[go: up one dir, main page]

CN115098897A - Data storage device and method - Google Patents

Data storage device and method Download PDF

Info

Publication number
CN115098897A
CN115098897A CN202210638230.5A CN202210638230A CN115098897A CN 115098897 A CN115098897 A CN 115098897A CN 202210638230 A CN202210638230 A CN 202210638230A CN 115098897 A CN115098897 A CN 115098897A
Authority
CN
China
Prior art keywords
data
authentication
storage medium
partition
read
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210638230.5A
Other languages
Chinese (zh)
Inventor
刘波
张同
路玉斯
张宴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Microelectronics Technology Co Ltd
Original Assignee
Datang Microelectronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Microelectronics Technology Co Ltd filed Critical Datang Microelectronics Technology Co Ltd
Priority to CN202210638230.5A priority Critical patent/CN115098897A/en
Publication of CN115098897A publication Critical patent/CN115098897A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

一种数据存储设备和方法,其中,所述设备包括:存储介质;中央处理器,设置为存储所述存储介质的启动引导程序以及所述存储介质中的第一分区数据,所述第一分区数据包括:鉴权数据和鉴权状态;在满足启动条件的情况下,加载所述存储介质的启动引导程序以及根据所述引导程序启动所述存储介质,以及加载所述第一分区数据以及根据所述鉴权数据完成鉴权操作,并根据鉴权操作的结果更新所述鉴权状态,避免了通过新增外接鉴权设备或安装驱动程序实现鉴权。

Figure 202210638230

A data storage device and method, wherein the device comprises: a storage medium; a central processing unit configured to store a bootstrap program of the storage medium and first partition data in the storage medium, the first partition The data includes: authentication data and authentication status; under the condition that the startup condition is satisfied, load the startup bootstrap program of the storage medium and boot the storage medium according to the bootstrap program, and load the first partition data and start the storage medium according to the bootstrap program. The authentication data completes the authentication operation, and the authentication state is updated according to the result of the authentication operation, so as to avoid implementing authentication by adding an external authentication device or installing a driver.

Figure 202210638230

Description

一种数据存储设备和方法A data storage device and method

技术领域technical field

本文涉及数据存储技术,尤指一种数据存储设备和方法。This article relates to data storage technology, especially to a data storage device and method.

背景技术Background technique

为保证数据存储设备上的数据安全,需要对访问数据存储设备的用户进行身份鉴权。当前为实现对用户的身份鉴权操作,需要安装外接鉴权设备或安装设备的私有驱动程序;安装外接鉴权设备,会提高用户的使用成本和设备功耗;安装驱动程序,会涉及到安装驱动的权限问题和访问该驱动的权限问题,使用不便。To ensure data security on the data storage device, it is necessary to perform identity authentication on users accessing the data storage device. At present, in order to realize the user's identity authentication operation, it is necessary to install an external authentication device or a private driver of the device; installing an external authentication device will increase the user's use cost and device power consumption; installing a driver will involve installation The permission problem of the driver and the permission problem of accessing the driver are inconvenient to use.

发明内容SUMMARY OF THE INVENTION

本申请提供了一种数据存储设备和方法,可以实现鉴权操作,避免了通过新增外接鉴权设备或安装驱动程序实现鉴权。The present application provides a data storage device and method, which can realize the authentication operation, and avoids realizing the authentication by adding an external authentication device or installing a driver.

本申请提供的一种数据存储设备,包括:A data storage device provided by this application includes:

存储介质;storage medium;

中央处理器,设置为存储所述存储介质的启动引导程序以及所述存储介质中的第一分区数据,所述第一分区数据包括:鉴权数据和鉴权状态;在满足启动条件的情况下,加载所述存储介质的启动引导程序以及根据所述引导程序启动所述存储介质,以及加载所述第一分区数据以及根据所述鉴权数据完成鉴权操作,并根据鉴权操作的结果更新所述鉴权状态。a central processing unit, configured to store a bootstrap program of the storage medium and first partition data in the storage medium, where the first partition data includes: authentication data and an authentication state; in the case of satisfying the startup condition , load the bootstrap program of the storage medium and start the storage medium according to the bootstrap program, and load the first partition data and complete the authentication operation according to the authentication data, and update according to the result of the authentication operation the authentication state.

在一种示例性的实施例中,所述数据存储设备还包括:与外部设备进行数据交互的接口;In an exemplary embodiment, the data storage device further includes: an interface for data interaction with an external device;

所述中央处理器,设置为根据所述鉴权数据完成鉴权操作并根据鉴权操作的结果更新所述鉴权状态,包括:The central processing unit is configured to complete the authentication operation according to the authentication data and update the authentication state according to the result of the authentication operation, including:

通过所述接口检测到对所述第一分区的写入操作后,判断通过所述写入操作写入的鉴权数据和加载的所述第一分区数据中的鉴权数据是否一致,如果一致,则将所述鉴权状态更新为鉴权通过。After detecting the write operation to the first partition through the interface, determine whether the authentication data written through the write operation is consistent with the authentication data loaded in the first partition data, and if they are consistent , the authentication status is updated to pass the authentication.

在一种示例性的实施例中,所述第一分区数据还包括:配置数据;In an exemplary embodiment, the first partition data further includes: configuration data;

所述中央处理器,还设置为通过所述接口接收到对存储介质其他分区数据的读写指令后,根据更新的鉴权状态和所述配置数据对所述存储介质其他分区执行相应的操作。The central processing unit is further configured to perform corresponding operations on the other partitions of the storage medium according to the updated authentication state and the configuration data after receiving the read and write instructions for the data of other partitions of the storage medium through the interface.

在一种示例性的实施例中,所述配置数据包括:对存储介质其他分区数据进行读写操作的条件是否为鉴权通过;In an exemplary embodiment, the configuration data includes: whether the condition for performing read and write operations on data in other partitions of the storage medium is that the authentication is passed;

所述中央处理器,根据更新的鉴权状态和所述配置数据对所述存储介质其他分区执行相应的操作,包括:The central processing unit performs corresponding operations on other partitions of the storage medium according to the updated authentication state and the configuration data, including:

当对存储介质其他分区数据进行读写操作的条件为鉴权通过,仅在鉴权状态为鉴权通过时才根据所述配置数据对于对应的存储介质其他分区执行相应的读写操作;When the condition for performing read and write operations on the data of other partitions of the storage medium is that the authentication is passed, only when the authentication state is that the authentication is passed, the corresponding read and write operations are performed for other partitions of the corresponding storage medium according to the configuration data;

当对存储介质其他分区数据进行读写操作的条件为鉴权未通过,在鉴权状态为鉴权通过或鉴权不通过时均根据所述配置数据对于对应的存储介质其他分区执行相应的读写操作。When the condition for reading and writing data of other partitions of the storage medium is that the authentication fails, and when the authentication status is that the authentication passes or the authentication fails, the corresponding read and write operations are performed for other partitions of the corresponding storage medium according to the configuration data. write operation.

在一种示例性的实施例中,所述配置数据还包括:对存储介质其他分区数据的读写是否需要加密的指示信息,以及加密密钥;In an exemplary embodiment, the configuration data further includes: indication information on whether encryption is required to read and write data in other partitions of the storage medium, and an encryption key;

所述中央处理器,当对存储介质其他分区数据进行读写操作的条件为鉴权通过,仅在鉴权状态为鉴权通过时才根据所述配置数据对于对应的存储介质其他分区执行相应的读写操作,包括:Described central processing unit, when the condition that the read-write operation is performed to other partition data of the storage medium is that the authentication passes, and only when the authentication state is that the authentication passes, executes the corresponding other partitions of the corresponding storage medium according to the configuration data. Read and write operations, including:

在鉴权状态为鉴权通过,且对于对应的存储介质其他分区执行相应的读写操作且读写需要加密时,根据所述加密密钥对读写数据进行解加密处理。When the authentication state is that the authentication has passed, and the corresponding read and write operations are performed on other partitions of the corresponding storage medium, and the read and write needs to be encrypted, the read and write data is decrypted according to the encryption key.

在一种示例性的实施例中,所述中央处理器,还设置为通过所述接口接收到配置指令后,在鉴权状态为鉴权通过的条件下,根据所述配置指令对所述配置数据进行修改并存储。In an exemplary embodiment, the central processing unit is further configured to, after receiving the configuration instruction through the interface, under the condition that the authentication status is authentication passed, perform the configuration instruction according to the configuration instruction. Data is modified and stored.

在一种示例性的实施例中,所述中央处理器包括:In an exemplary embodiment, the central processing unit includes:

闪存单元,设置为存储所述存储介质的启动引导程序以及所述存储介质中的第一分区数据;a flash memory unit, configured to store the bootstrap program of the storage medium and the first partition data in the storage medium;

随机存取存储单元;random access storage unit;

处理器单元,是设置为在满足启动条件的情况下,将闪存单元存储的数据读取到所述随机存取存储单元,从所述随机存取存储单元加载所述存储介质的启动引导程序以及所述第一分区数据;以及在鉴权状态为鉴权通过的条件下,根据所述配置指令分别对所述闪存单元和所述随机存取存储单元存储的所述配置数据进行修改并存储。The processor unit is configured to read the data stored in the flash memory unit to the random access storage unit, load the bootstrap program of the storage medium from the random access storage unit, and the first partition data; and modifying and storing the configuration data stored in the flash memory unit and the random access storage unit respectively according to the configuration instruction under the condition that the authentication state is authentication passed.

本申请实施例还提供了一种利用如前任一项所述的数据存储设备进行数据存储的方法,所述方法包括:The embodiment of the present application also provides a method for data storage using the data storage device described in any preceding item, the method comprising:

在满足启动条件的情况下,加载存储介质的启动引导程序以及所述存储介质中的第一分区数据;Loading the bootstrap program of the storage medium and the first partition data in the storage medium under the condition that the startup condition is satisfied;

根据所述启动引导程序启动所述存储介质;Start the storage medium according to the startup boot program;

根据所述第一分区数据中的鉴权数据完成鉴权操作并根据鉴权操作的结果更新所述鉴权状态;Complete the authentication operation according to the authentication data in the first partition data and update the authentication state according to the result of the authentication operation;

当鉴权状态为鉴权通过时,进行数据存储操作。When the authentication status is that the authentication is passed, the data storage operation is performed.

在一种示例性的实施例中,根据所述第一分区数据中的鉴权数据完成鉴权操作并根据鉴权操作的结果更新所述鉴权状态,包括:In an exemplary embodiment, completing the authentication operation according to the authentication data in the first partition data and updating the authentication state according to the result of the authentication operation, including:

检测到对所述第一分区的写入操作后,判断通过所述写入操作写入的鉴权数据和加载的所述第一分区数据中的鉴权数据是否一致,如果一致,则将所述鉴权状态更新为鉴权通过。After detecting the write operation to the first partition, it is judged whether the authentication data written through the write operation is consistent with the authentication data in the loaded first partition data, and if they are consistent, the The authentication status is updated to the authentication passed.

在一种示例性的实施例中,当所述第一分区数据包括配置数据时,所述方法还包括:In an exemplary embodiment, when the first partition data includes configuration data, the method further includes:

接收到对存储介质其他分区数据的读写指令后,根据更新的鉴权状态和所述配置数据对所述存储介质其他分区执行相应的操作。After receiving the read and write instructions for the data of other partitions of the storage medium, perform corresponding operations on the other partitions of the storage medium according to the updated authentication state and the configuration data.

与相关技术相比,本申请实施例提供的数据存储设备,通过其自带中央处理器加载存储介质的启动引导程序,可以实现所述数据存储设备的自启动,不需要安装额外的启动驱动程序;且所述中央处理器可以存储鉴权数据且完成鉴权数据的自加载,实现了数据存储设备的自鉴权功能。Compared with the related art, the data storage device provided by the embodiment of the present application can realize the self-starting of the data storage device by loading the startup boot program of the storage medium with its own central processing unit, and it is not necessary to install an additional startup driver. and the central processing unit can store the authentication data and complete the self-loading of the authentication data, thereby realizing the self-authentication function of the data storage device.

本申请的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本申请而了解。本申请的其他优点可通过在说明书以及附图中所描述的方案来实现和获得。Other features and advantages of the present application will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the present application. Other advantages of the present application may be realized and attained by the approaches described in the specification and drawings.

附图说明Description of drawings

附图用来提供对本申请技术方案的理解,并且构成说明书的一部分,与本申请的实施例一起用于解释本申请的技术方案,并不构成对本申请技术方案的限制。The accompanying drawings are used to provide an understanding of the technical solutions of the present application, and constitute a part of the specification. They are used to explain the technical solutions of the present application together with the embodiments of the present application, and do not constitute a limitation on the technical solutions of the present application.

图1为本申请实施例提供的数据存储设备结构图;1 is a structural diagram of a data storage device provided by an embodiment of the present application;

图2为本申请实施例提供的另一种数据存储设备结构图;FIG. 2 is a structural diagram of another data storage device provided by an embodiment of the present application;

图3为本申请实施例提供的另一种数据存储设备结构图;3 is a structural diagram of another data storage device provided by an embodiment of the present application;

图4为本申请实施例提供的数据存储方法流程图;4 is a flowchart of a data storage method provided by an embodiment of the present application;

图5为本申请应用示例提供的数据存储方法流程图;5 is a flowchart of a data storage method provided by the application example of this application;

图6为本申请应用示例提供的数据读写方法流程图。FIG. 6 is a flowchart of a data reading and writing method provided by an application example of this application.

具体实施方式Detailed ways

本申请描述了多个实施例,但是该描述是示例性的,而不是限制性的,并且对于本领域的普通技术人员来说显而易见的是,在本申请所描述的实施例包含的范围内可以有更多的实施例和实现方案。尽管在附图中示出了许多可能的特征组合,并在具体实施方式中进行了讨论,但是所公开的特征的许多其它组合方式也是可能的。除非特意加以限制的情况以外,任何实施例的任何特征或元件可以与任何其它实施例中的任何其他特征或元件结合使用,或可以替代任何其它实施例中的任何其他特征或元件。This application describes a number of embodiments, but the description is exemplary rather than restrictive, and it will be apparent to those of ordinary skill in the art that within the scope of the embodiments described in this application can be There are many more examples and implementations. Although many possible combinations of features are shown in the drawings and discussed in the detailed description, many other combinations of the disclosed features are possible. Unless expressly limited, any feature or element of any embodiment may be used in combination with, or may be substituted for, any other feature or element of any other embodiment.

本申请包括并设想了与本领域普通技术人员已知的特征和元件的组合。本申请已经公开的实施例、特征和元件也可以与任何常规特征或元件组合,以形成由权利要求限定的独特的发明方案。任何实施例的任何特征或元件也可以与来自其它发明方案的特征或元件组合,以形成另一个由权利要求限定的独特的发明方案。因此,应当理解,在本申请中示出和/或讨论的任何特征可以单独地或以任何适当的组合来实现。因此,除了根据所附权利要求及其等同替换所做的限制以外,实施例不受其它限制。此外,可以在所附权利要求的保护范围内进行各种修改和改变。This application includes and contemplates combinations with features and elements known to those of ordinary skill in the art. The embodiments, features and elements that have been disclosed in this application can also be combined with any conventional features or elements to form unique inventive solutions as defined by the claims. Any features or elements of any embodiment may also be combined with features or elements from other inventive arrangements to form another unique inventive arrangement defined by the claims. Accordingly, it should be understood that any of the features shown and/or discussed in this application may be implemented alone or in any suitable combination. Accordingly, the embodiments are not to be limited except in accordance with the appended claims and their equivalents. Furthermore, various modifications and changes may be made within the scope of the appended claims.

此外,在描述具有代表性的实施例时,说明书可能已经将方法和/或过程呈现为特定的步骤序列。然而,在该方法或过程不依赖于本文所述步骤的特定顺序的程度上,该方法或过程不应限于所述的特定顺序的步骤。如本领域普通技术人员将理解的,其它的步骤顺序也是可能的。因此,说明书中阐述的步骤的特定顺序不应被解释为对权利要求的限制。此外,针对该方法和/或过程的权利要求不应限于按照所写顺序执行它们的步骤,本领域技术人员可以容易地理解,这些顺序可以变化,并且仍然保持在本申请实施例的精神和范围内。Furthermore, in describing representative embodiments, the specification may have presented methods and/or processes as a particular sequence of steps. However, to the extent that the method or process does not depend on the specific order of steps described herein, the method or process should not be limited to the specific order of steps described. Other sequences of steps are possible, as will be understood by those of ordinary skill in the art. Therefore, the specific order of steps set forth in the specification should not be construed as limitations on the claims. Furthermore, the claims directed to the method and/or process should not be limited to performing their steps in the order written, as those skilled in the art will readily appreciate that these orders may be varied and still remain within the spirit and scope of the embodiments of the present application Inside.

本申请实施例提供了一种数据存储设备,如图1所示,所述设备包括:An embodiment of the present application provides a data storage device, as shown in FIG. 1 , the device includes:

存储介质101Storage medium 101

中央处理器102;central processing unit 102;

所述存储介质101为存储数据的介质,可以为Nand Flash、Nor Flash、嵌入式多媒体卡EMMC、硬盘等;The storage medium 101 is a medium for storing data, which can be Nand Flash, Nor Flash, embedded multimedia card EMMC, hard disk, etc.;

所述中央处理器102可以为具有加密算法功能的微控制单元(Micro ControllerUnit;MCU),所述中央处理器102设置为存储所述存储介质101的启动引导程序以及所述存储介质101中的第一分区数据,所述第一分区数据包括:鉴权数据和鉴权状态;在满足启动条件的情况下,加载所述存储介质101的启动引导程序以及根据所述引导程序启动所述存储介质101,以及加载所述第一分区数据以及根据所述鉴权数据完成鉴权操作,并根据鉴权操作的结果更新所述鉴权状态;The central processing unit 102 may be a micro control unit (Micro Controller Unit; MCU) with an encryption algorithm function, and the central processing unit 102 is configured to store the bootstrap program of the storage medium 101 and the first step in the storage medium 101 . A partition data, the first partition data includes: authentication data and authentication status; in the case of satisfying the startup condition, loading the bootstrap program of the storage medium 101 and booting the storage medium 101 according to the bootstrap program , and load the first partition data and complete the authentication operation according to the authentication data, and update the authentication state according to the result of the authentication operation;

其中,启动条件可以为上电启动,或接收指令启动。Wherein, the start condition may be power-on start, or receiving an instruction to start.

本申请实施例记载的数据存储设备,通过其自带中央处理器加载存储介质的启动引导程序,可以实现所述数据存储设备的自启动,不需要安装额外的启动驱动程序;且所述中央处理器可以存储鉴权数据且完成鉴权数据的自加载,实现了数据存储设备的自鉴权功能。The data storage device described in the embodiment of the present application can realize the self-starting of the data storage device by loading the startup boot program of the storage medium with its own central processing unit, without installing an additional startup driver; and the central processing unit The device can store the authentication data and complete the self-loading of the authentication data, realizing the self-authentication function of the data storage device.

作为一示例性实施例,如图2所示,所述数据存储设备还可以包括:与外部设备进行数据交互的接口103;所述接口103可以为USB接口、SD接口或MMC接口等;As an exemplary embodiment, as shown in FIG. 2 , the data storage device may further include: an interface 103 for data interaction with an external device; the interface 103 may be a USB interface, an SD interface, or an MMC interface, etc.;

所述中央处理器102,设置为根据所述鉴权数据完成鉴权操作并根据鉴权操作的结果更新所述鉴权状态,包括:The central processing unit 102 is configured to complete the authentication operation according to the authentication data and update the authentication state according to the result of the authentication operation, including:

通过所述接口103检测到对所述第一分区的写入操作后,判断通过所述写入操作写入的鉴权数据和加载的所述第一分区数据中的鉴权数据是否一致,如果一致,则将所述鉴权状态更新为鉴权通过。After detecting the write operation to the first partition through the interface 103, it is determined whether the authentication data written through the write operation is consistent with the authentication data in the loaded first partition data, if If they are consistent, the authentication status is updated to pass the authentication.

在一示例性实施例中,所述第一分区数据还包括:配置数据;In an exemplary embodiment, the first partition data further includes: configuration data;

所述中央处理器102,还设置为通过所述接口103接收到对存储介质101的其他分区数据的读写指令后,根据更新的鉴权状态和所述配置数据对所述存储介质101的其他分区执行相应的操作。The central processing unit 102 is further configured to, after receiving the read and write instructions for other partition data of the storage medium 101 through the interface 103, perform other operations on the storage medium 101 according to the updated authentication state and the configuration data. The partition performs the corresponding operation.

所述存储介质101可以分为4个分区,分别为第一分区,第二分区、第三分区和第四分区;The storage medium 101 can be divided into 4 partitions, namely the first partition, the second partition, the third partition and the fourth partition;

所述第一分区用于存储鉴权数据、鉴权状态、配置数据;所述鉴权数据可以包括用户名和密钥,可存储于login.txt文件;所述鉴权状态可存储于status.txt文件;所述配置数据可存储于config.txt文件;所述第一分区数据存储于中央处理器;The first partition is used to store authentication data, authentication status, and configuration data; the authentication data can include user names and keys, and can be stored in the login.txt file; the authentication status can be stored in status.txt file; the configuration data can be stored in the config.txt file; the first partition data is stored in the central processing unit;

所述第二分区~第四分区用于存储用户数据;所述第二分区数据~第四分区数据存储于存储介质;本申请实施例中,将鉴权数据和用户数据置于不同的分区,因此用户数据区的格式不会受到限制,可以格式化为FAT32,exFAT,ext4,NTFS等。The second to fourth partitions are used to store user data; the second to fourth partitions are stored in a storage medium; in this embodiment of the application, the authentication data and the user data are placed in different partitions, Therefore, the format of the user data area will not be limited, and it can be formatted as FAT32, exFAT, ext4, NTFS, etc.

在一示例性实施例中,所述配置数据的种类可以包括:In an exemplary embodiment, the types of configuration data may include:

修改后的用户名和密钥,所述用户名和密钥可以以hash值的方式存储;hash算法可以为SHA256或SM3等;The modified username and key, the username and key can be stored in the form of a hash value; the hash algorithm can be SHA256 or SM3, etc.;

鉴权模式,可配置登入时鉴权数据以明文方式呈现或以hash值的方式呈现;Authentication mode, you can configure the authentication data to be presented in plaintext or in the form of hash value when logging in;

鉴权失败最大重试次数,连续鉴权失败的次数超过所述鉴权失败最大重试次数后将锁定设备;The maximum number of retries for authentication failures, and the device will be locked after the number of consecutive authentication failures exceeds the maximum number of retries for the described authentication failures;

加解密算法类型,设置写入/读取数据时的加解密算法,例如SM4/AES等对称算法;Encryption and decryption algorithm type, set the encryption and decryption algorithm when writing/reading data, such as symmetric algorithms such as SM4/AES;

生成/导入密钥,该密钥为写入/读取数据时的加密/解密的密钥;Generate/import the key, which is the encryption/decryption key when writing/reading data;

其他分区的工作模式,第二分区数据~第四分区在写入数据时是否加密,读取数据时是否解密;The working mode of other partitions, whether the data of the second partition to the fourth partition is encrypted when writing data, and whether it is decrypted when reading data;

其他分区的访问权限,第二分区数据~第四分区是否需要通过鉴权后才能访问。Access rights of other partitions, whether the data from the second partition to the fourth partition need to be authenticated before they can be accessed.

在一示例性实施例中,当所述配置数据为:对存储介质101的其他分区数据进行读写操作的条件是否为鉴权通过时,所述中央处理器102,根据更新的鉴权状态和所述配置数据对所述存储介质101的其他分区执行相应的操作,包括:In an exemplary embodiment, when the configuration data is: whether the condition for performing read and write operations on other partition data of the storage medium 101 is authentication passed, the central processing unit 102, according to the updated authentication status and The configuration data performs corresponding operations on other partitions of the storage medium 101, including:

当对存储介质101的其他分区数据进行读写操作的条件为鉴权通过,仅在鉴权状态为鉴权通过时才根据所述配置数据对于对应的存储介质101的其他分区执行相应的读写操作;When the condition of the read and write operations on other partition data of the storage medium 101 is that the authentication is passed, the corresponding read and write operations are performed on other partitions of the corresponding storage medium 101 according to the configuration data only when the authentication state is the authentication passed. operate;

当对存储介质101的其他分区数据进行读写操作的条件为鉴权未通过,在鉴权状态为鉴权通过或鉴权不通过时均根据所述配置数据对于对应的存储介质101的其他分区执行相应的读写操作。When the condition of the read/write operation for other partition data of the storage medium 101 is that the authentication fails, and when the authentication status is that the authentication passes or the authentication fails, all other partitions of the corresponding storage medium 101 are processed according to the configuration data according to the configuration data. Perform the corresponding read and write operations.

在一示例性实施例中,当所述配置数据为:对存储介质101的其他分区数据的读写是否需要加密的指示信息,以及加密密钥时,所述中央处理器102,当对存储介质101其他分区数据进行读写操作的条件为鉴权通过,仅在鉴权状态为鉴权通过时才根据所述配置数据对于对应的存储介质101的其他分区执行相应的读写操作,包括:In an exemplary embodiment, when the configuration data is: information indicating whether encryption is required for reading and writing data of other partitions of the storage medium 101, and an encryption key, the central processing unit 102, when the storage medium 101 The condition for other partition data to perform read and write operations is that the authentication passes, and only when the authentication state is that the authentication passes, the corresponding read and write operations are performed for other partitions of the corresponding storage medium 101 according to the configuration data, including:

在鉴权状态为鉴权通过,且对于对应的存储介质101的其他分区执行相应的读写操作且读写需要加密时,根据所述加密密钥对读写数据进行解加密处理。When the authentication status is the authentication passed, and the corresponding read and write operations are performed on other partitions of the corresponding storage medium 101 and the read and write needs to be encrypted, the read and write data is decrypted according to the encryption key.

在一示例性实施例中,所述中央处理器102,还设置为通过所述接口103接收到配置指令后,在鉴权状态为鉴权通过的条件下,根据所述配置指令对所述配置数据进行修改并存储。In an exemplary embodiment, the central processing unit 102 is further configured to, after receiving the configuration instruction through the interface 103, under the condition that the authentication status is authentication passed, perform the configuration instruction according to the configuration instruction. Data is modified and stored.

在一示例性实施例中,如图3所示,所述中央处理器102包括:In an exemplary embodiment, as shown in FIG. 3 , the central processing unit 102 includes:

闪存单元1021,设置为存储所述存储介质的启动引导程序以及所述存储介质中的第一分区数据;The flash memory unit 1021 is configured to store the bootstrap program of the storage medium and the first partition data in the storage medium;

随机存取存储单元1022;random access storage unit 1022;

处理器单元1023,是设置为在满足启动条件的情况下,将闪存单元1021存储的数据读取到所述随机存取存储单元1022,从所述随机存取存储单元1022加载所述存储介质的启动引导程序以及所述第一分区数据;以及在鉴权状态为鉴权通过的条件下,根据所述配置指令分别对所述闪存单元1021和所述随机存取存储单元1022存储的所述配置数据进行修改并存储。The processor unit 1023 is configured to read the data stored in the flash memory unit 1021 to the random access storage unit 1022, and load the storage medium from the random access storage unit 1022 when the startup condition is satisfied. Start the bootstrap program and the first partition data; and under the condition that the authentication state is authentication passed, the configuration stored in the flash memory unit 1021 and the random access storage unit 1022 respectively according to the configuration instruction Data is modified and stored.

本申请实施例将存储介质的启动引导程序、鉴权数据和配置数据等关键信息存储在闪存单元,用户访问到的该数据是启动后从闪存单元中读取到随机存取存储单元中的数据,因此即使该数据被用户格式化或误操作删除,重启后依然能够恢复,可靠性高。In this embodiment of the present application, key information such as the startup boot program, authentication data, and configuration data of the storage medium is stored in the flash memory unit, and the data accessed by the user is the data read from the flash memory unit to the random access storage unit after startup , so even if the data is formatted by the user or deleted by mistake, it can still be recovered after restarting, with high reliability.

本申请实施例还提供了一种基于前述实施例所述的数据存储设备进行数据存储的方法,如图4所示,所述方法包括:An embodiment of the present application further provides a method for data storage based on the data storage device described in the foregoing embodiment, as shown in FIG. 4 , the method includes:

步骤S401在满足启动条件的情况下,加载存储介质的启动引导程序以及所述存储介质中的第一分区数据;Step S401 loads the bootstrap program of the storage medium and the first partition data in the storage medium under the condition that the startup condition is satisfied;

步骤S402根据所述启动引导程序启动所述存储介质;Step S402 starts the storage medium according to the startup boot program;

步骤S403根据所述第一分区数据中的鉴权数据完成鉴权操作,并根据鉴权操作的结果更新所述鉴权状态;Step S403 completes the authentication operation according to the authentication data in the first partition data, and updates the authentication state according to the result of the authentication operation;

步骤S404当鉴权状态为鉴权通过时,进行数据存储操作。In step S404, when the authentication status is that the authentication is passed, a data storage operation is performed.

在一示例性实施例中,步骤S403根据所述第一分区数据中的鉴权数据完成鉴权操作并根据鉴权操作的结果更新所述鉴权状态,包括:In an exemplary embodiment, step S403 completes the authentication operation according to the authentication data in the first partition data and updates the authentication state according to the result of the authentication operation, including:

检测到对所述第一分区的写入操作后,判断通过所述写入操作写入的鉴权数据和加载的所述第一分区数据中的鉴权数据是否一致,如果一致,则将所述鉴权状态更新为鉴权通过。After detecting the write operation to the first partition, it is judged whether the authentication data written through the write operation is consistent with the authentication data in the loaded first partition data, and if they are consistent, the The authentication status is updated to the authentication passed.

在一示例性实施例中,当所述第一分区数据包括配置数据时,所述方法还包括:In an exemplary embodiment, when the first partition data includes configuration data, the method further includes:

接收到对存储介质其他分区数据的读写指令后,根据更新的鉴权状态和所述配置数据对所述存储介质其他分区执行相应的操作。After receiving the read and write instructions for the data of other partitions of the storage medium, perform corresponding operations on the other partitions of the storage medium according to the updated authentication state and the configuration data.

下面以一个具体的应用示例对本申请实施例记载的数据存储方法进行说明。The data storage method described in the embodiment of the present application will be described below with a specific application example.

以读写第二分区为例,第一分区(控制分区)的鉴权数据存储于文件login.txt,配置数据存储于config.txt,鉴权状态存储于status.txt,第二分区配置为鉴权后可读写、写入数据加密、读取数据解密,如图5所示;Taking reading and writing the second partition as an example, the authentication data of the first partition (control partition) is stored in the file login.txt, the configuration data is stored in config.txt, the authentication status is stored in status.txt, and the second partition is configured as authentication. After the authorization, it can read and write, write data encryption, and read data decryption, as shown in Figure 5;

步骤501设备启动,从Flash中加载存储介质的启动引导程序MBR和第一分区的数据到RAM空间中;Step 501 starts the device, and loads the startup boot program MBR of the storage medium and the data of the first partition into the RAM space from the Flash;

步骤502读取MBR后生成2个磁盘文件,以Linux内核的操作系统为例,会在/dev路径下出现设备的2个分区所对应的文件;Step 502 generates 2 disk files after reading the MBR, taking the operating system of the Linux kernel as an example, the files corresponding to the 2 partitions of the device will appear under the /dev path;

步骤503在主机端用户mount第一分区后,接收用户向第一分区的login.txt文件写入的用户名、密码;Step 503: After the host user mounts the first partition, receive the user name and password written by the user to the login.txt file of the first partition;

步骤504在检测到用户对第一分区的写入操作后,判断写入的文件是否为login.txt文件,如果是,将写入内容转换为hash值,对比写入hash值和保存的用户名hash值、密码hash值是否一致;如果一致,执行步骤S505;如果不一致,执行步骤S506;Step 504, after detecting the user's write operation to the first partition, determine whether the written file is the login.txt file, if so, convert the written content into a hash value, and compare the written hash value with the saved user name Whether the hash value and the password hash value are consistent; if they are consistent, go to step S505; if they are inconsistent, go to step S506;

步骤505鉴权通过,接收用户的数据读写操作指令;Step 505, the authentication is passed, and the user's data read and write operation instruction is received;

鉴权通过后,用户将获得修改第一分区的配置文件config.txt和读写其他分区的权限,其中第一分区的配置文件可用于修改flash中存储的用户名、密码信息、鉴权模式、加密算法类型、修改密钥、认证模式、鉴权失败最大重试次数,其他分区的访问权限等配置功能;以第二分区为例,如果用户将第二分区的模式配置为写入数据加密,读取数据解密:如图6所示,接收到的用户向第二分区写入的数据都会先经过加密后,变为密文输入后再写入存储介质中;接收到用户从第二分区读取数据指令后,会将从存储介质中读取的数据解密,然后将解密后的数据发送给用户;After the authentication is passed, the user will obtain the permission to modify the configuration file config.txt of the first partition and read and write other partitions, wherein the configuration file of the first partition can be used to modify the user name, password information, authentication mode, Configuration functions such as encryption algorithm type, modification key, authentication mode, maximum number of retries for authentication failure, and access rights for other partitions. Taking the second partition as an example, if the user configures the Decryption of read data: As shown in Figure 6, the received data written by the user to the second partition will be encrypted first, and then converted into ciphertext input and then written to the storage medium; the received user reads data from the second partition After the data fetch instruction, the data read from the storage medium will be decrypted, and then the decrypted data will be sent to the user;

步骤S506鉴权未通过,则记录鉴权操作失败次数,在未通过鉴权的情况下即便用户对第二分区发起的读写操作,设备也不会对存储介质进行实际的读写,例如读操作直接返回0数据,写操作则返回失败。In step S506, if the authentication fails, the number of times of failure of the authentication operation is recorded. If the authentication is not passed, even if the user initiates a read and write operation on the second partition, the device will not actually read and write the storage medium, such as reading and writing. The operation directly returns 0 data, and the write operation returns failure.

本领域普通技术人员可以理解,上文中所公开方法中的全部或某些步骤、系统、装置中的功能模块/单元可以被实施为软件、固件、硬件及其适当的组合。在硬件实施方式中,在以上描述中提及的功能模块/单元之间的划分不一定对应于物理组件的划分;例如,一个物理组件可以具有多个功能,或者一个功能或步骤可以由若干物理组件合作执行。某些组件或所有组件可以被实施为由处理器,如数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM、ROM、EEPROM、闪存或其他存储器技术、CD-ROM、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此外,本领域普通技术人员公知的是,通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。Those of ordinary skill in the art can understand that all or some of the steps in the methods disclosed above, functional modules/units in the systems, and devices can be implemented as software, firmware, hardware, and appropriate combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be composed of several physical components Components execute cooperatively. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer-readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). As known to those of ordinary skill in the art, the term computer storage media includes both volatile and nonvolatile implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules or other data flexible, removable and non-removable media. Computer storage media include, but are not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices, or may Any other medium used to store desired information and which can be accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism, and can include any information delivery media, as is well known to those of ordinary skill in the art .

Claims (10)

1. A data storage device, comprising:
a storage medium;
a central processing unit configured to store a boot program for starting the storage medium and first partition data in the storage medium, the first partition data including: authentication data and authentication status; and loading a starting bootstrap program of the storage medium, starting the storage medium according to the bootstrap program, loading the first partition data, completing authentication operation according to the authentication data and updating the authentication state according to the result of the authentication operation under the condition of meeting the starting condition.
2. The data storage device of claim 1,
the data storage device further comprises: an interface for data interaction with an external device;
the central processing unit is configured to complete authentication operation according to the authentication data and update the authentication state according to the result of the authentication operation, and comprises:
after the interface detects the write operation to the first partition, whether the authentication data written by the write operation is consistent with the authentication data in the loaded first partition data is judged, and if so, the authentication state is updated to be authenticated.
3. The data storage device of claim 2,
the first partition data further includes: configuring data;
the central processing unit is also configured to execute corresponding operations on other partitions of the storage medium according to the updated authentication state and the configuration data after receiving the read-write instruction of the data of other partitions of the storage medium through the interface.
4. The data storage device of claim 3,
the configuration data includes: whether the condition of performing read-write operation on other partition data of the storage medium is that authentication is passed or not is judged;
the central processing unit executes corresponding operations to other partitions of the storage medium according to the updated authentication state and the configuration data, and the operations comprise:
when the condition of performing read-write operation on the data of other partitions of the storage medium is that authentication is passed, corresponding read-write operation is performed on the other partitions of the corresponding storage medium according to the configuration data only when the authentication state is that the authentication is passed;
and when the condition for performing the read-write operation on the data of other partitions of the storage medium is that the authentication is not passed, and when the authentication state is that the authentication is passed or the authentication is not passed, performing corresponding read-write operation on the other partitions of the corresponding storage medium according to the configuration data.
5. The data storage device of claim 4,
the configuration data further comprises: indication information indicating whether the read-write of other partition data of the storage medium needs to be encrypted or not and an encryption key;
the central processing unit, when the condition of performing the read-write operation on the data of other partitions of the storage medium is that the authentication is passed, only when the authentication state is that the authentication is passed, performs corresponding read-write operation on the corresponding other partitions of the storage medium according to the configuration data, including:
and when the authentication state is authentication passing, corresponding read-write operation is executed on other partitions of the corresponding storage medium, and the read-write operation needs to be encrypted, performing decryption processing on the read-write data according to the encryption key.
6. The data storage device of any of claims 3 to 5,
the central processing unit is also configured to modify and store the configuration data according to the configuration instruction under the condition that the authentication state is authentication passing after receiving the configuration instruction through the interface.
7. The data storage device of claim 6,
the central processing unit includes:
a flash memory unit configured to store a boot program for the storage medium and first partition data in the storage medium;
a random access memory cell;
the processor unit is used for reading the data stored in the flash memory unit to the random access memory unit and loading a boot program of the storage medium and the first partition data from the random access memory unit under the condition that a starting condition is met; and modifying and storing the configuration data stored in the flash memory unit and the random access memory unit according to the configuration command under the condition that the authentication state is authenticated.
8. A method of data storage using a data storage device as claimed in any one of claims 1 to 7, the method comprising:
loading a boot program of a storage medium and first partition data in the storage medium under the condition that a starting condition is met;
starting the storage medium according to the starting bootstrap program;
finishing authentication operation according to the authentication data in the first partition data and updating the authentication state according to the result of the authentication operation;
and when the authentication state is that the authentication is passed, performing data storage operation.
9. The method of claim 8,
finishing authentication operation according to the authentication data in the first partition data and updating the authentication state according to the result of the authentication operation, including:
and after the write operation on the first partition is detected, judging whether the authentication data written through the write operation is consistent with the authentication data in the loaded first partition data, and if so, updating the authentication state to be authenticated.
10. The method of claim 9,
when the first partition data comprises configuration data, the method further comprises:
and after receiving a read-write instruction of the data of other partitions of the storage medium, executing corresponding operation on the other partitions of the storage medium according to the updated authentication state and the configuration data.
CN202210638230.5A 2022-06-07 2022-06-07 Data storage device and method Pending CN115098897A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210638230.5A CN115098897A (en) 2022-06-07 2022-06-07 Data storage device and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210638230.5A CN115098897A (en) 2022-06-07 2022-06-07 Data storage device and method

Publications (1)

Publication Number Publication Date
CN115098897A true CN115098897A (en) 2022-09-23

Family

ID=83289230

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210638230.5A Pending CN115098897A (en) 2022-06-07 2022-06-07 Data storage device and method

Country Status (1)

Country Link
CN (1) CN115098897A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5542082A (en) * 1990-12-06 1996-07-30 Tandberg Data A/S Data storage system connected to a host computer system and having removable data storage media and equipped to read a control program from the removable media into storage employing ID comparison scheme
CN101123507A (en) * 2007-10-08 2008-02-13 杭州华三通信技术有限公司 Method for protecting data information on storage device and storage device
CN101436233A (en) * 2007-11-12 2009-05-20 中国长城计算机深圳股份有限公司 Hard disk multi-user partition switch control method, system and computer terminal
CN107092838A (en) * 2017-03-30 2017-08-25 北京洋浦伟业科技发展有限公司 A kind of safety access control method of hard disk and a kind of hard disk
US20200089889A1 (en) * 2018-09-19 2020-03-19 SK Hynix Inc. Memory system and operation method thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5542082A (en) * 1990-12-06 1996-07-30 Tandberg Data A/S Data storage system connected to a host computer system and having removable data storage media and equipped to read a control program from the removable media into storage employing ID comparison scheme
CN101123507A (en) * 2007-10-08 2008-02-13 杭州华三通信技术有限公司 Method for protecting data information on storage device and storage device
CN101436233A (en) * 2007-11-12 2009-05-20 中国长城计算机深圳股份有限公司 Hard disk multi-user partition switch control method, system and computer terminal
CN107092838A (en) * 2017-03-30 2017-08-25 北京洋浦伟业科技发展有限公司 A kind of safety access control method of hard disk and a kind of hard disk
US20200089889A1 (en) * 2018-09-19 2020-03-19 SK Hynix Inc. Memory system and operation method thereof

Similar Documents

Publication Publication Date Title
CN108763099B (en) System starting method and device, electronic equipment and storage medium
TWI643130B (en) SYSTEM AND METHOD FOR AUTO-ENROLLING OPTION ROMs IN A UEFI SECURE BOOT DATABASE
KR101702289B1 (en) Continuation of trust for platform boot firmware
KR101802800B1 (en) Media protection policy enforcement for multiple-operating-system environments
EP3291122A1 (en) Anti-rollback version upgrade in secured memory chip
EP3851989B1 (en) Electronic device for updating firmware based on user authentication and an operating method thereof
US10437580B2 (en) Software updating methods and systems
US10482256B2 (en) Information processing apparatus and method of controlling the apparatus
US20120011354A1 (en) Boot loading of secure operating system from external device
US11068599B2 (en) Secure initialization using embedded controller (EC) root of trust
US10482278B2 (en) Remote provisioning and authenticated writes to secure storage devices
CN112613011A (en) USB flash disk system authentication method and device, electronic equipment and storage medium
US11200065B2 (en) Boot authentication
WO2021233351A1 (en) Data transfer method and device, and terminal and computer-readable storage medium
CN115098897A (en) Data storage device and method
US12321459B2 (en) Automated update of a customized secure boot policy
US20090187898A1 (en) Method for securely updating an autorun program and portable electronic entity executing it
CN116089327A (en) Data protection method and related equipment
WO2016024967A1 (en) Secure non-volatile random access memory
US10838632B2 (en) Memory system locking or unlocking data read to nonvolatile memory and control method thereof
CN110990840A (en) Method and device for starting equipment
WO2007000670A1 (en) Information updating method, program for the same and information processing unit
US20230129942A1 (en) Method for locking a rewritable non-volatile memory and electronic device implementing said method
US12393652B1 (en) Securing computing devices during transit
US20250238135A1 (en) Input/output fencing of a shared cloud storage volume

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination