Search

CN-112214761-B - Management method, system and terminal equipment of hardware encryption machine

CN112214761BCN 112214761 BCN112214761 BCN 112214761BCN-112214761-B

Abstract

The embodiment of the application discloses a management method, a system and terminal equipment of a hardware encryption machine, wherein the management method of the hardware encryption machine comprises the steps that after detecting that a storage device with a password verification function is accessed, the terminal equipment establishes a communication link with a virtual machine, receives and displays an operation interface of the virtual machine through the communication link, wherein the virtual machine is a virtual machine built in a virtual private cloud environment, and starts hardware encryption machine management and control software on the operation interface of the virtual machine and loads a driving program of the storage device with the password verification function to realize management and control of the hardware encryption machine by the storage device with the password verification function.

Inventors

  • LIN LONG

Assignees

  • 阿里巴巴集团控股有限公司

Dates

Publication Date
20260512
Application Date
20190711

Claims (14)

  1. 1. A method for managing a hardware encryption machine, comprising: after detecting that a storage device with a password verification function is accessed, the terminal device establishes a communication link with a virtual machine, and receives and displays an operation interface of the virtual machine through the communication link; And the terminal equipment starts hardware encryption machine management and control software on an operation interface of the virtual machine and loads a driving program of the storage equipment with the password verification function to realize the management and control of the hardware encryption machine by the storage equipment with the password verification function, wherein the hardware encryption machine is positioned in the virtual private cloud environment and is connected with the virtual machine, and the virtual machine is a virtual machine with a public network IP address.
  2. 2. The method of claim 1, wherein the step of the terminal device starting hardware cryptographic engine management software on the running interface of the virtual machine and loading a driver of a storage device having a password authentication function comprises: the terminal equipment detects whether hardware encryption machine starting management and control software is installed in the virtual machine or not, and a detection result is obtained; and the terminal equipment starts and installs the hardware encryption machine management and control software on an operation interface of the virtual machine according to the detection result and loads a driving program of the storage equipment with the password verification function.
  3. 3. The method of claim 2, wherein the terminal device starting to install the hardware cryptographic engine management software and loading a driver of a storage device having a password authentication function on an operation interface of the virtual machine according to the detection result comprises: and the detection result is that the hardware encryption machine management and control software is not installed in the virtual machine, the terminal equipment installs the hardware encryption machine management and control software on the virtual machine through an operation interface of the virtual machine, and starts the hardware encryption machine management and control software and loads a driving program of the storage equipment with the password verification function.
  4. 4. The method of claim 2, wherein the terminal device starts installing the hardware cryptographic engine management software and loading a driver of a storage device having a password authentication function on an operation interface of the virtual machine according to the detection result, comprising: And the detection result is that the hardware encryption machine management and control software is installed in the virtual machine, and the terminal equipment starts and installs the hardware encryption machine management and control software on an operation interface of the virtual machine and loads a driving program of the storage equipment with the password verification function.
  5. 5. The method of claim 1, wherein the method further comprises: And the terminal equipment constructs a virtual machine with a public network IP address in the virtual private cloud environment.
  6. 6. The method of claim 1, wherein the step of the terminal device establishing a communication link with a virtual machine comprises: the terminal equipment receives a remote desktop connection instruction and acquires a public network IP address according to the remote desktop connection instruction; the terminal equipment sends a remote desktop connection request containing the public network IP address to a cloud platform; And the terminal equipment establishes a communication link with the virtual machine according to the remote desktop connection request.
  7. 7. The method of claim 1, wherein the step of the terminal device receiving and displaying the running interface of the virtual machine over the communication link comprises: the terminal equipment acquires a user name and a password; the terminal equipment generates a connection credential according to the user name and the password, and sends the connection credential to the virtual machine through the communication link; And after the virtual machine successfully verifies the user name and the password according to the connection credentials, the terminal equipment receives and displays an operation interface of the virtual machine.
  8. 8. The method of any one of claims 1-7, further comprising: the terminal device releases the virtual machine in a VPC environment.
  9. 9. A management system for a hardware encryption engine, comprising: the cloud platform and the terminal equipment, wherein, The cloud platform is used for building a virtual private cloud environment, wherein a hardware encryption machine and a virtual machine connected with the hardware encryption machine are arranged in the virtual private cloud environment; The terminal equipment is used for establishing a communication link with a virtual machine after detecting that the storage equipment with the password verification function is accessed, receiving and displaying an operation interface of the virtual machine through the communication link, starting hardware encryption machine management and control software on the operation interface of the virtual machine, loading a driving program of the storage equipment with the password verification function, and realizing the management and control of the hardware encryption machine by the storage equipment with the password verification function, wherein the hardware encryption machine is positioned in the virtual private cloud environment and is connected with the virtual machine.
  10. 10. The management system of claim 9, wherein the virtual machine is a virtual machine with a public network IP address.
  11. 11. A terminal device, comprising: the port is used for accessing the storage device with the password verification function; The communication module is used for carrying out data interaction between the terminal equipment and the virtual machine; The display module is used for displaying the running interface of the virtual machine; And the processor is used for starting the communication module after detecting that the storage device with the password verification function is accessed, establishing a communication link between the processor and the virtual machine, receiving an operation interface of the virtual machine through the communication link, starting the display module, starting hardware encryption machine management and control software on the operation interface of the virtual machine, loading a driving program of the storage device with the password verification function, and realizing that the storage device with the password verification function manages the hardware encryption machine, wherein the hardware encryption machine is positioned in the virtual private cloud environment and is connected with the virtual machine.
  12. 12. The terminal device of claim 11, wherein the processor is further configured to release the virtual machine within the VPC environment after remotely controlling the virtual machine to manage the hardware encryption machine on hardware encryption machine management software.
  13. 13. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method for managing a hardware encryption machine according to any one of claims 1-8 when executing the computer program.
  14. 14. A readable storage medium having stored thereon a computer program, characterized in that the computer program when executed realizes the steps of the method for managing a hardware cryptographic machine according to any one of claims 1 to 8.

Description

Management method, system and terminal equipment of hardware encryption machine Technical Field The present application relates to the field of information security technologies, and in particular, to a method, a system, a terminal device, and a readable storage medium for managing a hardware encryption machine. Background In order to provide a safer and isolated network environment for users on the cloud platform, the cloud platform provides a virtual private cloud VPC (Virtual Private Cloud) technology, so that users (enterprises or individuals renting the cloud platform) can build a proprietary VPC environment on the cloud platform, thereby isolating the off-line network environment. In colloquial terms, a VPC corresponds to a network container within which virtual machines can be created to implement cloud product instances by means of the virtual machines. A virtual machine is a complete computer system that is emulated by software, having the functionality of a complete hardware system, and that operates in a completely isolated environment. For example, a virtual machine may be created within the VPC environment to emulate a server on the virtual machine, and another virtual machine may be created within the VPC environment to emulate a hardware encryption machine on the virtual machine. The hardware encryptor is used here to provide a key service for data transmission between the server and the terminal device. After the hardware encryption machine is used for a period of time, management and control operations such as software programs or encryption instructions of the hardware encryption machine are required to be executed on the hardware encryption machine so as to realize updating management and control operations, and the current management and control operations on the hardware encryption machine depend on a storage device Ukey with a password verification function, which is accessed by a terminal device. As shown in fig. 1, a user may build a virtual private network VPN (Virtual Private Network) in a VPC environment of the cloud platform, and the terminal device dials into the VPC environment through the VPN, so that the terminal device utilizes the accessed Ukey to control the hardware encryption machine. However, if the VPN is built by the user, the safety and stability of the VPN cannot be ensured, and a professional technician is required to take a long time to build the VPN, and the process is complicated. If the VPN is purchased by a user from a cloud platform, it is costly. However, after the hardware encryption machine is built in the VPC environment of the cloud platform, the hardware encryption machine is located in the VPC environment, and the terminal device for controlling the hardware encryption machine is located in an offline network environment, which is not compatible with the VPC environment, so that the terminal device cannot control the hardware encryption machine in the VPC environment. Disclosure of Invention In view of the above, the present application provides a method, a system, a terminal device, and a readable storage medium for managing a hardware encryption machine, which can simply and conveniently achieve the purpose of managing and controlling a hardware encryption machine in a VPC environment. In order to achieve the above object, an embodiment of the present application provides a method for managing a hardware encryption machine, including: after detecting that the storage device with the password verification function is accessed, the terminal device establishes a communication link with a virtual machine, and receives and displays an operation interface of the virtual machine through the communication link; and the terminal equipment starts the hardware encryption machine management and control software on the running interface of the virtual machine and loads a driving program of the storage equipment with the password verification function to realize the management and control of the hardware encryption machine by the storage equipment with the password verification function. Optionally, the virtual machine is a virtual machine with a public network IP address. Optionally, the step of starting the hardware encryptor management software on the running interface of the virtual machine by the terminal device and loading the driver of the storage device with the password verification function includes: the terminal equipment detects whether hardware encryption machine starting management and control software is installed in the virtual machine or not, and a detection result is obtained; and the terminal equipment starts and installs the hardware encryption machine management and control software on an operation interface of the virtual machine according to the detection result and loads a driving program of the storage equipment with the password verification function. Optionally, the terminal device starts to install the hardware encryption machine manage