态指示表征所述NFC存储设备处于解密状态时,基于NFC终端设备发送的加密信息,控制所述NFC存储设备进入加密状态;其中,所述加密信息至少包括NFC终端设备的身份标识。An embodiment of the present invention also provides an encryption device for a storage device, which is applied to an NFC storage device. The encryption device includes: a processor and a memory; wherein the processor is used to execute a program stored in the memory, to The following steps are implemented: obtaining a status indication of the NFC storage device; when the status indication indicates that the NFC storage device is in an encrypted state, based on the decryption information sent by the NFC terminal device, controlling the NFC storage device to enter the decryption state; wherein, The decryption information includes at least the identity of the NFC terminal device; when the status indication characterizes that the NFC storage device is in the decrypted state, based on the encrypted information sent by the NFC terminal device, the NFC storage device is controlled to enter the encrypted state; wherein, The encrypted information includes at least the identity of the NFC terminal device.
本发明实施例还提供了一种电子设备,包括:至少一个处理器;以及与所述至少一个处理器通信连接的存储器;其中,所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器执行以上各个方面所述的方法。An embodiment of the present invention also provides an electronic device, including: at least one processor; and a memory communicatively connected to the at least one processor; wherein the memory stores instructions executable by the at least one processor , The instruction is executed by the at least one processor, so that the at least one processor executes the method described in the above aspects.
本发明实施例中还提供了一种计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现上述任一项所述的方法的步骤。An embodiment of the present invention further provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the steps of any one of the methods described above are implemented.
本发明实施例还提供了一种计算机程序产品,所述计算机程序产品包括存储在非暂态计算机可读存储介质上的计算机程序,所述计算机程序包括程序指令,当所述程序指令被计算机执行时,使所述计算机执行以上各个方面所述的方法。An embodiment of the present invention also provides a computer program product. The computer program product includes a computer program stored on a non-transitory computer-readable storage medium. The computer program includes program instructions. When the program instructions are executed by a computer When the computer is made to execute the method described in the above aspects.
附图说明BRIEF DESCRIPTION
图1为本发明实施例中存储设备的加密方法的流程示意图;1 is a schematic flowchart of an encryption method of a storage device in an embodiment of the present invention;
图2为现有技术中U盘结构示意图;Figure 2 is a schematic diagram of the structure of a U disk in the prior art;
图3为本发明实施例中U盘的改进结构示意图;3 is a schematic diagram of the improved structure of the U disk in the embodiment of the present invention;
图4为本发明实施例中解密处理的流程示意图;4 is a schematic flowchart of a decryption process in an embodiment of the present invention;
图5为本发明实施例中U盘I/O接口的改进结构示意图;FIG. 5 is a schematic diagram of an improved structure of a U-disk I / O interface in an embodiment of the present invention;
图6为本发明实施例中解密处理的第一交互示意图;6 is a first interaction schematic diagram of decryption processing in an embodiment of the present invention;
图7A为本发明实施例中解密处理的第二交互示意图;7A is a second interaction schematic diagram of decryption processing in an embodiment of the present invention;
图7B为本发明实施例中解密处理的第三交互示意图;7B is a third interaction schematic diagram of decryption processing in an embodiment of the present invention;
图8为本发明实施例中加密处理的流程示意图;8 is a schematic flowchart of an encryption process in an embodiment of the present invention;
图9为本发明实施例中加密处理的第一交互示意图;9 is a first interaction schematic diagram of encryption processing in an embodiment of the present invention;
图10A为本发明实施例中加密处理的第二交互示意图;10A is a second interaction schematic diagram of encryption processing in an embodiment of the present invention;
图10B为本发明实施例中加密处理的第三交互示意图;10B is a third interaction schematic diagram of encryption processing in an embodiment of the present invention;
图11为本发明实施例中存储设备的加密装置的组成结构示意图。FIG. 11 is a schematic structural diagram of an encryption device of a storage device in an embodiment of the present invention.
图12为本发明实施例提供的执行存储设备的加密方法的电子设备的硬件结构示意图。12 is a schematic diagram of a hardware structure of an electronic device that executes an encryption method of a storage device according to an embodiment of the present invention.
具体实施方式detailed description
为了能够更加详尽地了解本发明实施例的特点与技术内容,下面结合附图对本发明实施例的实现进行详细阐述,所附附图仅供参考说明之用,并非用来限定本发明实施例。In order to understand the features and technical contents of the embodiments of the present invention in more detail, the following describes the implementation of the embodiments of the present invention in detail with reference to the drawings. The accompanying drawings are for reference only and are not intended to limit the embodiments of the present invention.
实施例一Example one
如图1所示,存储设备的加密方法包括:步骤101:获取NFC存储设备的状态指示;步骤102:当状态指示表征NFC存储设备处于加密状态时,基于NFC终端设备发送的解密信息,控制NFC存储设备进入解密状态;其中,解密信息至少包括NFC终端设备的身份标识;步骤103:当状态指示表征NFC存储设备处于解密状态时,基于NFC终端设备发送的加密信息,控制NFC存储设备进入 加密状态;其中,所述加密信息至少包括NFC终端设备的身份标识。As shown in FIG. 1, the encryption method of the storage device includes: Step 101: Obtain the status indication of the NFC storage device; Step 102: When the status indication indicates that the NFC storage device is in an encrypted state, control NFC based on the decryption information sent by the NFC terminal The storage device enters the decryption state; wherein the decryption information includes at least the identity of the NFC terminal device; Step 103: When the status indication characterizes that the NFC storage device is in the decryption state, the NFC storage device is controlled to enter the encryption state based on the encrypted information sent by the NFC terminal device ; Wherein the encrypted information includes at least the identity of the NFC terminal device.
这里,步骤101至步骤103的执行主体可以为NFC存储设备的处理器。NFC存储设备可以为具备NFC功能的U盘,NFC终端设备可以为具备NFC功能的手机、平板电脑、笔记本电脑、个人计算机等。Here, the execution subject of step 101 to step 103 may be the processor of the NFC storage device. The NFC storage device may be a U disk with NFC function, and the NFC terminal device may be a mobile phone, tablet computer, notebook computer, personal computer, etc. with NFC function.
现有的U盘结构如图2所示,U盘中的USB接口包括:1、VBUS Red(红线)电源正5V;2、D-White(白线)数据线负;3、D+Green(绿线)数据线正;4、ID none(空端)分为A和B两种接口A:与地线相连B:不与地线相连;5、GNDBlack(黑线)信号地线。The structure of the existing U disk is shown in Figure 2. The USB interface in the U disk includes: 1. The VBUS Red (red line) power supply is positive 5V; 2. The D-White (white line) data line is negative; 3. D + Green ( Green wire) The data wire is positive; 4. IDnone (empty end) is divided into two interfaces, A and B. A: connected to the ground wire B: not connected to the ground wire; 5. GNDBlack (black wire) signal ground wire.
本发明实施例中给出的NFC存储设备至少包括NFC芯片,NFC芯片用于实现与NFC终端设备之间传输NFC信号的传输。如图3所示,U盘中设置了NFC芯片,而U盘中USB接口结构与一般的U盘相同,在现有的U盘结构中只需增加NFC芯片,无需对U盘结构做其他的变动,易于实现。The NFC storage device provided in the embodiment of the present invention includes at least an NFC chip, and the NFC chip is used to implement transmission of NFC signals with an NFC terminal device. As shown in Figure 3, the U disk is provided with an NFC chip, and the USB interface structure in the U disk is the same as a general U disk. In the existing U disk structure, only the NFC chip needs to be added, and there is no need to do other things for the U disk structure. Changes, easy to implement.
实际应用中,步骤101具体包括:获取NFC存储设备的控制电路的电路状态;其中,电路状态为断路状态时表征NFC存储设备处于加密状态,电路状态为通路状态时表征NFC存储设备处于解密状态。也就是说,控制电路用于控制NFC存储设备数据线路的通断,当数据线路导通时可以对存储设备进行正常的数据读写,当数据线路断开时外界设备无法对存储设备进行正常读写,既可以认为存储设备处于加密状态,存储设备不工作,存储设备即使与外界设备连接也无任何反应,非法用户无法通过USB总线调试工具向存储设备发送USB指令读写数据,窃取设备内部数据。In practical applications, step 101 specifically includes: obtaining the circuit state of the control circuit of the NFC storage device; wherein, when the circuit state is an open state, it indicates that the NFC storage device is in an encrypted state, and when the circuit state is a path state, it indicates that the NFC storage device is in a decrypted state. In other words, the control circuit is used to control the on-off of the data line of the NFC storage device. When the data line is turned on, it can read and write normal data to the storage device, and when the data line is disconnected, the external device cannot read the storage device normally. Write, it can be considered that the storage device is in an encrypted state, the storage device does not work, even if the storage device is connected to an external device, there is no reaction, and illegal users cannot send USB commands to the storage device to read and write data through the USB bus debugging tool, and steal the internal data of the device .
进一步地,控制NFC存储设备进入解密状态,包括:控制NFC存储设备的控制电路处于通路状态;控制NFC存储设备进入加密状态,包括:控制NFC存储设备的控制电路处于断路状态。Further, controlling the NFC storage device to enter a decryption state includes: controlling the control circuit of the NFC storage device to be in a pass state; controlling the NFC storage device to enter an encryption state, including controlling the control circuit of the NFC storage device to be in an open state.
实际应用时,该方法还包括:预先接收至少一个NFC终端设备的身份标识;利用至少一个NFC终端设备的身份标识建立身份标识集合。这里,身份标识集合作为解密NFC存储设备的依据,由于每一个终端设备都有其唯一的身份标识,例如,手机的ID、IMEI码(International Mobile Equipment Identity,中文名称国际移动设备识别码),可以利用身份标识区分不同的终端设备。In practical applications, the method further includes: receiving the identity of at least one NFC terminal device in advance; and using the identity of the at least one NFC terminal device to establish an identity set. Here, the identity set is used as the basis for decrypting the NFC storage device. Since each terminal device has its own unique identity, for example, the ID of the mobile phone, IMEI code (International Mobile Equipment Identity, Chinese name international mobile device identification code), you can Use identification to distinguish between different terminal devices.
进一步地,步骤102具体包括:将解密信息中的身份标识与身份标识集合进行匹配;当匹配成功时,控制NFC存储设备进入解密状态;当匹配不成功时,NFC存储设备保持加密状态。Further, step 102 specifically includes: matching the identity identification in the decryption information with the identity identification set; when the matching is successful, controlling the NFC storage device to enter the decryption state; when the matching is unsuccessful, the NFC storage device maintains the encryption state.
也就是说,终端设备的身份标识作为存储设备解密的依据。例如,当用户 通过手机对U盘进行解密时,将手机靠近U盘,U盘会接收到手机发送的身份标识,U盘的处理器将接收到的身份标识与自身存储的身份标识进行匹配,匹配成功完成U盘的解密操作,可以对U盘进行正常的读写操作;匹配不成功U盘仍处于加密状态无法使用。In other words, the identity of the terminal device serves as the basis for decryption of the storage device. For example, when the user decrypts the U disk through the mobile phone, the mobile phone is close to the U disk, the U disk will receive the identity sent by the mobile phone, and the U disk's processor matches the received identity with the identity stored by itself. After successful matching, the U disk decryption operation can be performed, and the U disk can be read and written normally; if the matching is unsuccessful, the U disk is still in the encrypted state and cannot be used.
进一步地,步骤103具体包括:控制NFC存储设备进入加密状态,并将加密信息中的身份标识存储在身份标识集合中。Further, step 103 specifically includes: controlling the NFC storage device to enter an encrypted state, and storing the identity identification in the encrypted information in the identity identification set.
也就是说,终端设备在对存储设备进行加密时,需要利用终端设备的身份标识建立身份标识集合,使身份标识集合作为存储设备之后解密的依据。例如,当用户通过手机对U盘进行加密时,将手机靠近U盘,U盘会接收到手机发送的身份标识,U盘的处理器控制NFC存储设备进入加密状态,将手机的身份标识存储至身份标识集合中,之后可以利用该手机对U盘进行解密。That is to say, when the terminal device encrypts the storage device, it is necessary to use the terminal device's identity tag to establish an identity tag set, so that the identity tag set serves as a basis for the decryption of the storage device later. For example, when a user encrypts a USB flash drive through a mobile phone, move the mobile phone closer to the USB flash drive, and the USB flash drive receives the identity sent by the mobile phone. The processor of the USB flash drive controls the NFC storage device to enter the encrypted state, and stores the mobile phone's identity to In the identity set, the mobile phone can be used to decrypt the U disk later.
在一些实施例中,当状态指示表征NFC存储设备处于加密状态时,生成用于提示用户进行解密处理的第一提示消息;当状态指示表征NFC存储设备处于解密状态时,生成用于提示用户进行加密处理的第二提示消息。第一提示消息和第二提示消息可以在用户所持的NFC终端设备上显示,增加用户对存储设备加密/解密控制的灵活性。In some embodiments, when the status indication represents that the NFC storage device is in an encrypted state, a first prompt message is generated to prompt the user to perform a decryption process; when the status indication represents that the NFC storage device is in a decrypted state, a first prompt message is generated to prompt the user to perform Encrypted second prompt message. The first prompt message and the second prompt message can be displayed on the NFC terminal device held by the user, which increases the user's flexibility in encryption / decryption control of the storage device.
这里,NFC终端设备通过NFC功能对NFC存储设备供电,使NFC存储设备在无源情况下也可以实现加密和解密操作。Here, the NFC terminal device supplies power to the NFC storage device through the NFC function, so that the NFC storage device can also realize encryption and decryption operations in a passive case.
本发明实施例提供的存储设备的加密方法,应用于近距离通信NFC存储设备中,该方法包括:获取NFC存储设备的状态指示;当状态指示表征NFC存储设备处于加密状态时,基于NFC终端设备发送的解密信息,控制NFC存储设备进入解密状态;其中,解密信息至少包括NFC终端设备的身份标识;当状态指示表征NFC存储设备处于解密状态时,基于NFC终端设备发送的加密信息,控制NFC存储设备进入加密状态;其中,加密信息至少包括NFC终端设备的身份标识。The encryption method of a storage device provided by an embodiment of the present invention is applied to a NFC storage device for short-range communication. The method includes: acquiring a status indication of the NFC storage device; when the status indication indicates that the NFC storage device is in an encrypted state, based on the NFC terminal device Send the decryption information to control the NFC storage device to enter the decryption state; where the decryption information includes at least the identity of the NFC terminal device; when the status indication indicates that the NFC storage device is in the decryption state, based on the encrypted information sent by the NFC terminal device, control the NFC storage The device enters an encrypted state; where the encrypted information includes at least the identity of the NFC terminal device.
采用上述技术方案,具备NFC功能的存储设备可以通过一个或多个与之绑定的NFC终端设备进行加密/解密,NFC终端设备的身份标识作为加密/解密唯一依据使存储设备具备较高的安全性,且不需要用户设置或记录加密/解密信息,简化了加密/解密过程。With the above technical solution, a storage device with NFC function can be encrypted / decrypted by one or more NFC terminal devices bound to it, and the identity of the NFC terminal device is used as the only basis for encryption / decryption so that the storage device has higher security It does not require users to set or record encryption / decryption information, simplifying the encryption / decryption process.
为了能更加体现本发明的目的,在本发明上述实施例的基础上,给出了以下几种应用场景进行进一步的举例说明。In order to better embody the purpose of the present invention, on the basis of the foregoing embodiments of the present invention, the following application scenarios are given for further illustration.
场景一scene one
对存储设备进行加密设置,加密步骤具体包括以下:步骤401:获取存储设备的状态指示。The encryption setting is performed on the storage device. The encryption step specifically includes the following: Step 401: Obtain a status indication of the storage device.
步骤402:根据状态指示判断存储设备处于加密状态,生成第一提示信息。Step 402: Determine that the storage device is in an encrypted state according to the status indication, and generate first prompt information.
这里,根据状态指示判断存储设备处于解密状态时,忽略以下加密步骤,可以对存储设备执行加密处理。Here, when judging that the storage device is in the decrypted state according to the status indication, ignoring the following encryption steps, an encryption process can be performed on the storage device.
这里,获取NFC存储设备的控制电路的电路状态;其中,电路状态为断路状态时表征NFC存储设备处于加密状态,电路状态为通路状态时表征NFC存储设备处于解密状态。也就是说,控制电路用于控制NFC存储设备数据线路的通断,当数据线路导通时可以对存储设备进行正常的数据读写,当数据线路断开时外界设备无法对存储设备进行正常读写,既可以认为存储设备处于加密状态。Here, the circuit state of the control circuit of the NFC storage device is obtained; wherein, when the circuit state is the open state, the NFC storage device is in the encrypted state, and when the circuit state is the path state, the NFC storage device is in the decrypted state. In other words, the control circuit is used to control the on-off of the data line of the NFC storage device. When the data line is turned on, it can read and write normal data to the storage device, and when the data line is disconnected, the external device cannot read the storage device normally. Write, you can think that the storage device is in an encrypted state.
具体的,控制电路可以为开关控制电路。如图5所示,在USB芯片41与USB接口43连接的pin2管脚之间的数据线路上设置一开关42,从硬件概念上看,USB数据线通路时,那么位于设置项中的VI-ID选项卡就会自动改变成Enable的状态,即解密状态,此时与NFC芯片相连的pin2管脚就会触发一个指示通路状态的状态指示;USB数据线断路时,那么位于设置项中的VI-ID选项卡就会自动改变成Disable的状态,即加密状态,此时与NFC芯片相连的pin2管脚就会触发一个指示断路状态的状态指示。Specifically, the control circuit may be a switch control circuit. As shown in FIG. 5, a switch 42 is provided on the data line between the pin 2 pin connected to the USB chip 41 and the USB interface 43. From a hardware concept point of view, when the USB data line is routed, the VI- The ID tab will automatically change to the Enable state, that is, the decryption state. At this time, the pin2 pin connected to the NFC chip will trigger a state indication indicating the state of the channel; when the USB data line is disconnected, then the VI in the setting item -The ID tab will automatically change to the Disabled state, that is, the encrypted state. At this time, the pin2 pin connected to the NFC chip will trigger a state indication indicating the disconnection state.
步骤403:控制手机和/或电脑显示第一提示信息。Step 403: Control the mobile phone and / or computer to display the first prompt message.
步骤404:基于第一提示消息,判断是否检测到解密指示;如果是,执行步骤405;如果否,执行步骤408。Step 404: Based on the first prompt message, determine whether a decryption instruction is detected; if yes, perform step 405; if no, perform step 408.
这里,第一提示消息用于提示用户进行解密处理,用户看到第一提示消息后,可以通过手机进行解密处理。Here, the first prompt message is used to prompt the user to perform the decryption process. After seeing the first prompt message, the user can perform the decryption process through the mobile phone.
如图6所示,U盘在插入点到,通过识别USB pin2管脚的处于断电状态,即数据线断路状态,确定U盘处于加密状态;在电脑上显示第一提示消息,如显示“U盘已连接,请进行身份认证”,以此来提醒用户进行解密处理。As shown in Figure 6, when the U disk arrives at the insertion point, by identifying that the USB pin 2 is in the power-off state, that is, the data line is disconnected, the U-disk is in the encrypted state; the first prompt message is displayed on the computer, such as " U disk is connected, please perform identity authentication "to remind users to decrypt.
如图7A所示,第一提示消息也可以显示在用户手机或者其他移动终端上,如显示“是否进行U盘解密”,并通过检测解密指示来执行接下来的解密步骤。这里,用户可以通过不同按键来指示执行或者拒绝执行解密处理。如图7B所示,当U盘解密成功后,U盘还可以向手机返回“解密成功”消息。As shown in FIG. 7A, the first prompt message may also be displayed on the user ’s mobile phone or other mobile terminal, such as “whether to perform U disk decryption”, and perform the next decryption step by detecting the decryption instruction. Here, the user can instruct to execute or refuse to execute the decryption process through different keys. As shown in FIG. 7B, when the U disk is successfully decrypted, the U disk can also return a "decryption successful" message to the mobile phone.
在一些实施例中,解密信息包括解密指示和NFC终端设备的身份标识;其中,解密指示用于指示存储设备执行解密处理,身份标识作为当前执行解密处理的依据。In some embodiments, the decryption information includes a decryption instruction and the identity of the NFC terminal device; wherein the decryption instruction is used to instruct the storage device to perform the decryption process, and the identity is used as the basis for the current decryption process.
具体的,用户在看到第一提示消息后,通过终端设备的NFC功能向存储设备发送解密指示;存储设备在检测到解密指示时,获取手机的身份标识以执行解密处理。Specifically, after seeing the first prompt message, the user sends a decryption instruction to the storage device through the NFC function of the terminal device; when the storage device detects the decryption instruction, it obtains the identity of the mobile phone to perform the decryption process.
步骤405:获取手机的身份标识。Step 405: Obtain the identity of the mobile phone.
步骤406:将手机的身份标识与自身存储的身份标识集合进行匹配,根据匹配结果判断身份验证是否成功;如果是,执行步骤407;如果否,执行步骤408。Step 406: Match the identity of the mobile phone with the identity set stored by itself, and determine whether the identity verification is successful according to the matching result; if yes, perform step 407; if no, perform step 408.
步骤407:对存储设备进行解密。Step 407: Decrypt the storage device.
步骤408:拒绝响应数据读写指令。Step 408: Refuse to respond to data read and write instructions.
也就是说,存储设备无法使用。In other words, the storage device cannot be used.
本发明实施例中,用户身份的识别完全由手机上的NFC信号指令控制,与U盘分离,而U盘无需在主机上安装任何驱动程序和用户身份鉴别软件,更不受USB主机端的软件运行的干预,对用户身份信息和密钥信息构成强力的防软件破解保护。In the embodiment of the present invention, the identification of the user's identity is completely controlled by the NFC signal command on the mobile phone, and is separated from the U disk, and the U disk does not need to install any driver program and user identity authentication software on the host, and is not subject to the software running on the USB host. The intervention of the user's identity information and key information constitutes strong anti-software cracking protection.
一般而言,产品结构的复杂性与安全性成正比,通过将U盘“一分为二”,即使U盘丢失、被盗,他人也无法获取U盘内资料,因此可以大大增加U盘的信息安全。用户在使用时只是比使用普通U盘多执行一次解密操作,并没有对用户造成其他影响,因此用户易用性也得到了保证。Generally speaking, the complexity of the product structure is directly proportional to the security. By dividing the USB flash drive into two, even if the USB flash drive is lost or stolen, others cannot access the data in the USB flash drive. information security. The user only performs one more decryption operation than the ordinary U disk when using it, which has no other impact on the user, so the user's ease of use is also guaranteed.
场景二Scene two
对存储设备(本发明实施例中提及的存储设备即为NFC存储设备)进行加密设置,加密步骤具体包括以下:The storage device (the storage device mentioned in the embodiment of the present invention is an NFC storage device) is encrypted, and the encryption step specifically includes the following:
步骤801:获取存储设备的状态指示。Step 801: Obtain a status indication of the storage device.
步骤802:根据状态指示判断存储设备处于解密状态,生成第二提示信息。Step 802: Determine that the storage device is in a decrypted state according to the status indication, and generate second prompt information.
这里,根据状态指示判断存储设备处于加密状态时,忽略以下加密步骤,可以对存储设备执行解密。Here, when it is judged that the storage device is in an encrypted state according to the status indication, the following encryption steps are ignored, and the storage device can be decrypted.
步骤803:控制手机和/或电脑显示第二提示信息。Step 803: Control the mobile phone and / or computer to display the second prompt message.
步骤804:基于第二提示消息,判断是否检测到加密指示;如果是,执行步骤805;如果否,执行步骤807。Step 804: Based on the second prompt message, determine whether an encryption instruction is detected; if yes, perform step 805; if no, perform step 807.
这里,第二提示消息用于提示用户进行加密处理,用户看到第二提示消息后,可以通过手机进行加密处理。Here, the second prompt message is used to prompt the user to perform the encryption process. After seeing the second prompt message, the user can perform the encryption process through the mobile phone.
如图9所示,U盘在插入点到,通过识别USB pin2管脚的处于上电状态,即数据线通路状态,确定U盘处于解密状态;在电脑上显示第二提示消息,比如,显示“U盘已连接,无需身份认证”,以此来提醒用户当前存储设备处于解 密状态,由用户决定是否进行加密处理。或者,第二提示消息为“U盘已连接”,用户看到第二提示消息后确定U盘已连接成功,可直接进行处理操作,无需身份验证。As shown in Figure 9, when the USB flash drive arrives at the insertion point, the USB flash drive is in the decrypted state by recognizing that the USB pin 2 is in the power-on state, that is, the data line path state; the second prompt message is displayed on the computer, for example, "U disk is connected, no identity authentication is required" to remind the user that the current storage device is in the decrypted state, and the user decides whether to perform encryption processing. Or, the second prompt message is "U disk connected". After seeing the second prompt message, the user determines that the U disk has been successfully connected, and can directly perform the processing operation without identity verification.
如图10A所示,第二提示消息也可以显示在用户手机或者其他移动终端上,如显示“是否进行U盘加密设置”,并通过检测加密指示来执行接下来的加密步骤。这里,用户可以通过不同按键来指示执行或者拒绝执行加密处理。如图10B所示,当U盘加密成功后,U盘还可以向手机返回“加密成功”消息。As shown in FIG. 10A, the second prompt message may also be displayed on the user ’s mobile phone or other mobile terminal, such as “whether to perform U disk encryption setting”, and perform the next encryption step by detecting the encryption instruction. Here, the user can instruct to execute or refuse to execute the encryption process through different keys. As shown in FIG. 10B, when the U disk is successfully encrypted, the U disk may also return a "encryption successful" message to the mobile phone.
在一些实施例中,加密信息包括加密指示和NFC终端设备的身份标识;其中,加密指示用于指示存储设备执行加密处理,身份标识作为下一次执行解密处理的依据。In some embodiments, the encrypted information includes an encryption instruction and an identity identification of the NFC terminal device; wherein, the encryption instruction is used to instruct the storage device to perform encryption processing, and the identity identification serves as a basis for performing decryption processing next time.
具体的,用户在看到第二提示消息后,通过终端设备的NFC功能向存储设备发送加密指示;存储设备在检测到加密指示时,执行加密处理,并存储手机的身份标识。Specifically, after seeing the second prompt message, the user sends an encryption instruction to the storage device through the NFC function of the terminal device; when the storage device detects the encryption instruction, it performs an encryption process and stores the identity of the mobile phone.
步骤805:控制存储设备进入加密状态,获取并存储手机的身份标识。Step 805: Control the storage device to enter an encrypted state, obtain and store the identity of the mobile phone.
步骤806:加密完成。Step 806: Encryption is complete.
步骤807:正常响应数据读写指令。Step 807: Normally respond to data read and write instructions.
实施例二Example 2
基于同一发明构思,本发明实施例还提供了一种存储设备的加密装置,应用于NFC存储设备中。如图11所示,该加密装置包括:处理器111和存储器112,其中,Based on the same inventive concept, an embodiment of the present invention also provides an encryption device for a storage device, which is applied to an NFC storage device. As shown in FIG. 11, the encryption device includes: a processor 111 and a memory 112, wherein,
处理器111用于执行存储器112中存储的程序,以实现以下步骤:获取NFC存储设备的状态指示;当状态指示表征NFC存储设备处于加密状态时,基于NFC终端设备发送的解密信息,控制NFC存储设备进入解密状态;其中,解密信息至少包括NFC终端设备的身份标识;当状态指示表征NFC存储设备处于解密状态时,基于NFC终端设备发送的加密信息,控制NFC存储设备进入加密状态;其中,加密信息至少包括NFC终端设备的身份标识。The processor 111 is used to execute the program stored in the memory 112 to achieve the following steps: obtain a status indication of the NFC storage device; when the status indication characterizes that the NFC storage device is in an encrypted state, control the NFC storage based on the decryption information sent by the NFC terminal device The device enters the decryption state; where the decryption information includes at least the identity of the NFC terminal device; when the status indication indicates that the NFC storage device is in the decryption state, the NFC storage device is controlled to enter the encrypted state based on the encrypted information sent by the NFC terminal device; wherein, encryption The information includes at least the identity of the NFC terminal device.
在一些实施例中,处理器111还用于执行存储器112中存储的程序,以实现以下步骤:预先接收至少一个NFC终端设备的身份标识;利用至少一个NFC终端设备的身份标识建立身份标识集合。In some embodiments, the processor 111 is further configured to execute a program stored in the memory 112 to implement the following steps: pre-receive the identity of at least one NFC terminal device; and use the identity of at least one NFC terminal device to establish an identity set.
在一些实施例中,处理器111具体用于执行存储器112中存储的程序,以实现以下步骤:将解密信息中的身份标识与身份标识集合进行匹配;当匹配成功时,控制NFC存储设备进入解密状态。In some embodiments, the processor 111 is specifically configured to execute the program stored in the memory 112 to achieve the following steps: match the identity in the decryption information with the identity set; when the match is successful, control the NFC storage device to enter decryption status.
在一些实施例中,处理器111具体用于执行存储器112中存储的程序,以实现以下步骤:控制NFC存储设备进入加密状态,并将加密信息中的身份标识存储在身份标识集合中。In some embodiments, the processor 111 is specifically configured to execute the program stored in the memory 112 to implement the following steps: control the NFC storage device to enter an encrypted state, and store the identity in the encrypted information in the identity set.
在一些实施例中,处理器111具体用于执行存储器112中存储的程序,以实现以下步骤:获取NFC存储设备的控制电路的电路状态;其中,电路状态为断路状态时表征NFC存储设备处于加密状态,电路状态为通路状态时表征NFC存储设备处于解密状态。In some embodiments, the processor 111 is specifically configured to execute the program stored in the memory 112 to achieve the following steps: acquiring the circuit state of the control circuit of the NFC storage device; wherein, when the circuit state is the open state, the NFC storage device is in encryption State, when the circuit state is the path state, it means that the NFC storage device is in the decrypted state.
在一些实施例中,处理器111具体用于执行存储器112中存储的程序,以实现以下步骤:控制NFC存储设备的控制电路处于通路状态;或者,控制NFC存储设备的控制电路处于断路状态。In some embodiments, the processor 111 is specifically configured to execute the program stored in the memory 112 to achieve the following steps: the control circuit that controls the NFC storage device is in the on state; or, the control circuit that controls the NFC storage device is in the off state.
在一些实施例中,处理器111还用于执行存储器112中存储的程序,以实现以下步骤:当状态指示表征NFC存储设备处于加密状态时,生成用于提示用户进行解密处理的第一提示消息;当状态指示表征NFC存储设备处于解密状态时,生成用于提示用户进行加密处理的第二提示消息。In some embodiments, the processor 111 is further configured to execute a program stored in the memory 112 to implement the following steps: when the status indication indicates that the NFC storage device is in an encrypted state, a first prompt message for prompting the user to perform decryption processing is generated When the status indication indicates that the NFC storage device is in the decrypted state, a second prompt message for prompting the user to perform encryption processing is generated.
在实际应用中,上述存储器可以是易失性存储器(volatile memory),例如随机存取存储器(RAM,Random-Access Memory);或者非易失性存储器(non-volatile memory),例如只读存储器(ROM,Read-Only Memory),快闪存储器(flash memory),硬盘(HDD,Hard Disk Drive)或固态硬盘(SSD,Solid-State Drive);或者上述种类的存储器的组合,并向处理器提供指令和数据。In practical applications, the above memory may be volatile memory (volatile memory), such as random access memory (RAM, Random-Access Memory); or non-volatile memory (non-volatile memory), such as read-only memory ( ROM, Read-Only Memory), flash memory (flash memory), hard disk (HDD, Hard Disk Drive) or solid-state hard disk (SSD, Solid-State Drive); or a combination of the above types of memory, and provide instructions to the processor And data.
上述处理器可以为特定用途集成电路(ASIC,Application Specific Integrated Circuit)、数字信号处理装置(DSPD,Digital Signal Processing Device)、可编程逻辑装置(PLD,Programmable Logic Device)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)、DSP、CPU、控制器、微控制器、微处理器中的至少一种。可以理解地,对于不同的设备,用于实现上述处理器功能的电子器件还可以为其它,本发明实施例不作具体限定。The above processor may be an application specific integrated circuit (ASIC, Application Integrated Circuit), a digital signal processing device (DSPD, Digital Signal Processing), a programmable logic device (PLD, Programmable Logic Device), a field programmable gate array (Field -At least one of Programmable Gate Array (FPGA), DSP, CPU, controller, microcontroller, microprocessor. Understandably, for different devices, the electronic device used to implement the above-mentioned processor function may also be other, which is not specifically limited in the embodiment of the present invention.
本发明实施例中提供的上述任一项加密装置可以应用在存储设备中使存储设备具备较高的安全性,且加密/解密过程简单。Any one of the above encryption devices provided in the embodiments of the present invention can be applied to a storage device to make the storage device have higher security, and the encryption / decryption process is simple.
实施例三Example Three
基于同一发明构思,本发明实施例还提供了一种计算机可读存储介质,例如包括计算机程序的存储器,上述计算机程序可由终端的处理器执行,以完成前述一个或者更多个实施例中的方法步骤。Based on the same inventive concept, embodiments of the present invention also provide a computer-readable storage medium, such as a memory including a computer program, which can be executed by a processor of a terminal to complete the method in one or more of the foregoing embodiments step.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计 算机程序产品。因此,本发明可采用硬件实施例、软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器和光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, systems, or computer program products. Therefore, the present invention may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware. Moreover, the present invention may take the form of a computer program product implemented on one or more computer usable storage media (including but not limited to disk storage and optical storage, etc.) containing computer usable program code.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程示意图和/或方框图来描述的。应理解可由计算机程序指令实现流程示意图和/或方框图中的每一流程和/或方框、以及流程示意图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程示意图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowcharts and / or block diagrams of methods, devices (systems), and computer program products according to embodiments of the present invention. It should be understood that each flow and / or block in the flow schematic diagram and / or block diagram and a combination of the flow and / or block in the flow schematic diagram and / or block diagram may be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, special-purpose computer, embedded processing machine, or other programmable data processing device to produce a machine that enables the generation of instructions executed by the processor of the computer or other programmable data processing device A device for realizing the functions specified in one block or multiple blocks of a block diagram or a block diagram of a block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程示意图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer readable memory that can guide a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer readable memory produce an article of manufacture including an instruction device, the instructions The device implements the functions specified in the flow diagram one flow or multiple flows and / or the block diagram one block or multiple blocks.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程示意图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, so that a series of operating steps are performed on the computer or other programmable device to produce computer-implemented processing, which is executed on the computer or other programmable device The instructions provide steps for implementing the functions specified in the flow diagram of a flow or flows and / or the block diagram of a block or flows of blocks.
实施例四Example 4
本发明实施例提供了一种计算机程序产品,所述计算机程序产品包括存储在非暂态计算机可读存储介质上的计算机程序,所述计算机程序包括程序指令,当所述程序指令被计算机执行时,使所述计算机执行上述任意方法实施例中的方法。An embodiment of the present invention provides a computer program product. The computer program product includes a computer program stored on a non-transitory computer-readable storage medium. The computer program includes program instructions. When the program instructions are executed by a computer To make the computer execute the method in any of the above method embodiments.
实施例五Example 5
图12是本发明实施例提供的执行方法的电子设备的硬件结构示意图,如图所示,该设备包括一个或多个处理器1210以及存储器1220。以一个处理器1210为例。该设备还可以包括:输入装置1230和输出装置1240。FIG. 12 is a schematic diagram of a hardware structure of an electronic device for executing a method according to an embodiment of the present invention. As shown in the figure, the device includes one or more processors 1210 and a memory 1220. Take a processor 1210 as an example. The device may also include: an input device 1230 and an output device 1240.
处理器1210、存储器1220、输入装置1230和输出装置1240可以通过总线或者其他方式连接,图12中以通过总线连接为例。The processor 1210, the memory 1220, the input device 1230, and the output device 1240 may be connected through a bus or other means. In FIG. 12, connection through a bus is used as an example.
存储器1220作为一种非暂态计算机可读存储介质,可用于存储非暂态软件程序、非暂态计算机可执行程序以及模块。处理器1210通过运行存储在存储器 1220中的非暂态软件程序、指令以及模块,从而执行电子设备的各种功能应用以及数据处理,即实现上述方法实施例的处理方法。The memory 1220 is a non-transitory computer-readable storage medium that can be used to store non-transitory software programs, non-transitory computer executable programs, and modules. The processor 1210 executes non-transitory software programs, instructions, and modules stored in the memory 1220 to execute various functional applications and data processing of the electronic device, that is, to implement the processing methods of the foregoing method embodiments.
存储器1220可以包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需要的应用程序;存储数据区可存储数据等。此外,存储器1220可以包括高速随机存取存储器,还可以包括非暂态存储器,例如至少一个磁盘存储器件、闪存器件、或其他非暂态固态存储器件。在一些实施例中,存储器1220可选包括相对于处理器1210远程设置的存储器,这些远程存储器可以通过网络连接至处理装置。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 1220 may include a storage program area and a storage data area, where the storage program area may store an operating system and application programs required by at least one function; the storage data area may store data, and the like. In addition, the memory 1220 may include a high-speed random access memory, and may also include a non-transitory memory, such as at least one magnetic disk storage device, a flash memory device, or other non-transitory solid-state storage devices. In some embodiments, the memory 1220 may optionally include memories remotely provided with respect to the processor 1210, and these remote memories may be connected to the processing device through a network. Examples of the above network include but are not limited to the Internet, intranet, local area network, mobile communication network, and combinations thereof.
输入装置1230可接收输入的数字或字符信息,以及产生信号输入。输出装置1240可包括显示屏等显示设备。The input device 1230 can receive input digital or character information, and generate signal input. The output device 1240 may include a display device such as a display screen.
所述一个或者多个模块存储在所述存储器1220中,当被所述一个或者多个处理器1210执行时,执行:一种存储设备的加密方法,应用于近距离通信NFC存储设备中,所述方法包括:获取NFC存储设备的状态指示;当所述状态指示表征所述NFC存储设备处于加密状态时,基于NFC终端设备发送的解密信息,控制所述NFC存储设备进入解密状态;其中,所述解密信息至少包括NFC终端设备的身份标识;当所述状态指示表征所述NFC存储设备处于解密状态时,基于NFC终端设备发送的加密信息,控制所述NFC存储设备进入加密状态;其中,所述加密信息至少包括NFC终端设备的身份标识。The one or more modules are stored in the memory 1220, and when executed by the one or more processors 1210, execute: an encryption method of a storage device, which is applied to a NFC storage device for short-range communication. The method includes: obtaining a status indication of an NFC storage device; when the status indication indicates that the NFC storage device is in an encrypted state, based on the decryption information sent by the NFC terminal device, controlling the NFC storage device to enter a decrypted state; wherein, The decryption information includes at least the identity of the NFC terminal device; when the status indication characterizes that the NFC storage device is in the decrypted state, based on the encrypted information sent by the NFC terminal device, the NFC storage device is controlled to enter the encrypted state; wherein, The encrypted information includes at least the identity of the NFC terminal device.
上述产品可执行本发明实施例所提供的方法,具备执行方法相应的功能模块和有益效果。未在本实施例中详尽描述的技术细节,可参见本发明实施例所提供的方法。The above products can execute the method provided by the embodiments of the present invention, and have corresponding function modules and beneficial effects for executing the method. For technical details that are not described in detail in this embodiment, refer to the method provided in this embodiment of the present invention.
以上,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。The above are only preferred embodiments of the present invention and are not intended to limit the protection scope of the present invention.

Claims (15)

  1. 一种存储设备的加密方法,其中,应用于近距离通信NFC存储设备中,所述方法包括:An encryption method for a storage device, which is applied to a NFC storage device for short-range communication, the method includes:
    获取NFC存储设备的状态指示;Obtain the status indication of the NFC storage device;
    当所述状态指示表征所述NFC存储设备处于加密状态时,基于NFC终端设备发送的解密信息,控制所述NFC存储设备进入解密状态;其中,所述解密信息至少包括NFC终端设备的身份标识;When the status indication indicates that the NFC storage device is in an encrypted state, based on the decryption information sent by the NFC terminal device, the NFC storage device is controlled to enter the decryption state; wherein, the decryption information includes at least the identity of the NFC terminal device;
    当所述状态指示表征所述NFC存储设备处于解密状态时,基于NFC终端设备发送的加密信息,控制所述NFC存储设备进入加密状态;其中,所述加密信息至少包括NFC终端设备的身份标识。When the status indication indicates that the NFC storage device is in a decrypted state, the NFC storage device is controlled to enter an encrypted state based on the encrypted information sent by the NFC terminal device; wherein the encrypted information includes at least the identity of the NFC terminal device.
  2. 根据权利要求1所述的方法,其中,所述方法还包括:The method of claim 1, wherein the method further comprises:
    预先接收至少一个NFC终端设备的身份标识;Receive in advance the identity of at least one NFC terminal device;
    利用所述至少一个NFC终端设备的身份标识建立身份标识集合。An identity set is established using the identity of the at least one NFC terminal device.
  3. 根据权利要求2所述的方法,其中,所述控制所述NFC存储设备处于解密状态,包括:The method according to claim 2, wherein the controlling the NFC storage device to be in a decrypted state includes:
    将所述解密信息中的身份标识与所述身份标识集合进行匹配;Matching the identity in the decrypted information with the identity set;
    当匹配成功时,控制所述NFC存储设备进入解密状态。When the match is successful, the NFC storage device is controlled to enter a decryption state.
  4. 根据权利要求1所述的方法,其中,所述控制所述NFC存储设备进入加密状态,包括:The method of claim 1, wherein the controlling the NFC storage device to enter an encrypted state includes:
    控制所述NFC存储设备进入加密状态,并将所述加密信息中的身份标识存储在身份标识集合中。Control the NFC storage device to enter an encrypted state, and store the identity in the encrypted information in the identity set.
  5. 根据权利要求1所述的方法,其中,所述获取NFC存储设备的状态指示,包括:The method according to claim 1, wherein the obtaining the status indication of the NFC storage device comprises:
    获取NFC存储设备的控制电路的电路状态;Get the circuit status of the control circuit of the NFC storage device;
    其中,所述电路状态为断路状态时表征所述NFC存储设备处于加密状态,所述电路状态为通路状态时表征所述NFC存储设备处于解密状态。Wherein, when the circuit state is an open state, the NFC storage device is in an encrypted state, and when the circuit state is an on state, the NFC storage device is in a decrypted state.
  6. 根据权利要求5所述的方法,其中,所述控制所述NFC存储设备进入解密状态,包括:控制所述NFC存储设备的控制电路处于通路状态;The method according to claim 5, wherein the controlling the NFC storage device to enter a decryption state includes: controlling a control circuit of the NFC storage device to be in a pass state;
    所述控制所述NFC存储设备进入加密状态,包括:控制所述NFC存储设备的控制电路处于断路状态。The controlling the NFC storage device to enter an encrypted state includes controlling the control circuit of the NFC storage device to be in an open state.
  7. 根据权利要求1所述的方法,其中,所述方法还包括:The method of claim 1, wherein the method further comprises:
    当所述状态指示表征所述NFC存储设备处于加密状态时,生成用于提示用户进行解密处理的第一提示消息;When the status indication indicates that the NFC storage device is in an encrypted state, a first prompt message for prompting the user to perform decryption processing is generated;
    当所述状态指示表征所述NFC存储设备处于解密状态时,生成用于提示用户进行加密处理的第二提示消息。When the status indication indicates that the NFC storage device is in a decrypted state, a second prompt message for prompting the user to perform encryption processing is generated.
  8. 一种存储设备的加密装置,其中,应用于NFC存储设备中,所述加密装置包括:处理器和存储器;其中An encryption device for a storage device, which is applied to an NFC storage device, and the encryption device includes: a processor and a memory; wherein
    所述处理器用于执行所述存储器中存储的程序,以实现以下步骤:The processor is used to execute the program stored in the memory to achieve the following steps:
    获取NFC存储设备的状态指示;Obtain the status indication of the NFC storage device;
    当所述状态指示表征所述NFC存储设备处于加密状态时,基于NFC终端设备发送的解密信息,控制所述NFC存储设备进入解密状态;其中,所述解密信息至少包括NFC终端设备的身份标识;When the status indication indicates that the NFC storage device is in an encrypted state, based on the decryption information sent by the NFC terminal device, the NFC storage device is controlled to enter the decryption state; wherein, the decryption information includes at least the identity of the NFC terminal device;
    当所述状态指示表征所述NFC存储设备处于解密状态时,基于NFC终端设备发送的加密信息,控制所述NFC存储设备进入加密状态;其中,所述加密信息至少包括NFC终端设备的身份标识。When the status indication indicates that the NFC storage device is in a decrypted state, the NFC storage device is controlled to enter an encrypted state based on the encrypted information sent by the NFC terminal device; wherein the encrypted information includes at least the identity of the NFC terminal device.
  9. 根据权利要求8所述的装置,其中,所述处理器还用于执行所述存储器中存储的程序,以实现以下步骤:The apparatus according to claim 8, wherein the processor is further configured to execute the program stored in the memory to implement the following steps:
    预先接收至少一个NFC终端设备的身份标识;Receive in advance the identity of at least one NFC terminal device;
    利用所述至少一个NFC终端设备的身份标识建立身份标识集合。An identity set is established using the identity of the at least one NFC terminal device.
  10. 根据权利要求9所述的装置,其中,所述处理器用于执行所述存储器中存储的程序,以实现以下步骤:The apparatus according to claim 9, wherein the processor is used to execute a program stored in the memory to implement the following steps:
    将所述解密信息中的身份标识与所述身份标识集合进行匹配;Matching the identity in the decrypted information with the identity set;
    当匹配成功时,控制所述NFC存储设备进入解密状态。When the match is successful, the NFC storage device is controlled to enter a decryption state.
  11. 根据权利要求8所述的装置,其中,所述处理器用于执行所述存储器中存储的程序,以实现以下步骤:The apparatus according to claim 8, wherein the processor is used to execute a program stored in the memory to implement the following steps:
    控制所述NFC存储设备进入加密状态,并将所述加密信息中的身份标识存储在身份标识集合中。Control the NFC storage device to enter an encrypted state, and store the identity in the encrypted information in the identity set.
  12. 根据权利要求8所述的装置,其中,所述处理器用于执行所述存储器中存储的程序,以实现以下步骤:获取NFC存储设备的控制电路的电路状态;The apparatus according to claim 8, wherein the processor is used to execute a program stored in the memory to implement the following steps: acquiring the circuit state of the control circuit of the NFC storage device;
    其中,所述电路状态为断路状态时表征所述NFC存储设备处于加密状态,所述电路状态为通路状态时表征所述NFC存储设备处于解密状态。Wherein, when the circuit state is an open state, the NFC storage device is in an encrypted state, and when the circuit state is an on state, the NFC storage device is in a decrypted state.
  13. 根据权利要求12所述的装置,其中,所述处理器用于执行所述存储器中存储的程序,以实现以下步骤:The apparatus according to claim 12, wherein the processor is used to execute a program stored in the memory to implement the following steps:
    控制所述NFC存储设备的控制电路处于通路状态;A control circuit that controls the NFC storage device is in a path state;
    或者,控制所述NFC存储设备的控制电路处于断路状态。Or, the control circuit controlling the NFC storage device is in an open state.
  14. 根据权利要求8所述的装置,其中,所述处理器还用于执行所述存储器中存储的程序,以实现以下步骤:The apparatus according to claim 8, wherein the processor is further configured to execute the program stored in the memory to implement the following steps:
    当所述状态指示表征所述NFC存储设备处于加密状态时,生成用于提示用户进行解密处理的第一提示消息;When the status indication indicates that the NFC storage device is in an encrypted state, a first prompt message for prompting the user to perform decryption processing is generated;
    当所述状态指示表征所述NFC存储设备处于解密状态时,生成用于提示用户进行加密处理的第二提示消息。When the status indication indicates that the NFC storage device is in a decrypted state, a second prompt message for prompting the user to perform encryption processing is generated.
  15. 一种计算机可读存储介质,其上存储有计算机程序,其中,该计算机程序被处理器执行时实现权利要求1至7任一项所述的方法的步骤。A computer-readable storage medium on which a computer program is stored, wherein when the computer program is executed by a processor, the steps of the method according to any one of claims 1 to 7 are implemented.
PCT/CN2019/110104 2018-10-09 2019-10-09 Encryption method and apparatus for storage device, and storage medium WO2020073916A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811172068.2 2018-10-09
CN201811172068.2A CN111027077B (en) 2018-10-09 2018-10-09 Encryption method and device for storage equipment and storage medium

Publications (1)

Publication Number Publication Date
WO2020073916A1 true WO2020073916A1 (en) 2020-04-16

Family

ID=70163926

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/110104 WO2020073916A1 (en) 2018-10-09 2019-10-09 Encryption method and apparatus for storage device, and storage medium

Country Status (2)

Country Link
CN (1) CN111027077B (en)
WO (1) WO2020073916A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112599453A (en) * 2020-12-23 2021-04-02 武汉艾特艾迪汽车科技有限公司 Mold identification method, device, equipment, system and storage medium
CN114818017A (en) * 2022-05-31 2022-07-29 浪潮(山东)计算机科技有限公司 Computer awakening and interface encryption method, device, equipment and medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113408015A (en) * 2021-06-15 2021-09-17 北京安天网络安全技术有限公司 Product operation and maintenance method and device of terminal equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103279692A (en) * 2013-05-03 2013-09-04 广东欧珀移动通信有限公司 File encrypting and decrypting method and device based on mobile phone
CN104766620A (en) * 2014-12-31 2015-07-08 东莞市猫头鹰锁业有限公司 Encrypted USB flash disk
CN106650461A (en) * 2016-11-23 2017-05-10 北京握奇智能科技有限公司 Mobile terminal and access method of embedded type security module based on same
CN206515828U (en) * 2016-12-19 2017-09-22 严毛通 The data storage device of safety encryption

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN204423918U (en) * 2014-12-31 2015-06-24 东莞市猫头鹰锁业有限公司 A kind of encrypted U disk

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103279692A (en) * 2013-05-03 2013-09-04 广东欧珀移动通信有限公司 File encrypting and decrypting method and device based on mobile phone
CN104766620A (en) * 2014-12-31 2015-07-08 东莞市猫头鹰锁业有限公司 Encrypted USB flash disk
CN106650461A (en) * 2016-11-23 2017-05-10 北京握奇智能科技有限公司 Mobile terminal and access method of embedded type security module based on same
CN206515828U (en) * 2016-12-19 2017-09-22 严毛通 The data storage device of safety encryption

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112599453A (en) * 2020-12-23 2021-04-02 武汉艾特艾迪汽车科技有限公司 Mold identification method, device, equipment, system and storage medium
CN112599453B (en) * 2020-12-23 2024-02-23 武汉艾特艾迪汽车科技有限公司 Mold identification method, apparatus, device, system and storage medium
CN114818017A (en) * 2022-05-31 2022-07-29 浪潮(山东)计算机科技有限公司 Computer awakening and interface encryption method, device, equipment and medium

Also Published As

Publication number Publication date
CN111027077A (en) 2020-04-17
CN111027077B (en) 2023-09-05

Similar Documents

Publication Publication Date Title
WO2020073916A1 (en) Encryption method and apparatus for storage device, and storage medium
WO2017041603A1 (en) Data encryption method and apparatus, mobile terminal, and computer storage medium
CN108763917B (en) Data encryption and decryption method and device
WO2016192165A1 (en) Data encryption method and apparatus
CN104239815A (en) Electronic document encryption and decryption method and method based on iris identification
CN206348799U (en) Encrypt storage device and safe storage system
CN105184179A (en) Embedded encrypted mobile storage device and operation method thereof
TW201539247A (en) Password input and verification method and system thereof
US20180288050A1 (en) Smart security storage
JP2008028940A (en) Information processing system, information processor, mobile terminal, and access control method
CN103701977A (en) Portable electronic device, communication system and information authentication method
US11405202B2 (en) Key processing method and apparatus
WO2018228061A1 (en) Data transmission method, device, and system
US20200233947A1 (en) System and method for facilitating authentication via a short-range wireless token
CN107016275A (en) A kind of USB security configurations method
WO2015176531A1 (en) Terminal data writing and reading methods and devices
US20140025946A1 (en) Audio-security storage apparatus and method for managing certificate using the same
WO2015168878A1 (en) Payment method and device and payment factor processing method and device
WO2020010832A1 (en) Data acquisition method, mobile terminal, electronic device, production line calibration system, readable storage medium and computer device
CN105740937A (en) High-strength encryption USB flash disk, encryption device and system
US20210367780A1 (en) Adapter apparatus and processing method
WO2017137481A1 (en) A removable security device and a method to prevent unauthorized exploitation and control access to files
WO2016165537A1 (en) Method for controlling intelligent terminal and apparatus for controlling intelligent terminal
KR101630462B1 (en) Apparatus and Method for Securing a Keyboard
US8819802B2 (en) User authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19871517

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 17/08/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 19871517

Country of ref document: EP

Kind code of ref document: A1