阅读说明：本技术 一种移动硬盘多密级交互方法及系统 (Mobile hard disk multi-security-level interaction method and system ) 是由 邓丰赣 于 2021-05-28 设计创作，主要内容包括：本发明涉及移动硬盘多密级交互技术领域,且公开了一种移动硬盘多密级交互系统,包括：内嵌在移动硬盘芯片上的交互通信模块,该交互通信模块上的移动硬盘交互应用程序运行在计算机终端上；所述移动硬盘交互应用程序,包括：用于管理不同密级计算机终端受控访问权限的安全控制模块、用于管理操作用户密钥的密钥管理模块、用于验证操作用户操作权限的权限验证模块；当操作用户请求在安全控制模块上设置移动硬盘的受控访问策略时,权限验证模块对权限验证模块的操作权限进行验证,并且只有验证成功,才允许操作用户设置移动硬盘的受控访问策略。本发明解决了如何阻止移动硬盘在不同密级主机间交叉使用时造成信息泄露的技术问题。(The invention relates to the technical field of mobile hard disk multi-secret level interaction, and discloses a mobile hard disk multi-secret level interaction system, which comprises: the interactive communication module is embedded on the mobile hard disk chip, and a mobile hard disk interactive application program on the interactive communication module runs on the computer terminal; the mobile hard disk interactive application program comprises: the security control module is used for managing the controlled access authority of different security computer terminals, the key management module is used for managing the key of the operation user, and the authority verification module is used for verifying the operation authority of the operation user; when the operation user requests to set the controlled access policy of the mobile hard disk on the security control module, the authority verification module verifies the operation authority of the authority verification module, and only if the verification is successful, the operation user is allowed to set the controlled access policy of the mobile hard disk. The invention solves the technical problem of how to prevent the information leakage caused by the cross use of the mobile hard disk between different security level hosts.)

1. A mobile hard disk multi-secret level interaction system is characterized by comprising: and the interactive communication module Icm is embedded on the Mhd chip of the mobile hard disk, and a mobile hard disk interactive application program on the interactive communication module Icm runs on an operating system of the computer terminal Pct.

2. The removable disk multi-density interaction system of claim 1, wherein the removable disk interaction application comprises: the security control module is used for managing the controlled access authority of different security computer terminals Pct, the key management module is used for managing the key of the operation user, and the authority verification module is used for verifying the operation authority of the operation user.

3. A multi-secret-level interaction method for a mobile hard disk is characterized by comprising the following steps:

step one, after the mobile hard disk Mhd is in communication connection with the computer terminal Pct through an I/O request packet, the mobile hard disk interactive application program on the interactive communication module Icm immediately starts to run on an operating system of the computer terminal PCTi;

step two, the operating user OUi registers the operating authority on the key management module to obtain the key of the interaction authority for legally operating the mobile hard disk Mhd;

step three, when the operating user OUi requests to set a controlled access strategy of the mobile hard disk Mhd on the security control module, the permission verification module starts to verify the operating permission of the permission verification module;

only if the verification is successful, the operation user OUi is allowed to set the controlled access strategy of the mobile hard disk Mhd;

and step four, the operation user OUi sets the controlled access strategy of the mobile hard disk Mhd on the security control module.

4. The method of claim 3, wherein the controlled access policy comprises:

step S1, defining the host authority of the computer terminal Pct as low, middle and high levels;

step S2, defining the authority of storing files and directories on the mobile hard disk Mhd to perform each operation as low, middle and high levels;

step S3, creating a controlled access rule for the file stored on the mobile hard disk Mhd.

Technical Field

The invention relates to the technical field of mobile hard disk multi-security level interaction, in particular to a mobile hard disk multi-security level interaction method and system.

Background

Mobile storage devices (such as usb disks and mobile hard disks) are widely used for data storage and data exchange due to their characteristics of high speed and convenient use. However, as the policy related to national information security level protection comes out, the awareness of data level protection is gradually strengthened, and the cross use of the mobile storage device among different security level hosts may cause a security risk that high-security level information is leaked downwards. To address this security issue, a common approach is to set the privacy level of the mobile storage device and prohibit the device from cross-use between hosts of different privacy levels. Obviously, this not only goes against the original intention of the mobile storage device to be convenient to use, but also because it is managed from an unprotective point of view, the security problem caused by the intended or unintended cross use still exists objectively.

Disclosure of Invention

Technical problem to be solved

Aiming at the defects of the prior art, the invention provides a mobile hard disk multi-security interaction method and a mobile hard disk multi-security interaction system, which are used for solving the technical problem of how to prevent information leakage caused by the fact that a mobile hard disk is used in a cross mode among different security hosts.

(II) technical scheme

In order to achieve the purpose, the invention provides the following technical scheme:

a mobile hard disk multi-security interaction system comprises: and the interactive communication module Icm is embedded on the Mhd chip of the mobile hard disk, and a mobile hard disk interactive application program on the interactive communication module Icm runs on an operating system of the computer terminal Pct.

Further, the mobile hard disk interactive application program includes: the security control module is used for managing the controlled access authority of different security computer terminals Pct, the key management module is used for managing the key of the operation user, and the authority verification module is used for verifying the operation authority of the operation user.

A multi-secret level interaction method for a mobile hard disk comprises the following steps:

step one, after the mobile hard disk Mhd is in communication connection with the computer terminal Pct through an I/O request packet, the mobile hard disk interactive application program on the interactive communication module Icm immediately starts to run on an operating system of the computer terminal PCTi;

step two, the operating user OUi registers the operating authority on the key management module to obtain the key of the interaction authority for legally operating the mobile hard disk Mhd;

step three, when the operating user OUi requests to set a controlled access strategy of the mobile hard disk Mhd on the security control module, the permission verification module starts to verify the operating permission of the permission verification module;

only if the verification is successful, the operation user OUi is allowed to set the controlled access strategy of the mobile hard disk Mhd;

and step four, the operation user OUi sets the controlled access strategy of the mobile hard disk Mhd on the security control module.

Further, the controlled access policy includes:

step S1, defining the host authority of the computer terminal Pct as low, middle and high levels;

step S2, defining the authority of storing files and directories on the mobile hard disk Mhd to perform each operation as low, middle and high levels;

step S3, creating a controlled access rule for the file stored on the mobile hard disk Mhd.

(III) advantageous technical effects

Compared with the prior art, the invention has the following beneficial technical effects:

when an operation user requests to set a controlled access strategy of the mobile hard disk on the security control module, the authority verification module starts to verify the operation authority of the authority verification module, and the operation user is allowed to set the controlled access strategy of the mobile hard disk only if the verification is successful;

and the controlled access of the computer terminals with different secret levels to the mobile hard disk is realized by controlling the access authority, and the safe cross use of the mobile hard disk between the computer terminals with different secret levels is realized.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

A mobile hard disk multi-security interaction system comprises: the interactive communication module Icm is embedded on the Mhd chip of the mobile hard disk, and a mobile hard disk interactive application program on the interactive communication module Icm runs on an operating system of the computer terminal Pct;

the mobile hard disk interactive application program comprises: the security control module is used for managing the Pct controlled access rights of different security computer terminals, the key management module is used for managing the key of the operation user, and the right verification module is used for verifying the operation right of the operation user;

a multi-secret level interaction method for a mobile hard disk comprises the following steps:

step one, after the mobile hard disk Mhd is in communication connection with the computer terminal Pct through an I/O request packet, the mobile hard disk interactive application program on the interactive communication module Icm immediately starts to run on an operating system of the computer terminal PCTi;

step two, the operation user OUi registers the operation authority on the key management module to obtain the key of the interaction authority for legally operating the mobile hard disk Mhd, and the specific execution steps of the operation authority registration include:

step S1, the operating user OUi inputs the identity information IDoui of the operating user OUi to the key management module;

step S2, the key management module is in binary field F₂ ^mUpper selection of an elliptic curve E_p(a, b) on the elliptic curve E_pRandomly selecting a point Y as a base point on (a, b), and then taking the elliptic curve E_p(a, b) the base point Y is disclosed to the operating user OUi;

step S3, the operating user OUi selects one in the binary field F₂ ^mIs generated in a binary field F₂ ^mThe public key v is set to be (u) Y, and then the public key v is transmitted to the key management module;

step three, when the operating user OUi requests to set the controlled access policy of the mobile hard disk Mhd on the security control module, the authority verification module starts to verify the operation authority of the authority verification module, and the specific execution step of verifying the operation authority comprises the following steps:

step S1, operating user OUi to randomly select one in binary field F₂ ^mThe value Y above, K ═ Y is calculated and K is taken on the elliptic curve E_p(a, b) and then transmitting K to the security control module;

step S2, the safety control module is automatically generated in step twoCarry system field F₂ ^mThe random number k is transmitted to the operation user OUi;

step S3, the operating user OUi calculates O ═ y + (k) (u), and transmits O to the safety control module;

step S4, the security control module verifies whether equation (O) Y ═ K + (K) (v) is true, and if true, it indicates that the operation authority verification of the operation user OUi is successful;

only if the verification is successful, the operation user OUi is allowed to set the controlled access strategy of the mobile hard disk Mhd;

step four, the operating user OUi sets a controlled access policy of the mobile hard disk Mhd on the security control module, wherein the controlled access policy comprises:

step S1, defining the host authority of the computer terminal Pct as low, middle and high levels;

step S2, defining the authority of storing files and directories on the mobile hard disk Mhd to perform each operation as low, middle and high levels;

step S3, establishing a controlled access rule for the file stored on the mobile hard disk Mhd, specifically including:

when the host authority of the computer terminal Pct is higher than the directory security level of the file stored on the mobile hard disk Mhd, the access authority returns read-only;

when the host authority of the computer terminal Pct is lower than the directory security level of the file stored on the mobile hard disk Mhd, returning the access authority of the operating user OUi to deny access;

when the host authority of the computer terminal Pct is equal to the directory security level of the file stored on the mobile hard disk Mhd, the access authority of the operating user OUi returns to normal reading and writing;

the method comprises the following steps that controlled access of computer terminals Pct with different secret levels to a mobile hard disk Mhd is achieved through control over access rights, and safe cross use of the mobile hard disk Mhd among the computer terminals Pct with different secret levels is achieved;

although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.