[go: up one dir, main page]

CN106330950B - Encrypted information access method, system and adapter - Google Patents

Encrypted information access method, system and adapter Download PDF

Info

Publication number
CN106330950B
CN106330950B CN201610826089.6A CN201610826089A CN106330950B CN 106330950 B CN106330950 B CN 106330950B CN 201610826089 A CN201610826089 A CN 201610826089A CN 106330950 B CN106330950 B CN 106330950B
Authority
CN
China
Prior art keywords
adapter
terminal
hard disk
information
mobile hard
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610826089.6A
Other languages
Chinese (zh)
Other versions
CN106330950A (en
Inventor
陈剑星
廖剑萧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Higinet Technology Co ltd
Original Assignee
Shanghai Linguo Industrial Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Linguo Industrial Co ltd filed Critical Shanghai Linguo Industrial Co ltd
Priority to CN201610826089.6A priority Critical patent/CN106330950B/en
Publication of CN106330950A publication Critical patent/CN106330950A/en
Application granted granted Critical
Publication of CN106330950B publication Critical patent/CN106330950B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computing Systems (AREA)
  • Automation & Control Theory (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Power Engineering (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

The invention relates to the field of information security, and discloses an access method, a system and an adapter for encrypted information. In an embodiment of the present invention, an access method for encrypted information includes: when the adapter is electrically connected with the terminal, acquiring equipment information of the terminal; sending the equipment information of the terminal to a server for carrying out identity verification of the terminal; the adapter allows the terminal to access the information in the encrypted mobile hard disk through the adapter after the terminal passes the identity authentication. The embodiment of the invention also provides an access system for encrypting the encrypted information of the mobile hard disk, the adapter and the server; the encryption mobile hard disk is electrically connected with the adapter, and the adapter is in communication connection with the server. By adopting the embodiment of the invention, the information of the encrypted mobile hard disk can be accessed only when the terminal passes the identity authentication and is judged as a legal terminal, thereby effectively solving the safety problem caused by the convenience and the universality of the mobile hard disk.

Description

Encrypted information access method, system and adapter
Technical Field
The present invention relates to the field of information security, and in particular, to a method, a system, and an adapter for accessing encrypted information.
Background
With the improvement of social informatization degree, people have higher and higher requirements on portability of information transmission. The mobile hard disk is widely used by people due to the advantages of convenience in carrying, flexibility in use and the like. Even today, the cloud data transportation and synchronization are well developed, and the mobile hard disk is still used as a first choice for information transmission because of the characteristics of no specific application, no network dependence and the like.
In the process of implementing the invention, the inventor finds that the prior art has at least the following defects:
in the prior art, the requirement of people on the safety of information is higher and higher, and the characteristic of plug and play of the mobile hard disk means that the information can be directly stolen once the mobile hard disk is stolen, so that certain economic loss is easily caused to people.
Disclosure of Invention
The embodiment of the invention aims to provide an access method, a system and an adapter of encrypted information, so that the terminal can access the information of an encrypted mobile hard disk only when the terminal passes identity authentication and is judged to be a legal terminal, and the safety problem caused by the convenience and the universality of the mobile hard disk is effectively solved.
In order to solve the technical problem, an embodiment of the present invention provides an access method for encrypted information, which is applied to an access system for encrypted information including an encrypted mobile hard disk, an adapter, and a server; the encryption mobile hard disk is electrically connected with the adapter, and the adapter is in communication connection with the server; the method comprises the following steps:
when the adapter is electrically connected with the terminal, acquiring equipment information of the terminal;
sending the equipment information of the terminal to a server for carrying out identity verification of the terminal;
the adapter allows the terminal to access the information in the encrypted mobile hard disk through the adapter after the terminal passes the identity authentication.
Embodiments of the present invention also provide an adapter, comprising: the device comprises a first connecting interface, a second connecting interface, a communication module and a processor;
the first connecting interface is used for electrically connecting with the encrypted mobile hard disk;
the second connecting interface is used for electrically connecting with the terminal;
the processor is used for acquiring equipment information of the terminal when the second connection interface is electrically connected with the terminal;
the communication module is used for sending the equipment information of the terminal to the server for the identity authentication of the terminal;
the processor is also used for allowing the terminal to access the information in the encrypted mobile hard disk through the adapter after the terminal passes the identity authentication.
The embodiment of the invention also provides an access system of encrypted information, which comprises: encrypting the mobile hard disk, the server and the adapter;
the encrypted mobile hard disk is electrically connected with the adapter; the adapter is communicatively coupled to the server.
Compared with the prior art, the embodiment of the invention has the advantages that when the adapter is electrically connected with the terminal, the equipment information of the terminal is obtained, the equipment information of the terminal is sent to the server for identity verification, the identity of the terminal is verified in a mode of mutual matching of the adapter and the server, and the information of the encrypted mobile hard disk can be accessed only when the terminal is judged to be a legal terminal through identity verification, so that the safety problem caused by convenience and universality of the mobile hard disk is effectively solved. By the method, the adapter controls whether the terminal is allowed to access the information in the encrypted mobile hard disk, and the communication with the server is also completed by the adapter, so that the participation of the terminal is not needed, the closing of the operation is ensured, the safety coefficient is higher, and the terminal is not easy to crack.
In addition, before allowing the terminal to access the information in the encrypted mobile hard disk through the adapter, the method further comprises the following steps: the adapter sends the self equipment information to the server for the authentication of the adapter; the adapter passes the authentication. By the method, the adapter is authenticated, and when the adapter is matched with the terminal, the terminal can be allowed to access the information in the encrypted mobile hard disk through the adapter, so that the safety of the information in the encrypted mobile hard disk is further ensured.
In addition, before allowing the terminal to access the information in the encrypted mobile hard disk through the adapter, the method further comprises the following steps: acquiring equipment information of the encrypted mobile hard disk, and sending the equipment information of the encrypted mobile hard disk and the equipment information of the encrypted mobile hard disk to a server for authentication of the adapter; the adapter passes the authentication. By the method, when the adapter is matched with the encrypted mobile hard disk, the terminal is allowed to access the information in the encrypted mobile hard disk through the adapter, and the safety of the information in the encrypted mobile hard disk is further ensured.
In addition, the adapter also comprises the following steps after the terminal passes the identity authentication: device information of the terminal is stored. Therefore, when the adapter is electrically connected with the terminal which is connected before again, the identity of the terminal which is electrically connected at present can be verified directly according to the internally stored equipment information of each terminal, communication with the server is not needed, and the time for verifying the identity of the terminal is effectively shortened.
In addition, before allowing the terminal to access the information in the encrypted mobile hard disk through the adapter, the method further comprises the following steps: receiving an access password input by a user; and the access password is judged to be matched with the preset password, so that the safety of the information in the encrypted mobile hard disk is further ensured.
Drawings
Fig. 1 is a flowchart of an access method of encrypted information according to a first embodiment of the present invention;
FIG. 2 is a flowchart of an access method of encrypted information according to a second embodiment of the present invention;
FIG. 3 is a flowchart of an access method of encrypted information according to a third embodiment of the present invention;
FIG. 4 is a flowchart of an access method of encrypted information according to a fourth embodiment of the present invention;
fig. 5 is a flowchart of an access method of encrypted information according to a fifth embodiment of the present invention;
FIG. 6 is a schematic structural view of an adapter according to a sixth embodiment of the present invention;
fig. 7 is a schematic structural diagram of an access system for encrypted information according to a seventh embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. However, it will be appreciated by those of ordinary skill in the art that numerous technical details are set forth in order to provide a better understanding of the present application in various embodiments of the present invention. However, the technical solution claimed in the present application can be implemented without these technical details and various changes and modifications based on the following embodiments.
The first embodiment of the invention relates to an access method of encrypted information, and the specific flow is shown in fig. 1. The present embodiment can be implemented on the basis of an access system including encrypted information for encrypting a portable hard disk, an adapter, and a server. The encryption mobile hard disk is electrically connected with the adapter, and the adapter is in communication connection with the server.
The method comprises the following specific steps:
step 101, judging whether the terminal is electrically connected with the terminal. If yes, go to step 102, otherwise, end.
Specifically, the adapter may be provided with a first connection interface and a second connection interface, the first connection interface is used for electrically connecting with the encrypted mobile hard disk, and the second connection interface is used for electrically connecting with the terminal. For example, the encrypted mobile hard disk may be a USB flash disk, the terminal may be a computer, the first connection interface of the adapter may be a USB female connector, and the second connection interface may be a USB male connector. When the second connection interface is electrically connected with the terminal, the adapter is electrically connected with the terminal at the moment, and the judgment result is yes.
However, the above examples are merely illustrative, and in the present embodiment, specific forms of the encrypted portable hard disk, the terminal, the first connection interface, and the second connection interface are not limited at all.
And 102, acquiring equipment information of the terminal.
Specifically, the device information acquired by the adapter may be a physical serial number of a system of the terminal, for example, the adapter may acquire a physical serial number of a hard disk in which the system is located by reading a system disk of the terminal. Of course, in actual operation, the device information acquired by the adapter may also be an IP address, a MAC address, a host name, and the like of the computer.
More specifically, in this embodiment, when the adapter is electrically connected to the terminal, the adapter locks the system of the terminal, and prohibits the terminal from accessing the information in the encrypted removable hard disk, thereby effectively reducing the possibility of being decrypted. Of course, in actual operation, when the adapter locks the system of the terminal, the terminal may also be controlled to send a prompt message, such as a pop-up window, a voice prompt, etc., to inform the current user that the terminal is locked.
And 103, sending the equipment information of the terminal to a server for identity verification of the terminal.
Specifically, the adapter may be provided with a communication module, and the communication module establishes communication connection with the server, so as to implement information interaction between the adapter and the server, and send the device information of the terminal to the server. For example, the communication module may be a WIFI module, a mobile data network connection module, or the like. Therefore, when the adapter and the server carry out information interaction, an end-to-end information interaction mode can be adopted, and the possibility of plaintext leakage is effectively avoided.
More specifically, the user may pre-store device information of some terminals on the server in advance, and these terminals pre-stored on the server are considered as "legal terminals" by the user and can access the information in the encrypted mobile hard disk. Therefore, in this embodiment, when the server performs the authentication on the terminal, the server may compare the device information of the terminal with the pre-stored device information of each terminal, and determine whether a pre-stored device information of the terminal is the same as the device information of the terminal.
And 104, judging whether the terminal passes the identity authentication. If yes, go to step 105, otherwise, end.
In this embodiment, when the server determines that there is a pre-stored device information of the terminal that is the same as the device information of the terminal, it indicates that the terminal currently electrically connected to the adapter is a "valid terminal", and when the server determines that there is no pre-stored device information of the terminal that is the same as the device information of the terminal, it indicates that the terminal currently electrically connected to the adapter is not a "valid terminal". And the server generates and sends a corresponding control instruction to the adapter according to the judgment result, and the adapter judges whether the terminal passes the authentication according to the received control instruction.
If the judgment result of the server is yes, the server generates and sends a first control instruction to the adapter, and the adapter judges that the terminal passes the authentication when receiving the first control instruction. And when the judgment result of the server is negative, the server generates and sends a second control instruction to the adapter, and when the adapter receives the second control instruction, the adapter judges that the terminal fails to pass the authentication.
Of course, in this embodiment, no limitation is imposed on the specific form of determining whether the terminal passes the authentication, and in actual operation, the server may be configured to generate and send the control instruction to the adapter only when the determination result is yes, and the terminal electrically connected to the adapter is a "legal terminal", and when the adapter receives the control instruction, it is determined that the terminal passes the authentication.
And 105, allowing the terminal to access the information in the encrypted mobile hard disk through the adapter.
Specifically, the adapter unlocks the system of the terminal, and allows the terminal to access the information in the encrypted portable hard disk through the adapter.
It should be noted that, in this embodiment, if the terminal passes the authentication, and the terminal electrically connected to the adapter is a "legal terminal", the adapter may further store the device information of the terminal, so that when the adapter is electrically connected to the terminal connected before again, the adapter can directly verify the identity of the terminal electrically connected to the terminal according to the device information of each terminal stored inside, and does not need to communicate with the server again, thereby effectively shortening the time for authenticating the terminal.
In the embodiment, the identity of the terminal is verified in a way that the adapter and the server are matched with each other, and the information of the encrypted mobile hard disk can be accessed only when the terminal passes the identity verification and is judged to be a legal terminal, so that the safety problem caused by the convenience and the universality of the mobile hard disk is effectively solved. By the method, the adapter controls whether the terminal is allowed to access the information in the encrypted mobile hard disk, and the communication with the server is also completed by the adapter, so that the participation of the terminal is not needed, the closing of the operation is ensured, the safety coefficient is higher, and the terminal is not easy to crack.
The second embodiment of the invention relates to an access method of encrypted information, and the specific flow is shown in fig. 2. The second embodiment is improved on the basis of the first embodiment, and the main improvement lies in that: in the second embodiment of the present invention, the identity of the adapter is also verified, and when the adapter is matched with the terminal, the terminal can be allowed to access the information in the encrypted mobile hard disk through the adapter, thereby further ensuring the security of the information in the encrypted mobile hard disk.
Steps 201 to 204 in this embodiment are substantially the same as steps 101 to 104 in the first embodiment, and step 207 is substantially the same as step 105 in the first embodiment, and for avoiding redundancy, description of different parts is omitted here, and:
step 205, sending the own device information to the server for the authentication of the adapter.
Specifically, the adapter transmits its own device information to the server via the communication module. More specifically, the server may store a correspondence relationship between the terminal and the adapter in advance, and in the correspondence relationship, both the stored terminal and the stored adapter exist in the form of device information, which is convenient for distinguishing and determining and has high feasibility. The server judges whether pre-stored equipment information of the adapter is the same as the equipment information of the current adapter or not in the adapter corresponding to the terminal electrically connected with the adapter currently.
In this embodiment, the adapter sends the device information of the adapter to the server for the authentication of the adapter after determining that the terminal passes the authentication. In actual operation, the adapter may also send the device information of the terminal to the server for authentication of the terminal, and send the device information of the adapter to the server for authentication of the adapter. In this embodiment, no limitation is made to the specific time when the adapter sends its own device information to the server.
Step 206, determine whether the adapter passes authentication. If yes, go to step 207, otherwise end.
Specifically, the server generates and sends a corresponding control instruction to the adapter according to a judgment result that whether a pre-stored adapter device information is the same as the current adapter device information exists in the adapter corresponding to the terminal electrically connected with the adapter, and the adapter judges whether the adapter passes the authentication according to the received control instruction. If the server determines that the server is authenticated, the server generates and sends a control instruction to the adapter, and the adapter determines that the adapter passes authentication when receiving the control instruction.
It is easy to see that, in this embodiment, the identity of the adapter is also verified, and whether the adapter matches with the terminal is determined, so as to determine whether the adapter can be applied to the terminal, which is equivalent to increasing the process of verifying the usage right of the adapter, and further ensuring the security of encrypting the information in the mobile hard disk.
The third embodiment of the invention relates to an access method of encrypted information, and the specific flow is shown in fig. 3. The third embodiment is improved on the basis of the first embodiment, and the main improvement lies in that: in the third embodiment of the present invention, the identity of the adapter is also verified, and when the adapter is matched with the encrypted mobile hard disk, the terminal is allowed to access the information in the encrypted mobile hard disk through the adapter, thereby further ensuring the security of the information in the encrypted mobile hard disk.
Steps 301 to 304 in this embodiment are substantially the same as steps 101 to 104 in the first embodiment, and step 308 is substantially the same as step 105 in the first embodiment, and for avoiding redundancy, description of different parts is omitted here:
step 305, acquiring the device information of the encrypted mobile hard disk.
Specifically, each encrypted mobile hard disk has a unique identification code, and the adapter acquires the device information of the encrypted mobile hard disk by reading the identification code of the current encrypted mobile hard disk. Of course, in actual operation, the encryption mobile hard disk may also be provided with an encryption chip, and the adapter obtains the device information of the encryption mobile hard disk by obtaining the serial number of the encryption chip. In this embodiment, no limitation is imposed on the specific form of the device information of the encrypted mobile hard disk acquired by the adapter.
Step 306, sending the device information of the encrypted mobile hard disk and the device information of the encrypted mobile hard disk to the server for authentication of the adapter.
Specifically, the adapter sends the device information of the encrypted mobile hard disk and the device information of the adapter to the server through the communication module to perform the authentication of the adapter.
More specifically, the server may store in advance a correspondence relationship between the terminal and the adapter and a correspondence relationship between the adapter and the encrypted mobile hard disk, where the stored terminal, adapter, and encrypted mobile hard disk all exist in the form of device information, which is convenient for distinguishing and determining and has high feasibility. The server judges whether the prestored equipment information of the adapter is the same as the equipment information of the current adapter in the adapter corresponding to the terminal electrically connected with the adapter or not, and judges whether the prestored equipment information of the adapter is the same as the equipment information of the current adapter in the adapter corresponding to the encrypted mobile hard disk electrically connected with the adapter or not.
In this embodiment, the adapter sends the device information of the encrypted mobile hard disk and the device information of the adapter to the server for the authentication of the adapter after the terminal is determined to pass the authentication. In actual operation, the adapter can also acquire the equipment information of the encrypted mobile hard disk in advance, and when the equipment information of the terminal is sent to the server for terminal authentication, the equipment information of the encrypted mobile hard disk and the equipment information of the adapter are sent to the server together for authentication of the adapter. In this embodiment, no limitation is imposed on the specific time when the adapter sends the device information of the encrypted mobile hard disk and the device information of itself to the server.
Step 307, determine whether the adapter passes authentication. If so, go to step 308, otherwise end.
Specifically, when the server determines that the equipment information of a prestored adapter is the same as the equipment information of the current adapter in the adapter corresponding to the terminal which is electrically connected with the adapter currently, and the equipment information of the prestored adapter is the same as the equipment information of the current adapter in the adapter corresponding to the encrypted mobile hard disk which is electrically connected with the adapter currently, a control instruction is generated and sent to the adapter, and when the adapter receives the control instruction, the adapter determines that the adapter passes the identity authentication.
It is easy to see that, in this embodiment, the identity of the adapter is also verified, and it is determined whether the adapter matches the terminal or not and whether the adapter matches the encrypted mobile hard disk or not, so as to determine whether the adapter can be applied to the current terminal and the current encrypted mobile hard disk or not, thereby increasing the process of verifying the usage right of the adapter, and further ensuring the security of the information in the encrypted mobile hard disk.
A fourth embodiment of the present invention relates to a method for accessing encrypted information, and a specific flow is shown in fig. 4. The fourth embodiment is improved on the basis of the first embodiment, and the main improvement lies in that: in the fourth embodiment of the present invention, the current user is also required to input an access password, so as to further ensure the security of encrypting the information in the mobile hard disk.
Steps 401 to 404 in this embodiment are substantially the same as steps 101 to 104 in the first embodiment, and step 407 is substantially the same as step 105 in the first embodiment, and for avoiding redundancy, description of different parts is omitted here, and:
step 405, receiving an access password input by a user. If yes, go to step 406, otherwise end.
Specifically, the adapter control terminal displays an access password input interface to prompt the current user to input an access password. The terminal receives and records the access password input by the current user and sends the access password to the adapter, so that the adapter receives the access password input by the user.
Step 406, determining whether the access password matches the preset password, if so, executing step 407, otherwise, ending.
Specifically, the user presets a password in the adapter, the adapter compares the received access password with the preset password, and judges whether the access password is the same as the preset password. And if the two passwords are the same, judging that the access password is matched with the preset password. And if not, judging that the access password is not matched with the preset password. Of course, during actual operation, the user may set the preset password in the encrypted portable hard disk, and the adapter obtains the access password input by the current user from the encrypted portable hard disk.
It should be noted that, in the embodiment, when the user wants to reset the preset password, the password can be reset through the server. If so, the encrypted mobile hard disk is electrically connected with the server to complete the resetting of the preset password.
It is easy to see that, in this embodiment, a password input verification process is added to further verify the identity of the current user, thereby further ensuring the security of encrypting the information in the mobile hard disk. Of course, in actual operation, this embodiment may be implemented in cooperation with the second embodiment and the third embodiment, for example, when it is determined that the adapter passes the authentication, the current user is prompted to input the access password.
A fifth embodiment of the present invention relates to a method for accessing encrypted information, and a specific flow is shown in fig. 5. The fifth embodiment is improved on the basis of the fourth embodiment, and the main improvement lies in that: in the fifth embodiment of the present invention, the current user further needs to input an access password, so as to further ensure the security of the information in the encrypted mobile hard disk, and when the received access password is not matched with the preset password, it indicates that the identity of the current user is suspicious, and at this time, the adapter will execute a corresponding policy, so as to ensure that the information in the encrypted mobile hard disk is not leaked.
Steps 501 to 506 in this embodiment are substantially the same as steps 401 to 406 in the first embodiment, and step 508 is substantially the same as step 407 in the fourth embodiment, and for avoiding redundancy, description of different parts is omitted here:
and step 507, acquiring the security level of the encrypted mobile hard disk.
Specifically, the server may store the security level of each encrypted removable hard disk, and the adapter may obtain the security level of each encrypted removable hard disk from the server. Certainly, in actual operation, the security level of the encrypted mobile hard disk can be preset by a user and stored in the encrypted mobile hard disk, and the adapter obtains the security level of the encrypted mobile hard disk by reading data in the encrypted mobile hard disk.
It should be noted that, in this embodiment, when a user wants to modify the security level of a certain encrypted mobile hard disk, the user may modify the security level by accessing the server, so that the server can adjust the security level of the encrypted mobile hard disk, and when the server adjusts the security level of the encrypted mobile hard disk, the server may store the adjusted security level of the encrypted mobile hard disk, so that the adapter can obtain the security level of the encrypted mobile hard disk from the server.
Step 509, according to the security level, an execution policy corresponding to the security level is obtained.
Specifically, the adapter stores in advance a correspondence between the security level and the execution policy. For example, the corresponding relationship may exist in the form of a table, and the adapter obtains the execution policy corresponding to the security level of the current encrypted mobile hard disk by querying the table. The following are exemplified:
security grade Execution policy
First stage Generating and sending loss report instructions to a server
Second stage Erasing information in encrypted mobile hard disk
Step 510, executing the obtained execution strategy.
The examples given above are illustrative: if the security level of the encrypted mobile hard disk is one level, the adapter generates and sends a loss reporting instruction to the server so as to facilitate the server to report loss. If the security level of the encrypted mobile hard disk is two levels, the adapter erases the information in the encrypted mobile hard disk. Of course, the above examples are merely illustrative, and in the present embodiment, no limitation is imposed on the correspondence relationship between the security level and the execution policy.
It is easy to see that, in this embodiment, whether the current user is the user himself or the user authorizes the user is verified by verifying the access password, so that the security of the information in the encrypted mobile hard disk is further ensured, and the information in the encrypted mobile hard disk is prevented from being leaked.
The steps of the above methods are divided for clarity, and the implementation may be combined into one step or split some steps, and the steps are divided into multiple steps, so long as the steps contain the same logical relationship, which is within the protection scope of the present patent; it is within the scope of the patent to add insignificant modifications to the algorithms or processes or to introduce insignificant design changes to the core design without changing the algorithms or processes.
A sixth embodiment of the present invention relates to an adapter, as shown in fig. 6, including: a first connection interface 11, a second connection interface 12, a communication module 13 and a processor 14.
The first connection interface 11 is used for electrically connecting with the encrypted mobile hard disk.
The second connection interface 12 is used for electrically connecting with a terminal.
The processor 14 is configured to obtain the device information of the terminal when the second connection interface 12 is electrically connected to the terminal.
The communication module 13 is configured to send the device information of the terminal to the server for performing authentication of the terminal.
The processor 14 is also used for allowing the terminal to access the information in the encrypted mobile hard disk through the adapter after the terminal passes the authentication.
It should be mentioned that, in this embodiment, the adapter further includes a storage module 15, and the storage module 15 is configured to store the device information of the terminal after the terminal passes the authentication.
The operation principle of the adapter is further explained by the following practical device:
for example, the first connection interface 11 is a USB female connector, the second connection interface 12 is a USB male connector, the processor 14 is a digital circuit board including a main operation chip and an encryption chip, the communication module 13 is a WIFI module or a mobile data network connection module, and the storage module 15 is a memory card.
The first connection interface 11 can be inserted into an encrypted mobile hard disk, and the second connection interface 12 can be inserted into a terminal, so that the adapter and the terminal are effectively connected. The storage module 15 may also store computer-executable instructions for performing the method for accessing encrypted information according to any of the above embodiments of the present invention. The computer executable instructions stored in the storage module 15 can be applied to a plurality of systems such as Windows, OS X, Linux, and the like, so that the adapter in the embodiment has strong universality, and when the adapter is electrically connected with the terminal, the computer executable instructions in the storage module 15 can be automatically operated and are suitable for the system of the current terminal.
It should be noted that the adapter in this embodiment can only store the device information of one terminal at a time, and the adapter may have an upper storage limit for the number of terminals. When the number of the device information of the terminal currently stored by the adapter does not reach the storage upper limit, the adapter may add and store the new device information of the terminal. When the number of the device information of the terminal currently stored by the adapter reaches the storage upper limit, the adapter cannot add and store the new device information of the terminal, and at this time, the user needs to manually modify and delete the device information of the terminal already stored in the adapter. By the mode, the safety problem caused by convenience and universality of the mobile hard disk is effectively solved.
A seventh embodiment of the present invention relates to an encrypted-information access system, as shown in fig. 7, including: the mobile hard disk 2, the server 3, and the adapter 1 as in the sixth embodiment are encrypted.
The encryption mobile hard disk 2 is electrically connected with the adapter 1. The adapter 1 is communicatively connected to the server 3.
The adapter 1 is used for acquiring the equipment information of the terminal when being electrically connected with the terminal, and sending the equipment information of the terminal to the server 3 for the identity authentication of the terminal.
The adapter 1 is also used for allowing the terminal to access the information in the encrypted mobile hard disk 2 through the adapter 1 after the terminal passes the authentication.
It should be noted that, in this embodiment, the adapter 1 is further configured to store the device information of the terminal after the terminal passes the authentication. In addition, in this embodiment, after the terminal passes the authentication, the adapter 1 further controls the communication module of the adapter 1 to be closed, so as to save energy consumption.
The operation principle of the adapter is further explained by the following practical device:
specifically, the encrypted removable hard disk 2 may be an encrypted usb disk, and the encrypted usb disk includes an encryption chip and a storage module, and may store encrypted information or unencrypted information. When the encrypted mobile hard disk 2 stores encrypted information and unencrypted information, the storage space in the storage module of the encrypted mobile hard disk 2 can be formatted. When the encryption USB flash disk is directly electrically connected with the terminal inserted into the USB port of the computer, the terminal cannot access the information in the encryption USB flash disk or cannot access the encryption information in the encryption USB flash disk. More specifically, the storage module in the encrypted usb disk may store a self-destruction instruction, and when the encryption chip in the encrypted usb disk is removed, the encrypted usb disk may automatically empty all currently stored information when being electrically connected to the adapter or the terminal, so as to ensure the security of the information.
The Server 3 can be a Windows Server or a Linux Server, has small operation requirement and low energy consumption, and supports dual-computer hot standby.
It can be seen that, in the embodiment, the adapter 1 and the server 3 are used to complete the authentication of the terminal, complex software and drivers do not need to be installed in the terminal, and each operation bypasses the terminal, so that the operation is guaranteed to be closed, the safety coefficient is high, and the terminal is not easy to crack. In addition, in the embodiment, the server 3 does not actively transfer the instructions, and the transfer of all the instructions is triggered by the adapter 1, so that the requirement on the server 3 is low, and the cost of the server 3 is low.
It should be understood that this embodiment is a system example corresponding to the first embodiment, and may be implemented in cooperation with the first embodiment. The related technical details mentioned in the first embodiment are still valid in this embodiment, and are not described herein again in order to reduce repetition. Accordingly, the related-art details mentioned in the present embodiment can also be applied to the first embodiment.
It should be noted that each module referred to in this embodiment is a logical module, and in practical applications, one logical unit may be one physical unit, may be a part of one physical unit, and may be implemented by a combination of multiple physical units. In addition, in order to highlight the innovative part of the present invention, elements that are not so closely related to solving the technical problems proposed by the present invention are not introduced in the present embodiment, but this does not indicate that other elements are not present in the present embodiment.
Those skilled in the art can understand that all or part of the steps in the method of the foregoing embodiments may be implemented by a program to instruct related hardware, where the program is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, etc.) or a processor (processor) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It will be understood by those of ordinary skill in the art that the foregoing embodiments are specific examples for carrying out the invention, and that various changes in form and details may be made therein without departing from the spirit and scope of the invention in practice.

Claims (7)

1. The access method of the encryption information is characterized in that the method is applied to an access system which comprises encryption mobile hard disks, adapters and encryption information of servers; the encrypted mobile hard disk is electrically connected with the adapter, and the adapter is in communication connection with the server; the method comprises the following steps:
the adapter is provided with a first connecting interface and a second connecting interface, the first connecting interface is used for being electrically connected with the encryption mobile hard disk, and the second connecting interface is used for being electrically connected with the terminal; when the terminal is electrically connected with the terminal, acquiring equipment information of the terminal, and forbidding the terminal to access the information in the encrypted mobile hard disk;
sending the equipment information of the terminal to the server for carrying out identity verification of the terminal, wherein the server prestores the equipment information of each terminal; the server compares the equipment information of the terminal with prestored equipment information of the terminal, and if the equipment information of the terminal is consistent with the prestored equipment information of the terminal, the terminal passes identity authentication;
the adapter acquires equipment information of the encrypted mobile hard disk and sends the equipment information of the encrypted mobile hard disk and the equipment information of the adapter to the server, wherein the server prestores the corresponding relation between the terminal and the adapter and the corresponding relation between the adapter and the encrypted mobile hard disk; the server compares the equipment information of the adapter with the corresponding relation between the prestored terminal and the adapter and the corresponding relation between the adapter and the encrypted mobile hard disk, and if the equipment information of the adapter is consistent with the corresponding relation between the prestored terminal and the adapter, the adapter passes the identity authentication;
and the adapter receives a control instruction sent by the server, and judges that the terminal and the adapter pass the identity authentication according to the control instruction, and then the terminal is allowed to access the information in the encrypted mobile hard disk through the adapter.
2. The method for accessing encrypted information according to claim 1, wherein the adapter further includes, after the terminal passes the authentication: and storing the equipment information of the terminal.
3. The method for accessing encrypted information according to claim 1, wherein before allowing the terminal to access the information in the encrypted mobile hard disk through the adapter, the method further comprises:
receiving an access password input by a user;
and judging that the access password is matched with a preset password.
4. The method for accessing encrypted information according to claim 3, further comprising:
when the access password is judged not to be matched with the preset password, acquiring the security level of the encrypted mobile hard disk;
acquiring an execution strategy corresponding to the security level according to the security level;
and executing the acquired execution strategy.
5. An adapter, comprising: the device comprises a first connecting interface, a second connecting interface, a communication module and a processor; the first connecting interface is used for electrically connecting with the encrypted mobile hard disk;
the second connecting interface is used for being electrically connected with a terminal;
the processor is used for acquiring the equipment information of the terminal and forbidding the terminal to access the information in the encrypted mobile hard disk when the second connection interface is electrically connected with the terminal;
the communication module is used for sending the equipment information of the terminal to a server for carrying out the identity authentication of the terminal, wherein the server prestores the equipment information of each terminal; the server compares the equipment information of the terminal with prestored equipment information of the terminal, and if the equipment information of the terminal is consistent with the prestored equipment information of the terminal, the terminal passes identity authentication;
the communication module is also used for acquiring equipment information of the encrypted mobile hard disk and sending the equipment information of the encrypted mobile hard disk and the equipment information of the encrypted mobile hard disk to the server, wherein the server is prestored with the corresponding relation between the terminal and the adapter and the corresponding relation between the adapter and the encrypted mobile hard disk; the server compares the equipment information of the adapter with the corresponding relation between the prestored terminal and the adapter and the corresponding relation between the adapter and the encrypted mobile hard disk, and if the equipment information of the adapter is consistent with the corresponding relation between the prestored terminal and the adapter, the adapter passes the identity authentication;
and the processor is also used for receiving a control instruction sent by the server, and allowing the terminal to access the information in the encrypted mobile hard disk through the adapter after the terminal and the adapter pass the identity authentication according to the control instruction.
6. The adapter of claim 5, wherein the adapter further comprises a storage module;
the storage module is used for storing the equipment information of the terminal after the terminal passes the identity authentication.
7. An access system for encrypted information, comprising: encrypting the removable hard drive, the server and the adapter as claimed in claim 5 or 6;
the encrypted mobile hard disk is electrically connected with the adapter; the adapter is in communication connection with the server.
CN201610826089.6A 2016-09-17 2016-09-17 Encrypted information access method, system and adapter Active CN106330950B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610826089.6A CN106330950B (en) 2016-09-17 2016-09-17 Encrypted information access method, system and adapter

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610826089.6A CN106330950B (en) 2016-09-17 2016-09-17 Encrypted information access method, system and adapter

Publications (2)

Publication Number Publication Date
CN106330950A CN106330950A (en) 2017-01-11
CN106330950B true CN106330950B (en) 2021-06-25

Family

ID=57788000

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610826089.6A Active CN106330950B (en) 2016-09-17 2016-09-17 Encrypted information access method, system and adapter

Country Status (1)

Country Link
CN (1) CN106330950B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108338459A (en) * 2018-04-27 2018-07-31 武汉红六金安科技有限公司 A kind of intelligence jewellery
WO2020019334A1 (en) * 2018-07-27 2020-01-30 威刚科技股份有限公司 Hard disk having encrypting and decrypting function, and application system for same
CN116383902B (en) * 2023-02-28 2023-12-19 国网浙江省电力有限公司常山县供电公司 Secret-related USB interface authorized connection equipment and authorized connection method thereof

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102164036A (en) * 2011-03-25 2011-08-24 北京宏基恒信科技有限责任公司 Dynamic token as well as two-way authentication method and two-way authentication system with dynamic token
CN102750230A (en) * 2011-04-19 2012-10-24 中国科学院数据与通信保护研究教育中心 Access control system and method of universal serial bus (USB) storage equipment
CN102904719A (en) * 2011-07-27 2013-01-30 国民技术股份有限公司 USB (universal serial bus)-key and application method thereof
CN104361277A (en) * 2014-10-22 2015-02-18 成都卫士通信息产业股份有限公司 Identity authentication module and method for USB interface equipment
CN105550568A (en) * 2015-12-25 2016-05-04 小米科技有限责任公司 Mobile terminal data protection method and apparatus

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7584353B2 (en) * 2003-09-12 2009-09-01 Trimble Navigation Limited Preventing unauthorized distribution of media content within a global network
US7607019B2 (en) * 2005-02-03 2009-10-20 Apple Inc. Small memory footprint fast elliptic encryption
CN101090204A (en) * 2007-07-16 2007-12-19 王飚舵 USB interface charger with network download function and download applied network system
CN102521165B (en) * 2011-11-30 2018-03-09 北京宏思电子技术有限责任公司 Safe USB disk and its recognition methods and device
CN103390125B (en) * 2013-07-19 2016-01-06 丁贤根 Design method of safety mobile storage controller using wireless terminal authorization and encryption and decryption
CN204858221U (en) * 2015-08-27 2015-12-09 合肥联宝信息技术有限公司 A changeover contact ware for adapter

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102164036A (en) * 2011-03-25 2011-08-24 北京宏基恒信科技有限责任公司 Dynamic token as well as two-way authentication method and two-way authentication system with dynamic token
CN102750230A (en) * 2011-04-19 2012-10-24 中国科学院数据与通信保护研究教育中心 Access control system and method of universal serial bus (USB) storage equipment
CN102904719A (en) * 2011-07-27 2013-01-30 国民技术股份有限公司 USB (universal serial bus)-key and application method thereof
CN104361277A (en) * 2014-10-22 2015-02-18 成都卫士通信息产业股份有限公司 Identity authentication module and method for USB interface equipment
CN105550568A (en) * 2015-12-25 2016-05-04 小米科技有限责任公司 Mobile terminal data protection method and apparatus

Also Published As

Publication number Publication date
CN106330950A (en) 2017-01-11

Similar Documents

Publication Publication Date Title
KR102307665B1 (en) identity authentication
US11539524B1 (en) Software credential token process, software, and device
EP3099090B1 (en) Network locking or card locking method and device for a mobile terminal, terminal, sim card, storage media
US8590024B2 (en) Method for generating digital fingerprint using pseudo random number code
CN112771826A (en) Application program login method, application program login device and mobile terminal
US20160330618A1 (en) Trusted execution environment initialization method and mobile terminal
CN104205906A (en) Network-assisted fraud detection device and method
CN108023873B (en) Channel establishing method and terminal equipment
EP3968596A1 (en) Control method, apparatus, and system
CN108093392A (en) A kind of method, mobile terminal and storage medium for unlocking SIM card
CN112514323B (en) Electronic device for processing digital keys and method of operating the same
CN101426049B (en) Data card and method, equipment, system for using equipment binding
CN109492370B (en) Terminal startup method, terminal and signature device
CN107113613A (en) Server, mobile terminal, real-name network authentication system and method
CN106330950B (en) Encrypted information access method, system and adapter
CN106559213A (en) Device management method, equipment and system
CN105187369B (en) A kind of data access method and device
JP2014523223A (en) Apparatus and method for connecting a removable module to an access terminal
WO2016070611A1 (en) Method for processing data, server and terminal
CN109842600B (en) A method, terminal device and MDM device for realizing mobile office
CN105516136A (en) Authority management method, device and system
KR20080099117A (en) Methods for Authentication of Mobility Elements in Embedded Systems
WO2017197689A1 (en) Sim card processing method and apparatus, terminal, and esam chip
CN107113316A (en) A kind of system and method for APP certifications
US20090235333A1 (en) Automatic access control for mobile devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20240305

Address after: C2258, 2nd Floor, Building 16, No. 37 Chaoqian Road, Science and Technology Park, Changping District, Beijing, 102299

Patentee after: BEIJING HIGINET TECHNOLOGY Co.,Ltd.

Country or region after: China

Address before: 200331 Room 101, building 2, Lane 277, Yongdeng Road, Putuo District, Shanghai

Patentee before: SHANGHAI LINGUO INDUSTRIAL CO.,LTD.

Country or region before: China

TR01 Transfer of patent right