A method and system for implementing solid state disk identity authentication based on tokens

What is AI technical title?
AI technical title is built by PatSnap AI team. It summarizes the technical point description of the patent document.
By using a token mechanism and XOR computation encryption method, the problem of easy key leakage in solid-state drive encryption methods is solved, enabling flexible encryption switching and highly reliable data protection to prevent unauthorized access to data.

CN115238302BActive Publication Date: 2026-06-16YAOYUN TECH (XIAN) CO LTD

View PDF 4 Cites 0 Cited by

Patent Information

Authority / Receiving Office: CN · China
Patent Type: Patents(China)
Current Assignee / Owner: YAOYUN TECH (XIAN) CO LTD
Filing Date: 2022-06-21
Publication Date: 2026-06-16

Application Information

Patent Timeline

21 Jun 2022

Application

16 Jun 2026

Publication

CN115238302B

IPC: G06F21/62; G06F21/31; G06F21/79

CPC: G06F21/6218; G06F21/31; G06F21/79

AI Tagging

Application Domain

Digital data protection Internal/peripheral component protection

Explore More Agents

Novelty Search
Search existing technologies and assess novelty
↗
FTO
Analyze whether a product may infringe others' patents
↗
Design FTO
Check prior-design risk for exterior design
↗
Drafting
Draft patent application text based on a technical solution
↗
Find Solutions with TRIZ
Generate feasible solution to solve your technical challenge
↗

Similar Technology Patents

Get free access to AI patent search and analysis

Check patentability, review prior art and ask IP Agent with full patent context.

AI Technical Summary

⚠Technical Problem

Existing SSD encryption methods are prone to leaking the original key, and the private key changes after the SSD controller fails, resulting in data inaccessibility or a transparent data state, which is not secure enough.

⚗Method used

It adopts a token mechanism, generates ciphertext through a random number generation module, negotiates a new token New Seed, and uses XOR calculation to realize the encryption and decryption process. It uses the collaborative operation of the host computer and solid-state drive for identity authentication and flexibly switches the encryption state.

🎯Benefits of technology

It enables flexible encryption switching without additional hardware, provides highly reliable and low-cost encryption, prevents brute-force attacks, and ensures data security.

✦ Generated by Eureka AI based on patent content.

Smart Images

Figure CN115238302B_ABST

Patent Text Reader

Abstract

The application discloses a kind of based on token implementation solid state disk identity authentication method and system, belong to encryption authentication method field, it is characterized in that: including encryption process and decryption process;Original token is generated ciphertext by random number generation module;New token is extracted from the specific position in ciphertext, and original token is updated to new token;Host computer reads ciphertext, and new token is extracted from the specific position, and ciphertext is generated by random number generation module;The method of the application is simple in encryption mode, and can be switched between encryption and non-encryption flexibly with host computer, without additional hardware encryption chip, good economic benefit, encryption algorithm can be realized by independent special encryption module, without additional resource consumption, without occupying interface bandwidth, without affecting transmission speed, lost solid state disk after encryption cannot be brute-forced;Even if brute force is carried out, data will be destroyed, and the encryption effect of flexibility, high reliability and low cost is truly realized.

Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of encryption authentication methods, and in particular relates to a method and system for solid-state drive identity authentication based on tokens. Background Technology

[0002] Solid-state drives (SSDs) are hard drives made from arrays of solid-state electronic storage chips. Internally, they mainly consist of a controller chip and storage chips, with the internal storage particles called NAND flash. Compared to hard disk drives (HDDs), SSDs are lighter, have larger capacities, lower power consumption, longer lifespans, better shock resistance, stronger environmental adaptability, and smaller size. They are widely used in home, automotive, industrial control, monitoring, network terminals, power, medical, and aerospace fields. With the widespread adoption of SSDs, information and data security has become increasingly important, leading to the development of more and more encryption methods. Common SSD encryption methods mainly include interface encryption, data encryption, and access control encryption.

[0003] Existing technology, such as application number CN201310455066.5 entitled "Method for Encrypting Partitions of a Solid State Drive and the Solid State Drive Thereof," provides a method for encrypting partitions of a solid state drive and a solid state drive thereof. The encryption method involves dividing the storage area of the solid state drive into an encrypted storage area; setting a verification key for accessing and / or storing data in the encrypted storage area; and verifying the identity of the user accessing and / or storing data in the encrypted storage area based on the verification key. After successful verification, access to and / or storage of data in the encrypted storage area is granted. However, this scheme belongs to partition encryption within permission encryption. This encryption method does not encrypt metadata, and during the encryption process, the key is directly transmitted through an interface or encrypted using a fingerprint on the solid state drive, making the original key easily leaked.

[0004] For example, the patent application CN201310305728.0, entitled "A Solid State Drive Data Encryption and Decryption Method and Solid State Drive System," applies to the field of data security and provides a solid state drive data encryption and decryption method and system. This data encryption and decryption method includes: generating a public-private key pair (k1, k2) based on an asymmetric encryption algorithm; saving the private key k2 to the solid state drive and saving the public key k1 to the host. However, this scheme is data encryption, suitable for situations where the solid state drive controller is damaged, and someone else obtains the damaged solid state drive, replaces the controller, and changes the private key, thus preventing access to the internal data. But if the solid state drive is intact and obtained by someone else, because their private key is stored in the solid state drive, when a user reads data, the solid state drive controller will fully decrypt the data stored in the memory chips, making the data appear transparent and unencrypted to others. Summary of the Invention

[0005] This invention aims to solve the above problems and provides a method and system for solid-state drive identity authentication based on tokens.

[0006] In a first aspect, the present invention provides a method for solid-state drive identity authentication based on a token, including an encryption process and a decryption process;

[0007] The encryption process includes:

[0008] The hard drive starts the encryption function, using the original Seed token to generate ciphertext 1 through the random number generation module;

[0009] Extract the new token New Seed from the specific location agreed upon with the host computer in Ciphertext 1, and update the original Seed to New Seed; the specific location is the location specified by the hard disk and the host computer in Ciphertext 1 according to the principle of the cryptographic book.

[0010] The host computer reads ciphertext 1, extracts the New Seed from a specific position, and generates ciphertext 2 through the random number generation module.

[0011] Set user password; perform password conversion;

[0012] Ciphertext 2 and the converted password are processed using an encryption algorithm to obtain ciphertext 3 that is encrypted again;

[0013] The hard drive uses New Seed to generate the same ciphertext 2 using the same random number generation module as the host computer; the ciphertext 2 generated by the hard drive and the aforementioned ciphertext 3 are processed using an encryption algorithm to extract the user password from a specific location and save it to the solid-state drive; encryption is complete.

[0014] The decryption process includes:

[0015] Enter user password; perform password conversion;

[0016] Ciphertext 2 and the converted password are processed using an encryption algorithm to obtain ciphertext 3 that is encrypted again;

[0017] The hard drive uses New Seed to generate ciphertext 2 using the same random number generation module as the host computer; the ciphertext 2 generated by the hard drive and the aforementioned ciphertext 3 are processed using an encryption algorithm to extract the user password from a specific location; the user password is compared with the user password stored in the solid-state drive during the encryption process; if the password is correct, authentication is successful; if the password is incorrect, authentication fails; decryption is complete.

[0018] Furthermore, in the token-based solid-state drive authentication method of the present invention, the password conversion specifically involves processing the user password through a random number generation module to make the number of bytes in the converted password equal to the number of bytes in the aforementioned ciphertext (2 bytes).

[0019] Furthermore, in the token-based solid-state drive authentication method of the present invention, the encryption algorithm processing specifically involves performing an XOR calculation.

[0020] Furthermore, in the method for solid-state drive identity authentication based on tokens described in this invention, both the Seed token and the NewSeed are 8 bytes in size.

[0021] Furthermore, in the method for solid-state drive identity authentication based on tokens described in this invention, the size of the ciphertext is 512 bytes.

[0022] Furthermore, in the method for solid-state drive authentication based on tokens described in this invention, the user password is 8 bytes in size.

[0023] Secondly, the present invention provides a system for solid-state drive (SSD) identity authentication based on a token, comprising an SSD equipped with a control chip and a host computer equipped with an encryption module; the control chip is equipped with an encryption module and a random number generation module; the encryption module has a built-in encryption algorithm.

[0024] The solid-state drive is used to start the encryption function. Ciphertext 1 is generated using the original Seed token through the random number generation module. A new token, New Seed, is extracted from a specific position in ciphertext 1, and the original Seed is updated to New Seed. Ciphertext 2 is generated using the New Seed through the random number generation module. Ciphertext 2 and ciphertext 3 generated by the host computer are processed by the encryption module to extract the user password from a specific position and save it to the solid-state drive.

[0025] The host computer is used to read ciphertext 1, extract the New Seed from a specific location, generate ciphertext 2 through a random number generation module, set the user password, perform password conversion, and encrypt ciphertext 2 and the converted password to obtain ciphertext 3 that is encrypted again.

[0026] Furthermore, in the token-based solid-state drive (SSD) authentication system of the present invention, the SSD is also used to verify the user password; specifically, it includes: using New Seed to generate ciphertext 2 using the same random number generation module as the host computer; processing the ciphertext 2 generated by the SSD and the ciphertext 3 generated by the host computer through an encryption module to extract the user password from a specific location; comparing the user password with the user password stored in the SSD; if the password is correct, authentication is successful; if the password is incorrect, authentication fails.

[0027] Furthermore, in the token-based solid-state drive authentication system of the present invention, the password conversion specifically involves processing the user password through a random number generation module to make the number of bytes in the converted password equal to the number of bytes in the aforementioned ciphertext (2 bytes).

[0028] Furthermore, in the token-based solid-state drive authentication system of the present invention, the encryption process specifically involves performing an XOR calculation.

[0029] The method and system for token-based solid-state drive (SSD) authentication described in this invention features a simple encryption method. Combined with a host computer, it can flexibly switch between encrypted and unencrypted modes without requiring additional hardware encryption chips, resulting in good economic benefits. The encryption algorithm can be implemented through a dedicated encryption module, without consuming additional resources, occupying interface bandwidth, or affecting transmission speed. If the encrypted SSD is lost, it cannot be brute-forced; even if a brute-force attack is attempted, the data will be destroyed. This truly achieves a flexible, highly reliable, and low-cost encryption effect. Attached Figure Description

[0030] Figure 1 This is a schematic diagram of the encryption process described in an embodiment of the present invention;

[0031] Figure 2 This is a schematic diagram of the decryption process described in an embodiment of the present invention;

[0032] Figure 3 This is a schematic diagram of the authentication system structure according to an embodiment of the present invention. Detailed Implementation

[0033] The method and system for token-based solid-state drive authentication described in this invention will be described in detail below with reference to the accompanying drawings and embodiments.

[0034] Example 1

[0035] This disclosure presents a method for solid-state drive (SSD) authentication based on a token, including an encryption process and a decryption process;

[0036] like Figure 1 As shown, the specific steps of the encryption process in this embodiment include:

[0037] Step 1: The original Seed token in the device changes every time the solid-state drive is powered on or every time the host computer obtains a Seed token;

[0038] Step 2: The random number generation module uses the Seed key generated in Step 1 to perform calculations and generate a 512-byte ciphertext 1.

[0039] Step 3: Extract 8 bytes of data from the 512-byte ciphertext in Step 2 and the specific position agreed upon with the host computer, and use it as the new ciphertext to update the 8-byte Seed token in Step 1, which is called the New Seed. In this embodiment of the disclosure, the hard disk and the host computer specify eight positions in the ciphertext 1, and each position contains 1 byte of data, which are combined to form an 8-byte New Seed, based on the principle of the cryptographic book.

[0040] Step 4: The host computer sends a custom subcommand from the standard ATA command set read_log_ext through the host computer software to read ciphertext 1 from step 2;

[0041] Step 5: The host computer software extracts 8 bytes of New Seed from the ciphertext obtained in Step 4 and the specific location agreed upon by the host computer.

[0042] Step 6: The host computer software then uses the random number generation module to regenerate the 8 bytes of New Seed extracted in Step 5 into 512 bytes of ciphertext 2.

[0043] Step 7: The user sets an 8-byte password through the host computer software, and then the host computer software processes this 8-byte password into a 512-byte format through a random number generation algorithm;

[0044] Step 8: Perform an XOR operation between the newly generated ciphertext 2 from the host computer software in step 6 and the password from step 7 to obtain a new 512-byte ciphertext 3;

[0045] Step 9: The host computer software sends a custom subcommand from the standard ATA command set write_log_ext to write the new ciphertext from step 8 to the solid-state drive.

[0046] Step 10: The solid-state drive uses the same random number generation module algorithm to generate another 512-byte ciphertext 2 using New Seed from Step 3;

[0047] Step 11: Perform an XOR operation between the ciphertext 2 generated by the solid-state drive in step 10 and the 512-byte ciphertext 3 written to the hard drive in step 9;

[0048] Step 12: Extract the 8-byte password from a specific position after XORing in Step 11;

[0049] Step 13: Store the 8-byte user-defined password in solid-state storage.

[0050] like Figure 2 As shown, the specific steps of the decryption process in this embodiment include:

[0051] Step 1: The original Seed token in the device changes every time the solid-state drive is powered on or every time the host computer obtains a Seed token;

[0052] Step 2: The random number generation module uses the Seed key generated in Step 1 to perform calculations and generate a ciphertext 1 of size 512 bytes;

[0053] Step 3: Extract 8 bytes of data from a specific position in the 512-byte ciphertext of Step 2, and update the 8-byte Seed token in Step 1 as new ciphertext, called New Seed;

[0054] Step 4: The host computer sends a custom subcommand from the standard ATA command set read_log_ext through the host computer software to read ciphertext 1 from step 2;

[0055] Step 5: The host computer software extracts the 8-byte New Seed from a specific position in the ciphertext obtained in Step 4.

[0056] Step 6: The host computer software then uses the random number generation module to regenerate the 8 bytes of New Seed extracted in Step 5 into 512 bytes of ciphertext 2.

[0057] Step 7: The user enters the pre-set 8-byte password through the host computer software, and then the host computer software processes this 8-byte password into a 512-byte format using a random number generation algorithm.

[0058] Step 8: Perform an XOR operation between the newly generated ciphertext 2 from the host computer software in step 6 and the password from step 7 to obtain a new 512-byte ciphertext 3;

[0059] Step 9: The host computer software sends a custom subcommand from the standard ATA command set write_log_ext to write the new ciphertext from step 8 to the solid-state drive.

[0060] Step 10: The solid-state drive uses the same random number generation algorithm to generate another 512-byte ciphertext 2 using the New Seed from Step 3;

[0061] Step 11: Perform an XOR operation between the ciphertext 2 generated by the solid-state drive in step 10 and the 512-byte ciphertext 3 written to the hard drive in step 9;

[0062] Step 12: Extract the 8-byte password from a specific position after XORing in Step 11;

[0063] Step 13: Compare the extracted 8-digit user input password with the 8-digit password stored in the solid-state drive during the encryption process. If the password is correct, the solid-state drive is decrypted and can be accessed normally; if the password is incorrect, an error status is returned to the host, and the solid-state drive remains encrypted.

[0064] The scheme described in this disclosure provides a flexible and secure method for implementing an encrypted solid-state drive (SSD). The encryption method is based on the SATA interface, offering flexible and convenient encryption and decryption, a high level of encryption security, no performance loss, and the ability to implement various customized functions. After encryption, the SSD enters a custom read / write protection state. Without a host computer, the SSD is unusable and the password cannot be cracked. Forcibly cracking the password with a host computer would cause irreparable data damage, thus ensuring a high level of encryption security.

[0065] Example 2

[0066] This disclosure presents a system for solid-state drive (SSD) authentication based on tokens, such as... Figure 3 As shown, the system includes a solid-state drive (SSD) with a control chip and a host computer with an encryption chip. The control chip contains an encryption module and a random number generation module. Both the encryption chip and the encryption module have built-in encryption algorithms. The SSD is used to enable the encryption function. Each time the host obtains a Seed token or each time the SSD is powered on, the original Seed token changes. The original Seed token generates ciphertext 1 using the random number generation module. A new token, New Seed, is extracted from a specific position in ciphertext 1, and the original Seed is updated to New Seed. Ciphertext 2 is generated using the New Seed through the random number generation module. Ciphertext 2 and ciphertext 3 generated by the host computer are processed using an encryption algorithm to extract the user password from a specific position and save it to the SSD.

[0067] The host computer is used to read ciphertext 1, extract the New Seed from a specific location, generate ciphertext 2 through a random number generation module, set the user password, perform password conversion, and process ciphertext 2 and the converted password using an encryption algorithm to obtain a re-encrypted ciphertext 3. In this embodiment, the password conversion adds bytes to the user password so that the number of bytes in the converted password is equal to the number of bytes in the aforementioned ciphertext 2; the encryption algorithm processing specifically involves performing an XOR calculation.

[0068] The system for token-based solid-state drive authentication described in this embodiment of the present disclosure includes the following authentication process:

[0069] With encryption enabled, connect the SSD to the computer and start the computer. Open the host computer, scan for the SSD to be encrypted, set a password, and then enable the encryption function. The default password for users is all "0".

[0070] After encryption is complete, the solid-state drive automatically enters write-protected mode. In this mode, except for commands to read basic hard drive information and decryption commands, other read commands will be responded to by the solid-state drive with all "0"s.

[0071] Identity authentication involves sending a password to the host computer to confirm identity, followed by parsing and analysis.

[0072] Upon successful authentication, the system enters decryption mode and can be used normally. If authentication fails three times, the host computer software will issue a warning and prohibit password input. To continue entering a password, the host computer's super administrator password must be entered. Under super administrator privileges, if the password is incorrectly confirmed again, the SSD will automatically execute an erase command, erasing all data. All data on the SSD will be lost and cannot be recovered, and the password will also be erased. Therefore, the SSD will automatically decrypt.

[0073] In this embodiment, the random number generation module is implemented using firmware code algorithms. When the host computer needs to obtain a token, the solid-state drive (SSD) updates a new set of tokens and returns them to the host computer. The user sets the password through the host computer, and the algorithm in the host computer is consistent with the algorithm added to the SSD. Any ciphertext and user settings transmitted over the link are encrypted multiple times, ensuring the secure transmission and correctness of the ciphertext and the user-set password.

Claims

1. A method for solid-state drive authentication based on tokens, characterized in that: Includes the encryption and decryption processes; The encryption process includes: The hard drive starts the encryption function, using the original Seed token to generate ciphertext 1 through the random number generation module; Extract a new token, New Seed, from a specific position in Ciphertext 1 and update the original Seed to New Seed; The host computer reads ciphertext 1, extracts the New Seed from a specific position, and generates ciphertext 2 through the random number generation module. Set user password; perform password conversion; Ciphertext 2 and the converted password are encrypted using an encryption algorithm to obtain ciphertext 3, which is encrypted again. The hard drive uses New Seed to generate ciphertext 2 using the same random number generation module as the host computer; the ciphertext 2 generated by the hard drive is then processed with the aforementioned ciphertext 3 using an encryption algorithm to extract the user password from a specific location and save it to the solid-state drive; encryption is complete. The decryption process includes: Enter user password; perform password conversion; Ciphertext 2 and the converted password are encrypted using an encryption algorithm to obtain ciphertext 3, which is encrypted again. The hard drive uses New Seed to generate ciphertext 2 using the same random number generation module as the host computer; the ciphertext 2 generated by the hard drive is processed with the aforementioned ciphertext 3 using an encryption algorithm to extract the user password from a specific location; the user password is compared with the user password stored in the solid-state drive during the encryption process; if the password is correct, authentication is successful; if the password is incorrect, authentication fails; decryption is complete.

2. The method for solid-state drive authentication based on tokens according to claim 1, characterized in that: The password conversion specifically involves processing the user's password using a random number generation algorithm to make the number of bytes in the converted password equal to the number of 2 bytes in the aforementioned ciphertext.

3. The method for solid-state drive authentication based on tokens according to claim 2, characterized in that: The encryption algorithm specifically involves XOR calculation.

4. The method for solid-state drive authentication based on tokens according to claim 3, characterized in that: Both the Seed token and the New Seed are 8 bytes in size.

5. The method for solid-state drive authentication based on tokens according to claim 4, characterized in that: The size of the ciphertext is 512 bytes.

6. The method for solid-state drive authentication based on tokens according to claim 5, characterized in that: The user password is 8 bytes in size.

7. A system for solid-state drive authentication based on tokens, characterized in that: It includes a solid-state drive with a control chip and a host computer with an encryption module; the control chip contains an encryption module and a seed generation module; the encryption module has a built-in encryption algorithm. The solid-state drive is used to initiate the encryption function. Ciphertext 1 is generated using the original Seed token through the random number generation module; a new token, New Seed, is extracted from a specific position in ciphertext 1, and the original Seed is updated to New Seed; ciphertext 2 is generated using the New Seed through the random number generation module. The ciphertext 2 and the ciphertext 3 generated by the host computer are processed using an encryption algorithm to extract the user password from a specific location and save it to the solid-state drive. The host computer is used to read ciphertext 1, extract the New Seed from a specific location, generate ciphertext 2 through a random number generation module, set the user password, perform password conversion, and process ciphertext 2 and the converted password through an encryption algorithm to obtain ciphertext 3 that is encrypted again.

8. The system for solid-state drive authentication based on tokens according to claim 7, characterized in that: The solid-state drive is also used to verify user passwords; specifically, it includes: using New Seed to generate ciphertext 2 using the same encryption algorithm as the host computer; processing the ciphertext 2 generated by the solid-state drive and the ciphertext 3 generated by the host computer using an encryption algorithm to extract the user password from a specific location; comparing the user password with the user password stored in the solid-state drive; if the password is correct, authentication is successful; if the password is incorrect, authentication fails.

9. The system for solid-state drive authentication based on tokens according to claim 8, characterized in that: The password conversion specifically involves processing the user's password using a random number generation algorithm to make the number of bytes in the converted password equal to the number of 2 bytes in the aforementioned ciphertext.

10. The system for solid-state drive authentication based on tokens according to claim 9, characterized in that: The encryption process specifically involves performing an XOR operation.