CN113761599A - Solid state disk encryption method and device, readable storage medium and electronic equipment - Google Patents
Solid state disk encryption method and device, readable storage medium and electronic equipment Download PDFInfo
- Publication number
- CN113761599A CN113761599A CN202111059748.5A CN202111059748A CN113761599A CN 113761599 A CN113761599 A CN 113761599A CN 202111059748 A CN202111059748 A CN 202111059748A CN 113761599 A CN113761599 A CN 113761599A
- Authority
- CN
- China
- Prior art keywords
- password
- solid state
- disk
- state disk
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a solid state disk encryption method, a solid state disk encryption device, a readable storage medium and electronic equipment, wherein the encryption request of a solid state disk is received; sending an NVMe standard password information inquiry command to the solid state disk according to the encryption request; receiving password state information corresponding to the NVMe standard password information query command; and sending an NVMe standard password setting command to the solid state disk for encryption based on the password state information to obtain the encrypted solid state disk, and after receiving an interaction command of the host, performing corresponding authority limitation on data of the solid state disk in different modes by utilizing the particularity of the solid state disk, or directly rejecting a request of the host under the condition of no belief, wherein the permission limitation is not easy to crack, and the encryption safety and reliability of the solid state disk can be improved.
Description
Technical Field
The invention relates to the technical field of solid state disks, in particular to a solid state disk encryption method and device, a readable storage medium and electronic equipment.
Background
At present, solid state disks are widely used in personal computers and mobile terminals due to their advantages of high performance, low latency, low power consumption, and the like.
Due to the wide spread of the internet and 5G, network attacks, fraud and remote theft attract attention of hackers, the security and privacy of data are seriously tested, and meanwhile, the security of the data is also very important. A plurality of solid state disk encryption technologies are available on the market, including hardware encryption, software password and communication encryption, so that data security of data in the transmission and storage processes is guaranteed, but the existing partial encryption technologies are only limited under pure software or independent hardware, and in terms of security technologies, the solid state disk cannot be completely protected by the design, and the situation of being cracked is easy to occur.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the solid state disk encryption method and device, the readable storage medium and the electronic equipment are provided, and the safety and reliability of solid state disk encryption can be improved.
In order to solve the technical problems, the invention adopts a technical scheme that:
a solid state disk encryption method comprises the following steps:
receiving an encryption request of a solid state disk;
sending an NVMe standard password information inquiry command to the solid state disk according to the encryption request;
receiving password state information corresponding to the NVMe standard password information query command;
and sending an NVMe standard password setting command to the solid state disk for encryption based on the password state information to obtain the encrypted solid state disk.
In order to solve the technical problem, the invention adopts another technical scheme as follows:
a solid state disk encryption device comprises:
the request receiving module is used for receiving an encryption request of the solid state disk;
the command sending module is used for sending an NVMe standard password information inquiry command to the solid state disk according to the encryption request;
the information receiving module is used for receiving password state information corresponding to the NVMe standard password information inquiry command;
and the encryption module is used for sending the NVMe standard password setting command to the solid state disk for encryption based on the password state information to obtain the encrypted solid state disk.
In order to solve the technical problem, the invention adopts another technical scheme as follows:
a computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the above-mentioned solid state disk encryption method.
In order to solve the technical problem, the invention adopts another technical scheme as follows:
an electronic device comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the computer program to realize the steps of the solid state disk encryption method.
The invention has the beneficial effects that: sending an NVMe standard password information inquiry command to the solid state disk according to the received encryption request, and sending an NVMe standard password setting command to the solid state disk according to the inquired password state information for encryption to obtain the encrypted solid state disk.
Drawings
Fig. 1 is a flowchart illustrating steps of a solid state disk encryption method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a solid-state disk encryption device according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present invention;
fig. 4 is a schematic format diagram of an NVMe standard password information query command in the solid state disk encryption method according to the embodiment of the present invention;
fig. 5 is a schematic format diagram of password status information in the solid state disk encryption method according to the embodiment of the present invention;
fig. 6 is a schematic format diagram of an NVMe standard password setting command in the solid state disk encryption method according to the embodiment of the present invention;
fig. 7 is a schematic view illustrating operation code meanings of cdw10. spspsp1: Reserved and cdw10.spsp0 of NVMe standard password setting commands in the solid state disk encryption method according to the embodiment of the present invention;
fig. 8 is a schematic diagram of a data packet format of an NVMe standard password setting command for implementing a password setting function in the solid state disk encryption method according to the embodiment of the present invention;
fig. 9 is a schematic diagram of a data packet format of an NVMe standard password setting command for implementing an unlocking function in the solid state disk encryption method according to the embodiment of the present invention;
fig. 10 is a schematic diagram of a data packet format of an NVMe standard password setting command for implementing a disk data erasure function in the solid state disk encryption method according to the embodiment of the present invention;
fig. 11 is a schematic diagram of a data packet format of an NVMe standard password setting command for implementing a password clearing function in the solid state disk encryption method according to the embodiment of the present invention;
fig. 12 is a schematic diagram illustrating operation limitation of a host on a solid state disk in different states in the solid state disk encryption method according to the embodiment of the present invention;
fig. 13 is a schematic diagram illustrating transition between different states of an SSD in the solid state disk encryption method according to the embodiment of the present invention.
Detailed Description
In order to explain technical contents, achieved objects, and effects of the present invention in detail, the following description is made with reference to the accompanying drawings in combination with the embodiments.
Referring to fig. 1, an embodiment of the present invention provides a solid state disk encryption method, including:
receiving an encryption request of a solid state disk;
sending an NVMe standard password information inquiry command to the solid state disk according to the encryption request;
receiving password state information corresponding to the NVMe standard password information query command;
and sending an NVMe standard password setting command to the solid state disk for encryption based on the password state information to obtain the encrypted solid state disk.
From the above description, the beneficial effects of the present invention are: sending an NVMe standard password information inquiry command to the solid state disk according to the received encryption request, and sending an NVMe standard password setting command to the solid state disk according to the inquired password state information for encryption to obtain the encrypted solid state disk.
Further, the password state information includes a password function setting state;
the sending of the NVMe standard password setting command to the solid state disk for encryption based on the password state information comprises:
and judging whether the password function setting state is not set, if so, sending an NVMe standard password setting command comprising a first password to the solid state disk for encryption, and receiving execution result information, and if not, sending an NVMe standard password setting command comprising a second password to the solid state disk for decryption, and receiving the execution result information.
As can be seen from the above description, the password function setting status indicates whether the password is set in the current solid state disk, when the password is not set, the host can send the password to be set to the solid state disk to encrypt the password, when the password is set, the host decrypts the solid state disk, thereby simply implementing the encryption of the solid state disk,
further, the sending the NVMe standard password setting command to the solid state disk for encryption based on the password state information includes, after obtaining the encrypted solid state disk:
receiving hardware reset information, power failure information or power on information corresponding to the encrypted solid state disk;
locking the encrypted solid state disk according to the hardware reset information, the power failure information or the power on information to obtain a locked solid state disk;
receiving an unlocking request corresponding to the locked solid state disk, wherein the unlocking request comprises a third password and an unlocking instruction;
and generating the NVMe standard password setting command according to the third password and the unlocking instruction, sending the NVMe standard password setting command to the locked solid state disk for unlocking, and receiving execution result information.
According to the description, when the encrypted solid state disk has the phenomena of hardware reset, power failure or power-on, the encrypted solid state disk is automatically locked, and when the solid state disk is in a locked state, the data of the disk cannot be read, written and erased, so that the safety of the data of the disk is ensured.
Further, the password state information also comprises time for safely erasing the full disk data;
the sending of the NVMe standard password setting command to the solid state disk for encryption based on the password state information further comprises the following steps of:
receiving a disk data erasing request corresponding to the encrypted solid state disk, wherein the disk data erasing request comprises a disk data erasing preparation instruction, a disk data erasing instruction and a fourth password;
sending the NVMe standard password information inquiry command to the encrypted solid state disk according to the disk data erasing request;
receiving password state information corresponding to the NVMe standard password information query command;
generating the NVMe standard password setting command according to the disc data erasing preparation command, the disc data erasing command and the fourth password;
sending the disk data erasing preparation instruction to the encrypted solid state disk to perform disk data erasing preparation to obtain a prepared solid state disk;
and sending the fourth password and the disk data erasing instruction to the prepared solid state disk for disk data erasing, and waiting for the time for safely erasing the whole disk data to obtain the solid state disk with the data erased.
As can be seen from the above description, when erasing the disk data, the disk data can be erased only after the encrypted solid state disk finishes the disk data erasing preparation, and when erasing the disk data, the NVMe standard password setting command including the fourth password and the disk data erasing instruction needs to be sent to the prepared solid state disk, and the data erasing operation can be performed after the password verification is successful, so that the data erasing is safely and reliably realized, and the data of the solid state disk is protected.
Further, the sending the NVMe standard password setting command to the solid state disk for encryption based on the password state information further includes, after obtaining the encrypted solid state disk:
receiving a disk freezing request corresponding to the encrypted solid state disk, wherein the disk freezing request comprises a fifth password and a disk freezing instruction;
and generating the NVMe standard password setting command according to the fifth password and the disk freezing instruction, and sending the NVMe standard password setting command to the encrypted solid state disk for disk freezing to obtain the frozen solid state disk.
As can be seen from the above description, the NVMe standard password setting command including the fifth password and the disk freezing instruction is sent to the encrypted solid-state hard disk, so that the encrypted solid-state hard disk and the solid-state hard disk in the frozen state can be frozen, and the disk can be read and written normally but cannot erase the disk data, thereby ensuring the security of the solid-state hard disk.
Further, the sending the fifth password and the disk freezing instruction to the encrypted solid-state disk for disk freezing to obtain a frozen solid-state disk includes:
receiving a freeze releasing request corresponding to the frozen solid state disk;
and performing hardware reset operation on the frozen solid state disk according to the freeze releasing request to obtain the freeze released solid state disk.
According to the description, the unfreezing can be realized only by carrying out hardware reset operation on the frozen solid state disk, and the matching of hardware and software is realized, so that the safe and reliable encryption of the solid state disk is realized.
Further, the sending the NVMe standard password setting command to the solid state disk for encryption based on the password state information further includes, after obtaining the encrypted solid state disk:
receiving a password clearing request corresponding to the encrypted solid state disk, wherein the password clearing request comprises a sixth password and a password clearing instruction;
and generating the NVMe standard password setting command according to the sixth password and the password clearing instruction, sending the NVMe standard password setting command to the encrypted solid state disk for password clearing, and receiving execution result information.
As can be seen from the above description, the password clearing is performed on the encrypted solid state disk, all the conditions related to all the passwords, including the previously set password, can be set, and the solid state disk is restored to the initial password-unset state, so that the security state of the solid state disk can be reset conveniently.
Referring to fig. 2, another embodiment of the present invention provides a solid state disk encryption apparatus, including:
the request receiving module is used for receiving an encryption request of the solid state disk;
the command sending module is used for sending an NVMe standard password information inquiry command to the solid state disk according to the encryption request;
the information receiving module is used for receiving password state information corresponding to the NVMe standard password information inquiry command;
and the encryption module is used for sending the NVMe standard password setting command to the solid state disk for encryption based on the password state information to obtain the encrypted solid state disk.
Another embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps in the above-mentioned encryption method for a solid state disk.
Referring to fig. 3, another embodiment of the present invention provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the steps of the above-mentioned encryption method for a solid state disk.
The encryption method, device, readable storage medium and electronic device for the Solid State disk according to the present invention can be applied to encryption of any type of SSD (Solid State Drive), such as flash Memory-based SSD, DRAM (Dynamic Random Access Memory) based SSD and 3D XPoint-based SSD, and the following description is provided by specific embodiments:
example one
Referring to fig. 1, 4-8, and 12-13, a solid state disk encryption method of the present embodiment includes:
s0, developing FW (FirmWare);
specifically, FW is developed according to NVMe (non-volatile memory host controller interface specification) protocol standard, so that FW can support a Security Receive command and a Security Send command, that is, an NVMe standard password information query command and an NVMe standard password setting command;
s1, receiving an encryption request of the solid state disk;
s2, sending an NVMe standard password information inquiry command to the solid state disk according to the encryption request;
specifically, as shown in fig. 4, fig. 4 shows a format in which a host (host) sends an NVMe standard password information query command to an SSD, where the command is used for host to query the password status and supported password characteristics of the current SSD, where cdw10.secp ═ EFh represents a password function, all parameters of cdw10. spspsp1, cdw10.spsp0, and cdw10.nssf are reserved fields, a default value is 00, cdw11.al represents the length of currently transmitted data, a fixed constant is 1, and 1 represents a size of 512 bytes;
s3, receiving password state information corresponding to the NVMe standard password information inquiry command;
wherein the password state information comprises a password function setting state;
specifically, as shown in fig. 5, fig. 5 shows a content format of 512 bytes of data (i.e., password status information) returned to host when the SSD receives the NVMe standard password information query command, wherein SET represents time for securely erasing the full disk data;
MPI represents management password mark information, and the factory default value is 0x 5655;
support represents the cryptographic function support state, and when the value is 1: supporting a password function, when the value is 0: the password function is not supported;
enable represents the cryptographic function set state, with a value of 1: the password function is set, and when the value is 0: the password function is not set;
locked indicates whether the SSD is in a locked state, and when the value is 1: in the locked state, at a value of 0: not in a locked state;
FROZEN indicates whether SSD is in frozen state, and when the value is 1: in frozen state, value 0: not in a frozen state;
pwcntex indicates whether the error code is over-restricted, and when the value is 1: wrong password entry exceeds the limit, with a value of 0: the input of the wrong password does not exceed the limit, and when the number of the continuous wrong password attempts exceeds 5 times, the mark is set to be 1;
it can be seen that the password state information further includes time for safely erasing the full disk data, management password flag information, password function support state, whether the SSD is in a locked state, whether the SSD is in a frozen state, and whether the wrong password exceeds the limit information;
before setting the password function, a user can determine whether the current SSD supports the password function or whether the current SSD sets the password function by sending an NVMe standard password information query command or an identity command (identification);
s4, sending an NVMe standard password setting command to the solid state disk for encryption based on the password state information to obtain an encrypted solid state disk;
the format of the NVMe standard PASSWORD setting command sent by host to SSD is shown in fig. 6, where cdw10.secp EFh represents the PASSWORD function, cdw11.tl represents the length of the currently transmitted data, 1 represents a 512-byte size, 0 represents no data transmission, cdw10. spspsp1: Reserved and cdw10.spsp0 have the operation code meanings shown in fig. 7, and 0001b SECURITY SET PASSWORD represents the setting PASSWORD function for the user to SET the PASSWORD;
0010b SECURITY UNLOCK represents an UNLOCK function for an UNLOCK function after the disc is locked;
0011b SECURITY ERASE PREPARE shows disc data erase preparation;
0100b secure ERASE indicates a disk data ERASE function;
0101b SECURITY FREEEZE LOCK denotes a disk FREEZE function;
0110b SECURITY DISABLE represents password clear function;
it can be seen that the user can realize different functions including password setting, unlocking, disk data erasing, disk freezing and password clearing by using the NVMe standard password setting command;
specifically, whether the password function setting state is unset or not is judged, if yes, an NVMe standard password setting command comprising a first password is sent to the solid state disk to be encrypted, execution result information is received, and if not, an NVMe standard password setting command comprising a second password is sent to the solid state disk to be decrypted, and the execution result information is received;
for example, when the value of the password function setting state is 0, it indicates that the password function setting state is not set, and sends an NVMe standard password setting command including a first password to the SSD for encryption, where the first password is a password that the user needs to set, and after the SSD receives the command, if the password is legal and the operation is allowed, the first password is saved, and an execution success message is returned to the host;
when the value of the password function setting state is 1, the password function setting state is set, an NVMe standard password setting command including a second password can be sent to the SSD to decrypt, the second password is the set password, and after the SSD receives the command, if the second password is legal and the operation is allowed, the SSD is decrypted, and an execution success message is returned to the host;
when the user sets the password, and MAXLVL is 1, the management password input by the user cannot be used for operating password clearing and unlocking functions, and whether the user sets the management password can be determined through MPI in password state information;
in an alternative embodiment, the password can be set to 64 bytes at the longest, if the password forgets, the data of the disk cannot be retrieved, after the user sets the password, the ss.enable id in the password status information is set to 1, and fig. 8 shows the data packet format of the NVMe standard password setting command for implementing the function of setting the password;
as shown in fig. 12, fig. 12 shows that, in different states of the SSD, host is allowed or Not allowed to operate on the SSD, where Abort indicates that the Command fails to be executed, the disk does Not process the Command, Executable indicates a normal execution Command, NVMe Command indicates NVMe Command, specifically please refer to NVMe standard, Security Command indicates the above functions, Locked indicates the SSD lock state, Unlocked-Not Frozen/Disable indicates that the SSD is in the unlock state or has cleared the password function, and Unlocked-Frozen indicates the SSD freeze state;
after the password setting is completed, the user may put the SSD in the Locked state or the Frozen state to achieve the disc security setting, as shown in fig. 13, fig. 13 shows the transition between different states of the SSD, and it can be seen that, when the SSD is in the Unlocked but cleared password function state (Unlocked-Not Frozen Disable), the Locked state (Locked), or the Unlocked but set password state (Unlocked-Not Frozen ss.enabled ═ 1), it may be made to transition to the Frozen state (Unlocked-Frozen) by the host;
when the SSD is in the frozen state, the SSD can be converted into an unlocked but cleared password function state through hardware reset;
when the SSD is in a locked state, the SSD can be converted into an unlocked but cleared password function state through data erasure;
when the SSD is in an unlocked but set password state, it can be converted to an unlocked but cleared password function state by password clear (DISABLE) and data ERASE (ERASE);
when the SSD is unlocked but the password state is set, the SSD can be changed into the locked state through hardware reset;
when the SSD is in the frozen state, the SSD can be converted into an unlocked but password-set state through hardware reset;
when the SSD is in a locked state, it can be swapped into an unlocked but password state by unlocking.
Example two
Referring to fig. 9, the present embodiment further defines how to lock and unlock the SSD based on the first embodiment, and specifically includes:
receiving hardware reset information, power failure information or power on information corresponding to the encrypted solid state disk;
locking the encrypted solid state disk according to the hardware reset information, the power failure information or the power on information to obtain a locked solid state disk;
specifically, after the password is set in the SSD, if a hardware reset operation or power-off or power-on occurs once, the SSD is automatically locked, and at this time, the read-write and erase operations of the disk data cannot be performed, and in addition, if the user tries the wrong password more than 5 times, the SSD is also automatically locked until the ss.pwcntex in the password status information is cleared to 0 after the power cycle (restart) or the hardware reset;
receiving an unlocking request corresponding to the locked solid state disk, wherein the unlocking request comprises a third password and an unlocking instruction;
generating the NVMe standard password setting command according to the third password and the unlocking instruction, sending the NVMe standard password setting command to the locked solid state disk for unlocking, and receiving execution result information;
specifically, when the locked SSD needs to be unlocked, an NVMe standard password setting command is generated according to a third password and an unlocking instruction, the NVMe standard password setting command is sent to the locked SSD for unlocking, the SSD receives the command, then the third password is compared with the set password, if the password is successfully verified and the operation is allowed, the SSD is unlocked, the execution success information is returned to the host, and if the verification fails, the failure information is returned to the host; fig. 9 shows a data packet format of the NVMe standard password setting command for implementing the unlocking function;
wherein the SSD determines whether the operation is allowed according to what is shown in fig. 12.
EXAMPLE III
Referring to fig. 10, the embodiment further defines how to erase the disc data based on the first or second embodiment, and specifically includes:
the password state information also comprises time for safely erasing the data of the whole disk;
receiving a disk data erasing request corresponding to the encrypted solid state disk, wherein the disk data erasing request comprises a disk data erasing preparation instruction, a disk data erasing instruction and a fourth password;
sending the NVMe standard password information inquiry command to the encrypted solid state disk according to the disk data erasing request;
receiving password state information corresponding to the NVMe standard password information query command;
the user can send an NVMe standard password information query command at any time to acquire the password state information of the current SSD;
generating the NVMe standard password setting command according to the disc data erasing preparation command, the disc data erasing command and the fourth password;
sending the disk data erasing preparation instruction to the encrypted solid state disk to perform disk data erasing preparation to obtain a prepared solid state disk;
specifically, the disk data erasing preparation instruction is sent to the encrypted SSD for disk data erasing preparation, the encrypted SSD judges whether the operation is allowed or not after receiving the instruction, if so, disk data erasing preparation is carried out, and execution success information is returned, the interactive format of the instruction does not need a data packet, the disk data erasing instruction can be executed after the disk data erasing preparation instruction is executed, otherwise, the disk data erasing instruction fails to be executed;
sending the fourth password and the disk data erasing instruction to the prepared solid state disk for disk data erasing, and waiting for the time for safely erasing the whole disk data to obtain the solid state disk with the data erased;
specifically, the fourth password and the disk data erasing instruction are sent to the prepared SSD for disk data erasing, after the prepared SSD receives the instruction, the fourth password and the set password are compared, if verification is successful and operation is allowed, disk data erasing is executed, after the time for safely erasing the whole disk data is passed, the information of successful execution is returned to the host, the SSD after data erasing is obtained, and if verification fails, the information of failure is returned to the host;
after the disk data of the SSD is erased, all the settings related to the password include the password, all the disk data are cleared, and all the disk data are restored to the factory state, and fig. 10 shows a data packet format of the NVMe standard password setting command for implementing the disk data erasing function.
Example four
Referring to fig. 12, the embodiment further defines how to freeze and thaw the disc on the basis of the first, second or third embodiments, and specifically includes:
receiving a disk freezing request corresponding to the encrypted solid state disk, wherein the disk freezing request comprises a fifth password and a disk freezing instruction;
generating the NVMe standard password setting command according to the fifth password and the disk freezing instruction, and sending the NVMe standard password setting command to the encrypted solid state disk for disk freezing to obtain a frozen solid state disk;
specifically, sending an NVMe standard password setting command to the encrypted SSD for disk freezing, comparing the fifth password with a set password after the encrypted SSD receives the command, if the password is successfully verified and the operation is allowed, executing disk freezing, returning execution success information to the host to obtain the frozen SSD, and if the password is failed to verify, returning failure information to the host, wherein the interactive format of the command does not need a data packet;
when the disk of the SSD is in the frozen state, the disk can be read and written normally but cannot erase the data of the disk, and in addition, part of the password function operation and the data management command cannot be operated, as shown in fig. 12;
receiving a freeze releasing request corresponding to the frozen solid state disk;
and performing hardware reset operation on the frozen solid state disk according to the freeze releasing request to obtain the freeze released solid state disk.
EXAMPLE five
Referring to fig. 11, the present embodiment further defines how to perform password clearing on the SSD based on the first, second, third, or fourth embodiments, and specifically includes:
receiving a password clearing request corresponding to the encrypted solid state disk, wherein the password clearing request comprises a sixth password and a password clearing instruction;
generating the NVMe standard password setting command according to the sixth password and the password clearing instruction, sending the NVMe standard password setting command to the encrypted solid state disk for password clearing, and receiving execution result information;
specifically, the NVMe standard password setting command is sent to the encrypted SSD to perform password clearing, after the encrypted SSD receives the command, the sixth password is compared with the set password, if the password verification is successful and the operation is allowed, the password clearing is performed, the execution success information is returned to the host, if the password verification is failed, the failure information is returned to the host, and fig. 11 shows a data packet format of the NVMe standard password setting command for implementing the password clearing function;
executing the SSD after clearing the password, wherein all password-related settings comprise the password, completely clearing the SSD, and restoring the disk to the state of not setting the password initially;
when the user has developed the password function, the value of ss.support will be set to 1, and meanwhile, the 3277 th byte of NVMe identity will be set to 1, indicating that the password function is supported.
EXAMPLE six
Referring to fig. 2, an encryption apparatus for a solid state disk includes:
the request receiving module is used for receiving an encryption request of the solid state disk;
the command sending module is used for sending an NVMe standard password information inquiry command to the solid state disk according to the encryption request;
the information receiving module is used for receiving password state information corresponding to the NVMe standard password information inquiry command;
and the encryption module is used for sending the NVMe standard password setting command to the solid state disk for encryption based on the password state information to obtain the encrypted solid state disk.
EXAMPLE seven
A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, can implement the steps of the solid state disk encryption method according to any one of the first to fifth embodiments.
Example eight
Referring to fig. 3, an electronic device includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the steps of the solid state disk encryption method according to any one of the first embodiment and the fifth embodiment.
In summary, according to the solid state disk encryption method, the apparatus, the readable storage medium and the electronic device provided by the present invention, an encryption request of a solid state disk is received, an NVMe standard password information query command is sent to the solid state disk according to the encryption request, password state information corresponding to the NVMe standard password information query command is received, an NVMe standard password setting command is sent to the solid state disk for encryption based on the password state information, so as to obtain an encrypted solid state disk, after the solid state disk is encrypted, when hardware reset information, power down information or power up information is received, the encrypted solid state disk is automatically locked, and when the solid state disk is in a locked state, unless the solid state disk is unlocked, read-write and erase operations cannot be performed on data of a disk, so as to ensure the security of the data of the disk; the data of the disk can be erased, a disk data erasing preparation instruction is sent to the encrypted solid state disk to prepare for disk data erasing, a fourth password and a disk data erasing instruction are sent to the prepared solid state disk to erase the disk data, and the solid state disk after data erasing is obtained after the time for safely erasing the whole disk data is waited; in addition, the solid state disk can be set to be in a frozen state, an NVMe standard password setting command generated by sending a fifth password and a disk freezing instruction is sent to the encrypted solid state disk to freeze the disk, the disk of the solid state disk in the frozen state can be read and written normally, but the disk data cannot be erased, the safety of the disk data is guaranteed, when the solid state disk needs to be unfrozen, the unfreezing can be realized only by carrying out hardware reset operation on the frozen solid state disk, after a user sets the password, the state of the solid state disk can be set according to actual needs, and the state conversion is realized by utilizing the cooperation of software and hardware, so that the safety setting of the solid state disk is realized, and the safety and reliability of the encryption of the solid state disk are improved.
In the above embodiments provided in the present application, it should be understood that the disclosed method, apparatus, computer-readable storage medium, and electronic device may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical division, and other divisions may be realized in practice, for example, a plurality of components or modules may be combined or integrated into another apparatus, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or components or modules, and may be in an electrical, mechanical or other form.
The components described as separate parts may or may not be physically separate, and parts displayed as components may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the components can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing module, or each component may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.
The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It should be noted that, for the sake of simplicity, the above-mentioned method embodiments are described as a series of acts or combinations, but those skilled in the art should understand that the present invention is not limited by the described order of acts, as some steps may be performed in other orders or simultaneously according to the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no acts or modules are necessarily required of the invention.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all equivalent changes made by using the contents of the present specification and the drawings, or applied directly or indirectly to the related technical fields, are included in the scope of the present invention.
Claims (10)
1.A solid state disk encryption method is characterized by comprising the following steps:
receiving an encryption request of a solid state disk;
sending an NVMe standard password information inquiry command to the solid state disk according to the encryption request;
receiving password state information corresponding to the NVMe standard password information query command;
and sending an NVMe standard password setting command to the solid state disk for encryption based on the password state information to obtain the encrypted solid state disk.
2. The encryption method for the solid state disk according to claim 1, wherein the password state information includes a password function setting state;
the sending of the NVMe standard password setting command to the solid state disk for encryption based on the password state information comprises:
and judging whether the password function setting state is not set, if so, sending an NVMe standard password setting command comprising a first password to the solid state disk for encryption, and receiving execution result information, and if not, sending an NVMe standard password setting command comprising a second password to the solid state disk for decryption, and receiving the execution result information.
3. The method according to claim 1, wherein the sending the NVMe standard password setting command to the solid state disk for encryption based on the password state information comprises, after obtaining the encrypted solid state disk:
receiving hardware reset information, power failure information or power on information corresponding to the encrypted solid state disk;
locking the encrypted solid state disk according to the hardware reset information, the power failure information or the power on information to obtain a locked solid state disk;
receiving an unlocking request corresponding to the locked solid state disk, wherein the unlocking request comprises a third password and an unlocking instruction;
and generating the NVMe standard password setting command according to the third password and the unlocking instruction, sending the NVMe standard password setting command to the locked solid state disk for unlocking, and receiving execution result information.
4. The encryption method for the solid state disk according to claim 1, wherein the password status information further includes time for securely erasing the full disk data;
the sending of the NVMe standard password setting command to the solid state disk for encryption based on the password state information further comprises the following steps of:
receiving a disk data erasing request corresponding to the encrypted solid state disk, wherein the disk data erasing request comprises a disk data erasing preparation instruction, a disk data erasing instruction and a fourth password;
sending the NVMe standard password information inquiry command to the encrypted solid state disk according to the disk data erasing request;
receiving password state information corresponding to the NVMe standard password information query command;
generating the NVMe standard password setting command according to the disc data erasing preparation command, the disc data erasing command and the fourth password;
sending the disk data erasing preparation instruction to the encrypted solid state disk to perform disk data erasing preparation to obtain a prepared solid state disk;
and sending the fourth password and the disk data erasing instruction to the prepared solid state disk for disk data erasing, and waiting for the time for safely erasing the whole disk data to obtain the solid state disk with the data erased.
5. The method according to claim 1, wherein the sending the NVMe standard password setting command to the solid state disk for encryption based on the password state information further comprises, after obtaining the encrypted solid state disk:
receiving a disk freezing request corresponding to the encrypted solid state disk, wherein the disk freezing request comprises a fifth password and a disk freezing instruction;
and generating the NVMe standard password setting command according to the fifth password and the disk freezing instruction, and sending the NVMe standard password setting command to the encrypted solid state disk for disk freezing to obtain the frozen solid state disk.
6. The method according to claim 4, wherein sending the fifth password and the disk freezing instruction to the encrypted solid-state disk for disk freezing, and obtaining the frozen solid-state disk comprises:
receiving a freeze releasing request corresponding to the frozen solid state disk;
and performing hardware reset operation on the frozen solid state disk according to the freeze releasing request to obtain the freeze released solid state disk.
7. The method according to claim 1, wherein the sending the NVMe standard password setting command to the solid state disk for encryption based on the password state information further comprises, after obtaining the encrypted solid state disk:
receiving a password clearing request corresponding to the encrypted solid state disk, wherein the password clearing request comprises a sixth password and a password clearing instruction;
and generating the NVMe standard password setting command according to the sixth password and the password clearing instruction, sending the NVMe standard password setting command to the encrypted solid state disk for password clearing, and receiving execution result information.
8. A solid state disk encryption device, comprising:
the request receiving module is used for receiving an encryption request of the solid state disk;
the command sending module is used for sending an NVMe standard password information inquiry command to the solid state disk according to the encryption request;
the information receiving module is used for receiving password state information corresponding to the NVMe standard password information inquiry command;
and the encryption module is used for sending the NVMe standard password setting command to the solid state disk for encryption based on the password state information to obtain the encrypted solid state disk.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of a method for encrypting a solid state disk according to any one of claims 1 to 7.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of a solid state disk encryption method according to any one of claims 1 to 7 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111059748.5A CN113761599B (en) | 2021-09-10 | 2021-09-10 | Solid state disk encryption method and device, readable storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111059748.5A CN113761599B (en) | 2021-09-10 | 2021-09-10 | Solid state disk encryption method and device, readable storage medium and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113761599A true CN113761599A (en) | 2021-12-07 |
| CN113761599B CN113761599B (en) | 2023-06-20 |
Family
ID=78794541
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111059748.5A Active CN113761599B (en) | 2021-09-10 | 2021-09-10 | Solid state disk encryption method and device, readable storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113761599B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119782073A (en) * | 2025-03-11 | 2025-04-08 | 成都佰维存储科技有限公司 | Hard disk ATA password function testing method, device, equipment and medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101859283A (en) * | 2010-03-22 | 2010-10-13 | 吴欣延 | Method for controlling built-in radio frequency identification (RFID) encrypted solid-state hard disk |
| CN106095329A (en) * | 2016-05-27 | 2016-11-09 | 浪潮电子信息产业股份有限公司 | Management method of Intel SSD (solid State disk) based on NVME (network video management entity) interface |
| CN107492390A (en) * | 2017-08-18 | 2017-12-19 | 讯翱(上海)科技有限公司 | One kind is based on rsa encryption NVMe standard PCIe solid-state storage devices |
| CN109240952A (en) * | 2018-08-27 | 2019-01-18 | 北京计算机技术及应用研究所 | A kind of high-speed data encryption NVMe-SATA converter circuit |
| CN109598155A (en) * | 2018-12-04 | 2019-04-09 | 郑州云海信息技术有限公司 | A kind of SSD data encryption device and method |
| CN109783013A (en) * | 2017-11-15 | 2019-05-21 | 三星电子株式会社 | Configure and access the method and system of expansible object storage |
| CN110427326A (en) * | 2019-07-31 | 2019-11-08 | 东莞记忆存储科技有限公司 | Solid state hard disk password test method and apparatus based on Driver Master |
| CN111506255A (en) * | 2019-01-31 | 2020-08-07 | 山东存储之翼电子科技有限公司 | NVM-based solid state hard disk metadata management method and system |
| CN111666598A (en) * | 2020-05-15 | 2020-09-15 | 苏州浪潮智能科技有限公司 | Hard disk and server encryption locking method, server and hard disk |
| CN111914311A (en) * | 2020-07-10 | 2020-11-10 | 上海闻泰信息技术有限公司 | Hard disk password management method and device, electronic equipment and storage medium |
| US11032259B1 (en) * | 2012-09-26 | 2021-06-08 | Pure Storage, Inc. | Data protection in a storage system |
-
2021
- 2021-09-10 CN CN202111059748.5A patent/CN113761599B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101859283A (en) * | 2010-03-22 | 2010-10-13 | 吴欣延 | Method for controlling built-in radio frequency identification (RFID) encrypted solid-state hard disk |
| US11032259B1 (en) * | 2012-09-26 | 2021-06-08 | Pure Storage, Inc. | Data protection in a storage system |
| CN106095329A (en) * | 2016-05-27 | 2016-11-09 | 浪潮电子信息产业股份有限公司 | Management method of Intel SSD (solid State disk) based on NVME (network video management entity) interface |
| CN107492390A (en) * | 2017-08-18 | 2017-12-19 | 讯翱(上海)科技有限公司 | One kind is based on rsa encryption NVMe standard PCIe solid-state storage devices |
| CN109783013A (en) * | 2017-11-15 | 2019-05-21 | 三星电子株式会社 | Configure and access the method and system of expansible object storage |
| CN109240952A (en) * | 2018-08-27 | 2019-01-18 | 北京计算机技术及应用研究所 | A kind of high-speed data encryption NVMe-SATA converter circuit |
| CN109598155A (en) * | 2018-12-04 | 2019-04-09 | 郑州云海信息技术有限公司 | A kind of SSD data encryption device and method |
| CN111506255A (en) * | 2019-01-31 | 2020-08-07 | 山东存储之翼电子科技有限公司 | NVM-based solid state hard disk metadata management method and system |
| CN110427326A (en) * | 2019-07-31 | 2019-11-08 | 东莞记忆存储科技有限公司 | Solid state hard disk password test method and apparatus based on Driver Master |
| CN111666598A (en) * | 2020-05-15 | 2020-09-15 | 苏州浪潮智能科技有限公司 | Hard disk and server encryption locking method, server and hard disk |
| CN111914311A (en) * | 2020-07-10 | 2020-11-10 | 上海闻泰信息技术有限公司 | Hard disk password management method and device, electronic equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 刘政林 等;: "固态硬盘安全风险分析与攻击实验", 微电子学与计算机 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119782073A (en) * | 2025-03-11 | 2025-04-08 | 成都佰维存储科技有限公司 | Hard disk ATA password function testing method, device, equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113761599B (en) | 2023-06-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5643303B2 (en) | Remote access control of storage device | |
| US10181055B2 (en) | Data security system with encryption | |
| CN104081409B (en) | Method for protecting computing device | |
| US9203836B2 (en) | Token for securing communication | |
| US8156331B2 (en) | Information transfer | |
| CN112054892B (en) | Data storage device, method and system | |
| US9071581B2 (en) | Secure storage with SCSI storage devices | |
| CN101788959A (en) | Solid state hard disk secure encryption system | |
| US20030188162A1 (en) | Locking a hard drive to a host | |
| CN105354479A (en) | USB flash disk authentication based solid state disk and data hiding method | |
| WO2013107362A1 (en) | Method and system for protecting data | |
| US8799653B2 (en) | Storage device and method for storage device state recovery | |
| US8695085B2 (en) | Self-protecting storage | |
| CN108809920A (en) | Data center adopting encryption technology and data center operation method | |
| CN110807186B (en) | Method, device, equipment and storage medium for safe storage of storage equipment | |
| TWI789291B (en) | Module and method for authenticating data transfer between a storage device and a host device | |
| CN103176917A (en) | Storage device protection system and locking and unlocking method of storage device | |
| CN113761599B (en) | Solid state disk encryption method and device, readable storage medium and electronic equipment | |
| JP4561213B2 (en) | Hard disk security management system and method thereof | |
| CN115834155B (en) | Method for managing storage device passwords in a system using trusted computing technology | |
| US8914901B2 (en) | Trusted storage and display | |
| CN119475451A (en) | A method, device and electronic device for lossless encryption migration of hard disk data and encryption of designated partitions | |
| CN117811743A (en) | Access verification method, device, equipment and medium based on solid state disk |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |