CN114297355A - Method and system for establishing secure session, solid state disk and terminal equipment - Google Patents
Method and system for establishing secure session, solid state disk and terminal equipment Download PDFInfo
- Publication number
- CN114297355A CN114297355A CN202111523005.9A CN202111523005A CN114297355A CN 114297355 A CN114297355 A CN 114297355A CN 202111523005 A CN202111523005 A CN 202111523005A CN 114297355 A CN114297355 A CN 114297355A
- Authority
- CN
- China
- Prior art keywords
- key
- random number
- solid state
- negotiation
- state disk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 239000007787 solid Substances 0.000 title claims abstract description 74
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000012545 processing Methods 0.000 claims abstract description 50
- 230000004044 response Effects 0.000 claims abstract description 43
- 238000004590 computer program Methods 0.000 claims description 12
- 238000012795 verification Methods 0.000 claims description 11
- 230000008569 process Effects 0.000 abstract description 12
- 238000004891 communication Methods 0.000 description 10
- 230000005540 biological transmission Effects 0.000 description 7
- 244000300477 Gardenia carinata Species 0.000 description 4
- BSJGASKRWFKGMV-UHFFFAOYSA-L ammonia dichloroplatinum(2+) Chemical compound N.N.Cl[Pt+2]Cl BSJGASKRWFKGMV-UHFFFAOYSA-L 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 241000735234 Ligustrum Species 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the application discloses a method and a system for establishing a secure session, a solid state disk and terminal equipment. The method comprises the following steps: before establishing a session with a solid state disk, sending a starting instruction to the solid state disk, wherein the starting instruction comprises a negotiation public key of a terminal device; receiving a start response message, wherein the start response message comprises a negotiation public key of the solid state disk and a first encryption result, and the first encryption result is obtained by encrypting a first random number by using the negotiation public key of the terminal equipment; decrypting the first encryption result by adopting a negotiation private key of the terminal equipment to obtain a first random number, and encrypting the second random number by adopting a negotiation public key of the solid state disk to obtain a second encryption result; sending a processing instruction including a second encryption result; receiving a process response message including indication information of a session key, the session key being generated from the first random number and the second random number; determining a session key according to the indication information of the session key; a secure session is established using the session key.
Description
Technical Field
The embodiment of the application relates to the field of information processing, and in particular, to a method and a system for establishing a secure session, a solid state disk and a terminal device.
Background
With the development of the information industry, the information security problem is increasingly prominent, various security applications based on the principle of cryptography are more and more extensive, and data encryption is deeply carried out in all corners of information applications.
A Solid State Disk (SSD), also called Solid State Drive, is a hard Disk made of an array of Solid State electronic memory chips. When the solid state disk communicates with the terminal device, the same symmetric key is usually used for encryption, and the method has the risk of information leakage in the transmission of sensitive information and is low in safety.
Disclosure of Invention
In order to solve any technical problem, embodiments of the present application provide a method and a system for establishing a secure session, a solid state disk, and a terminal device.
In order to achieve the purpose of the embodiment of the present application, an embodiment of the present application provides a method for establishing a secure session, which is applied to a terminal device, and the method includes:
before establishing a session with a solid state disk, sending a starting instruction to the solid state disk, wherein the starting instruction comprises a negotiation public key of a terminal device;
receiving a start response message, wherein the start response message comprises a negotiation public key of the solid state disk and a first encryption result, and the first encryption result is obtained by encrypting a first random number by using the negotiation public key of the terminal equipment;
decrypting the first encryption result by adopting a negotiation private key of the terminal equipment to obtain a first random number, and encrypting the second random number by adopting a negotiation public key of the solid state disk to obtain a second encryption result;
sending a processing instruction, wherein the processing instruction comprises a second encryption result;
receiving a processing response message, wherein the processing response message comprises indication information of a session key, and the session key is generated according to a first random number and a second random number;
determining a session key according to the indication information of the session key;
and establishing a secure session with the solid state disk by using the session key.
A terminal device comprising a memory having a computer program stored therein and a processor arranged to execute the computer program to perform the method as described above.
A method for establishing a secure session is applied to a solid state disk, and comprises the following steps:
before establishing a session with a terminal device, receiving a starting instruction, wherein the starting instruction comprises a negotiation public key of the terminal device;
encrypting a first random number by adopting a negotiation public key of the terminal equipment to obtain a first encryption result;
sending a starting response message, wherein the starting response message comprises a negotiation public key of the solid state disk and a first encryption result;
receiving a processing instruction, wherein the processing instruction comprises a second encryption result, and the second encryption result is obtained by encrypting a second random number by using a negotiation public key of the solid state disk;
decrypting the second encryption result by adopting a negotiation private key of the solid state disk to obtain a second random number;
generating a session key according to the first random number and the second random number;
sending a processing response message, wherein the processing response message comprises indication information of the session key;
and establishing a secure session with the terminal equipment by adopting the session key.
A solid state disk comprising a memory and a processor, wherein the memory has stored therein a computer program, and the processor is configured to execute the computer program to perform the method described above.
A secure session establishment system comprises the terminal device and the solid state disk.
One of the above technical solutions has the following advantages or beneficial effects:
before the session is established, the solid state disk and the terminal equipment are obtained by adopting encryption transmission to respectively obtain respective random numbers, and a session key is generated by utilizing the obtained random numbers, so that the secure session is established, the problem of low security caused by the session by using a fixed key in the prior art is solved, and the purpose of secure communication between the solid state disk and the terminal equipment is realized.
Additional features and advantages of the embodiments of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the embodiments of the application. The objectives and other advantages of the embodiments of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the embodiments of the present application and are incorporated in and constitute a part of this specification, illustrate embodiments of the present application and together with the examples of the embodiments of the present application do not constitute a limitation of the embodiments of the present application.
Fig. 1 is a flowchart of a method for establishing a secure session according to an embodiment of the present application;
fig. 2 is a flowchart of another secure session establishment method according to an embodiment of the present application;
fig. 3 is an interaction diagram of a session key negotiation process provided in an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application more apparent, the embodiments of the present application will be described in detail below with reference to the accompanying drawings. It should be noted that, in the embodiments of the present application, features in the embodiments and the examples may be arbitrarily combined with each other without conflict.
Fig. 1 is a flowchart of a method for establishing a secure session according to an embodiment of the present application. As shown in fig. 1, the method is applied to a terminal device, and includes:
the terminal device may be a device capable of being connected to the solid state disk, a computer device, or an intelligent household appliance (e.g., an intelligent television) having a storage function.
Preferably, the start instruction further includes at least one of a version number of a CA certificate and signature data of a negotiation public key of the terminal device, where the signature data of the negotiation public key of the terminal device is obtained by processing with a CA public key;
102, receiving a start response message, wherein the start response message includes a negotiation public key of the solid state disk and a first encryption result, and the first encryption result is obtained by encrypting a first random number by using the negotiation public key of the terminal device;
preferably, the start response message further includes signature data of a negotiated public key of the solid state disk and/or signature data of the first random number.
103, decrypting the first encryption result by using a negotiation private key of the terminal equipment to obtain a first random number, and encrypting the second random number by using a negotiation public key of the solid state disk to obtain a second encryption result;
if the starting response message also comprises signature data of the negotiation public key of the solid state disk, after the signature data of the negotiation public key of the solid state disk passes verification, sending a processing instruction; and/or if the starting response message also comprises the signature data of the first random number, sending the processing instruction after the signature data of the first random number is verified.
104, sending a processing instruction, wherein the processing instruction comprises a second encryption result;
preferably, the processing instruction further includes signature data of a second random number, where the signature data of the second random number is obtained by processing with a negotiated private key of the terminal device.
preferably, the indication information of the session key is third encrypted data obtained by encrypting preset standard data by using the session key;
the standard data can be a field or text of preset content; for example, the field content of hello is taken as standard data.
Step 106, determining a session key according to the indication information of the session key;
preferably, the key to be verified can be generated by using the first random number and the second random number in the same manner as the solid state disk; and if the target data is successfully decrypted by adopting the key to be verified, determining that the key to be verified is a session key.
And step 107, establishing a secure session with the solid state disk by using the session key.
When the terminal device communicates with the solid state disk every time, the terminal device and the solid state device negotiate a new session key, namely a one-time pad, so that the transmission of data on a link becomes safer and is less prone to being broken.
According to the method provided by the embodiment of the application, before the session is established, the solid state disk and the terminal device are respectively obtained by adopting encryption transmission, and the session key is generated by utilizing the obtained random numbers, so that the secure session is established, the problem of low security caused by the session by using a fixed key in the prior art is solved, and the purpose of secure communication between the solid state disk and the terminal device is realized.
Fig. 2 is a flowchart of another secure session establishment method according to an embodiment of the present application. As shown in fig. 2, the method is applied to a solid state disk, and includes:
preferably, the start instruction further includes at least one of a version number of the CA certificate and signature data of a negotiated public key of the terminal device, where the signature data of the negotiated public key of the terminal device is obtained by processing with a CA public key.
if the starting instruction further comprises the version number of the CA certificate, then sending a starting response message when the version number of the CA certificate is the same as the version number of the CA certificate recorded locally; and/or if the starting instruction further comprises signature data of the negotiation public key of the solid state disk, sending a starting response message after the signature data of the negotiation public key of the solid state disk passes verification.
preferably, the start response message further includes signature data of a negotiation public key of the solid state disk and/or signature data of the first random number; the signature data of the negotiation public key of the solid state disk is obtained by utilizing CA public key processing; and the signature data of the first random number is obtained by utilizing the negotiation private key of the solid state disk.
preferably, the processing instruction further includes signature data of a second random number, where the signature data of the second random number is obtained by processing with a negotiated private key of the terminal device.
and if the processing instruction further comprises signature data of a second random number, wherein the signature data of the second random number is obtained by utilizing the negotiation private key of the terminal equipment, and then the control response message is sent after the signature data of the second random number passes verification.
Step 206, generating a session key according to the first random number and the second random number;
preferably, the indication information of the session key is third encrypted data obtained by encrypting preset standard data by using the session key;
the standard data can be a field or text of preset content; for example, the field content of hello is taken as standard data.
And step 208, establishing a secure session with the terminal equipment by using the session key.
When the terminal device communicates with the terminal device each time, the terminal device and the solid-state device negotiate a new session key, namely, a one-time pad, so that the transmission of data on a link becomes safer and is less prone to being broken.
According to the method provided by the embodiment of the application, before the session is established, the solid state disk and the terminal device are respectively obtained by adopting encryption transmission, and the session key is generated by utilizing the obtained random numbers, so that the secure session is established, the problem of low security caused by the session by using a fixed key in the prior art is solved, and the purpose of secure communication between the solid state disk and the terminal device is realized.
The following is a description of the method provided by the examples of the present application:
the terminal device (also called as an upper computer or Host) can communicate with the SSD and perform data transmission by using encrypted secure session, so as to ensure the confidentiality of a sensitive data link layer, wherein session key negotiation is the first step of normal communication between the terminal device and the SSD. And after the negotiation of the session key is completed, encrypting the subsequent sensitive instruction by using the negotiated session key. For example, it can be used for identity authentication, preventing man-in-the-middle attacks, and link layer interception.
The following explains a key pair provided in the embodiments of the present application:
the certification key pair is a key pair for the CA to issue the certificate, wherein the authority stores a CA public key PubKey (CA) and a CA private key PriKey (CA), and the terminal equipment and the SSD both store the CA public key PubKey (CA) to sign respective negotiation public keys;
the negotiation key pair of the terminal equipment comprises a negotiation public key Pubkey (host) of the terminal equipment and a negotiation private key Prikey (host) of the terminal equipment, is generated by the terminal equipment by using a built-in algorithm and is used by the terminal equipment in the process of negotiating the session key;
the negotiation key pair of the SSD comprises a negotiation public key Pubkey (SSD) of the SSD and a negotiation private key Prikey (SSD) of the SSD, the negotiation public key Pubkey (SSD) and the negotiation private key Prikey (SSD) of the SSD are generated by the SSD by using a built-in algorithm and are used by the SSD in a session key negotiation process;
the session key, a symmetric key obtained by key negotiation between the terminal equipment and the terminal equipment, is used for a session key used by session communication and is stored in the terminal equipment and the terminal equipment; each session has a respective session key, and after the session is ended, the session key corresponding to the session is invalid.
In order to ensure safety, a secondary CA method is adopted: the primary CA is called RootCA, i.e. a root key pair, the key pair is generated in a secure production environment and is stored in an encryption server, the data format of the certificate adopts a custom mode, and the content includes: certificate version number, certificate serial number, signature algorithm, signature hash algorithm, issuer, user, public key content, and the like. And then, a secondary CA (namely PrIKey (CA) + Pubkey (CA)) is issued by using RootCA, the Pubkey (CA) also comprises the certificate content, and the secondary CA is stored in a proprietary authentication tool and is used for signing and verifying the public keys of the SSD and the Host terminal subsequently.
When the SSD is initialized, the SSD generates a negotiation key pair PubKey (SSD) and PrIKey (SSD), and only executes once; where the negotiation key pair generated by each chip is different.
The terminal equipment signs an SSD public key PubKey (SSD) by using a special authentication private key PrIKey (CA) by using a special authentication tool to obtain Sign (PubKey (SSD)), and imports a negotiation public key signature Sign (PubKey (SSD)) + the special authentication public key PubKey (CA) of the SSD into the SSD for storage; this process is performed during the SSD initialization phase and can only be performed once. The proprietary authentication tool will save the SSD's serial number and the public key pubkey (SSD).
Similarly, the terminal device has a pair of negotiation keys pubkey (host) and private authentication key privet (ca), and signs the negotiation public key pubkey (host) of the terminal device to obtain Sign (pubkey (host)), and the Sign + authentication public key pubkey (ca) + pubkey (host) + privet (host) is stored in the terminal device, or a code written in the terminal device is fixed. The private authentication tool and the private authentication private key PrIKey (CA) are operated in a secure environment, and the confidentiality of the private authentication private key is ensured.
Fig. 3 is an interaction diagram of a session key negotiation process provided in an embodiment of the present application. As shown in fig. 3, the method includes:
step 301, the terminal device sends a key negotiation starting instruction;
the key agreement start instruction includes an agreement public key pubkey (host) of the terminal device, signature data Sign (pubkey (host)) of the agreement public key of the terminal device, and a version number of the CA certificate.
Step 302, after receiving a key agreement start instruction of the terminal device, the SSD responds to the received key agreement start instruction;
step 302a, firstly, judging whether the version number of the CA certificate is the same as the version of a locally stored CA integer;
if the version numbers are the same, go to step 302 b; otherwise, returning an error to the terminal equipment.
Step 302b, verifying a negotiation public key pubkey (host) of the terminal device issued by the terminal device and a signature Sign (pubkey (host)) of the negotiation public key of the terminal device by using an authentication public key pubkey (CA);
if the verification is successful, the software of the terminal equipment is legal, and then step 302c is executed; and if the verification fails, returning an error to the terminal equipment.
Step 302c, the SSD generates a first random number RandA, and encrypts the first random number RandA by using a negotiation public key pubkey (host) of the terminal device to obtain a first encryption result pubkey (host) enc (RandA); performing Hash operation on the first random number randA, and signing by using a negotiation private key (SSD) of the SSD to obtain Sign (Hash (randA));
wherein the first random number RandA is used for generating a session key;
step 302d, the SSD negotiates the public key pubkey (SSD), the SSD negotiates the public key signature Sign (pubkey (SSD)), the signature Sign (randa) of the first random number, and the first encryption result pubkey (host) enc (randa) are returned to the terminal device through the key negotiation initiation response message.
Step 303, the terminal device software processes the received key negotiation starting response message returned by the SSD;
step 303a, verifying the SSD negotiation public key signature by using the authentication public key pubkey (ca), and if the verification fails, exiting the negotiation process. Decrypting the first encryption result PubKey (host) ENC (RandA) by using a negotiation private key (host) of the terminal equipment to obtain a first random number RandA, verifying the signature sign (RandA) of the first random number by using PubKey (SSD), and exiting the negotiation process after the verification fails. Otherwise, saving the first random number RandA;
step 303b, the terminal device generates a second random number RandB, and encrypts the second random number RandB by using a negotiation public key pubkey (SSD) of the SSD to obtain a second encryption result pubkey (SSD) enc (RandB); the second random number RandC is used for generating a session key;
step 303c, after performing Hash operation on the second random number RandB, signing by using a negotiation private key (host) of the terminal device to obtain a signature Sign (Hash (RandB)) of the second random number;
step 303d, sending a key agreement processing instruction to the SSD, where the key agreement processing instruction includes a second encryption result pubkey (SSD) enc (randb), and a signature Sign (hash (randb)) of a second random number.
Step 304, the SSD processes the key agreement processing instruction;
step 304a, checking Sign (hash) (randb)) by using a negotiation public key pubkey (host) of the terminal device, and if the Sign is checked to pass, indicating that the terminal device has a corresponding negotiation private key.
Step 304b, decrypting the second encryption result pubkey (SSD) enc (RandB) by using the SSD negotiation private key prikey (SSD) to obtain the second random number RandB.
Step 304c, derive the session key sessionKey of 16 bytes using the mechanism of HASH (RandA + RandB).
And step 304d, encrypting the character string 'Hello' by using sessionKey, and returning the cipher text of the character string to the terminal equipment through key agreement processing response.
Step 304, the terminal device software receives the data returned by the SSD
Step 304a, deriving a session key, HASH (RandA + RandB), by using the same mechanism;
and step 304b, decrypting the ciphertext returned by the SSD by using the derived session key, if the value obtained by decryption is 'Hello', indicating that the two parties negotiate successfully, and simultaneously proving that the SSD has a real SSD negotiation private key, and finishing the negotiation process. Otherwise, the negotiation is failed, and the negotiation process is exited.
And 305, after the session key negotiation is finished, encrypting the subsequent sensitive instruction by using the session key obtained by the negotiation based on an SM4 algorithm for identity authentication to prevent man-in-the-middle attack and link layer interception.
The method provided by the embodiment of the application provides a scheme for establishing a universal secure channel of the solid state disk, and a new SM4 symmetric key needs to be negotiated every time of communication, namely, a one-time pad is adopted, so that the problem that the secure channel of the solid state disk is unsafe to encrypt by using a fixed key in the prior art is solved, the new key is used for encrypting data or sensitive information every time of communication, a listener cannot know the rule, further cannot crack the data or sensitive information, and the security of the solid state disk communication is further enhanced; and the SM4 cryptographic algorithm is adopted, so that the data and sensitive information of the user are better protected.
An embodiment of the present application provides a terminal device, which includes a memory and a processor, where the memory stores a computer program, and the processor is configured to execute the computer program to perform the method shown in fig. 1.
An embodiment of the present application provides a solid state disk, which includes a memory and a processor, and is characterized in that the memory stores a computer program, and the processor is configured to execute the computer program to execute the method shown in fig. 2.
The embodiment of the application provides a system for establishing a secure session, which comprises the terminal device and the solid state disk.
It will be understood by those of ordinary skill in the art that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
Claims (10)
1. A method for establishing a secure session is applied to a terminal device, and comprises the following steps:
before establishing a session with a solid state disk, sending a starting instruction to the solid state disk, wherein the starting instruction comprises a negotiation public key of a terminal device;
receiving a start response message, wherein the start response message comprises a negotiation public key of the solid state disk and a first encryption result, and the first encryption result is obtained by encrypting a first random number by using the negotiation public key of the terminal equipment;
decrypting the first encryption result by adopting a negotiation private key of the terminal equipment to obtain a first random number, and encrypting the second random number by adopting a negotiation public key of the solid state disk to obtain a second encryption result;
sending a processing instruction, wherein the processing instruction comprises a second encryption result;
receiving a processing response message, wherein the processing response message comprises indication information of a session key, and the session key is generated according to a first random number and a second random number;
determining a session key according to the indication information of the session key;
and establishing a secure session with the solid state disk by using the session key.
2. The method of claim 1, wherein:
the starting instruction further comprises at least one of the version number of the CA certificate and signature data of a negotiation public key of the terminal equipment;
and/or the presence of a gas in the gas,
the processing instruction further includes signature data of a second random number;
the signature data of the second random number is obtained by processing a negotiation private key of the terminal device, and the signature data of a negotiation public key of the terminal device is obtained by processing a CA public key.
3. The method of claim 1, wherein:
if the starting response message also comprises signature data of the negotiation public key of the solid state disk, after the signature data of the negotiation public key of the solid state disk passes verification, sending a processing instruction; and/or if the starting response message also comprises the signature data of the first random number, sending a processing instruction after the signature data of the first random number passes verification;
the signature data of the negotiation public key of the solid state disk is obtained by utilizing CA public key processing; and the signature data of the first random number is obtained by utilizing the negotiation private key of the solid state disk.
4. The method of claim 1, wherein:
the indication information of the session key is third encrypted data obtained by encrypting preset standard data by using the session key;
the determining a session key according to the indication information of the session key includes:
generating a key to be verified according to the first random number and the second random number;
and if the third encrypted data is successfully decrypted by adopting the key to be verified, determining that the key to be verified is a session key.
5. A method for establishing a secure session is applied to a solid state disk, and comprises the following steps:
before establishing a session with a terminal device, receiving a starting instruction, wherein the starting instruction comprises a negotiation public key of the terminal device;
encrypting a first random number by adopting a negotiation public key of the terminal equipment to obtain a first encryption result;
sending a starting response message, wherein the starting response message comprises a negotiation public key of the solid state disk and a first encryption result;
receiving a processing instruction, wherein the processing instruction comprises a second encryption result, and the second encryption result is obtained by encrypting a second random number by using a negotiation public key of the solid state disk;
decrypting the second encryption result by adopting a negotiation private key of the solid state disk to obtain a second random number;
generating a session key according to the first random number and the second random number;
sending a processing response message, wherein the processing response message comprises indication information of the session key;
and establishing a secure session with the terminal equipment by adopting the session key.
6. The method of claim 5, wherein:
the starting response message also comprises signature data of a negotiation public key of the solid state disk and/or signature data of a first random number;
the signature data of the negotiation public key of the solid state disk is obtained by utilizing CA public key processing; and the signature data of the first random number is obtained by utilizing the negotiation private key of the solid state disk.
7. The method of claim 5, wherein:
if the starting instruction further comprises the version number of the CA certificate, then sending a starting response message when the version number of the CA certificate is the same as the version number of the CA certificate recorded locally; and/or if the starting instruction further comprises signature data of a negotiation public key of the terminal equipment, sending a starting response message after the signature data of the negotiation public key of the terminal equipment passes verification;
if the processing instruction further comprises signature data of a second random number, wherein the signature data of the second random number is obtained by processing with a negotiation private key of the terminal equipment, and then sending a control response message after the signature data of the second random number passes verification;
the signature data of the second random number is obtained by processing a negotiation private key of the terminal device, and the signature data of a negotiation public key of the terminal device is obtained by processing a CA public key.
8. A terminal device comprising a memory and a processor, characterized in that the memory has stored therein a computer program, the processor being arranged to execute the computer program to perform the method of any of claims 1 to 4.
9. A solid state disk comprising a memory and a processor, wherein the memory has stored therein a computer program, and the processor is configured to execute the computer program to perform the method of any one of claims 5 to 7.
10. A secure session establishment system comprising the terminal device of claim 8 and the solid state disk of claim 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111523005.9A CN114297355A (en) | 2021-12-13 | 2021-12-13 | Method and system for establishing secure session, solid state disk and terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111523005.9A CN114297355A (en) | 2021-12-13 | 2021-12-13 | Method and system for establishing secure session, solid state disk and terminal equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114297355A true CN114297355A (en) | 2022-04-08 |
Family
ID=80967449
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111523005.9A Pending CN114297355A (en) | 2021-12-13 | 2021-12-13 | Method and system for establishing secure session, solid state disk and terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114297355A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115549910A (en) * | 2022-11-30 | 2022-12-30 | 苏州浪潮智能科技有限公司 | Data transmission method, equipment and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101090316A (en) * | 2006-06-16 | 2007-12-19 | 普天信息技术研究院 | Identify authorization method between storage card and terminal equipment at off-line state |
| CN104243451A (en) * | 2014-08-19 | 2014-12-24 | 天地融科技股份有限公司 | Information interaction method and system and smart key equipment |
| CN104811941A (en) * | 2015-04-30 | 2015-07-29 | 福建星网锐捷网络有限公司 | Offline virtual machine safety management method and device |
| CN106603485A (en) * | 2016-10-31 | 2017-04-26 | 美的智慧家居科技有限公司 | Secret key negotiation method and device |
| CN109005028A (en) * | 2018-11-02 | 2018-12-14 | 美的集团股份有限公司 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
| CN109039628A (en) * | 2018-11-02 | 2018-12-18 | 美的集团股份有限公司 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
| CN111130769A (en) * | 2019-12-14 | 2020-05-08 | 武汉玖保慧信息科技有限公司 | Internet of things terminal encryption method and device |
| CN112487380A (en) * | 2020-12-16 | 2021-03-12 | 江苏国科微电子有限公司 | Data interaction method, device, equipment and medium |
-
2021
- 2021-12-13 CN CN202111523005.9A patent/CN114297355A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101090316A (en) * | 2006-06-16 | 2007-12-19 | 普天信息技术研究院 | Identify authorization method between storage card and terminal equipment at off-line state |
| CN104243451A (en) * | 2014-08-19 | 2014-12-24 | 天地融科技股份有限公司 | Information interaction method and system and smart key equipment |
| CN104811941A (en) * | 2015-04-30 | 2015-07-29 | 福建星网锐捷网络有限公司 | Offline virtual machine safety management method and device |
| CN106603485A (en) * | 2016-10-31 | 2017-04-26 | 美的智慧家居科技有限公司 | Secret key negotiation method and device |
| CN109005028A (en) * | 2018-11-02 | 2018-12-14 | 美的集团股份有限公司 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
| CN109039628A (en) * | 2018-11-02 | 2018-12-18 | 美的集团股份有限公司 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
| CN111130769A (en) * | 2019-12-14 | 2020-05-08 | 武汉玖保慧信息科技有限公司 | Internet of things terminal encryption method and device |
| CN112487380A (en) * | 2020-12-16 | 2021-03-12 | 江苏国科微电子有限公司 | Data interaction method, device, equipment and medium |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115549910A (en) * | 2022-11-30 | 2022-12-30 | 苏州浪潮智能科技有限公司 | Data transmission method, equipment and storage medium |
| CN115549910B (en) * | 2022-11-30 | 2023-03-10 | 苏州浪潮智能科技有限公司 | Data transmission method, equipment and storage medium |
| WO2024113724A1 (en) * | 2022-11-30 | 2024-06-06 | 苏州元脑智能科技有限公司 | Data transmission method, device, and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10601801B2 (en) | Identity authentication method and apparatus | |
| CN101828357B (en) | Credential provisioning method and device | |
| US20190074977A1 (en) | Method and system for producing a secure communication channel for terminals | |
| EP2905719B1 (en) | Device and method certificate generation | |
| CN107404472B (en) | Method and apparatus for migration of encryption keys | |
| CN103532713B (en) | Sensor authentication and shared key production method and system and sensor | |
| CN103546289B (en) | USB (universal serial bus) Key based secure data transmission method and system | |
| CN113630416A (en) | Secret authentication and provisioning | |
| EP3001598B1 (en) | Method and system for backing up private key in electronic signature token | |
| JP5954609B1 (en) | Method and system for backing up private key of electronic signature token | |
| KR20140126787A (en) | Puf-based hardware device for providing one time password, and method for 2-factor authenticating using thereof | |
| KR20200013764A (en) | Method for mutual symmetric authentication between first application and second application | |
| CN111614621B (en) | Internet of things communication method and system | |
| WO2023143037A1 (en) | Key management and service processing | |
| JP2002344438A (en) | Key sharing system, key sharing device and program thereof | |
| CN112351037B (en) | Information processing method and device for secure communication | |
| CN110784322A (en) | Method, system, equipment and medium for connecting gateway equipment and cloud platform | |
| CN110380859B (en) | Quantum communication service station identity authentication method and system based on asymmetric key pool pair and DH protocol | |
| KR100668446B1 (en) | Safe --method for transferring digital certificate | |
| CN112383395A (en) | Key agreement method and device | |
| CN112487380A (en) | Data interaction method, device, equipment and medium | |
| CN117081736A (en) | Key distribution method, key distribution device, communication method, and communication device | |
| CN114297355A (en) | Method and system for establishing secure session, solid state disk and terminal equipment | |
| WO2015158173A1 (en) | Agreement key-based data processing method | |
| US11240661B2 (en) | Secure simultaneous authentication of equals anti-clogging mechanism |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |