CN117951737B - Encryption storage management key card for time-space correlation chip of confidential data - Google Patents
Encryption storage management key card for time-space correlation chip of confidential data Download PDFInfo
- Publication number
- CN117951737B CN117951737B CN202410024671.5A CN202410024671A CN117951737B CN 117951737 B CN117951737 B CN 117951737B CN 202410024671 A CN202410024671 A CN 202410024671A CN 117951737 B CN117951737 B CN 117951737B
- Authority
- CN
- China
- Prior art keywords
- card
- data
- password
- encryption
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/08—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers from or to individual record carriers, e.g. punched card, memory card, integrated circuit [IC] card or smart card
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/63—Location-dependent; Proximity-dependent
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Mathematical Physics (AREA)
- Automation & Control Theory (AREA)
- Human Computer Interaction (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a time-space correlation chip encryption storage management key card for confidential data, which particularly relates to the field of key encryption, comprising a safe storage module and a key authentication module, wherein a hardware encryption storage intelligent card is used as the storage management key card for the confidential data of enterprises, the system has the functions of main and auxiliary card authentication and key authentication, and by customizing encryption parameters, the complexity of an encryption algorithm can be increased, so that an attacker is more difficult to crack the encryption algorithm or acquire clear text data, a larger storage space is provided, and more confidential data can be accommodated. This allows the user to store more data and does not require additional storage devices, improving the convenience and efficiency of data storage.
Description
Technical Field
The invention relates to the field of key storage management, in particular to a key fob for managing encryption storage of a time-space correlation chip of machine-generated data.
Background
The internet of things (Internet of Things) is a network system which performs mutual inductance, interconnection and interworking and other interoperations on electronic equipment (including computing, communication, sensors and other executor components) with functions of intelligence, communication and the like through various access technologies, can be connected with the internet, and further can jointly complete a specific task after heterogeneous information is gathered. The Internet of things has wide application and is widely used in various fields such as traffic, environmental protection, safety, industrial monitoring and the like [1]. People-to-people communication has been developed to people-to-objects, objects-to-objects, so that things which originally do not have any information meaning and are established in a quantitative relationship through the internet of things technology, and various information services are provided for users.
The internet of things technology is widely applied to the field of production and living, and in the current information age, the security and privacy protection of data become important problems to be solved urgently for enterprises and individual users. The traditional data storage and access modes have a plurality of potential safety hazards, such as the risk that data stored on a computer hard disk, an internet network disk or portable storage equipment is easy to be acquired and accessed by others, and privacy is revealed.
In order to solve the defects, a key fob for encrypting and storing and managing the time-space correlation chip of the machine-made data is provided.
Disclosure of Invention
The invention aims to provide a key fob for encrypting and storing and managing a time-space correlation chip of machine-made data, which solves the defects in the background technology.
In order to achieve the above object, the present invention provides the following technical solutions: the key card comprises a safe storage module and a key authentication module;
The security storage module is used for ensuring the security of the password, and the card built-in chip is used for safely storing important privacy data in the card through a physical encryption technology. The card is connected to the computer via a USB data line and is activated by dedicated software to establish a communication connection with the card, each card having a unique chip-level physical ID birth code,
The key authentication module is used for immediately invalidating the access of the illegal user in the card login authentication process, and only the legal user can be successfully authenticated. The legal user needs to input a security code through special software to carry out authentication, and the data in the card can be accessed after the authentication is successful.
Preferably, the secure storage module comprises a card initializing unit and a card password setting unit;
Card initializing unit: the user connects the card with the computer through the USB data line, and the computer automatically installs the drive and the special starting software after identification, thereby avoiding threat to security by network uneven pirate software, and the user starts the card through the special software. The card can be directly accessed by the trusted universal USB serial port communication software to store data, and all accesses are performed under the control and management of safe access, so that the card is simple and easy to use, and the safety of USB access is ensured.
And the card password setting unit is used for prefabricating the initialization password when leaving the factory, and the card has a unique chip-level physical ID birth code, one card for one code, once tampered and rewritten, the card is immediately invalid, and the data cannot be read. The new card user logs in through the pre-made initial password, then sets the private password, and the old password is automatically invalidated. The password and all data of the user are stored in the chip in the form of ciphertext, so that the password is prevented from being leaked. All stored data of the card are encrypted and stored by using a chip hardware-level encryption mode, when a user logs in for the first time, the system enables the user to select the encryption mode, and the user can select a non-public private encryption algorithm and customizable encryption parameters by himself/herself, so that the cracking difficulty is increased.
Preferably, the key authentication module comprises a card login authentication unit, a main and auxiliary card authentication unit, a card data retrieval unit, a server, a terminal data communication unit and a card anti-counterfeiting and anti-theft unit.
The card login authentication unit is used for encrypting the card through a password input by a user by using a self-developed non-public encryption algorithm, matching the card with a password block stored by the card physical chip in an encrypted mode, enabling the user to access a card file system for operation if the password matching is successful, and displaying prompts such as password errors in software if the password matching is failed.
Preferably, the main and sub card authentication unit, when the user opens the main and sub card authentication function (the default may be closed), the main card needs to verify the existence of the sub card and the sub card information such as the key when logging into the system, at this time, the sub card needs to be close to the main card (the authentication specified distance may be preset, depending on the card ranging accuracy and ranging range), and the wireless radio frequency modules such as BLE bluetooth and NFC, UWB, WIFI are adopted to perform mutual identification discovery and ranging.
Preferably, the card data retrieval unit is used for retrieving data in the card by a user through special software, and also can be connected with the software through USB, serial ports and network connection, searching files through command line commands, and matching the internal file system through indexes so as to quickly find data meeting requirements.
Preferably, the server and the terminal data communication unit are connected with the card through USB data lines or wireless communication modes (such as Bluetooth and Wi-Fi). The card sends a connection request to the client, the server and the terminal require the user to input a login password, the card receives the password and then communicates with the hardware chip, the password is verified after being decrypted by the custom decryption algorithm, and if the verification is successful, the card file system can be used for adding, deleting and checking; and if the verification fails, returning verification failure information.
The anti-fake and anti-theft card unit stores data in special memory chip and is physically isolated from computer and network. Only the authorized user with the card can access the data through the customized special software and the security password, thereby ensuring the security of the data. And other people cannot acquire the data in the card, so that the privacy and the integrity of the data are ensured.
Preferably, the primary and secondary card authentication calculates the distance between the primary and secondary cards by using a distance estimation algorithm based on the signal strength indication RSSI. When the main card recognizes and measures the existence of the auxiliary card, the adjacent distance is calculated through an algorithm, if the adjacent distance is within a preset authentication specified distance range, information is automatically exchanged with the main card, the auxiliary card secret key and auxiliary card information are matched by the main card to finish authentication, authentication contents can be fixed information preset and agreed by the main card and the auxiliary card, and can also be challenge words and the like which are dynamically generated (such as dynamic space-time information including a main card synchronous time stamp, a main card and auxiliary card distance measurement value and the like), and the two parties perform calculation processing and comparison on the challenge words according to the agreed algorithm. If the information processing results are matched, the main card flashes a green light in the prompt light area for successful authentication, a user automatically enters the card file system and can perform file access operation, if the matching is failed, the main card flashes a red light in the prompt light area for displaying prompts such as the matching failure, the card is locked, and card data cannot be accessed and acquired.
Preferably, the card anti-counterfeiting and anti-theft unit adopts a chip-level hardware encryption mode to protect, and uses a private encryption algorithm, so that even if a storage chip is stolen, the encryption of data is difficult to crack under the condition of being independent of card hardware and special software. The security and the anti-theft capability of the data are greatly enhanced, and in addition, the card has a unique chip-level physical ID birth code, so that a cracking program cannot run or copy on other hardware, the risk of counterfeiting or copying the data is avoided, and the theft of the data is further prevented. No extra chip is needed, the cost is reduced, and the use of a user is facilitated.
In the technical scheme, the invention has the technical effects and advantages that:
1. Providing a higher level of data security: the invention adopts a hardware encryption storage intelligent card as a storage management key card of enterprise confidential data. Compared with the traditional data storage mode, the technical scheme encrypts and decrypts the data at the hardware level, and provides higher-level data security. Hardware encryption memory smart cards use a chip-level encryption algorithm that only allows access to and decryption of data stored in the card with the correct key. By the scheme, unauthorized access and data leakage are effectively prevented, and the security of enterprise confidential data is protected. Compared with the traditional data encryption mode, the non-public symmetric encryption algorithm can not accurately predict the behavior of the algorithm, such as the internal structure of the algorithm, an S box, a round function and the like. This increases the difficulty of an attacker to analyze the encryption algorithm, improves the security of the data, and allows the user to customize the encryption parameters, which can be adjusted according to specific requirements, such as selecting a proper key length, initial Vector (IV), encryption mode, etc. By customizing the encryption parameters, the complexity of the encryption algorithm can be increased, making it more difficult for an attacker to crack the encryption algorithm or obtain plaintext data.
2. The main and auxiliary card authentication and key authentication functions are realized: the enterprise confidential data encryption storage management key fob not only provides encryption protection at a hardware level, but also has the functions of main and auxiliary card authentication and key authentication. This means that only legitimate users can access the data in the card, increasing access control and security of the data. Through the primary and secondary card authentication and the key authentication, the invention ensures that only authorized users can use the card, and further enhances the data protection.
3. Providing greater storage capacity: the enterprise confidential data encryption storage management key fob provided by the invention has a larger storage capacity, and is suitable for the demands of enterprises and individual users. Compared with the traditional hardware encryption storage equipment and smart card technology, the invention provides larger storage space and can accommodate more confidential data. This allows the user to store more data and does not require additional storage devices, improving the convenience and efficiency of data storage.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings required for the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments described in the present application, and other drawings may be obtained according to these drawings for those skilled in the art.
FIG. 1 is a block diagram of a system according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
As shown in figure 1, the invention is a key fob for encrypting and storing machine-made data by a time-space correlation chip, and the invention performs omnibearing data encryption according to a hardware encryption chip in the key fob for encrypting and storing machine-made data, wherein the functions of identity recognition, safe storage and key authentication are integrated. The chip in the card safely stores the important privacy data in the card through a physical encryption technology. The card is connected to the computer through the USB data line, and the card is started through special software to establish communication connection with the card, and each card is provided with a unique chip-level physical ID birth code, so that the uniqueness of the card is ensured, and the card is prevented from being tampered. The card is internally provided with a password setting function, allows a user to log in by using a preset initial password, and sets a private password. The old password is automatically invalidated after the new password is set. In order to ensure the security of the password, the password is not stored in a chip in a plaintext form, but is subjected to encryption processing. All stored data are encrypted by adopting a chip hardware-level encryption mode, and meanwhile, the difficulty of cracking is increased by using a non-public private encryption algorithm. The chip adopts AES to encrypt the password and the data by default, when the user logs in for the first time, the system enables the user to carry out self-defined selection on the encryption mode, and the optional encryption methods comprise AES, DES and other common algorithms which have high-strength encryption capability and good performance, and can also select the non-public symmetric encryption algorithm proposed by the scheme, and select different encryption modes and key lengths according to specific application scenes and security requirements. In the advanced encryption option, the user can customize multiple mixed encryption, and also can carry out comprehensive encryption from the customized parameters, so that the encryption difficulty is further enhanced, the data is safer and more reliable, the parameter values can be periodically updated and changed when the customized parameters are used, and the safety and privacy of the user information are ensured in a simple mode. By combining a plurality of encryption algorithms and utilizing customized parameters for comprehensive encryption, the security and reliability of sensitive data can be greatly improved, and the privacy of users and enterprise confidentiality are protected. In the card login authentication process, the access of the illegal user is immediately disabled, and only the legal user can be successfully authenticated. The legal user needs to input a security code through special software to carry out authentication, and the data in the card can be accessed after the authentication is successful. The card also has information input and retrieval functions, so that a user can input enterprise or personal data to be stored into the card and can conveniently retrieve and access the data. All data are stored in the internal memory chip of the card, completely physically isolated from the computer and network, and only the user holding the card can access the data. In order to improve the safety of the card, the device adopts anti-counterfeiting and anti-theft measures. The data is stored under the encryption protection of the chip-level physical ID birth code, and even if the storage chip is stolen, the data is difficult to crack without decryption of the card hardware chip and the special software. In addition, a dual authentication mode of the main card and the auxiliary card can be set, and the data in the card can be acquired only by holding the main card and the auxiliary card at the same time, so that the safety of the data is greatly enhanced.
The key points of the invention are as follows:
1. physical chip encryption storage: the invention adopts a physical chip encryption storage technology to safely store important confidential data in the built-in chip of the card. The encryption storage mode of the physical chip effectively prevents the risk that the data is stored on media such as a computer hard disk, an Internet network disk or portable storage equipment which are easy to be acquired by others.
2. Advanced encryption protection: in order to further improve the security of data, the invention adopts a chip hardware-level encryption algorithm, a non-public private encryption algorithm and a user-defined encryption parameter to encrypt the password and the stored data, and the method of using the user-defined encryption parameter can be adjusted according to specific requirements. Compared with a software-level encryption mode, the hardware-level encryption protection scheme can increase the complexity and the safety of an algorithm, greatly increase the difficulty of cracking and effectively protect the confidentiality of data.
3. Diversified authentication modes: in order to ensure that only legitimate users can access the data within the card, the invention provides a diversified authentication scheme. The user needs to identify and authenticate the key, and authentication operation is performed through special software. This multi-level authentication provides greater security against unauthorized access.
4. Physical isolation, anti-counterfeiting and anti-theft: in order to further protect the safety of data, the invention realizes the physical isolation and anti-counterfeiting and anti-theft measures of the card. The memory chip of the card is completely physically isolated from the computer and network, and only the user holding the card can access the data. In addition, the card also has a unique chip-level physical ID birth code, so that the risks of forging and copying ROM programs of the card and running stolen data on other hardware are avoided.
Key protection points:
1. Protecting confidential data: the primary objective of the present invention is to protect business confidential and private data of businesses and individual users. Through the physical chip encryption storage, advanced encryption protection and multi-level authentication modes, the invention effectively prevents data leakage and unauthorized access and ensures the security of confidential data.
2. Providing a reliable data storage and access solution: the invention provides a safe and reliable data storage and access solution by adopting technical means such as physical chip encryption storage, advanced encryption protection, physical isolation and the like. Users can keep and access enterprise and personal data securely without worrying about the security issues of data storage and transmission.
The above embodiments may be implemented in whole or in part by software, hardware, firmware, or any other combination. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of computer program product. The computer program product comprises one or more computer instructions or computer programs. When the computer instructions or computer program are loaded or executed on a computer, the processes or functions described in accordance with embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable devices. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center by wired or wireless means (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more sets of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.
It should be understood that, in various embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The functions, if implemented in the form of software functional units and sold or used as stand-alone goods, may be stored in a computer readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in the form of software goods stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (3)
1. The utility model provides a secret key card is managed in encryption of confidential data space-time correlation chip which characterized in that: a secure storage module, a key authentication module;
The security storage module is used for ensuring the security of the password, the built-in chip of the card safely stores important privacy data in the card through a physical encryption technology, the card is connected to the computer through a USB data line, and the card is started through special software so as to establish communication connection with the card, and each card is provided with a unique chip-level physical ID birth code;
The key authentication module is used for immediately invalidating the access of the illegal user in the card login authentication process, and only the legal user can successfully authenticate, the legal user needs to input a security password for authentication through special software, and the data in the card can be accessed after the authentication is successful;
the key authentication module comprises a card login authentication unit, a main and auxiliary card authentication unit, a card data retrieval unit, a server, a terminal data communication unit and a card anti-counterfeiting and anti-theft unit;
the card login authentication unit is used for encrypting the card through a password input by a user by using a self-developed non-public encryption algorithm, matching the card with a password block stored by encrypting a card physical chip, enabling the user to access a card file system for operation if the password matching is successful, and displaying a password error prompt in software if the password matching is failed;
The main and auxiliary card authentication unit is used for verifying the existence of the auxiliary card and the information of the key auxiliary card when a user starts the main and auxiliary card authentication function, and the auxiliary card is required to be close to the main card at the moment when the main card logs in the system, and mutual identification discovery and ranging are performed by adopting BLE Bluetooth and NFC, UWB, WIFI wireless radio frequency modules;
The card data retrieval unit is used for retrieving data in the card by a user through special software or connecting the data with the software through USB, serial ports and network connection, searching files through command line commands, and matching the internal file system through indexes to quickly find out data meeting the requirements;
The server and the terminal data communication unit are connected with the card through a USB data line or a wireless communication mode; the card sends a connection request to the client, the server and the terminal require the user to input a login password, the card receives the password and then communicates with the hardware chip, the password is verified after being decrypted by the custom decryption algorithm, and if the verification is successful, the card file system can be used for adding, deleting and checking; if the verification fails, returning verification failure information;
The card anti-counterfeiting and anti-theft unit stores data in a special storage chip, is completely physically isolated from a computer and a network, and can be accessed only by an authorized user with the card through customized special software and a security password, so that the security of the data is ensured, the data in the card can not be acquired by other people, and the privacy and the integrity of the data are ensured;
The method comprises the steps that a distance estimation algorithm based on signal strength indication RSSI is adopted in primary and secondary card authentication to calculate the distance between a primary card and a secondary card, when the primary card recognizes and measures the existence of the secondary card, the adjacent distance is calculated through the algorithm, if the adjacent distance is within a preset authentication specified distance range, information is automatically exchanged with the secondary card, the primary card matches decryption information with a secondary card key to complete authentication, the primary card and the secondary card match decryption information to complete authentication, the primary card and the secondary card match according to a stipulated algorithm, if information processing results are matched, the primary card can flash a green light in a prompt light area, a user can automatically enter a card file system, and can perform file access operation, if matching fails, the primary card can flash a red light in the prompt light area, a matching failure prompt is displayed, the card is locked, and card data cannot be accessed and acquired.
2. The smart data space-time correlation chip encryption storage management key fob of claim 1, wherein: the secure storage module comprises a card initializing unit and a card password setting unit;
Card initializing unit: the user connects the card with the computer through the USB data line, and automatically installs the drive and the special starting software after the computer is identified, thereby avoiding threat to the security by the network illegal pirate software, and the user starts the card through the special software, all accesses are performed under the security access control management, and the USB access security is ensured while the USB access is simple and easy to use;
The card password setting unit is characterized in that the initialization password is prefabricated when leaving the factory, the card is provided with a unique chip-level physical ID birth code, one card is provided with one code, once tampered and rewritten, the card is immediately invalid and cannot read data, a new card user logs in through the prefabricated initial password, then a private password is set, the old password is automatically invalidated, the password and all data of the user are stored in the chip in a ciphertext mode, password leakage is prevented, all stored data of the card are encrypted and stored in a chip hardware-level encryption mode, the system enables the user to select the encryption mode when logging in for the first time, and the user can select a non-public private encryption algorithm and customizable encryption parameters by himself or herself, so that the cracking difficulty is increased.
3. The smart data space-time correlation chip encryption storage management key fob of claim 1, wherein: the card anti-counterfeiting and anti-theft unit is protected by adopting a chip-level hardware encryption mode, and a private encryption algorithm is used, so that the card has a unique chip-level physical ID birth code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410024671.5A CN117951737B (en) | 2024-01-08 | 2024-01-08 | Encryption storage management key card for time-space correlation chip of confidential data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410024671.5A CN117951737B (en) | 2024-01-08 | 2024-01-08 | Encryption storage management key card for time-space correlation chip of confidential data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117951737A CN117951737A (en) | 2024-04-30 |
| CN117951737B true CN117951737B (en) | 2024-09-27 |
Family
ID=90793654
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410024671.5A Active CN117951737B (en) | 2024-01-08 | 2024-01-08 | Encryption storage management key card for time-space correlation chip of confidential data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117951737B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118797604B (en) * | 2024-09-12 | 2024-12-10 | 苏州吉呗思数据技术有限公司 | Data storage encryption method, device, medium and product based on hardware password card |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105354507A (en) * | 2015-10-23 | 2016-02-24 | 浙江远望软件有限公司 | Data security confidentiality method under cloud environment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100586065C (en) * | 2006-04-24 | 2010-01-27 | 北京易恒信认证科技有限公司 | CPK credibility authorization system |
| CN112383914B (en) * | 2020-11-13 | 2022-02-01 | 广东工业大学 | Password management method based on secure hardware |
-
2024
- 2024-01-08 CN CN202410024671.5A patent/CN117951737B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105354507A (en) * | 2015-10-23 | 2016-02-24 | 浙江远望软件有限公司 | Data security confidentiality method under cloud environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117951737A (en) | 2024-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11971967B2 (en) | Secure access device with multiple authentication mechanisms | |
| US8689013B2 (en) | Dual-interface key management | |
| KR102201093B1 (en) | Data security system with encryption | |
| US8335920B2 (en) | Recovery of data access for a locked secure storage device | |
| EP2798565B1 (en) | Secure user authentication for bluetooth enabled computer storage devices | |
| US8438647B2 (en) | Recovery of encrypted data from a secure storage device | |
| US20080120698A1 (en) | Systems and methods for authenticating a device | |
| US20080120707A1 (en) | Systems and methods for authenticating a device by a centralized data server | |
| US20070223685A1 (en) | Secure system and method of providing same | |
| CN105243314B (en) | A kind of security system and its application method based on USB key | |
| CN102184352A (en) | Automatic protecting method for computer system based on Bluetooth device authentication | |
| CN108965222A (en) | Identity identifying method, system and computer readable storage medium | |
| CN117951737B (en) | Encryption storage management key card for time-space correlation chip of confidential data | |
| KR102160656B1 (en) | Login Method Using Palm Vein | |
| WO2010048350A1 (en) | Card credential method and system | |
| CN106156549B (en) | application program authorization processing method and device | |
| Lee et al. | A study on a secure USB mechanism that prevents the exposure of authentication information for smart human care services | |
| CN110223420A (en) | A kind of fingerprint unlocking system | |
| CN101094073A (en) | Two-factor content protection | |
| KR101624394B1 (en) | Device for authenticating password and operating method thereof | |
| KR101669770B1 (en) | Device for authenticating password and operating method thereof | |
| US12437040B2 (en) | Secure access device with multiple authentication mechanisms | |
| RU2817533C1 (en) | Method and system for unidirectional data transmission between computing devices | |
| KR20100086536A (en) | Biometric authentication system for data outflow prevention | |
| CN114022982A (en) | EPPA-based coded lock remote control method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |