Hardware encryption and hardware decryption method, device, electronic equipment and storage medium

By generating dynamic encryption keys and differentiated storage strategies using retinal dual-modal features, the problems of key leakage, forgery, and anti-interference in high-security scenarios of hard disk encryption technology are solved, realizing a hard disk encryption system with high security and hierarchical management.

CN122268616APending Publication Date: 2026-06-23YEESTOR MICROELECTRONICS CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
YEESTOR MICROELECTRONICS CO LTD
Filing Date
2026-02-11
Publication Date
2026-06-23

AI Technical Summary

Technical Problem

Existing hard drive encryption technologies suffer from several problems in high-security scenarios, including the risk of key leakage, the ease with which biometrics can be forged, the disconnect between authentication and encryption, weak anti-interference capabilities, and a lack of hierarchical authorization management.

Method used

By using dual-modal retinal features (vascular patterns and macular contours) as a biometric method, a dynamic encryption key is generated. Combined with a differentiated storage strategy and a hardware encryption chip, a deep binding between identity and key is achieved, constructing a secure closed loop across the entire chain.

Benefits of technology

It improves the accuracy and anti-counterfeiting capabilities of identity authentication, prevents data leakage, ensures high security of hardware-stored data, and meets the needs of stable operation and hierarchical management in extreme environments.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122268616A_ABST
    Figure CN122268616A_ABST
Patent Text Reader

Abstract

This application provides a hardware encryption and decryption method, apparatus, electronic device, and storage medium, belonging to the field of data security technology. The method includes: acquiring the retinal bimodal features of a target user; encrypting the retinal bimodal features of the target user to obtain an authorized feature template; generating an encryption key based on the authorized feature template; encrypting the target user's data to be stored using the encryption key to obtain encrypted data; and storing the encrypted data in a hardware storage array; acquiring the retinal bimodal features of the current user; if the current user's retinal bimodal features match the authorized feature template stored in the hardware, generating a decryption key based on the authorized feature template; and decrypting the hardware storage array based on the authorized feature template to obtain the target data. This application can solve the problem of low security in existing cryptographic or hardware-based encryption methods.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of data security technology, and in particular to a hardware encryption and decryption method, apparatus, electronic device and storage medium. Background Technology

[0002] With the widespread application of information technology in high-security fields such as national security, military command, and classified storage, more stringent requirements have been placed on the security, reliability, and environmental adaptability of data storage devices. Hard drive hardware encryption systems, as key devices for protecting data security, must operate stably in harsh environments such as extreme temperatures, strong vibrations, and strong electromagnetic interference, and possess comprehensive protection capabilities against physical tampering, identity theft, and data leakage. Currently, common encryption technologies mainly include key authentication based on cryptography or hardware, biometric identification schemes based on fingerprints and other characteristics, and independent retinal recognition systems. However, these schemes still have many limitations when dealing with high-security scenarios.

[0003] In existing technologies, encryption methods based on passwords or hardware are at risk of key leakage or loss; fingerprint recognition schemes are easy to integrate but are vulnerable to forgery attacks and have limited security; while independent retinal recognition systems have high recognition accuracy but are not deeply integrated with hard drive encryption systems, resulting in a disconnect between authentication and encryption, leading to low encryption security. Summary of the Invention

[0004] The main objective of this application is to propose a hardware encryption and decryption method, apparatus, electronic device, and storage medium, aiming to solve the problem of low security of existing encryption methods based on cryptography or hardware.

[0005] To achieve the above objectives, a first aspect of this application proposes a hardware encryption method, the method comprising: Acquire the retinal bimodal features of the target user, wherein the retinal bimodal features include at least one of the retinal vascular pattern and macular contour of the target user; The retinal bimodal features of the target user are encrypted to obtain an authorization feature template, which is a biometric template used to verify the user's identity. The authorization feature template is stored in the first storage array of the hardware. Generate an encryption key based on the authorized feature template; The target user's data to be stored is encrypted using the encryption key to obtain encrypted data; The encrypted data is stored in the second storage array of the hardware.

[0006] In some embodiments, if the user type of the target user is a first data access permission, then the second storage array is any storage array of the hardware; If the target user's user type is the second data access permission, then the second storage array is the storage array of the non-core area of ​​the hardware; If the target user's user type is a third data access permission, then the second storage array is any storage array of the hardware; The first data access permission has the unlocking permission for all storage arrays of the hardware, the second data access permission has the unlocking permission for the storage arrays in the non-core areas of the hardware, and the third data access permission has the temporary unlocking permission for all storage arrays of the hardware after verification by external emergency commands.

[0007] To achieve the above objectives, a second aspect of this application provides a hardware decryption method, the method comprising: Obtain the current user's retinal bimodal features, wherein the current user's retinal bimodal features include at least one of the current user's retinal vascular pattern and macular contour; If the current user's retinal bimodal features match the first authorized feature template stored in the hardware, a decryption key is generated based on the first authorized feature template. The second storage array of the hardware is decrypted according to the first authorized feature template to obtain the target data. The second storage array of the hardware is encrypted using the hardware encryption method described in the first aspect above.

[0008] In some embodiments, the current user's retinal bimodal features include the current user's retinal vascular pattern and macular contour; The acquisition of the current user's retinal bimodal features includes: In response to the received unlock command, the retina of the current user is illuminated with a near-infrared light source of a preset wavelength, and images of the retinal vessels and macular region of the current user are acquired. Extract the vascular pattern features from the retinal vascular image and the macular contour features from the macular region image; The vascular pattern features and the macular contour features are fused to obtain the dual-modal features of the retina.

[0009] In some embodiments, generating a decryption key based on the first authorized feature template when the current user's retinal bimodal features match a first authorized feature template stored in the hardware includes: If the matching degree between the vascular pattern features in the retinal vascular image and the vascular pattern features in the first authorized feature template is greater than a preset vascular matching threshold, and the matching degree between the macular contour features in the macular region image and the macular contour features in the first authorized feature template is greater than a preset macular matching threshold, then the decryption key is generated according to the first authorized feature template.

[0010] In some embodiments, the second storage array of the hardware is decrypted according to the first authorized feature template to obtain target data, including: Identify the user type of the current user; The target data access permissions are determined based on the user type. The target data access permissions include a first data access permission, a second data access permission, and a third data access permission. The first data access permission has the unlocking permission for all storage arrays of the hardware. The second data access permission has the unlocking permission for the storage arrays in the non-core areas of the hardware. The third data access permission has the temporary unlocking permission for all storage arrays of the hardware after external emergency command verification. The storage array corresponding to the target data access permission is used as the second storage array; The second storage array is decrypted using the decryption key to obtain the target data.

[0011] In some embodiments, the method further includes: Real-time acquisition of the current pressure value exerted on the hardware's packaging shell; If the difference between the current pressure value and the target pressure value within the historical time period is greater than a first threshold, a data self-destruction process is triggered. The data self-destruction process includes: controlling the data self-destruction chip of the hardware to perform multiple random data overwrite operations on the key area and data area of ​​the hardware storage array, and controlling the fuse to blow the control pin of the storage chip of the hardware. The target pressure value is determined based on the pressure value collected within the historical time period.

[0012] In some embodiments, the method further includes: Obtain environmental parameters of the environment in which the hardware is located, including one of temperature data and electromagnetic interference intensity data; If the environmental parameters indicate that the temperature of the environment in which the hardware is located is greater than the second threshold, then the temperature compensation circuit of the hardware is activated to adjust the operating voltage. If the environmental parameters indicate that the electromagnetic interference intensity of the environment in which the hardware is located is greater than a third threshold, then the electromagnetic shielding unit of the hardware is controlled to enhance the shielding effectiveness.

[0013] To achieve the above objectives, a third aspect of this application provides a hardware encryption device, the device comprising: The first acquisition module is used to acquire the retinal bimodal features of the target user, wherein the retinal bimodal features include at least one of the retinal vascular pattern and macular contour of the target user; The first encryption module is used to encrypt the retinal bimodal features of the target user to obtain an authorization feature template. The authorization feature template is a biometric template used to verify the user's identity. The authorization feature template is stored in the first storage array of the hardware. The first generation module is used to generate an encryption key based on the authorized feature template; The second encryption module is used to encrypt the target user's data to be stored using the encryption key to obtain encrypted data; A storage module for storing the encrypted data in a second storage array of the hardware.

[0014] To achieve the above objectives, a fourth aspect of this application provides a hardware decryption apparatus, the apparatus comprising: The second acquisition module is used to acquire the current user's retinal bimodal features, wherein the current user's retinal bimodal features include at least one of the current user's retinal vascular pattern and macular contour; The second generation module is used to generate a decryption key based on the first authorized feature template when the current user's retinal bimodal features match the first authorized feature template stored in the hardware. The decryption module is used to decrypt the second storage array of the hardware according to the first authorized feature template to obtain the target data. The second storage array of the hardware is encrypted using the hardware encryption method described in the first aspect above.

[0015] To achieve the above objectives, a fifth aspect of the present application provides an electronic device, which includes a memory and a processor. The memory stores a computer program, and the processor executes the computer program to implement the hardware encryption method described in the first aspect and the hardware decryption method described in the second aspect.

[0016] To achieve the above objectives, a sixth aspect of the present application provides a computer-readable storage medium storing a computer program that, when executed by a processor, implements the hardware encryption method described in the first aspect and the hardware decryption method described in the second aspect.

[0017] The hardware encryption and decryption method, apparatus, electronic device, and storage medium proposed in this application utilize retinal bimodal features, including retinal vascular patterns and macular contours, as a biometric identification method. An authorization feature template is generated through encryption and stored in a first storage array of the hardware. Based on this template, an encryption key is generated to encrypt the data to be stored before storing it in a second storage array. Decryption requires obtaining the current user's retinal bimodal features; only when these features match the authorization feature template stored in the hardware can a decryption key be generated to decrypt the data. This application achieves an integrated security closed loop of "biometric feature-key-data" by deeply binding highly unique retinal biometric features with the key generation mechanism. Technically, this significantly improves the accuracy and anti-counterfeiting capabilities of identity authentication, effectively prevents data leakage and unauthorized access, and ensures high security of hardware-stored data. Attached Figure Description

[0018] To more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments of the present invention will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0019] Figure 1 This is a flowchart illustrating the hardware encryption method provided in an embodiment of this application; Figure 2 This is a flowchart illustrating the hardware decryption method provided in an embodiment of this application; Figure 3 This is a block diagram of the overall architecture of the encryption system provided in the embodiments of this application; Figure 4 This is a schematic diagram of the hardware encryption device provided in the embodiments of this application; Figure 5 This is a schematic diagram of the hardware decryption device provided in the embodiments of this application; Figure 6 This is a schematic diagram of the hardware structure of the electronic device provided in the embodiments of this application. Detailed Implementation

[0020] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the scope of this application.

[0021] It should be noted that although functional modules are divided in the device schematic diagram and a logical order is shown in the flowchart, in some cases, the steps shown or described may be performed in a different order than the module division in the device or the order in the flowchart. The terms "first," "second," etc., in the specification, claims, and the aforementioned drawings are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence.

[0022] Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of this application only and is not intended to limit this application.

[0023] With the increasing demand for classified data storage, especially in high-security fields such as military and defense, extremely high requirements are placed on the security and environmental adaptability of hard disk storage devices. These systems are typically deployed in specialized terminals such as shipborne, airborne, and vehicle-mounted systems, and must operate stably in harsh environments such as extreme temperatures, strong vibrations, and electromagnetic interference to ensure the absolute security of massive amounts of classified data. They must also meet the practical application requirements of high-speed read / write, hierarchical authorization management, and emergency response.

[0024] However, existing hard drive encryption technologies have significant flaws and shortcomings. Existing password- or fingerprint-based encryption schemes are prone to leakage or forgery. While independent retinal recognition technology offers high accuracy, it is not deeply integrated with hardware encryption systems, resulting in a disconnect between authentication and encryption. This fails to effectively prevent unauthorized personnel from unlocking hard drives by replacing modules or tampering with authentication results. Furthermore, existing technologies lack specialized hardware designs for harsh environments, have weak anti-interference and physical protection capabilities, lack physical anti-tampering and data self-destruction mechanisms, and lack hierarchical authorization management and emergency unlocking solutions for high-security scenarios. Consequently, they fail to meet the core requirements of "high security, high reliability, strong anti-interference, and emergency response capability" in the high-security field.

[0025] Based on this, the embodiments of this application provide a hardware encryption and hardware decryption method, device, electronic device and storage medium, aiming to provide a highly reliable hard disk encryption system that can operate stably in extreme environments, has multiple biometric binding, and integrates hardware encryption and physical protection.

[0026] The hardware encryption and decryption methods, devices, electronic devices, and storage media provided in this application are specifically described through the following embodiments. First, the hardware encryption and decryption methods in this application are described.

[0027] The hardware encryption and decryption methods provided in this application relate to the field of data security technology. These methods can be applied to terminals, servers, or software running on either a terminal or server. In some embodiments, the terminal can be a smartphone, tablet, laptop, desktop computer, etc.; the server can be configured as an independent physical server, a server cluster or distributed system composed of multiple physical servers, or a cloud server providing basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDN, and big data and artificial intelligence platforms; the software can be an application implementing the hardware encryption and decryption methods, but is not limited to the above forms.

[0028] This application can be used in a wide variety of general-purpose or special-purpose computer system environments or configurations. Examples include: personal computers, server computers, handheld or portable devices, tablet devices, multiprocessor systems, microprocessor-based systems, set-top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, and distributed computing environments including any of the above systems or devices. This application can be described in the general context of computer-executable instructions executed by a computer, such as program modules. Generally, program modules include routines, programs, objects, components, data structures, etc., that perform specific tasks or implement specific abstract data types. This application can also be practiced in distributed computing environments where tasks are performed by remote processing devices connected via a communication network. In distributed computing environments, program modules can reside in local and remote computer storage media, including storage devices.

[0029] It should be noted that in all specific embodiments of this application, when processing data related to user identity or characteristics, such as user information, user behavior data, user historical data, and user location information, user permission or consent is obtained first. Furthermore, the collection, use, and processing of this data comply with relevant laws, regulations, and standards. In addition, when embodiments of this application require access to sensitive personal information of users, separate permission or consent from the user is obtained through pop-ups or redirection to confirmation pages. Only after obtaining the user's separate permission or consent is the necessary user-related data required for the proper functioning of these embodiments acquired.

[0030] Figure 1 This is a flowchart illustrating a hardware encryption method provided in an embodiment of this application. Figure 1 The method may include, but is not limited to, steps S100 to S500.

[0031] Step S100: Obtain the retinal bimodal features of the target user, wherein the retinal bimodal features include at least one of the retinal vascular pattern and macular contour of the target user.

[0032] In this embodiment, a high-security scenario-level retinal acquisition module collects the target user's biometric information. Specifically, an infrared scanning unit (such as a near-infrared LED with an 850nm wavelength) illuminates the user's eye, and a high-resolution CMOS image sensor simultaneously acquires retinal vascular patterns and macular contour data. The system uses a built-in feature extraction unit to extract retinal vascular patterns (including details such as vessel endpoints and bifurcation points) and macular contour features (including the curvature and morphology of the macular region) from the image in real time. Compared to single vascular features, the addition of macular contour features constitutes a "dual-modal" feature, effectively resisting deception attacks from high-precision simulated images. After noise reduction processing, the acquired raw data is used by the feature extraction unit (such as an FPGA chip) to extract features such as vessel endpoints, bifurcation points, and macular contour curvature in real time, forming a 128-dimensional feature vector, i.e., retinal dual-modal features. This dual-modal feature extraction method significantly improves the complexity and uniqueness of biometrics.

[0033] Step S200: Encrypt the retinal bimodal features of the target user to obtain an authorization feature template. The authorization feature template is a biometric template used to verify the user's identity. The authorization feature template is stored in the first storage array of the hardware.

[0034] In this embodiment, after acquiring the retinal bimodal features, the encryption authentication control module encrypts these features to generate a unique identity identifier, namely the authorization feature template. This template is the core basis for subsequent user identity verification. The processing can utilize the improved Euclidean distance matching algorithm logic built into the dedicated ASIC chip to ensure the uniqueness and accuracy of the features.

[0035] Specifically, the original retinal bimodal feature data is first subjected to noise reduction and standardization. Then, the system uses a preset encryption algorithm (such as AES-256) to encrypt and encapsulate the processed feature data, generating an authorized feature template. The generated authorized feature template is securely written into the first storage array in the hardware. In this embodiment, the first storage array is specifically a tamper-proof Flash memory in the authorization management module. This memory has physical tamper-proof characteristics, ensuring that the biometric template stored therein cannot be illegally read or tampered with.

[0036] Step S300: Generate an encryption key based on the authorized feature template.

[0037] In this embodiment, an encryption key is generated based on the authorized feature template. The encryption key is a dynamically generated hardware-level encryption key. The generation process is based on the feature vector of the authorized feature template. The key is not statically stored, but generated in real time only during the encryption process, thus eliminating the risk of key leakage at the source.

[0038] Specifically, the system establishes a "feature-key" binding relationship. The encryption key is not pre-stored but dynamically generated based on the authorized feature template. After confirming the validity of the feature template, the encryption authentication control module reads the authorized feature template from the first storage array and generates the corresponding encryption key (such as an AES-256-GCM key) based on a preset key derivation algorithm and the unique feature vector in the authorized feature template. Because this key is generated based on the user's unique biometrics, a strong binding between "person" and "key" is achieved. Even if the hardware is stolen, the correct key cannot be generated without the retinal features of a legitimate user, fundamentally eliminating the risk of key theft during static storage.

[0039] Step S400: Use the encryption key to encrypt the target user's data to be stored to obtain encrypted data.

[0040] In this embodiment, when data to be stored is received, the system invokes the generated encryption key. The encryption authentication control module transmits the encryption key to the hardware encryption chip (such as an AES-256-GCM chip compliant with FIPS 140-3 Level 4 certification) through an internal secure hardware channel. The hardware encryption chip uses this key to perform hardware-level encryption processing on the data to be stored. This embodiment employs the AES-256-GCM encryption algorithm, which not only provides confidentiality but also data integrity verification, with an encryption rate exceeding 2Gbps, ensuring secure processing of high-speed data streams.

[0041] Step S500: The encrypted data is stored in the second storage array of the hardware.

[0042] In this embodiment, the encrypted ciphertext data is written into a second hardware storage array. In this embodiment, the second storage array is a hard disk storage array composed of NAND flash memory chips. This hard disk storage array integrates a hardware encryption interface, which only receives unlocking commands and encrypted data from the encryption authentication control module, ensuring that plaintext data never appears in an unencrypted form on the storage medium or external bus.

[0043] To further ensure security, the second storage array integrates a hardware encryption chip that only receives unlock and write commands from the encryption authentication control module. Throughout the storage process, data exists in encrypted form and can only be decrypted and accessed after legitimate retinal feature verification and the generation of the correct key.

[0044] This embodiment uses bimodal retinal features (vascular pattern + macular contour) as the encryption basis, combining the uniqueness and unforgeability of the retina, reducing the false acceptance rate (FAR) to 10%. -12 The level of biometrics far surpasses that of fingerprint recognition, effectively resisting biometric forgery attacks. Through the "feature-key" binding mechanism, the key is not pre-stored, but dynamically generated or associated based on biometrics, completely eliminating the risk of key leakage and realizing a secure closed loop of "identity as key". By acquiring retinal bimodal features and deeply binding them to the hardware encryption process, a full-link security closed loop from identity authentication to data storage is constructed, effectively solving the problems of easy forgery of identity authentication, high risk of key management, and weak hardware anti-attack capability in existing technologies.

[0045] In some embodiments, if the user type of the target user is a first data access permission, then the second storage array is any storage array of the hardware; If the target user's user type is the second data access permission, then the second storage array is the storage array of the non-core area of ​​the hardware; If the target user's user type is a third data access permission, then the second storage array is any storage array of the hardware; The first data access permission has the unlocking permission for all storage arrays of the hardware, the second data access permission has the unlocking permission for the storage arrays in the non-core areas of the hardware, and the third data access permission has the temporary unlocking permission for all storage arrays of the hardware after verification by external emergency commands.

[0046] In this embodiment, to meet the strict control requirements for classified data of different levels in high-security scenarios (such as military and classified institutions), the hardware encryption method of this embodiment introduces a differentiated storage strategy in the data storage stage. The system intelligently determines the final storage location (second storage array) of the encrypted data (i.e., the data to be stored) in the hardware based on the user type of the target user (i.e., the data access permission level), thereby achieving data isolation and protection at both the physical and logical levels.

[0047] Specifically, when the system identifies the target user's user type as having first-level data access permission, such as the user being the system's primary authorizer, the second storage array is configured as any storage array in the hardware. In practical applications, first-level data access permission represents the highest level of management authority. The user with this permission (the primary authorizer) can not only generate encryption keys but also has the authority to unlock all storage arrays in the hardware. Therefore, during the encryption process, the system allows the user's encrypted data to be stored to be written to any area of ​​the hardware storage system, including core confidential areas and non-core areas. When the hardware encryption controller receives a write command, it does not restrict the range of storage addresses, ensuring that the primary authorizer can uniformly manage, encrypt, store, and access all data.

[0048] When the system identifies a target user as having secondary data access privileges, such as a backup authorized person or a regular operator, the secondary storage array is restricted to a non-core hardware storage area. To mitigate operational risks, following the "principle of least privilege," users with secondary data access privileges are only granted the ability to operate on non-core data. The hardware encryption controller enforces verification of the target storage address during encrypted storage operations. If the storage array to be written to is detected as belonging to a core confidential area, the system will refuse to perform the write operation and return a permission error message, only allowing encrypted data to be stored in a non-core storage area. Through this hardware-level physical isolation or logical partitioning restriction, even if the credentials of a user with secondary privileges are compromised, attackers cannot use those credentials to read or tamper with highly confidential data stored in the core area, thus effectively curbing the risk of lateral movement after internal misoperation or the breach of low-privilege accounts.

[0049] When the system identifies a target user as having third-party data access privileges, such as an emergency authorized user, the second storage array can theoretically cover any storage array in the hardware. However, its effectiveness is subject to strict conditions. Third-party data access privileges only grant temporary unlocking rights to all hardware storage arrays after verification via an external emergency command. Under normal conditions, the hardware encryption system restricts or locks the access scope of third-party users. When an emergency scenario is triggered (e.g., the primary authorized user cannot provide retinal features), the system receives an "external emergency command" from the high-security scenario terminal's main controller.

[0050] After verifying the legitimacy and validity of the external emergency command, the encryption authentication control module temporarily elevates the privilege level of the third-party user, enabling them to generate a decryption key based on the authorized feature template and temporarily unlock the entire storage array of the hardware to obtain the target data. It should be noted that this unlocking is "temporary" and "traceable"; the system will simultaneously record the emergency operation log to ensure that the emergency authorization mechanism, while guaranteeing task continuity, meets the stringent requirements for operational traceability in high-security scenarios.

[0051] In this embodiment, the storage arrays in non-core areas and the storage arrays in core areas can be divided by physical addresses using a hardware storage controller, or logically isolated by an encryption key system (for example, using different keys to encrypt data in different areas, while second-authority users cannot obtain the key for the core area).

[0052] This embodiment achieves physical or logical isolation of data with different security levels by directly linking user permissions to the physical / logical areas of the hardware storage array. This effectively prevents unauthorized access and meets the requirements of data security level management in high-security scenarios. By binding the hierarchical authorization rules of "primary authorization + backup authorization + emergency authorization" to the storage area of ​​encrypted data, it ensures that target users with different permissions can only perform encrypted data storage within their corresponding scope. This solves the problem of the disconnect between authorization and encrypted storage in existing technologies from the source of storage, and realizes hierarchical control of the entire chain from identity authentication to permission recognition to encrypted storage, which greatly improves the security and standardization of hardware encrypted storage.

[0053] Figure 2 This is a flowchart illustrating a hardware decryption method provided in an embodiment of this application. Figure 2 The method may include, but is not limited to, steps S600 to S800.

[0054] Step S600: Obtain the current user's retinal bimodal features, wherein the current user's retinal bimodal features include at least one of the current user's retinal vascular pattern and macular contour.

[0055] In this embodiment, when a user attempts to access data in the hardware, the system first initiates a retinal acquisition process. Using a high-security, scene-level retinal acquisition module integrated on the hardware terminal, infrared scanning light with a wavelength of 850nm is projected onto the user's eye. This wavelength of infrared light has good penetration and is not easily interfered with by strong external light. Subsequently, a high-resolution CMOS image sensor (e.g., 1920×1080 pixels) captures the reflected image of the retina.

[0056] After acquiring the raw image data, a feature extraction algorithm running on the FPGA feature extraction unit (Xilinx Kintex-7 XC7K325T) separates and extracts the current user's retinal bimodal features from the image in real time. The retinal bimodal features include at least one of the retinal vascular pattern and macular contour. The retinal vascular pattern is obtained by extracting detailed features such as the endpoints, bifurcation points, and intersections of retinal vessels to form a vascular network topology; the macular contour is obtained by extracting the geometric contour, curvature changes, and morphological features of the macular region. These two features are combined into a multi-dimensional (128-dimensional) biometric vector for subsequent identity verification.

[0057] Step S700: If the current user's retinal bimodal features match the first authorized feature template stored in the hardware, a decryption key is generated based on the first authorized feature template.

[0058] In this embodiment, the system transmits the real-time collected retinal bimodal features of the current user to the encryption authentication control module. This module calls a feature matching chip in the hardware (such as a dedicated ASIC chip) to compare the real-time features with the "first authorized feature template" pre-stored in the first hardware storage array (i.e., the tamper-proof Flash of the authorization management module).

[0059] The first authorized feature template is a user biometric template generated using the aforementioned hardware encryption method and then encrypted. The matching process employs a high-precision improved Euclidean distance algorithm or other biometric matching algorithms, and must meet strict matching thresholds (e.g., vascular feature matching rate ≥ 99.999%, macular feature matching rate ≥ 99.99%).

[0060] If the current user's retinal bimodal features do not match the first authorized feature template, the system determines that the authentication has failed, refuses to generate a decryption key, and terminates the access process.

[0061] If a match is successful, the encryption authentication control module (such as the FPGA main controller) will dynamically generate or recover the corresponding decryption key based on the matched feature data using a key derivation algorithm. This process ensures that the decryption key is never stored in plaintext in the hardware; it is only generated instantly when a legitimate biometric feature exists, thus implementing a "biometric feature as key" security mechanism.

[0062] Step S800: Decrypt the second storage array of the hardware according to the first authorized feature template to obtain the target data. The second storage array of the hardware is encrypted using the hardware encryption method described above.

[0063] In this embodiment, after generating the decryption key, the encryption authentication control module sends the key to the hardware encryption chip (such as an AES-256-GCM chip) through an internal secure hardware channel. The hardware's second storage array stores the ciphertext data encrypted using the aforementioned hardware encryption method. The hardware encryption chip uses the received decryption key to perform decryption operations on a specified data area in the second storage array. The decryption process not only restores the plaintext content of the data but also utilizes the authentication characteristics of the AES-256-GCM algorithm to verify the integrity of the data, ensuring that the data has not been tampered with during storage.

[0064] After decryption, the system outputs the target data, allowing authorized users to read or perform further operations.

[0065] In this embodiment, the entire decryption process, including feature matching, key generation, and data decryption, is completed within the encrypted hard drive. Data interaction is conducted entirely through a hardware channel, eliminating any external data leakage. Simultaneously, information such as the user's identity, decryption area, decryption time, and data access volume during the decryption operation is recorded in real time and stored in encrypted form by the hard drive's operation log traceability module. This ensures full traceability of the decryption operation and meets the full lifecycle security management requirements for classified data storage and access in high-security scenarios such as GJB 9001C-2017.

[0066] This embodiment uses a dual-modal feature of retinal vascular pattern and macular contour as the basis for decryption and authentication. Leveraging the inherent uniqueness and non-replicability of retinal biological features, combined with dual high-threshold matching verification, the false acceptance rate (FAR) can be reduced to 10%. -12 The level of authentication far exceeds that of fingerprint recognition and single retinal feature recognition, effectively resisting malicious attacks such as fingerprint forgery and retinal simulation image spoofing, ensuring the legitimacy of decryption access from the source of identity; the decryption key is dynamically generated based on the first authorized feature template that has been successfully matched, without any static storage process, and the generation and transmission are completed inside the hardware, which solves the technical problem that the static storage of keys in existing decryption methods is easily cracked and stolen, and builds a security barrier for the decryption process from the key level.

[0067] In some embodiments, the current user's retinal bimodal features include the current user's retinal vascular pattern and macular contour, and step S600 may include, but is not limited to, steps S610 to S630: Step S610: In response to the received unlock command, the retina of the current user is irradiated with a near-infrared light source of a preset wavelength, and the retinal vascular image and macular region image of the current user are acquired. Step S620: Extract the vascular pattern features from the retinal vascular image and the macular contour features from the macular region image; Step S630: The vascular pattern features and the macular contour features are fused to obtain the dual-modal retinal features.

[0068] In this embodiment, the system receives an unlock command from an external input via a hardware interface. This command can be triggered by the user via a physical button or issued by upper-level terminal software. In response to the unlock command, the retinal acquisition module in the hardware is activated. The system then activates a near-infrared light source of a preset wavelength to illuminate the user's retina. For example, to balance penetration, image quality, and eye safety, the preset wavelength is preferably 850nm. Infrared light in this band can effectively penetrate the ocular medium, clearly illuminating the vascular network and macula at the retinal lining, while being less susceptible to interference from ambient visible light, ensuring acquisition stability in low-light or high-light environments. With the assistance of the infrared light source, the system simultaneously acquires the user's fundus image using a high-resolution CMOS image sensor (such as the ON Semiconductor AR0234). The acquisition process covers the posterior pole region of the retina, thereby obtaining retinal vascular images and macula images containing rich detail.

[0069] In this embodiment, after acquiring the original image, the system uses a feature extraction algorithm running on an FPGA chip or a dedicated DSP chip to process the image and extract key features.

[0070] Specifically, for retinal vascular images, the algorithm first performs enhancement and denoising processing. Then, through edge detection and skeletonization techniques, it accurately extracts the topological structure of the retinal vessels to obtain vascular pattern features. The extracted features include the coordinates of the vessel endpoints, bifurcation points, and intersections, as well as the curvature variations and thickness distribution of the vessels. These features constitute a unique retinal vascular pattern that accurately reflects the user's physiological characteristics.

[0071] Specifically, for macular region images, the algorithm locates the fovea centralis and extracts its surrounding geometric contour information to obtain macular contour features. The extracted features include the circularity of the macular region, changes in edge curvature, texture features, and its positional relationship relative to the optic disc. As another important modality of the retina, macular contour features complement vascular features.

[0072] To fully leverage the advantages of these two types of features, the system fuses the extracted vascular pattern features and macular contour features. In this embodiment, the fusion process employs a feature vector concatenation strategy. The system maps the vascular pattern features to a first feature vector and the macular contour features to a second feature vector, then concatenates and normalizes the two at the data level to form a high-dimensional comprehensive feature vector (e.g., a 128-dimensional feature vector). This comprehensive feature vector is the final retinal bimodal feature determined in this embodiment.

[0073] This embodiment not only collects retinal vascular texture but also introduces macular morphology as an auxiliary authentication factor. Compared with single-modal recognition, this fusion feature based on vascular pattern and macular contour greatly increases the complexity and information entropy of biometrics, making it extremely difficult for forgers to simultaneously copy both types of features and pass verification. This reduces the system's false acceptance rate to an extremely high level, ensuring absolute security in the data decryption process.

[0074] In some embodiments, step S700 may include, but is not limited to, step S710: Step S710: If the matching degree between the vascular pattern features in the retinal vascular image and the vascular pattern features in the first authorized feature template is greater than a preset vascular matching threshold, and the matching degree between the macular contour features in the macular region image and the macular contour features in the first authorized feature template is greater than a preset macular matching threshold, then the decryption key is generated according to the first authorized feature template.

[0075] In this embodiment, the system compares the retinal vascular pattern features extracted from the acquired image with the retinal vascular pattern features contained in the first authorized feature template stored in the first hardware storage array. The comparison process is implemented through a dedicated feature matching chip or FPGA logic, and the similarity score between the two, i.e., the vascular pattern matching degree, is calculated.

[0076] The system compares the vascular pattern matching degree with a pre-set "preset vascular matching threshold". In this embodiment, considering the extremely high complexity and uniqueness of the retinal vascular network, the pre-set vascular matching threshold is set to an extremely high value (e.g., matching rate ≥ 99.999%). The system considers the authentication of the vascular feature dimension to be successful only when the similarity between the real-time acquired vascular pattern features and the stored template exceeds this high threshold.

[0077] Simultaneously, the system compares the extracted macular contour features with those contained in the first authorized feature template. The system calculates the matching degree between the macular contour features in the macular region image and the template, i.e., the macular contour matching degree. The system then compares the macular contour matching degree with a "preset macular matching threshold." Macular contour features possess unique geometric stability. The preset macular matching threshold is also set to a strict value (e.g., a matching rate ≥ 99.99%), serving as a second line of defense for identity authentication.

[0078] If both of the above conditions are met simultaneously, the encryption authentication control module determines that the current user's retinal bimodal features match the first authorized feature template successfully, triggering the built-in key generation logic; if the matching degree of any feature does not reach the corresponding threshold, the encryption authentication control module determines that the matching has failed, immediately terminates the decryption process, and uploads an alarm signal of "feature matching failure" to the main control of the high-security scenario terminal, recording the reason for the failure (vascular features not meeting the standard / macular features not meeting the standard).

[0079] This embodiment reduces the false acceptance rate of identity authentication to 10% by calculating the independent matching degree of bimodal features and determining dual thresholds. -12 The system effectively resists high-precision simulated image spoofing targeting single retinal vascular features, ensuring that key generation and decryption operations are only triggered when both biometric features completely match, thus providing security for data access in high-security scenarios.

[0080] In some embodiments, step S800 may include, but is not limited to, steps S810 to S840: Step S810: Identify the user type of the current user; Step S820: Determine the target data access permission according to the user type. The target data access permission includes a first data access permission, a second data access permission, and a third data access permission. The first data access permission has the unlocking permission for all storage arrays of the hardware. The second data access permission has the unlocking permission for the storage arrays in the non-core areas of the hardware. The third data access permission has the temporary unlocking permission for all storage arrays of the hardware after external emergency command verification. Step S830: Use the storage array corresponding to the target data access permission as the second storage array; Step S840: Decrypt the second storage array using the decryption key to obtain the target data.

[0081] In this embodiment, after the current user's retinal bimodal features successfully match the first authorized feature template and a decryption key is generated, the encryption authentication control module further identifies the current user's user type. The identification process is based on the attributes of the successfully matched feature templates. During the initialization phase, the system has pre-configured feature templates for the primary authorized person (e.g., 1 person), backup authorized persons (e.g., 2 people), and emergency authorized person (e.g., 1 person) in the first storage array of the hardware. Therefore, the matching result can directly determine whether the current user belongs to the primary authorized person, backup authorized person, or emergency authorized person.

[0082] In this embodiment, after identifying the user type, the system queries a preset permission configuration table to determine the target data access permissions corresponding to the user. The target data access permissions include first data access permissions, second data access permissions, and third data access permissions, each level corresponding to different storage area access rules.

[0083] Specifically, the first data access permission corresponds to the system's primary authorized person. This is the highest level of permission, granting unlocking rights to the entire storage array of the hardware. This means the primary authorized person can access any data stored in the hardware, including core classified data and general data.

[0084] The second data access permission corresponds to the system's backup authorized personnel or ordinary operators. This permission level is restricted, granting only unlocking access to the storage array in the non-core areas of the hardware. Non-core areas typically store general security data or non-classified information, while storage areas containing core tactical data, keys, or other highly confidential information are not visible to this type of user.

[0085] The third data access permission corresponds to the emergency authorized person. This permission is activated only under specific conditions. After external emergency command verification, temporary unlocking permission for the entire storage array of the hardware is granted. Temporary unlocking permission for the entire storage array of the hardware can only be obtained after successful external emergency command verification (such as an emergency code entered via a dedicated terminal).

[0086] In this embodiment, the hardware's second storage array is pre-divided into a core area storage array and a non-core area storage array. The core area is used to store high-security-level core classified data, while the non-core area is used to store low-security-level non-core classified data. The two areas are independent physical storage partitions, which can only be unlocked and decrypted by users with corresponding permissions. The binding relationship between user type and data access permissions, the verification logic of external emergency commands, and the core / non-core area division of the storage array can all be configured and updated as needed through the high-security scenario terminal master control, adapting to the hierarchical management needs of different high-security scenarios.

[0087] In this embodiment, based on the determined target data access permissions, the storage array whose permissions can be unlocked is designated as the second storage array for this decryption. If it is a first data access permission, the system defines all logical partitions on the physical hard drive as the second storage array, preparing for full disk decryption; if it is a second data access permission, the system defines the non-core logical partitions on the physical hard drive as the second storage array and locks the core logical partitions, making it impossible to address the core area even with the decryption key; if it is a third data access permission, after verifying the validity of the external emergency command, the system temporarily defines all logical partitions as the second storage array, and this unlocking permission is temporary, valid only during this decryption process.

[0088] In this embodiment, the hardware decryption engine (such as an AES-256-GCM chip) receives instructions from the controller. This instruction set includes the decryption key and a physical address range determined based on the target data access permissions. The decryption engine only decrypts ciphertext data falling within this address range. For access requests outside this range, even if the correct key is provided, the decryption engine will not process the request or will return an error, thereby achieving hardware-level mandatory access control.

[0089] This embodiment achieves end-to-end hierarchical control by ensuring that the user type and data access permissions in the decryption stage are highly consistent with the storage permissions in the encryption stage. It transforms the software-defined permission policy (user type) into physical address access control executed by the hardware, thus preventing unauthorized access at the hardware level. By precisely binding the second storage array for decryption to the user's target data access permissions, users with the second data access permissions can only decrypt non-core area storage arrays, while the core area storage array remains locked. This directly avoids the risk of unauthorized users accessing and obtaining core confidential data from the decryption stage, forming a dedicated protective barrier for core data.

[0090] In some embodiments, this embodiment may also include, but is not limited to, the following steps: Real-time acquisition of the current pressure value exerted on the hardware's packaging shell; If the difference between the current pressure value and the target pressure value within the historical time period is greater than a first threshold, a data self-destruction process is triggered. The data self-destruction process includes: controlling the data self-destruction chip of the hardware to perform multiple random data overwrite operations on the key area and data area of ​​the hardware storage array, and controlling the fuse to blow the control pin of the storage chip of the hardware. The target pressure value is determined based on the pressure value collected within the historical time period.

[0091] In this embodiment, to counter physical attacks against hardware storage devices (such as illegally prying open the casing or disassembling chips to read data), a proactive physical anti-tampering and data self-destruction mechanism is introduced. This mechanism monitors the stress state of the hardware packaging casing in real time. Once abnormal disassembly is detected, an irreversible data destruction process is immediately triggered, completely blocking the path of sensitive data leakage at the physical level.

[0092] During decryption operations (or standby), the pressure sensor integrated into the hardware collects the current pressure value of the metal casing in real time. The pressure sensor is located at key disassembly points on the hardware casing and uses a high-sensitivity pressure detection chip, enabling millisecond-level real-time pressure value acquisition. The collected current pressure value is transmitted in real time to the encryption and authentication control module through an internal hardware channel, providing accurate data for subsequent pressure surge detection.

[0093] In this embodiment, after receiving the real-time collected current pressure value, the encryption authentication control module calculates the difference between it and the target pressure value within a historical time period. If the difference (absolute difference) between the current pressure value and the target pressure value is greater than a first threshold, it is determined that the hardware has been illegally disassembled, and a data self-destruction process is immediately triggered. The target pressure value is determined based on the pressure values ​​collected within the historical time period, and can be the maximum, minimum, or average of the pressure values ​​collected within that period. Preferably, it is the average of the pressure values ​​collected within a continuous historical time period (e.g., 10s, 30s), serving as the baseline pressure value for the casing under normal hardware usage. The first threshold is a pre-set critical value for sudden pressure changes during illegal disassembly, set according to the physical characteristics of the hardware casing and the pressure change pattern of the disassembly behavior. It is a core indicator for quantifying illegal disassembly and can be adjusted as needed by the main control unit of the high-security scenario terminal.

[0094] In this embodiment, the triggered data self-destruct process specifically includes: the encryption authentication control module sending a self-destruct trigger command to the hardware's data self-destruct chip, which then controls the execution of multiple (e.g., 3) random data overwrite operations on the key area and data area of ​​the hardware storage array, while simultaneously controlling the fuse to trip the control pin of the hardware's storage chip. The multiple random data overwrite operations completely erase the original data from the key area (which stores key information related to the authorization feature template) and data area (which stores classified encrypted data) of the storage array; the fuse tripping of the storage chip's control pin is an irreversible physical layer destruction operation, depriving the storage chip of its hardware foundation for data reading, writing, and parsing. These dual operations ensure that the classified data in the storage array cannot be recovered.

[0095] In this embodiment, after the data self-destruct process is triggered, the hardware decryption process will be terminated immediately. At the same time, the encryption and authentication control module uploads an alarm signal of illegal hardware disassembly to the main controller of the high-security scenario terminal, and records information such as the self-destruct trigger time, pressure change value, and self-destruct operation execution status, so as to realize the full traceability of the self-destruct process.

[0096] This embodiment achieves real-time linkage between the decryption process and physical protection by adding physical anti-tamper monitoring and a standardized data self-destruction process, thus improving the security protection system for hardware decryption at the physical layer. By collecting the pressure value of the hardware packaging shell in real time throughout the entire decryption process, using the average pressure value over a historical period as the target pressure value, and judging illegal disassembly through a quantified pressure difference threshold, it not only filters out slight pressure fluctuations during normal hardware use, but also accurately detects drastic pressure changes caused by illegal disassembly, avoiding false triggering and missed triggering of the self-destruction process, making the physical anti-tamper monitoring highly accurate and reliable.

[0097] In some embodiments, this embodiment may also include, but is not limited to, the following steps: Obtain environmental parameters of the environment in which the hardware is located, including one of temperature data and electromagnetic interference intensity data; If the environmental parameters indicate that the temperature of the environment in which the hardware is located is greater than the second threshold, then the temperature compensation circuit of the hardware is activated to adjust the operating voltage. If the environmental parameters indicate that the electromagnetic interference intensity of the environment in which the hardware is located is greater than a third threshold, then the electromagnetic shielding unit of the hardware is controlled to enhance the shielding effectiveness.

[0098] In this embodiment, in order to ensure the high reliability and stability of the hardware encryption system under various complex environments, this embodiment integrates an environment adaptive adjustment mechanism. By monitoring environmental parameters in real time and dynamically adjusting the hardware working state, it ensures that the system performance does not degrade.

[0099] During decryption operations (or standby), environmental parameters of the hardware's environment are acquired in real time using dedicated sensors in the hardware's integrated environment adaptation module. These environmental parameters include at least one of temperature data and electromagnetic interference (EMI) intensity data. Temperature data is collected using a high-precision temperature and humidity sensor, while EMI intensity data is collected using an EMI detection sensor. These sensors are deployed around the core hardware module to ensure accurate and real-time acquisition of environmental parameters. The acquired environmental parameters are transmitted in real-time to the encryption and authentication control module via a secure internal channel, providing accurate data for subsequent environmental anomaly detection.

[0100] In this embodiment, the encryption and authentication control module compares the real-time collected temperature data with a preset second threshold. If the temperature data indicates that the ambient temperature of the hardware is greater than the second threshold, it is determined that the hardware is in an extreme high-temperature abnormal environment. The encryption and authentication control module immediately sends a temperature compensation command to the environment adaptation module, activating the hardware's temperature compensation circuit to adjust the operating voltage of the hardware core module. The second threshold is the critical temperature value for the normal operation of the hardware core chip, preset according to the operating characteristics of the high-security scenario-level chip, and can be adjusted as needed by the high-security scenario terminal main control. The temperature compensation circuit, by adjusting the power supply voltage, offsets the impact of extreme high temperatures on chip operation, ensuring the stable operation of core modules such as retinal acquisition, feature matching, and key generation.

[0101] Specifically, the second threshold is preferably set to 60℃, which is compatible with the normal operating temperature range of core chips (FPGA, hardware encryption chip, feature matching chip) in high-security scenarios. When the ambient temperature exceeds 60℃, the temperature compensation circuit is activated, and the operating voltage of the core module is adjusted to 3.3V±0.5V through the operational amplifier and the temperature control resistor to ensure that the chip can work stably in the extreme temperature range of -40℃ to 85℃.

[0102] In this embodiment, the encryption and authentication control module compares the real-time collected electromagnetic interference intensity data with a preset third threshold. If the electromagnetic interference intensity data indicates that the electromagnetic interference intensity of the environment in which the hardware is located is greater than the third threshold, it is determined that the hardware is in a strong electromagnetic interference abnormal environment. The encryption and authentication control module immediately sends a shielding enhancement command to the environment adaptation module to control the electromagnetic shielding unit of the hardware to enhance the shielding effectiveness. The third threshold is the critical value of electromagnetic interference intensity that the hardware can withstand during normal operation. It is preset according to the electromagnetic environment characteristics of the high-security scenario and can be adjusted as needed by the high-security scenario terminal main control. The electromagnetic shielding unit adopts a high-shielding metal material and structural design. After enhancement, it can effectively resist strong electromagnetic interference, preventing the internal feature data and key data of the hardware from being interfered with, intercepted, or tampered with during transmission, ensuring the security and accuracy of decryption data transmission. Furthermore, the entire device uses permalloy to make the main electromagnetic shielding cover. Permalloy has extremely high magnetic permeability, providing excellent static magnetic shielding and low-frequency magnetic shielding for the internal circuits, effectively suppressing external magnetic field interference.

[0103] Specifically, the third threshold is preferably set to 30V / m to adapt to the electromagnetic environment characteristics of high-safety scenarios such as shipborne, airborne, and vehicle-mounted applications. When the electromagnetic interference intensity exceeds 30V / m, the electromagnetic shielding unit is controlled to improve the shielding effectiveness to ≥80dB, effectively resisting the impact of strong electromagnetic interference on data transmission and chip operation.

[0104] In this embodiment, the device casing is made of high-strength alloy material, and the internal PCB is connected to the casing through elastic shock absorbers to isolate and attenuate wide-band (10~2000Hz) mechanical vibrations. Large BGA packaged chips are reinforced with bottom filler to prevent solder ball cracking due to vibration. Vibration sensors are deployed in the system's environmental adaptation module to collect vibration data of the hardware's environment in real time. When strong vibration exceeding a threshold is detected, the system can temporarily put the storage controller into "protection mode" (e.g., reduce read / write speed, suspend non-critical background operations) and enable error correction code enhancement verification to prioritize the integrity of the data bus signals for critical encryption / decryption tasks, preventing instantaneous read / write errors caused by vibration. The optimized structural design and wide-band vibration sensor monitoring mechanism enable the system to withstand strong vibrations in the frequency range of 10~2000Hz, ensuring reliable hardware connections and error-free data read / write in severe vibration scenarios.

[0105] In this embodiment, if the environmental parameters return to the threshold range, the encryption authentication control module will automatically issue instructions to control the temperature compensation circuit to return to normal working state and the electromagnetic shielding unit to basic shielding effectiveness, thereby achieving adaptive start and stop of environmental protection.

[0106] This embodiment achieves real-time linkage between the decryption process and environmental protection by adding environmental parameter monitoring and adaptive anti-interference protection processes, thus improving the security protection system of hardware decryption from the environmental adaptation layer. It collects core environmental parameters such as temperature and electromagnetic interference intensity in real time throughout the entire decryption process, and uses quantified thresholds as the criteria for judging environmental anomalies. It can accurately sense extreme high temperatures, strong electromagnetic interference and other harsh environmental changes in high-security scenarios, avoid protection delays caused by untimely environmental perception, and provide environmental protection for the stable execution of the decryption process.

[0107] Figure 3 The diagram shows the overall architecture of the encryption system in this application. The system is an integrated architecture of "retinal acquisition - high-security scenario-level authentication - hardware encryption - storage protection". The core consists of six functional modules, a hard disk storage array and a high-security scenario terminal main controller. The modules are connected through a bus and work together to achieve high-security data encryption storage and protection.

[0108] High-security scenario-level retinal acquisition module: Includes an infrared scanning unit and a feature extraction unit, responsible for acquiring the user's dual-modal features of retinal vessels and macula, and transmitting them to the encryption authentication control module.

[0109] Encryption and Authentication Control Module: As the core scheduling unit of the system, it integrates an FPGA main controller, an AES-256-GCM hardware encryption chip, and a retinal feature matching chip. It is responsible for receiving collected features for authentication, dynamically generating encryption / decryption keys, and sending unlock commands to the hard disk storage array.

[0110] Authorization Management Module: Connected to the encryption authentication control module, it internally stores the retinal feature templates of the primary authorizer, backup authorizer, and emergency authorizer, and supports hierarchical authorization logic parsing and emergency command verification.

[0111] Environmental Adaptation Module: This module includes temperature and humidity sensors, vibration sensors, an electromagnetic shielding unit, and a temperature compensation circuit. It monitors environmental conditions in real time and ensures stable system operation by adjusting voltage and enhancing shielding effectiveness under extreme temperatures or strong electromagnetic interference.

[0112] Physical tamper protection and self-destruct module: This module includes a pressure sensor, a metal housing, and a data self-destruct chip. It monitors the integrity of the hardware housing and immediately triggers the data self-destruct process upon detecting unauthorized disassembly (such as a sudden pressure change).

[0113] High-security scenario bus adapter module: Supports PCIe 4.0 high-security scenario version and 1553B bus protocol, serving as the communication interface between the system and external high-security scenario terminals (such as shipborne, airborne, and vehicle-mounted terminals) to achieve high-speed data transmission and command interaction.

[0114] Hard disk storage array: Composed of NAND flash memory with integrated hardware encryption chips. It only receives unlock commands from the encryption authentication control module and is used to store encrypted confidential data.

[0115] High-security scenario terminal master controller: As an external control terminal, it connects to the system via a bus to receive system alarm signals, issue emergency authorization commands, and realize remote status monitoring.

[0116] This application embodiment constructs a high-security retinal feature-bound hard disk hardware encryption system, pioneering a deep binding scheme between retinal dual-modal features and hardware encryption, realizing a full-link security closed loop of "identity authentication - key generation - data encryption", and establishing an integrated protection system of "environment adaptation - physical anti-tampering - data self-destruction - hierarchical authorization". This system employs bimodal features of retinal vascular patterns and macular contours as the basis for identity authentication. Retinal biometrics possess inherent uniqueness and are uncopyable. The combination of bimodal features further enhances the recognizability of the features. Compared to fingerprint features or single retinal vascular features, it effectively resists attacks such as forgery and spoofing with simulated images, improving the security level of hardware encryption from the source of identity. The encrypted authorized feature template and encrypted data are stored in the first and second storage arrays of the hardware, respectively. The two storage arrays are physically isolated to prevent the feature template and data from being illegally read simultaneously, significantly reducing the risk of data and template leakage and improving the overall protection capability of hardware storage. The encryption key is dynamically generated based on the authorized feature template, without a static storage process, solving the technical problem of easy cracking and theft of static key storage in existing encryption methods. It achieves a secure closed loop of hardware encryption at the key level. The system deeply integrates identity authentication based on retinal bimodal features with hardware encryption and data storage. The feature template serves as the sole basis for key generation. Without a legitimate retinal bimodal feature, an encryption key cannot be generated, fundamentally solving the problem of the disconnect between authentication and encryption in existing technologies. This effectively prevents unauthorized personnel from unlocking the hardware and obtaining data, meeting the requirements for encrypted storage of confidential data in high-security scenarios. The system reduces the false acceptance rate of identity authentication to 10%. -12 The system employs a dual mechanism of "overwrite + circuit breaker" to ensure a zero probability of data recovery after self-destruction, effectively resisting attacks such as fingerprint forgery, physical disassembly, and strong electromagnetic interference. Simultaneously, the system can operate stably in extreme temperatures ranging from -40℃ to 85℃, under strong vibrations of 10~2000Hz, and with strong electromagnetic interference of 30V / m, without performance degradation in core modules. It utilizes an AES-256-GCM hardware encryption chip to achieve high-speed encryption and decryption of ≥2Gbps, supporting plug-and-play multi-bus protocols. Furthermore, real-time monitoring and a "disassembly-destruction" mechanism ensure full lifecycle manageability and controllability, fully meeting the high security, high reliability, and strong anti-interference requirements for classified data storage in high-security scenarios.

[0117] Please see Figure 4This application embodiment also provides a hardware encryption device 101, which can implement the above-described hardware encryption method. The device includes: The first acquisition module 10 is used to acquire the retinal bimodal features of the target user, wherein the retinal bimodal features include at least one of the retinal vascular pattern and macular contour of the target user; The first encryption module 20 is used to encrypt the retinal bimodal features of the target user to obtain an authorization feature template. The authorization feature template is a biometric template used to verify the user's identity. The authorization feature template is stored in the first storage array of the hardware. The first generation module 30 is used to generate an encryption key based on the authorized feature template; The second encryption module 40 is used to encrypt the target user's data to be stored using the encryption key to obtain encrypted data; Storage module 50 is used to store the encrypted data in the second storage array of the hardware.

[0118] In some implementations, if the user type of the target user is a first data access permission, then the second storage array is any storage array of the hardware; If the target user's user type is the second data access permission, then the second storage array is the storage array of the non-core area of ​​the hardware; If the target user's user type is a third data access permission, then the second storage array is any storage array of the hardware; The first data access permission has the unlocking permission for all storage arrays of the hardware, the second data access permission has the unlocking permission for the storage arrays in the non-core areas of the hardware, and the third data access permission has the temporary unlocking permission for all storage arrays of the hardware after verification by external emergency commands.

[0119] The specific implementation of this hardware encryption device is basically the same as the specific implementation of the hardware encryption method described above, and will not be repeated here.

[0120] Please see Figure 5 This application embodiment also provides a hardware decryption device 102, which can implement the above-described hardware encryption method. The device includes: The second acquisition module 60 is used to acquire the current user's retinal bimodal features, wherein the current user's retinal bimodal features include at least one of the current user's retinal vascular pattern and macular contour; The second generation module 70 is used to generate a decryption key based on the first authorized feature template when the current user's retinal bimodal features match the first authorized feature template stored in the hardware. The decryption module 80 is used to decrypt the second storage array of the hardware according to the first authorized feature template to obtain the target data. The second storage array of the hardware is encrypted using the hardware encryption method described in the first aspect above.

[0121] In some implementations, the current user's retinal bimodal features include the current user's retinal vascular pattern and macular contour; the second acquisition module 60 may include: The response submodule is used to respond to the received unlock command by irradiating the retina of the current user with a near-infrared light source of a preset wavelength and acquiring the retinal vascular image and macular region image of the current user. An extraction submodule is used to extract vascular pattern features from the retinal vascular image and macular contour features from the macular region image; The fusion submodule is used to fuse the vascular pattern features and the macular contour features to obtain the dual-modal features of the retina.

[0122] In some implementations, the second generation module 70 may include: The generation submodule is used to generate the decryption key based on the first authorized feature template if the matching degree between the vascular pattern features in the retinal vascular image and the vascular pattern features in the first authorized feature template is greater than a preset vascular matching threshold, and the matching degree between the macular contour features in the macular region image and the macular contour features in the first authorized feature template is greater than a preset macular matching threshold.

[0123] In some implementations, the decryption module 80 may include: The identification submodule is used to identify the user type of the current user; The first determining submodule is used to determine the target data access permission according to the user type. The target data access permission includes a first data access permission, a second data access permission, and a third data access permission. The first data access permission has the unlocking permission for all storage arrays of the hardware. The second data access permission has the unlocking permission for the storage arrays of the non-core areas of the hardware. The third data access permission has the temporary unlocking permission for all storage arrays of the hardware after external emergency command verification. The second determining submodule is used to select the storage array corresponding to the target data access permission as the second storage array; The decryption submodule is used to decrypt the second storage array using the decryption key to obtain the target data.

[0124] In some embodiments, the hardware decryption device 102 may further include: The data acquisition module is used to collect the current pressure value of the hardware's enclosure in real time. The self-destruct module is used to trigger a data self-destruction process if the difference between the current pressure value and the target pressure value in the historical time period is greater than a first threshold. The data self-destruction process includes: controlling the data self-destruction chip of the hardware to perform multiple random data overwrite operations on the key area and data area of ​​the hardware storage array, and controlling the fuse to blow the control pin of the storage chip of the hardware. The target pressure value is determined based on the pressure value collected in the historical time period.

[0125] In some embodiments, the hardware decryption device 102 may further include: The third acquisition module is used to acquire environmental parameters of the environment in which the hardware is located. The environmental parameters include one of temperature data and electromagnetic interference intensity data. A temperature control module is used to activate the temperature compensation circuit of the hardware to adjust the operating voltage if the environmental parameters indicate that the temperature of the environment in which the hardware is located is greater than a second threshold. A shielding module is used to control the electromagnetic shielding unit of the hardware to enhance its shielding effectiveness if the environmental parameters indicate that the electromagnetic interference intensity of the environment in which the hardware is located is greater than a third threshold.

[0126] The specific implementation of this hardware decryption device is basically the same as the specific implementation of the hardware decryption method described above, and will not be repeated here.

[0127] This application also provides an electronic device, which includes a memory and a processor. The memory stores a computer program, and the processor executes the computer program to implement the aforementioned hardware encryption and decryption methods. This electronic device can be any smart terminal, including tablet computers, in-vehicle computers, etc.

[0128] Please see Figure 6 , Figure 6 The hardware structure of an electronic device according to another embodiment is illustrated. The electronic device includes: The processor 601 can be implemented using a general-purpose central processing unit (CPU), microprocessor, application-specific integrated circuit (ASIC), or one or more integrated circuits, and is used to execute relevant programs to implement the technical solutions provided in the embodiments of this application. The memory 602 can be implemented as a read-only memory (ROM), static storage device, dynamic storage device, or random access memory (RAM). The memory 602 can store the operating system and other applications. When the technical solutions provided in the embodiments of this specification are implemented through software or firmware, the relevant program code is stored in the memory 602 and is called and executed by the processor 601 using the hardware encryption and hardware decryption methods of the embodiments of this application. The input / output interface 603 is used to implement information input and output; The communication interface 604 is used to enable communication and interaction between this device and other devices. Communication can be achieved through wired means (such as USB, network cable, etc.) or wireless means (such as mobile network, WIFI, Bluetooth, etc.). Bus 605 transmits information between various components of the device (e.g., processor 601, memory 602, input / output interface 603, and communication interface 604); The processor 601, memory 602, input / output interface 603, and communication interface 604 are connected to each other within the device via bus 605.

[0129] This application also provides a computer-readable storage medium storing a computer program that, when executed by a processor, implements the above-described hardware encryption and hardware decryption methods.

[0130] Memory, as a non-transitory computer-readable storage medium, can be used to store non-transitory software programs and non-transitory computer-executable programs. Furthermore, memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one disk storage device, flash memory device, or other non-transitory solid-state storage device. In some embodiments, memory may optionally include memory remotely located relative to the processor, and these remote memories can be connected to the processor via a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.

[0131] The hardware encryption and decryption method, device, electronic device, and storage medium provided in this application utilize retinal bimodal features, including retinal vascular patterns and macular contours, as a biometric identification method. An authorized feature template is generated through encryption and stored in a first storage array of the hardware. Based on this template, an encryption key is generated to encrypt the data to be stored before storing it in a second storage array. Decryption requires obtaining the current user's retinal bimodal features; only when these features match the authorized feature template stored in the hardware can a decryption key be generated to decrypt the data. This application achieves an integrated security closed loop of "biometric feature-key-data" by deeply binding highly unique retinal biometric features with the key generation mechanism. Technically, this greatly improves the accuracy and anti-counterfeiting capabilities of identity authentication, effectively prevents data leakage and unauthorized access, and ensures high security of hardware-stored data.

[0132] The embodiments described in this application are for the purpose of more clearly illustrating the technical solutions of the embodiments of this application, and do not constitute a limitation on the technical solutions provided by the embodiments of this application. As those skilled in the art will know, with the evolution of technology and the emergence of new application scenarios, the technical solutions provided by the embodiments of this application are also applicable to similar technical problems.

[0133] Those skilled in the art will understand that the technical solutions shown in the figures do not constitute a limitation on the embodiments of this application, and may include more or fewer steps than shown, or combine certain steps, or different steps.

[0134] The device embodiments described above are merely illustrative. The units described as separate components may or may not be physically separate; that is, they may be located in one place or distributed across multiple network units. Some or all of the modules can be selected to achieve the purpose of this embodiment according to actual needs.

[0135] Those skilled in the art will understand that all or some of the steps in the methods disclosed above, as well as the functional modules / units in the systems and devices, can be implemented as software, firmware, hardware, or suitable combinations thereof.

[0136] The terms “first,” “second,” “third,” “fourth,” etc. (if present) in the specification and accompanying drawings of this application are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of this application described herein can be implemented in orders other than those illustrated or described herein. Furthermore, the terms “comprising” and “having,” and any variations thereof, are intended to cover non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.

[0137] It should be understood that in this application, "at least one (item)" means one or more, and "more than" means two or more. "And / or" is used to describe the relationship between related objects, indicating that three relationships can exist. For example, "A and / or B" can represent three cases: only A exists, only B exists, and both A and B exist simultaneously, where A and B can be singular or plural. The character " / " generally indicates that the preceding and following related objects are in an "or" relationship. "At least one (item) of the following" or similar expressions refer to any combination of these items, including any combination of single or plural items. For example, at least one (item) of a, b, or c can represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", where a, b, and c can be single or multiple.

[0138] In the several embodiments provided in this application, it should be understood that the disclosed apparatus and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative; for instance, the division of the units described above is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be through some interfaces; the indirect coupling or communication connection between apparatuses or units may be electrical, mechanical, or other forms.

[0139] The units described above as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.

[0140] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.

[0141] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes multiple instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods of the various embodiments of this application. The aforementioned storage medium includes various media capable of storing programs, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

[0142] The preferred embodiments of the present application have been described above with reference to the accompanying drawings, but this does not limit the scope of the claims of the present application. Any modifications, equivalent substitutions, and improvements made by those skilled in the art without departing from the scope and substance of the embodiments of the present application shall be within the scope of the claims of the present application.

Claims

1. A hardware encryption method, characterized in that, The method includes: Acquire the retinal bimodal features of the target user, wherein the retinal bimodal features include at least one of the retinal vascular pattern and macular contour of the target user; The retinal bimodal features of the target user are encrypted to obtain an authorization feature template, which is a biometric template used to verify the user's identity. The authorization feature template is stored in the first storage array of the hardware. Generate an encryption key based on the authorized feature template; The target user's data to be stored is encrypted using the encryption key to obtain encrypted data; The encrypted data is stored in the second storage array of the hardware.

2. The method according to claim 1, characterized in that, If the target user's user type is a first data access permission, then the second storage array is any of the hardware's storage arrays; If the target user's user type is the second data access permission, then the second storage array is the storage array of the non-core area of ​​the hardware; If the target user's user type is a third data access permission, then the second storage array is any storage array of the hardware; The first data access permission has the unlocking permission for all storage arrays of the hardware, the second data access permission has the unlocking permission for the storage arrays in the non-core areas of the hardware, and the third data access permission has the temporary unlocking permission for all storage arrays of the hardware after verification by external emergency commands.

3. A hardware decryption method, characterized in that, The method includes: Obtain the current user's retinal bimodal features, wherein the current user's retinal bimodal features include at least one of the current user's retinal vascular pattern and macular contour; If the current user's retinal bimodal features match the first authorized feature template stored in the hardware, a decryption key is generated based on the first authorized feature template. The second storage array of the hardware is decrypted according to the first authorized feature template to obtain the target data. The second storage array of the hardware is encrypted using the hardware encryption method described in any one of claims 1-2.

4. The method according to claim 3, characterized in that, The current user's retinal bimodal features include the current user's retinal vascular pattern and macular contour; The acquisition of the current user's retinal bimodal features includes: In response to the received unlock command, the retina of the current user is illuminated with a near-infrared light source of a preset wavelength, and images of the retinal vessels and macular region of the current user are acquired. Extract the vascular pattern features from the retinal vascular image and the macular contour features from the macular region image; The vascular pattern features and the macular contour features are fused to obtain the dual-modal features of the retina.

5. The method according to claim 4, characterized in that, When the current user's retinal bimodal features match a first authorized feature template stored in the hardware, generating a decryption key based on the first authorized feature template includes: If the matching degree between the vascular pattern features in the retinal vascular image and the vascular pattern features in the first authorized feature template is greater than a preset vascular matching threshold, and the matching degree between the macular contour features in the macular region image and the macular contour features in the first authorized feature template is greater than a preset macular matching threshold, then the decryption key is generated according to the first authorized feature template.

6. The method according to claim 3, characterized in that, The second storage array of the hardware is decrypted according to the first authorized feature template to obtain the target data, including: Identify the user type of the current user; The target data access permissions are determined based on the user type. The target data access permissions include a first data access permission, a second data access permission, and a third data access permission. The first data access permission has the unlocking permission for all storage arrays of the hardware. The second data access permission has the unlocking permission for the storage arrays in the non-core areas of the hardware. The third data access permission has the temporary unlocking permission for all storage arrays of the hardware after external emergency command verification. The storage array corresponding to the target data access permission is used as the second storage array; The second storage array is decrypted using the decryption key to obtain the target data.

7. The method according to claim 3, characterized in that, The method further includes: Real-time acquisition of the current pressure value exerted on the hardware's packaging shell; If the difference between the current pressure value and the target pressure value within the historical time period is greater than a first threshold, a data self-destruction process is triggered. The data self-destruction process includes: controlling the data self-destruction chip of the hardware to perform multiple random data overwrite operations on the key area and data area of ​​the hardware storage array, and controlling the fuse to blow the control pin of the storage chip of the hardware. The target pressure value is determined based on the pressure value collected within the historical time period.

8. The method according to claim 3, characterized in that, The method further includes: Obtain environmental parameters of the environment in which the hardware is located, including one of temperature data and electromagnetic interference intensity data; If the environmental parameters indicate that the temperature of the environment in which the hardware is located is greater than the second threshold, then the temperature compensation circuit of the hardware is activated to adjust the operating voltage. If the environmental parameters indicate that the electromagnetic interference intensity of the environment in which the hardware is located is greater than a third threshold, then the electromagnetic shielding unit of the hardware is controlled to enhance the shielding effectiveness.

9. An electronic device, characterized in that, The electronic device includes a memory and a processor. The memory stores a computer program, and when the processor executes the computer program, it implements the hardware encryption method according to any one of claims 1 to 2 and the hardware decryption method according to any one of claims 3 to 8.

10. A computer-readable storage medium storing a computer program, characterized in that, When the computer program is executed by the processor, it implements the hardware encryption method according to any one of claims 1 to 2 and the hardware decryption method according to any one of claims 3 to 8.