[go: up one dir, main page]

CN213814673U - Multi-security-level storage access device based on user fingerprint identification - Google Patents

Multi-security-level storage access device based on user fingerprint identification Download PDF

Info

Publication number
CN213814673U
CN213814673U CN202022645124.9U CN202022645124U CN213814673U CN 213814673 U CN213814673 U CN 213814673U CN 202022645124 U CN202022645124 U CN 202022645124U CN 213814673 U CN213814673 U CN 213814673U
Authority
CN
China
Prior art keywords
key
information
user
unit
level
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202022645124.9U
Other languages
Chinese (zh)
Inventor
廖裕民
康宽弘
明淼晶
林纬园
廖薇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Anjilite New Technology Co ltd
Original Assignee
Shenzhen Anjili New Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Anjili New Technology Co ltd filed Critical Shenzhen Anjili New Technology Co ltd
Priority to CN202022645124.9U priority Critical patent/CN213814673U/en
Application granted granted Critical
Publication of CN213814673U publication Critical patent/CN213814673U/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The utility model provides a many security level storage access arrangement based on user fingerprint identification, the device includes: the system comprises a fingerprint sensor, a fingerprint comparison unit, a user grade storage unit, a key generation unit, a data storage unit, a read-write control circuit, a user verification information storage unit and a user information comparison unit; the data storage unit includes a plurality of data storage areas of different security levels. According to the scheme, the user security level is determined by comparing the user fingerprint information, different access key information is acquired from the key generation unit according to the user security level, the current user information generated based on the access key information is verified, and whether the current user can access the storage area corresponding to the security level in the data storage unit is determined according to the verification result, so that the security and the uniqueness of the user for data access are greatly enhanced.

Description

Multi-security-level storage access device based on user fingerprint identification
Technical Field
The utility model relates to a chip circuit design field, in particular to many security level storage access arrangement based on user fingerprint identification.
Background
SSD data storage has gradually become the primary storage medium for consumer device data storage and cloud storage. For SSD data storage, data error correction is of great importance, particularly for personal critical data and government agency related data. The SSD master control chip is used as the brain of the SSD storage device, and the safety performance of the SSD master control chip directly determines the final overall safety performance of the SSD hard disk.
Currently, for the secure access of each user data, the most common method is still to set a password, and complete the user authorization by checking the password, but one SSD storage device may be used by different users, and different users should have different security levels, so as to give access rights to different storage spaces. The mode of setting the password cannot ensure the uniqueness of the access of the user to the corresponding storage area, and the situation that the user forgets the password and cannot access the data area of the storage device is easily caused.
SUMMERY OF THE UTILITY MODEL
Therefore, a technical scheme of multi-security-level storage access based on user fingerprint identification is needed to be provided, so as to solve the problems that the uniqueness of user access cannot be realized and the security is weak for a storage device data area at present.
In order to achieve the above object, the present invention provides in a first aspect a multi-security level storage access device based on user fingerprint identification, the device comprising: the system comprises a fingerprint sensor, a fingerprint comparison unit, a user grade storage unit, a key generation unit, a data storage unit, a read-write control circuit, a user verification information storage unit and a user information comparison unit; the data storage unit comprises a plurality of data storage areas with different security levels;
the fingerprint sensor is connected with a fingerprint comparison unit, and the fingerprint comparison unit is respectively connected with the user grade storage unit, the user verification information storage unit and the secret key generation unit; the key generation unit and the user verification information storage unit are respectively connected with the user information comparison unit; the user information comparison unit is connected with the read-write control circuit, and the read-write control circuit is connected with the data storage unit.
Further, the system also comprises a user information generating unit;
the key generation unit is used for generating access key information with different security levels according to the user levels stored in the user level storage unit;
the user information generating unit is used for being connected with the key generating unit, acquiring the access key information generated by the key generating unit and generating user information to be authenticated according to the access key information;
the user information comparison unit is used for acquiring the information to be authenticated and the user verification information stored in the user verification information storage unit, and sending a control signal to the read-write control circuit according to a comparison result;
and the read-write control circuit is used for receiving the control signal and accessing the data storage area with the corresponding security level in the data storage unit according to the control signal.
Further, the user information generation unit includes a digital signature operation unit; the user information to be authenticated is user digital signature information, and the user verification information is user signature verification information;
the digital signature operation unit is used for carrying out hash operation on the access key information to obtain user digital signature information;
and the user information comparison unit is used for comparing the user digital signature information with the user signature verification information and sending a control signal to the read-write control circuit according to a comparison result.
Further, the apparatus further includes a first decryption circuit and a check key storage unit; the first decryption circuit is respectively connected with the user information comparison unit, the verification key storage unit and the first decryption circuit;
the user verification information storage unit is used for storing the encrypted user signature verification information;
the first decryption circuit is configured to obtain the encrypted user signature verification information and verification access key information stored in the verification key storage unit, decrypt the encrypted user signature verification information by using the verification access key information, and send the decrypted user signature verification information to the user information comparison unit.
Further, the device further comprises a read-write limiting unit;
the read-write limiting unit is respectively connected with the user information comparison unit and the fingerprint comparison unit and is used for limiting the position of a data storage area which can be accessed by a received data read-write command of the data read-write equipment according to the security level of the current user transmitted by the fingerprint comparison unit.
Furthermore, the device also comprises a second encryption and decryption circuit, wherein the second encryption and decryption circuit is respectively connected with the read-write limiting unit, the secret key generating unit and the user information comparing unit;
and the second encryption and decryption circuit is used for receiving the access key information generated by the key generation unit and decrypting the data read from the data storage unit or encrypting the data to be written into the data storage unit by adopting the access key information.
Further, the device also comprises a counter and an erasing circuit; the counter is respectively connected with the fingerprint comparison unit and the erasing circuit, and the erasing circuit is connected with the read-write control circuit;
the erasing circuit is used for erasing the data in the data storage area which accords with the preset safety level in the data storage unit through the read-write control circuit when the number of times of errors of the fingerprint comparison result counted by the counter exceeds a preset value.
Further, the key generation unit includes a source data decryption unit, a root key operation unit, and a hierarchy decryption operation unit; the source data decryption unit is connected with a root key operation unit, and the root key operation unit is connected with a hierarchy decryption operation unit;
the source data decryption unit is used for acquiring the encrypted source data for decryption to obtain a decrypted source key and a decrypted hierarchical encryption and decryption algorithm;
a root key operation unit, configured to calculate root key information according to the decrypted source key;
and the hierarchy decryption operation unit is used for acquiring hierarchy key information, a hierarchy key encryption and decryption algorithm and root key information, and decrypting the hierarchy key information by adopting the root key information according to the hierarchy key encryption and decryption algorithm to obtain access key information.
Furthermore, the key generation unit also comprises an algorithm information storage unit and an algorithm selection unit, and the algorithm selection unit is respectively connected with the algorithm information storage unit and the fingerprint comparison unit;
the algorithm information storage unit is used for storing the decrypted hierarchical encryption and decryption algorithm;
and the algorithm selection unit is used for selecting different levels of encryption and decryption algorithms to the level decryption operation unit according to the user security level.
Further, the key generation unit further includes a hierarchy information storage unit;
a hierarchy information storage unit for storing the hierarchy key information;
the hierarchical decryption operation unit comprises a first-level decryption operation unit and a second-level decryption operation unit; the hierarchical key information includes first hierarchical key information and second hierarchical key information; the hierarchical key encryption and decryption algorithm comprises a first hierarchical encryption and decryption algorithm and a second hierarchical encryption and decryption algorithm;
the first-level decryption operation unit is used for acquiring first-level key information from the level information storage unit and decrypting the first-level key information by adopting the root key information according to the first-level key encryption and decryption algorithm to obtain a first-level key;
and the secondary decryption operation unit is used for acquiring secondary level key information from the level information storage unit, acquiring the primary key, and decrypting the secondary level key information by adopting the primary key information according to the secondary level key encryption and decryption algorithm to obtain a secondary key.
Different from the prior art, the multi-security-level storage access device based on user fingerprint identification according to the above technical solution includes: the system comprises a fingerprint sensor, a fingerprint comparison unit, a user grade storage unit, a key generation unit, a data storage unit, a read-write control circuit, a user verification information storage unit and a user information comparison unit; the data storage unit comprises a plurality of data storage areas with different security levels; the fingerprint sensor is connected with a fingerprint comparison unit, and the fingerprint comparison unit is respectively connected with the user grade storage unit, the user verification information storage unit and the secret key generation unit; the key generation unit and the user verification information storage unit are respectively connected with the user information comparison unit; the user information comparison unit is connected with the read-write control circuit, and the read-write control circuit is connected with the data storage unit. According to the scheme, the user security level is determined by comparing the user fingerprint information, different access key information is obtained according to the user security level, and the storage areas with different security levels in the data storage unit are accessed based on the access key information, so that the security and the uniqueness of the user on data access are greatly enhanced.
Drawings
Fig. 1 is a schematic structural diagram of a key generation unit according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a key generation unit according to another embodiment of the present invention;
fig. 3 is a schematic structural diagram of a key generation unit according to another embodiment of the present invention;
fig. 4 is a flowchart of a key generation method according to an embodiment of the present invention;
fig. 5 is a flowchart of a key generation method according to another embodiment of the present invention;
fig. 6 is a flowchart of a key generation method according to another embodiment of the present invention;
fig. 7 is a schematic structural diagram of a multi-security-level storage access apparatus based on user fingerprint identification according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a multi-security-level storage access device based on user fingerprint identification according to another embodiment of the present invention.
Description of reference numerals:
10. a multi-security level storage access device based on user fingerprint identification;
201. a fingerprint sensor; 202. a fingerprint comparison unit; 203. a user level storage unit; 204. a data storage unit; 205. a read-write control circuit; 206. a user check information storage unit; 207. a user information comparison unit;
208. a first security level storage area; 209. a second security level storage area; 210. a third security level storage area; 211. a digital signature operation unit; 212. a first decryption circuit; 213. verifying the key storage unit; 214. a read-write restriction unit; 215. a second encryption/decryption circuit; 216. a counter; 217. an erasing circuit;
30. a key generation unit;
301. a source data storage unit;
302. a source data decryption unit;
303. an algorithm information storage unit;
304. a hierarchy information storage unit;
305. a root key operation unit;
306. a hierarchical decryption operation unit; 3061. a first-level decryption operation unit; 3062. a secondary decryption operation unit; 3063. a third-level decryption operation unit;
307. a handshake decryption operational circuit; 3071. a first-stage handshake decryption operation circuit; 3072. a second-stage handshake decryption operation circuit; 3073. a three-stage handshake decryption operation circuit;
308. a handshake encryption arithmetic circuit; 3081. a first-stage handshake encryption operation circuit; 3082. a second-stage handshake encryption operation circuit; 3083. a three-stage handshake encryption operation circuit;
309. a handshake information check circuit;
310. a key selection unit;
311. an algorithm selection unit; 3111. a first-level algorithm selection unit; 3112. a secondary algorithm selection unit; 3113. a third-level algorithm selection unit;
313. a user identification information storage unit;
40. a key recording unit;
50. and a data read-write device.
Detailed Description
To explain technical contents, structural features, and objects and effects of the technical solutions in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
Fig. 7 is a schematic structural diagram of a multi-security-level storage access apparatus based on user fingerprint identification according to an embodiment of the present invention.
The apparatus 10 comprises: the system comprises a fingerprint sensor 201, a fingerprint comparison unit 202, a user grade storage unit 203, a key generation unit 30, a data storage unit 204, a read-write control circuit 205, a user verification information storage unit 206 and a user information comparison unit 207; the data storage unit 204 comprises a plurality of data storage areas with different security levels;
the fingerprint sensor 201 is connected to a fingerprint comparison unit 202, and the fingerprint comparison unit 202 is respectively connected to the user level storage unit 203, the user verification information storage unit 206, and the key generation unit 30; the key generation unit 30 and the user verification information storage unit 206 are respectively connected to the user information comparison unit 207; the user information comparing unit 207 is connected to the read-write control circuit 205, and the read-write control circuit 205 is connected to the data storage unit 204.
In certain embodiments, the apparatus 10 further comprises a user information generation unit. The key generation unit 30 is configured to generate access key information with different security levels according to the user level stored in the user level storage unit 203; the user information generating unit is configured to be connected to the key generating unit 30, acquire the access key information generated by the key generating unit 30, and generate user information to be authenticated according to the access key information; the user information comparing unit 207 is configured to obtain the information to be authenticated and the user verification information stored in the user verification information storage unit 206, and send a control signal to the read-write control circuit 205 according to a comparison result; the read-write control circuit 205 is configured to receive the control signal, and access a data storage area of a corresponding security level in the data storage unit 204 according to the control signal.
When the device 10 is used, firstly, the fingerprint sensor 201 collects fingerprint information of a user, and sends the collected fingerprint information to the fingerprint comparison unit 202 for comparison, if the comparison is correct, the fingerprint comparison unit 202 obtains security level data corresponding to the current user stored in the user level storage unit 203 according to the collected fingerprint information, and sends the security level data to the key generation unit and the user verification information storage unit 206, and if the comparison of the fingerprint information is wrong, data read-write instructions initiated by the current data read-write equipment are not correspondingly performed. After receiving the security level data of the current user, the key generation unit 30 generates access key information matched with the security level data of the current user according to the security level data of the current user, and then the user information generation unit generates user information to be authenticated according to the access key information, and transmits the user information to be authenticated to the user information comparison unit 207. The user information comparing unit 207 obtains the information to be authenticated and the user verification information stored in the user verification information storage unit 206, and sends a control signal to the read-write control circuit 205 according to a comparison result, specifically, if the verification passes, a first control signal is sent to the read-write control circuit 205, and if the verification fails, a second read-write control circuit 205 is sent. If the first read-write control circuit 205 receives the first control signal, it will perform a read-write operation on corresponding data from a corresponding data storage area (i.e. a data storage area accessible to the current user security level) according to a read-write control command transmitted by the data read-write device. On the contrary, if the first read-write control circuit 205 receives the second control signal, it will not perform read-write operation on the data storage area, and directly initiate an interrupt notification to the CPU.
The utility model relates to an among the above-mentioned scheme, confirm user security level through comparing user fingerprint information earlier, then obtain different access key information according to user security level, and based on access key information generates and treats authentication information and sends to user information and compare the unit, and then decides whether current user can visit the storage area of corresponding security level in the data storage unit according to the comparison result, and then accomplishes data read-write operation. Compared with the prior art in which storage access is performed by password input authentication or single fingerprint authentication, the method greatly enhances the security and uniqueness of data access by users.
As shown in fig. 8, the user information generation unit includes a digital signature operation unit 211; the user information to be authenticated is user digital signature information, and the user verification information is user signature verification information; the digital signature operation unit 211 is configured to perform hash operation on the access key information to obtain user digital signature information; the user information comparing unit 207 is configured to compare the user digital signature information with the user signature verification information, and send a control signal to the read-write control circuit 205 according to a comparison result.
Further, the apparatus further includes a first decryption circuit 212 and a check key storage unit 213; the first decryption circuit 212 is connected to the user information comparing unit 207, the verification key storage unit 213 and the first decryption circuit 212, respectively; the user verification information storage unit 206 is configured to store encrypted user signature verification information; the first decryption circuit 212 is configured to obtain the encrypted user signature verification information and the verification key information stored in the verification key storage unit 213, decrypt the encrypted user signature verification information by using the verification key information, and send the decrypted user signature verification information to the user information comparison unit 207.
In this embodiment, the user verification information stored in the user verification information storage unit 206 is user signature verification information encrypted by an encryption algorithm, and verification key information used in the encryption process is stored in the verification key storage unit 213. The objects compared by the user information comparison unit 207 are the decrypted user signature verification information and the user digital signature information generated in real time according to the digital signature operation unit 211. Specifically, the digital signature operation unit 211 generates the user digital signature information in real time according to the following manner: after acquiring the access key information, the digital signature operation unit 211 performs hash calculation on the access key information according to a preset encryption algorithm (e.g., SM3 encryption algorithm), so as to obtain the user digital signature information. The hash operation is a common function in encryption and decryption operations, and thus the digital signature operation unit 211 may be implemented by an encryption and decryption operation circuit having a hash operation module built therein. Because the user verification information is stored after being encrypted, and the user digital signature information is generated in real time according to the access key information, the safety in the data access process is further enhanced.
In certain embodiments, the apparatus further comprises a read-write restriction unit 214. The read-write limiting unit 214 is connected to the user information comparing unit 207 and the fingerprint comparing unit 202, respectively, and is configured to limit a data storage area position that can be accessed by a received data read-write command of the data read-write device 50 according to the current user security level transmitted by the fingerprint comparing unit 202. Preferably, the data storage area comprises a first security level storage area 208, a second security level storage area 209 and a third security level storage area 210, and accordingly, the user security level comprises a first security level, a second security level and a third security level, the third security level is higher than the second security level, and the second security level is higher than the first security level. If the user wants to access the data in the first security level storage area, the user security level requirement acquired by the fingerprint comparison unit is a first security level; if the user wants to access the data in the second security level storage area, the user security level requirement acquired by the fingerprint comparison unit is the second security level; if the user wants to access the data in the third security level storage area, the user security level acquired by the fingerprint comparison unit is required to be the third security level.
When the data read-write device 50 needs to access the data storage unit 204, no matter data is read or written, a data read-write instruction sent by the data read-write device is transmitted to the read-write limiting unit 214, then the fingerprint comparison unit 202 acquires the security level of the current user after the fingerprint information comparison is passed and transmits the security level to the read-write limiting unit 214, and if the read-write limiting unit 214 detects that the received security level of the current user is not matched with the data storage area to be accessed by the data read-write instruction, the data read-write device 50 directly feeds an error mark back to the data read-write device 50, so that the data read-write device 50 is denied further access to the data storage area. For example, the read-write limiting unit 214 receives a read instruction for the data stored in the third security level storage region transmitted by the data read-write device 50, but the security level of the current user obtained by the fingerprint comparison unit 202 after comparison is the second security level, which indicates that the current user does not have permission to read the data stored in the third security level storage region, the read-write limiting unit 214 directly rejects the data read request of the data read-write device 50, so as to enhance the overall security of the data.
Preferably, the corresponding relationship between the user security level and the security level storage area accessible to the user can be configured according to actual needs. Taking the data storage area including the first security level storage area 208, the second security level storage area 209, and the third security level storage area 210 as an example, the correspondence relationship may be configured as: a user of a first security level can only access data in the first security level storage area 208, a user of a second security level can only access data in the second security level storage area 209, and a user of a third security level can only access data in the third security level storage area 210. Of course, the correspondence relationship may also be configured as: a user of a first security level can only access data in the first security level storage area 208, a user of a second security level can access data in the first security level storage area 208 and the second security level storage area 209, and a user of a third security level can access data in the first security level storage area 208, the second security level storage area 209 and the third security level storage area 210.
In some embodiments, the apparatus further includes a second encryption/decryption circuit 215, where the second encryption/decryption circuit 215 is respectively connected to the read/write limiting unit 214, the key generating unit 30, and the user information comparing unit 207; the second encryption/decryption circuit 215 is configured to receive the access key information generated by the key generation unit 30, and decrypt the data read from the data storage unit 204 or encrypt the data to be written into the data storage unit 204 using the access key information.
As described above, both the data reading instruction and the data writing instruction sent by the data reading and writing device 50 will pass through the reading and writing limiting unit 214, and if the reading and writing limiting unit 214 determines that the current user security level meets the requirement of accessing the corresponding data storage area, the data reading instruction or the data writing instruction will be sent to the second encryption and decryption circuit 215. The following will further describe the data processing flow of each module in the apparatus according to the present invention, which is related to fig. 8, in conjunction with two processes of reading data from the data storage unit 204 and writing data into the data storage unit 204.
The data reading process is as follows: the read-write limiting unit 214 receives the data reading instruction of the data reading-writing device 50, and after determining that the security level of the current user transmitted by the fingerprint comparison unit 202 meets the condition (that is, the security level of the current user can access the data storage area of the data to be read), sends the data reading instruction to the user information comparison unit 207, the user information comparison unit 207 sends the data reading instruction to the read-write control circuit 205 after the user information passes the verification, and the data reading-writing circuit 205 reads the data from the data storage area of the corresponding security level according to the data reading instruction and sends the read data to the second encryption-decryption circuit 215. In order to ensure the security of data storage, and therefore, the data to be read is also stored in an encrypted manner in the data storage area, and therefore, the read data needs to be decrypted before being returned to the data read/write device 50, specifically, the second encryption/decryption circuit 215 decrypts the read encrypted data according to the access key information generated by the key generation unit 30, and returns the decrypted data to the data read/write device 50, thereby completing the whole data reading process.
The data writing process is specifically as follows: the read-write limiting unit 214 receives the data write instruction and the data to be written of the data read-write device 50, and after determining that the security level of the current user transmitted by the fingerprint comparison unit 202 meets the condition (that is, the security level of the current user can access the data storage area of the data to be written), sends the data to be written to the second encryption/decryption circuit 215, and the second encryption/decryption circuit 215 encrypts the data to be written according to the access key information generated by the key generation unit 30, and sends the encrypted data to be written to the user information comparison unit 207. The user information comparing unit 207 sends the encrypted data to be written to the read-write control circuit 205 after the user information passes the user information verification, and the data read-write circuit 205 stores the encrypted data to be written to the data storage area with the corresponding security level according to the data write instruction, thereby completing the whole data write process.
In some embodiments, as shown in FIG. 8, the apparatus further includes a counter 216 and an erase circuit 217; the counter 216 is connected to the fingerprint comparison unit 202 and the erasing circuit 217, respectively, and the erasing circuit 217 is connected to the read-write control circuit 205; the erasing circuit 217 is configured to erase, by the read/write control circuit 205, data in the data storage area in the data storage unit 204 that meets a preset security level when the number of times of the fingerprint comparison result counted by the counter 216 is an error exceeds a preset value. Preferably, the preset security level is a security level with a top security rank, such as the highest security level. The fingerprint information is frequently compared and has errors, which shows that the current data storage unit has the possibility of being illegally accessed, and the erasing circuit 217 can timely erase the storage data in the high-security-level data storage area, so that the data security is further enhanced.
The key information is used as a tool for data encryption and decryption, is a key ring for chip security authentication, and is very important for ensuring the security of the key generation process. In order to enhance the security of the key generation process, the present application designs a special key generation unit 30 to generate the finally required key information.
Fig. 1 is a schematic structural diagram of a key generation unit 30 according to an embodiment of the present invention. The key generation unit 30 includes:
a source data decryption unit 301, configured to obtain encrypted source data and decrypt the encrypted source data to obtain a decrypted source key and a decrypted hierarchical encryption/decryption algorithm;
a root key operation unit 305, configured to calculate root key information according to the decrypted source key;
the hierarchical decryption operation unit 306 is configured to obtain hierarchical key information, a hierarchical key encryption and decryption algorithm, and root key information, and decrypt the hierarchical key information with the root key information according to the hierarchical key encryption and decryption algorithm to obtain access key information. Because the access key information is obtained by the source key through a multi-layer encryption means, the security in the key generation process is greatly improved.
As shown in fig. 2, in some embodiments, the key generation unit 30 further includes:
and an algorithm information storage unit 303, configured to store the decrypted hierarchical encryption/decryption algorithm. The hierarchical encryption and decryption algorithm is an algorithm selected when data encryption and decryption are performed subsequently, and specifically may include any one or more of an aes algorithm, a tdes algorithm, and an sm4 algorithm. After the source data decryption unit 301 decrypts the hierarchical encryption/decryption algorithm, the hierarchical encryption/decryption algorithm is stored in the algorithm information storage unit 303, so as to wait for a subsequent call.
And an algorithm selecting unit 311, configured to select different hierarchical encryption/decryption algorithms to the hierarchical decryption operation unit 306 according to the user security level. The user security level refers to the access authority required for accessing different security level storage areas in the data storage unit. The higher the security level of the user, the higher the security of the secure storage area that the user can access, and the more complicated the corresponding key generation process.
For example, user a, user B, and user C may have a low security level, a medium security level, and a high security level. The hierarchical key decryption operation unit comprises a first hierarchical key decryption operation unit, a second hierarchical key decryption operation unit and a third hierarchical key decryption operation unit. The algorithm information storage unit is assumed to store three encryption and decryption algorithms a, b and c.
When the access key information corresponding to the user a is generated, the key generation unit 30 only starts the first-level key decryption operation unit to complete the encryption and decryption operation, and the algorithm selection unit only needs to send the encryption and decryption algorithm a to the first-level key decryption operation unit.
When the access key information corresponding to the user B is generated, the key generation unit 30 starts the first-level key decryption operation unit and the second-level key decryption operation unit to perform encryption and decryption operations, the algorithm selection unit first selects the encryption and decryption algorithm a to send to the first-level key decryption operation unit, and sends the encryption and decryption algorithm B to the second-level key decryption operation unit when the subsequent second-level key decryption operation unit performs encryption and decryption operations.
When generating the access key information corresponding to the user C, the key generation unit 30 not only starts the first-level key decryption operation unit and the second-level key decryption operation unit to perform encryption and decryption operations, but also starts the third-level key decryption operation unit to perform encryption and decryption operations. The algorithm selection unit selects the encryption and decryption algorithm a to be sent to the first-level key decryption operation unit, sends the encryption and decryption algorithm b to the second-level key decryption operation unit when the second-level key decryption operation unit performs encryption and decryption operation, and sends the encryption and decryption algorithm c to the third-level key decryption operation unit subsequently and when the third-level key decryption operation unit performs encryption and decryption operation, so that the third-level key decryption operation unit completes corresponding encryption and decryption operation to output the access key information.
In this embodiment, the algorithm selecting unit 311 selects different hierarchical encryption/decryption algorithms from the algorithm information storage unit 303 to the corresponding hierarchical decryption operation unit 306 according to different security levels of users, so that access of users with different security levels to different security level storage areas in the data storage unit can be differentiated, access of users with different security levels to the data storage unit is not affected, and privacy and security of an access process are further improved.
In some embodiments, the key generation unit 30 further includes:
a hierarchy information storage unit 304 for storing hierarchy key information;
the main control chip 312 is configured to obtain the hierarchical key information in the hierarchical information storage unit 304, and transmit the hierarchical key information to the hierarchical key decryption operation unit 306.
In this way, the decryption algorithm in the access key information generation process comes from the encryption and decryption algorithm in the algorithm information storage unit 303, and is screened by the algorithm selection unit 311, the decryption object of the screened encryption and decryption algorithm is the hierarchical key information sent by the main control chip 312, and the key used in the decryption process is the root key information, which specifically is: the hierarchical decryption operation unit 306 decrypts the hierarchical key information by using the root key information according to the hierarchical key encryption and decryption algorithm, so as to obtain access key information. The hierarchical key information, the hierarchical key encryption and decryption algorithm and the root key information are respectively from different units, so that the safety of the generated access key information is further improved.
In some embodiments, the main control chip 312 is further configured to send corresponding hierarchical key information to the hierarchical decryption unit according to the security level corresponding to the current user. The same data storage unit may be accessed by a plurality of different users, and in order to ensure that the accesses of the users to the same data storage unit are not affected, each data storage area is set with a corresponding security level, and the security levels of the users are matched with corresponding hierarchical key information, so that the key generation unit 30 can generate access key information with different security levels when different users access the data storage area.
For example, user a, user B, and user C may have a low security level, a medium security level, and a high security level. The hierarchical key decryption operation unit comprises a first hierarchical key decryption operation unit, a second hierarchical key decryption operation unit and a third hierarchical key decryption operation unit.
Assuming that the hierarchical key information includes a first-layer source key, a second-layer source key and a third-layer source key, when the access key information corresponding to the user a is generated, the key generation unit 30 only starts the first-layer key decryption operation unit to complete encryption and decryption operations, the algorithm selection unit only needs to send an encryption and decryption algorithm a to the first-layer key decryption operation unit, and the first-layer key decryption operation unit decrypts the first-layer source key by using the root key information according to the encryption and decryption algorithm a to obtain a first-layer key. For user a, the primary key is the required access key information.
When the access key information corresponding to the user B is generated, the key generation unit 30 starts the first-level key decryption operation unit and the second-level key decryption operation unit to perform encryption and decryption operations, the algorithm selection unit first selects the encryption and decryption algorithm a to send to the first-level key decryption operation unit, and after the first-level key decryption operation unit decrypts the first-level key to obtain the first-level key (specifically, refer to the generation process of the access key information of the user a), the first-level key is sent to the second-level key decryption operation unit. When the second-level key decryption operation unit performs decryption operation, the main control chip sends the second-level source key to the second-level key decryption operation unit, and the algorithm selection unit selects the encryption and decryption algorithm b and sends the encryption and decryption algorithm b to the second-level key decryption operation unit. And then the second-level key decryption operation unit decrypts the second-level source key by adopting the first-level key according to an encryption and decryption algorithm b to obtain a second-level key. For user B, the secondary key is the required access key information.
When the access key information corresponding to the user C is generated, the key generation unit 30 not only starts the first-level key decryption operation unit and the second-level key decryption operation unit to perform encryption and decryption operations, but also starts the third-level key decryption operation unit to perform encryption and decryption operations. The algorithm selection unit selects the encryption and decryption algorithm a to be sent to the first-level key decryption operation unit, and sends the encryption and decryption algorithm b to the second-level key decryption operation unit when the second-level key decryption operation unit performs encryption and decryption operation. After the second-level key decryption operation unit decrypts the second-level key to obtain the second-level key (specifically, refer to the generation process of the access key information of the user B), the second-level key is sent to the third-level key decryption operation unit. When the third-level key decryption operation unit performs encryption and decryption operation, the algorithm selection unit selects an encryption and decryption algorithm c to send to the third-level key decryption operation unit, and the main control chip also sends the third-level source key to the third-level key decryption operation unit, so that the third-level key decryption operation unit decrypts the third-level source key by using the second-level key according to the encryption and decryption algorithm c to obtain a third-level key. For user C, the third-level key is the required access key information.
In some embodiments, the key generation unit 30 further includes:
a user identification information storage unit 313 for storing user identification information. Preferably, the user identification information storage unit 313 stores therein user identification information of a plurality of different users. The user identification information is an ID for distinguishing different users, and may be, for example, a password set by each user, such as a string of characters.
A root key operation unit 305, configured to obtain the user identifier information and the decrypted source key, and perform a hash operation on the user identifier information according to the decrypted source key to obtain root key information. Because the root key information is obtained by performing hash operation on the user identification information through the decrypted source key, the bit number of the source key and the generated root key can be kept consistent, and meanwhile, the generated root key information is different when different users perform authentication, so that the security of key generation is further improved.
In some embodiments, the key generation unit 30 further includes: a source data storage unit 301, configured to store encrypted source data, where the source data includes a source key and a hierarchical encryption/decryption algorithm. In this embodiment, the source data storage unit 301 is an OTP storage unit (i.e., a one-time programmable unit), so that source data can be effectively prevented from being tampered. In order to prevent a hacker from directly obtaining source data from the source data storage unit 301, in the present application, the source data is encrypted and then stored in the OTP storage unit, and an initial key used for encrypting the source data may be stored in another storage unit, so as to improve the security of storing the source data.
In order to prevent access key information from being intercepted and tampered during the generation process, in this embodiment, the hierarchical information storage unit is further configured to store handshake request information and handshake response information, as shown in fig. 3, and the key generation unit 30 includes:
and a handshake decryption operation circuit 307, configured to decrypt the access key information by using the access key information to obtain handshake encryption key information. The access key information is easy to intercept or tamper in the transmission process, but if the access key information is decrypted firstly, the difficulty of reverse cracking of a hacker is exponentially increased, so that the access key information is decrypted before key data verification is carried out, and handshake encryption key information is obtained.
And the handshake encryption operation circuit 308 is configured to receive the handshake request information, and encrypt the handshake request information by using the handshake encryption key information to obtain handshake encryption information. Handshake request information, which refers to information to be verified and is encrypted by handshake encryption key information, may be stored in the handshake information storage unit 304 in advance, so as to obtain handshake encryption information.
And a handshake information checking circuit 309, configured to obtain the handshake response information and the handshake encryption information, and determine whether the handshake response information and the handshake encryption information are matched, if yes, the access key information is output through checking. The handshake response information refers to check standard information which is pre-stored in the handshake information storage unit 304 and is obtained by encrypting the handshake request information. By comparing the handshake response information with the handshake encryption information, whether the current access key information is tampered or not can be deduced, and if the two are matched, the access key information can be output.
As shown in fig. 3, the key generation unit 30 may generate the access key information of a corresponding hierarchy according to the security level of the user, and the higher the security level of the user is, the higher the security of the generated access key information is.
Taking the example of the key level as three security levels, the key generation unit 30 includes a key selection unit 310. The decryption operation unit includes a primary decryption operation unit 3061, a secondary decryption operation unit 3062, and a tertiary decryption operation unit 3063. The handshake decryption operation circuit comprises a first-stage handshake decryption operation circuit 3071, a second-stage handshake decryption operation circuit 3072 and a third-stage handshake decryption operation circuit 3073. The handshake encryption operation circuit comprises a first-stage handshake encryption operation circuit 3081, a second-stage handshake encryption operation circuit 3082 and a third-stage handshake encryption operation circuit 3083. The algorithm information storage unit 303 is provided with a plurality of encryption and decryption algorithms, including a first-level encryption and decryption algorithm, a second-level encryption and decryption algorithm, and a third-level encryption and decryption algorithm, and sequentially selects the algorithms through a first-level algorithm selection unit 3111, a second-level algorithm selection unit 3112, and a third-level algorithm selection unit 3113. The hierarchical key information includes a first layer source key, a second layer source key, and a third layer source key.
The key generation unit 30 described in fig. 3 operates as follows: the key generation unit 30 acquires the current user rank and outputs access key information matching the user rank to the key recording unit 40 through the key selection unit 310. Assuming that the user level has three levels, the key selection unit 310 may select a primary key or a secondary key or a tertiary key for output according to the security level of the current user. Preferably, the security level of the third-level key is higher than that of the second-level key, and the security level of the second-level key is higher than that of the first-level key.
The primary key is generated as follows:
the source data decryption unit 302 obtains the encrypted source key and the hierarchical encryption/decryption algorithm in the source data storage unit 301 for decryption, obtains a decrypted source key and a hierarchical encryption/decryption algorithm, sends the decrypted source key to the root key operation unit 305, and stores the decrypted hierarchical key encryption/decryption algorithm in the algorithm information storage unit 303. And the root key operation unit acquires the user identification information and the decrypted source key, and performs hash operation on the user identification information according to the decrypted source key to obtain root key information.
The next-level decryption operation unit 3061 receives the first-level source key of the level information storage unit 304, and the first-level algorithm selection unit 3111 selects the first-level key encryption and decryption algorithm to the first-level decryption operation unit 3061, so that the first-level decryption operation unit 3061 decrypts the first-level source key by applying the root key information through the first-level key encryption and decryption algorithm to obtain the first-level key. If the security level of the current user is one level, the key selection unit 310 may select the one level key output.
Before output, in order to prevent the first-level key from being tampered in the transmission process, the generated first-level key needs to be verified, specifically, the first-level key is encrypted once by using the first-level key through the first-level handshake decryption operation circuit 3071, so that first-level handshake encryption key information is obtained. And then, the first-level handshake request data transmitted by the hierarchical information storage unit 304 is received through the first-level handshake encryption operation circuit 3081, and the first-level handshake request data is encrypted by using the first-level handshake encryption key information, so as to obtain first-level handshake encryption information. And then, receiving the first layer handshake response data transmitted by the hierarchical information storage unit 304, comparing the first layer handshake response data with the first layer handshake encryption information, and if the first layer handshake response data and the first layer handshake encryption information match, indicating that the first-level key is not tampered, outputting the first layer handshake response data through the key selection unit 310.
The secondary key is generated as follows:
the generation process of the secondary key is similar to that of the primary key, and the difference is that the primary key is used as an input parameter (equivalent to a root key input when the primary key is generated) for generating the secondary key, specifically, the secondary decryption operation unit 3062 receives the second-layer source key of the hierarchical information storage unit 304, and the secondary algorithm selection unit 3112 selects the secondary key encryption/decryption algorithm to the secondary decryption operation unit 3062, so that the secondary decryption operation unit 3062 applies the primary key to decrypt the second-layer source key by using the secondary key encryption/decryption algorithm, and a secondary key is obtained. If the security level of the current user is secondary, key selection unit 310 may select the secondary key output.
Before output, in order to prevent the second-level key from being tampered in the transmission process, the generated second-level key needs to be verified, specifically, the second-level key is encrypted once by using the second-level key through the second-level handshake decryption operation circuit 3072, so that the second-level handshake encryption key information is obtained. And then, the second-level handshake request data transmitted by the hierarchical information storage unit 304 is received through the second-level handshake encryption operation circuit 3082, and the second-level handshake request data is encrypted by using the second-level handshake encryption key information, so as to obtain second-level handshake encryption information. And then receiving second-layer handshake response data transmitted by the hierarchical information storage unit 304, comparing the second-layer handshake response data with the second-layer handshake encryption information, and if the two match, indicating that the secondary key is not tampered, outputting the second-layer handshake response data through the key selection unit 310, otherwise, sending a prompt message.
The generation process of the tertiary key is as follows:
the generation process of the third-level key is similar to that of the second-level key, and the difference is that the second-level key is used as an input parameter for generating the third-level key (equivalent to the first-level key input during generation of the second-level key), specifically, the third-level decryption operation unit 3063 receives the third-level source key of the hierarchical information storage unit 304, and the third-level algorithm selection unit 3113 selects the third-level key encryption/decryption algorithm to the third-level decryption operation unit 3062, so that the third-level decryption operation unit 3063 decrypts the third-level source key by using the second-level key using the third-level key encryption/decryption algorithm, and obtains the third-level key. If the security level of the current user is three levels, the key selection unit 310 may select the three levels of key outputs.
Before outputting the third-level key, in order to prevent the third-level key from being tampered in the transmission process, the generated third-level key needs to be verified, specifically, the third-level key is encrypted once by using the third-level key through the third-level handshake decryption operation circuit 3073, so as to obtain the third-level handshake encryption key information. And then, the third-level handshake request data transmitted by the hierarchical information storage unit 304 is received through the three-level handshake encryption operation circuit 3083, and the third-level handshake request data is encrypted by using the three-level handshake encryption key information, so as to obtain third-level handshake encryption information. And then, receiving third-layer handshake response data transmitted by the hierarchical information storage unit 304, comparing the third-layer handshake response data with the third-layer handshake encryption information, and if the third-layer handshake response data and the third-layer handshake encryption information are matched, indicating that the third-layer key is not tampered, outputting the third-layer handshake response data through the key selection unit 310, otherwise, sending a prompt message.
Of course, in other embodiments, the number of the set user levels may also be other numbers, such as two security levels or more than four security levels, and correspondingly, the number of the hierarchies required for generating the access key information may also be other numbers, which are specifically set according to actual needs. When the access key information has other levels, the generation manner thereof may refer to the key generation process shown in fig. 3, which is not described herein again.
In some embodiments, the access key information generated by the key generation unit 30 may be stored in the key recording unit 40 to wait until a selective call of another function module.
As shown in fig. 4, the present application also provides a key generation method, which is applied to the key generation unit described in the present application, and the method includes the following steps:
firstly, in step S401, a source data decryption unit acquires encrypted source data for decryption to obtain a decrypted source key and a decrypted hierarchical encryption and decryption algorithm;
then step S402 is carried out, the root key operation unit calculates to obtain root key information according to the decrypted source key;
and then, in the step S403, the hierarchy decryption operation unit acquires hierarchy key information, a hierarchy key encryption and decryption algorithm and root key information, and decrypts the hierarchy key information by using the root key information according to the hierarchy key encryption and decryption algorithm to obtain access key information.
Generally, the key generation unit 30 needs to perform certain factory settings before being put into use, specifically, some verification data needed in the key generation process is solidified inside the key generation unit 30, as shown in fig. 5, the method includes the following steps:
the process first advances to step S501 to preset a user security level and stores the set user security level in the user level storage unit.
And then proceeds to step S502 to set the source key.
Step S502 may be followed by step S503 of obtaining hierarchical key information and handshake request information through a derivation algorithm according to the source key; synchronously, step S505 may be entered to set a corresponding security level and user identification information corresponding to the user for the current user.
Step S503 may be followed by step S504 of storing the hierarchical key information and the handshake request information in a hierarchical key information storage unit.
Then, the process proceeds to step S506 to complete the initial setting of the user key.
As shown in fig. 6, in some embodiments, the key generation method includes the steps of:
the method first proceeds to step S601, where the source data storage unit stores encrypted source data, where the source data includes a source key and a hierarchical encryption/decryption algorithm.
Then, in step S602, the source data decryption unit may obtain the encrypted source data for decryption, to obtain a decrypted source key and a decrypted hierarchical encryption/decryption algorithm, send the decrypted source key to the root key operation unit, and store the decrypted hierarchical key encryption/decryption algorithm in the algorithm information storage unit.
In parallel with step S601 and step S602, it may be proceeded to step S603 where the hierarchy information storage unit stores hierarchy key information; the user identification information storage unit stores user identification information.
After step S602 and step S603, step S604 may be performed by the root key operation unit to obtain the user identifier information and the decrypted source key, and perform hash operation on the user identifier information according to the decrypted source key to obtain root key information.
After step S604, the step S605 may be performed by the hierarchical decryption operation unit to obtain the hierarchical key encryption and decryption algorithm, the hierarchical key information, and the root key information, and the hierarchical key encryption and decryption algorithm is used to decrypt the hierarchical key information using the root key information, so as to obtain the access key information.
It should be noted that, although the above embodiments have been described herein, the scope of the present invention is not limited thereby. Therefore, based on the innovative concept of the present invention, the changes and modifications of the embodiments described herein, or the equivalent structure or equivalent process changes made by the contents of the specification and the drawings of the present invention, directly or indirectly apply the above technical solutions to other related technical fields, all included in the scope of the present invention.

Claims (10)

1. A multi-security level storage access device based on user fingerprint identification, the device comprising: the system comprises a fingerprint sensor, a fingerprint comparison unit, a user grade storage unit, a key generation unit, a data storage unit, a read-write control circuit, a user verification information storage unit and a user information comparison unit; the data storage unit comprises a plurality of data storage areas with different security levels;
the fingerprint sensor is connected with a fingerprint comparison unit, and the fingerprint comparison unit is respectively connected with the user grade storage unit, the user verification information storage unit and the secret key generation unit; the key generation unit and the user verification information storage unit are respectively connected with the user information comparison unit; the user information comparison unit is connected with the read-write control circuit, and the read-write control circuit is connected with the data storage unit.
2. The multi-security-level storage access device based on user fingerprint identification of claim 1, further comprising a user information generating unit;
the key generation unit is used for generating access key information with different security levels according to the user levels stored in the user level storage unit;
the user information generating unit is used for being connected with the key generating unit, acquiring the access key information generated by the key generating unit and generating user information to be authenticated according to the access key information;
the user information comparison unit is used for acquiring the information to be authenticated and the user verification information stored in the user verification information storage unit, and sending a control signal to the read-write control circuit according to a comparison result;
and the read-write control circuit is used for receiving the control signal and accessing the data storage area with the corresponding security level in the data storage unit according to the control signal.
3. The multi-security-level storage access device based on user fingerprint identification of claim 2, wherein the user information generating unit comprises a digital signature operation unit; the user information to be authenticated is user digital signature information, and the user verification information is user signature verification information;
the digital signature operation unit is used for carrying out hash operation on the access key information to obtain user digital signature information;
and the user information comparison unit is used for comparing the user digital signature information with the user signature verification information and sending a control signal to the read-write control circuit according to a comparison result.
4. The multi-security-level storage access device based on user fingerprint identification of claim 3, wherein said device further comprises a first decryption circuit and a check key storage unit; the first decryption circuit is respectively connected with the user information comparison unit, the verification key storage unit and the first decryption circuit;
the user verification information storage unit is used for storing the encrypted user signature verification information;
the first decryption circuit is configured to obtain the encrypted user signature verification information and verification access key information stored in the verification key storage unit, decrypt the encrypted user signature verification information by using the verification access key information, and send the decrypted user signature verification information to the user information comparison unit.
5. The multi-security-level storage access device based on user fingerprint identification of claim 2, wherein the device further comprises a read-write restriction unit;
the read-write limiting unit is respectively connected with the user information comparison unit and the fingerprint comparison unit and is used for limiting the position of a data storage area which can be accessed by a received data read-write command of the data read-write equipment according to the security level of the current user transmitted by the fingerprint comparison unit.
6. The multi-security-level storage access device based on user fingerprint identification of claim 5, further comprising a second encryption/decryption circuit, wherein the second encryption/decryption circuit is respectively connected to the read/write restriction unit, the key generation unit and the user information comparison unit;
and the second encryption and decryption circuit is used for receiving the access key information generated by the key generation unit and decrypting the data read from the data storage unit or encrypting the data to be written into the data storage unit by adopting the access key information.
7. The multi-security level memory access device based on user fingerprint identification of claim 5, wherein said device further comprises a counter and an erase circuit; the counter is respectively connected with the fingerprint comparison unit and the erasing circuit, and the erasing circuit is connected with the read-write control circuit;
the erasing circuit is used for erasing the data in the data storage area which accords with the preset safety level in the data storage unit through the read-write control circuit when the number of times of errors of the fingerprint comparison result counted by the counter exceeds a preset value.
8. The multi-security-level storage access device based on user fingerprint identification of claim 2, wherein the key generation unit comprises a source data decryption unit, a root key operation unit and a hierarchy decryption operation unit; the source data decryption unit is connected with a root key operation unit, and the root key operation unit is connected with a hierarchy decryption operation unit;
the source data decryption unit is used for acquiring the encrypted source data for decryption to obtain a decrypted source key and a decrypted hierarchical encryption and decryption algorithm;
a root key operation unit, configured to calculate root key information according to the decrypted source key;
and the hierarchy decryption operation unit is used for acquiring hierarchy key information, a hierarchy key encryption and decryption algorithm and root key information, and decrypting the hierarchy key information by adopting the root key information according to the hierarchy key encryption and decryption algorithm to obtain access key information.
9. The multi-security-level storage access device based on user fingerprint identification of claim 8, wherein the key generation unit further comprises an algorithm information storage unit and an algorithm selection unit, the algorithm selection unit is respectively connected with the algorithm information storage unit and the fingerprint comparison unit;
the algorithm information storage unit is used for storing the decrypted hierarchical encryption and decryption algorithm;
and the algorithm selection unit is used for selecting different levels of encryption and decryption algorithms to the level decryption operation unit according to the user security level.
10. The multi-security level storage access device based on user fingerprint identification of claim 9, wherein the key generation unit further comprises a hierarchy information storage unit;
a hierarchy information storage unit for storing the hierarchy key information;
the hierarchical decryption operation unit comprises a first-level decryption operation unit and a second-level decryption operation unit; the hierarchical key information includes first hierarchical key information and second hierarchical key information; the hierarchical key encryption and decryption algorithm comprises a first hierarchical encryption and decryption algorithm and a second hierarchical encryption and decryption algorithm;
the first-level decryption operation unit is used for acquiring first-level key information from the level information storage unit and decrypting the first-level key information by adopting the root key information according to the first-level key encryption and decryption algorithm to obtain a first-level key;
and the secondary decryption operation unit is used for acquiring secondary level key information from the level information storage unit, acquiring the primary key, and decrypting the secondary level key information by adopting the primary key information according to the secondary level key encryption and decryption algorithm to obtain a secondary key.
CN202022645124.9U 2020-11-16 2020-11-16 Multi-security-level storage access device based on user fingerprint identification Active CN213814673U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202022645124.9U CN213814673U (en) 2020-11-16 2020-11-16 Multi-security-level storage access device based on user fingerprint identification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202022645124.9U CN213814673U (en) 2020-11-16 2020-11-16 Multi-security-level storage access device based on user fingerprint identification

Publications (1)

Publication Number Publication Date
CN213814673U true CN213814673U (en) 2021-07-27

Family

ID=76933926

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202022645124.9U Active CN213814673U (en) 2020-11-16 2020-11-16 Multi-security-level storage access device based on user fingerprint identification

Country Status (1)

Country Link
CN (1) CN213814673U (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118070346A (en) * 2022-12-30 2024-05-24 深圳市速腾聚创科技有限公司 Chip device access method, chip device and radar

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118070346A (en) * 2022-12-30 2024-05-24 深圳市速腾聚创科技有限公司 Chip device access method, chip device and radar

Similar Documents

Publication Publication Date Title
KR101659110B1 (en) Method for authenticating access to a secured chip by a test device
US8572392B2 (en) Access authentication method, information processing unit, and computer product
CN112364323A (en) High-security storage access method and device based on user iris recognition
US6230272B1 (en) System and method for protecting a multipurpose data string used for both decrypting data and for authenticating a user
US6367017B1 (en) Apparatus and method for providing and authentication system
US9003177B2 (en) Data security for digital data storage
JP6275653B2 (en) Data protection method and system
US8819443B2 (en) Methods and devices for authentication and data encryption
US20030219121A1 (en) Biometric key generation for secure storage
CN112887085B (en) Method, device and system for generating security key of SSD (solid State disk) main control chip
CN112836221B (en) Multi-security-level partition portable solid state disk and design method thereof
US20120096280A1 (en) Secured storage device with two-stage symmetric-key algorithm
CN113168480A (en) Trusted execution based on environmental factors
CN112272090B (en) Key generation method and device
JP2008005408A (en) Recorded data processing apparatus
CN112364324A (en) High-security-level data access method and device based on voiceprint recognition
CN112906071B (en) Data protection method and device based on page temperature dynamic cold-hot switching
CN213814673U (en) Multi-security-level storage access device based on user fingerprint identification
CN213814671U (en) High-security-level data access device based on structured light array recognition
CN112685352B (en) Bridging chip for PCIE-SATA protocol and operation method thereof
CN112364316B (en) High-security-level data access method and device based on structured light array identification
CN112347446A (en) Multi-security-level storage access method and device based on user face recognition
CN213817804U (en) Secret key generating device
CN213126079U (en) High security level data access device based on voiceprint recognition
CN213780963U (en) High-safety storage access device based on user iris recognition

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: No.302, no.6, zone 2, Fuhai Industrial Zone, Fuyong community, Fuyong street, Bao'an District, Shenzhen City, Guangdong Province

Patentee after: Shenzhen anjilite New Technology Co.,Ltd.

Address before: No.302, no.6, zone 2, Fuhai Industrial Zone, Fuyong community, Fuyong street, Bao'an District, Shenzhen City, Guangdong Province

Patentee before: Shenzhen anjili New Technology Co.,Ltd.

CP01 Change in the name or title of a patent holder