CN213814671U - High-security-level data access device based on structured light array recognition - Google Patents
High-security-level data access device based on structured light array recognition Download PDFInfo
- Publication number
- CN213814671U CN213814671U CN202022645007.2U CN202022645007U CN213814671U CN 213814671 U CN213814671 U CN 213814671U CN 202022645007 U CN202022645007 U CN 202022645007U CN 213814671 U CN213814671 U CN 213814671U
- Authority
- CN
- China
- Prior art keywords
- key
- information
- unit
- decryption
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The utility model provides a high security level data access device based on structure light array discernment, the device includes: the system comprises a structured light array comparison unit, a legal structured light array information storage unit, a user grade storage unit, a user verification information storage unit, a first decryption circuit, a verification key storage unit, a key generation unit, a digital signature operation unit, a user information comparison unit, a read-write control circuit and a data storage unit; the data storage unit includes a first security level storage area and a second security level storage area. According to the scheme, the access to the data storage unit is realized by collecting the user structure light array information, different access key information is obtained according to the user security level after the comparison of the structure light array information is passed, and whether the current user is allowed to access the data storage unit is determined by authenticating the user digital signature information, so that the security and the uniqueness of the user to the data access are greatly enhanced.
Description
Technical Field
The utility model relates to a chip circuit design field, in particular to high security level data access device based on structure light array discernment.
Background
SSD data storage has gradually become the primary storage medium for consumer device data storage and cloud storage. For SSD data storage, data error correction is of great importance, particularly for personal critical data and government agency related data. The SSD master control chip is used as the brain of the SSD storage device, and the safety performance of the SSD master control chip directly determines the final overall safety performance of the SSD hard disk.
Currently, for the secure access of each user data, the most common method is still to set a password, and complete the user authorization by checking the password, but one SSD storage device may be used by different users, and different users should have different security levels, so as to give access rights to different storage spaces. The mode of setting the password cannot ensure the uniqueness of the access of the user to the corresponding storage area, and the situation that the user forgets the password and cannot access the data area of the storage device is easily caused.
SUMMERY OF THE UTILITY MODEL
Therefore, a technical scheme of high-security-level data access based on structured light array identification is needed to be provided, so as to solve the problems of weak security and poor user experience in data access to the same storage device at present.
In order to achieve the above object, the present invention provides a high security level data access device based on structured light array recognition, the device includes: the system comprises a structured light array comparison unit, a legal structured light array information storage unit, a user grade storage unit, a user verification information storage unit, a first decryption circuit, a verification key storage unit, a key generation unit, a digital signature operation unit, a user information comparison unit, a read-write control circuit and a data storage unit; the data storage unit comprises a first security level storage area and a second security level storage area;
the structure light array comparison unit is respectively connected with the structure light array acquisition unit, the legal structure light array information storage unit, the user grade storage unit, the user verification information storage unit and the key generation unit, the key generation unit is connected with the digital signature operation unit, and the digital signature operation unit is connected with the user information comparison unit;
the first decryption circuit is respectively connected with the user verification information storage unit, the verification key storage unit and the user information comparison unit, the user information comparison unit is connected with the read-write control circuit, and the read-write control circuit is respectively connected with the first safety level storage area and the second safety level storage area.
Furthermore, the device comprises a second encryption and decryption circuit, and the second encryption and decryption circuit is respectively connected with the key generation unit and the user information comparison unit.
Furthermore, the device also comprises a read-write limiting unit which is respectively connected with the second encryption and decryption unit and the structured light array comparison unit;
the reading and writing limiting unit is used for acquiring the current user security level transmitted by the structured light array comparison unit after receiving a data reading and writing instruction sent by data reading and writing equipment, and limiting the position of a data storage area in the data storage unit which can be accessed by the data reading and writing instruction according to the current user security level.
Further, the apparatus further comprises a counter and an erase circuit; the counter is respectively connected with the structured light array comparison unit and the erasing circuit, and the erasing circuit is connected with the read-write control circuit.
Further, the device also comprises a key recording unit which is connected with the key generating unit.
Further, the read-write control circuit is a NAND read-write controller.
Further, the key generation unit includes a source data decryption unit, a root key operation unit, and a hierarchy decryption operation unit; the source data decryption unit is connected with a root key operation unit, and the root key operation unit is connected with a hierarchy decryption operation unit;
the source data decryption unit is used for acquiring the encrypted source data for decryption to obtain a decrypted source key and a decrypted hierarchical encryption and decryption algorithm;
a root key operation unit, configured to calculate root key information according to the decrypted source key;
and the hierarchy decryption operation unit is used for acquiring hierarchy key information, a hierarchy key encryption and decryption algorithm and root key information, and decrypting the hierarchy key information by adopting the root key information according to the hierarchy key encryption and decryption algorithm to obtain access key information.
Further, the key generation unit further includes:
a hierarchy information storage unit for storing hierarchy key information;
and the main control chip is connected with the hierarchy information storage unit and the hierarchy decryption operation unit and is used for acquiring hierarchy key information from the hierarchy information storage unit according to the security level corresponding to the current user and sending the hierarchy key information to the hierarchy decryption operation unit.
Furthermore, the hierarchical decryption operation unit comprises a first-level decryption operation unit and a second-level decryption operation unit; the hierarchical key information includes first hierarchical key information and second hierarchical key information; the hierarchical encryption and decryption algorithm comprises a first hierarchical encryption and decryption algorithm and a second hierarchical encryption and decryption algorithm;
the main control chip is distributed and connected with the primary decryption operation unit and the secondary decryption operation unit and is used for acquiring primary hierarchy key information from the hierarchy information storage unit, transmitting the primary hierarchy key information to the primary decryption operation unit, acquiring secondary hierarchy key information from the hierarchy information storage unit and transmitting the secondary hierarchy key information to the secondary decryption operation unit;
the first-level decryption operation unit is used for decrypting the first-level key information by adopting the root key information according to the first-level key encryption and decryption algorithm to obtain a first-level key;
and the second-level decryption operation unit is used for acquiring the first-level key and decrypting the second-level key information by adopting the first-level key information according to the second-level key encryption and decryption algorithm to obtain a second-level key.
Further, the hierarchy information storage unit is further configured to store handshake request information and handshake response information;
the key generation unit further comprises a handshake decryption operation circuit, a handshake encryption operation circuit and a handshake information check circuit, wherein the handshake decryption operation circuit is connected with the main control chip and the handshake encryption operation circuit in a distributed manner, and the handshake encryption operation circuit is connected with the handshake information check circuit;
the handshake decryption operation circuit is used for decrypting the access key information by adopting the access key information to obtain handshake encryption key information;
the handshake encryption operation circuit is used for receiving the handshake request information sent by the main control chip and encrypting the handshake request information by adopting the handshake encryption key information to obtain handshake encryption information;
and the handshake information check circuit is used for acquiring the handshake encryption information and handshake response information sent by the main control chip, judging whether the handshake encryption information and the handshake response information are matched, and outputting the access key information if the handshake encryption information and the handshake response information are matched.
Different from the prior art, the high security level data access device based on structured light array identification according to the above technical solution includes: the system comprises a structured light array comparison unit, a legal structured light array information storage unit, a user grade storage unit, a user verification information storage unit, a first decryption circuit, a verification key storage unit, a key generation unit, a digital signature operation unit, a user information comparison unit, a read-write control circuit and a data storage unit; the data storage unit comprises a first security level storage area and a second security level storage area; the structure light array comparison unit is respectively connected with the structure light array acquisition unit, the legal structure light array information storage unit, the user grade storage unit, the user verification information storage unit and the key generation unit, the key generation unit is connected with the digital signature operation unit, and the digital signature operation unit is connected with the user information comparison unit; the first decryption circuit is respectively connected with the user verification information storage unit, the verification key storage unit and the user information comparison unit, the user information comparison unit is connected with the read-write control circuit, and the read-write control circuit is respectively connected with the first safety level storage area and the second safety level storage area.
According to the scheme, the access to the data storage unit is realized by collecting the user structure light array information, different access key information is obtained according to the user security level after the comparison of the structure light array information is passed, and whether the current user is allowed to access the data storage unit is determined by generating the comparison result of the user digital signature information to be corrected and the user signature verification information stored in the user verification information storage unit based on the access key information. Because the user digital signature information is obtained by real-time operation, and the user verification information is encrypted and stored by an independent secret key, the security of the user for data access is greatly enhanced. In addition, the first security level storage area and the second security level storage area can be matched with different security levels, the security levels of different users are set to be different, and different security levels can generate keys of different levels, so that the data differentiation range in the first security level storage area and the data differentiation range in the second security level storage area are realized, and the uniqueness of the user on data access is improved.
Drawings
Fig. 1 is a schematic structural diagram of a key generation unit according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a key generation unit according to another embodiment of the present invention;
fig. 3 is a schematic structural diagram of a key generation unit according to another embodiment of the present invention;
fig. 4 is a flowchart of a key generation method according to an embodiment of the present invention;
fig. 5 is a flowchart of a key generation method according to another embodiment of the present invention;
fig. 6 is a flowchart of a key generation method according to another embodiment of the present invention;
fig. 7 is a schematic structural diagram of a high security level data access device based on structured light array recognition according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a high security level data access device based on structured light array recognition according to another embodiment of the present invention.
Description of reference numerals:
10. a high security level data access device based on structured light array recognition;
201. a structured light array collection unit; 202. a structured light array comparison unit; 203. a user level storage unit; 204. a data storage unit; 205. a read-write control circuit; 206. a user check information storage unit; 207. a user information comparison unit;
208. a first security level storage area; 209. a second security level storage area; 210. a third security level storage area; 211. a digital signature operation unit; 212. a first decryption circuit; 213. verifying the key storage unit; 214. a read-write restriction unit; 215. a second encryption/decryption circuit; 216. a counter; 217. an erasing circuit; 218. a legally structured light array information storage unit;
30. a key generation unit;
301. a source data storage unit;
302. a source data decryption unit;
303. an algorithm information storage unit;
304. a hierarchy information storage unit;
305. a root key operation unit;
306. a hierarchical decryption operation unit; 3061. a first-level decryption operation unit; 3062. a secondary decryption operation unit; 3063. a third-level decryption operation unit;
307. a handshake decryption operational circuit; 3071. a first-stage handshake decryption operation circuit; 3072. a second-stage handshake decryption operation circuit; 3073. a three-stage handshake decryption operation circuit;
308. a handshake encryption arithmetic circuit; 3081. a first-stage handshake encryption operation circuit; 3082. a second-stage handshake encryption operation circuit; 3083. a three-stage handshake encryption operation circuit;
309. a handshake information check circuit;
310. a key selection unit;
311. an algorithm selection unit; 3111. a first-level algorithm selection unit; 3112. a secondary algorithm selection unit; 3113. a third-level algorithm selection unit;
313. a user identification information storage unit;
40. a key recording unit;
50. and a data read-write device.
Detailed Description
To explain technical contents, structural features, and objects and effects of the technical solutions in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
Fig. 7 is a schematic structural diagram of a high security level data access device based on structured light array recognition according to an embodiment of the present invention.
The device comprises: the system comprises a structured light array acquisition unit 201, a structured light array comparison unit 202, a legal structured light array information storage unit 218, a user grade storage unit 203, a user verification information storage unit 206, a key generation unit 30, a digital signature operation unit 211, a user information comparison unit 207, a read-write control circuit 205, a data storage unit 204, a first decryption circuit 212 and a verification key storage unit 213; the data storage unit 204 includes a first security level storage area 208 and a second security level storage area 209;
the structured light array collecting unit 201 is connected to a structured light array comparing unit 202, the structured light array comparing unit 202 is connected to the legal structured light array information storing unit 218, the user class storing unit 203, the key generating unit 30, and the user verification information storing unit 206, the key generating unit 30 is connected to the digital signature operating unit 211, the digital signature operating unit 211 is connected to the user information comparing unit 207, and the user information comparing unit 207 is connected to the first decrypting circuit 212 and the read-write control circuit 205. The first decryption circuit 212 is connected to the user verification information storage unit 206 and the verification key storage unit 213, and the read/write control circuit 205 is connected to the first security level storage area 208 and the second security level storage area 209, respectively. The structured light array collecting unit 201 is an electronic component capable of emitting infrared light and generating biometric image information of a corresponding portion through an infrared signal returned from a body part of a user, where the biometric image information is structured light array information.
When the device 10 is used, firstly, the structured light array identification unit 202 receives the structured light array information of the user acquired by the structured light array acquisition unit 201, compares the structured light array information acquired currently with the structured light array information stored in advance in the legal structured light array information storage unit 218, and if the comparison is correct, the structured light array identification unit 202 acquires the security level corresponding to the current user from the user level storage unit 203 according to the acquired structured light array information, and sends the acquired security level to the key generation unit 30. After receiving the security level of the current user, the key generation unit 30 generates access key information matching the security level according to the security level of the current user. Then, the digital signature operation unit 211 performs hash operation on the access key information to obtain the user digital signature information to be authenticated, and transmits the user digital signature information to be authenticated to the user information comparison unit 207. In parallel, the user verification information storage unit 206 sends the encrypted user verification information corresponding to the current user to the first decryption circuit 212 according to the comparison result of the structured light array identification unit 202, and the first decryption circuit 212 obtains the encrypted user signature verification information and the verification key information stored in the verification key storage unit 213, decrypts the encrypted user signature verification information by using the verification key information, and sends the decrypted user signature verification information to the user information comparison unit 207. The user information comparing unit 207. The user information comparing unit 207 obtains the digital signature information of the user to be authenticated and the user verification information corresponding to the current user, compares the digital signature information of the user to be authenticated and the user verification information of the user to be authenticated, and sends a control signal to the read-write control circuit 205 according to a comparison result.
Preferably, the digital signature operation unit 211 generates the user digital signature information in real time according to the following manner: after acquiring the access key information, the digital signature operation unit 211 performs hash calculation on the access key information according to a preset encryption algorithm (e.g., SM3 encryption algorithm), so as to obtain the user digital signature information. The hash operation is a common function in encryption and decryption operations, and thus the digital signature operation unit 211 may be implemented by an encryption and decryption operation circuit having a hash operation module built therein. Because the user verification information is stored after being encrypted, and the user digital signature information is generated in real time according to the access key information, the safety in the data access process is further enhanced. The read-write control circuit is a NAND read-write controller.
In this application, the data storage unit 204 includes a first security level storage area 208 and a second security level storage area 209, different users can store private data in different security level storage areas, the security levels of different users can be set to be different, and when the security levels of the users are different, the key generation unit 30 can generate keys of different levels, so as to implement a differentiation range of data in the first security level storage area and the second security level storage area, and improve the uniqueness of data access by the users.
As shown in fig. 8, in some embodiments, the apparatus 10 includes a second encryption/decryption circuit 215, and the second encryption/decryption circuit 215 is respectively connected to the key generation unit 30 and the user information comparison unit 207. The second encryption/decryption circuit 215 is configured to receive the access key information generated by the key generation unit 30, and decrypt the data read from the data storage unit 204 or encrypt the data to be written into the data storage unit 204 using the access key information.
Further, the apparatus further comprises a read-write restriction unit 214. The read-write limiting unit 214 is connected to the second encryption/decryption unit 215 and the structured light array comparing unit 202, and is configured to, after receiving a data read-write instruction sent by the data read-write device 50, obtain a current user security level transmitted by the structured light array comparing unit 202, and limit a data storage area position in the data storage unit 204 that can be accessed by the data read-write instruction according to the current user security level.
When the data read-write device 50 needs to access the data storage unit 204, no matter data is read or written, a data read-write instruction sent by the data read-write device is transmitted to the read-write limiting unit 214, then the structured light array comparison unit 202 obtains the security level of the current user after the structured light array information comparison is passed and transmits the security level to the read-write limiting unit 214, and if the read-write limiting unit 214 detects that the received security level of the current user is not matched with the data storage area to be accessed by the data read-write instruction, the data read-write device 50 directly feeds an error flag back to the data read-write device 50, so that the data read-write device 50 is denied further access to the data storage area. For example, the read-write limiting unit 214 receives a read instruction for the data stored in the third security level storage region transmitted by the data read-write device 50, but the current user security level obtained by the structured light array comparing unit 202 after comparison is the second security level, which indicates that the current user does not have permission to read the data stored in the third security level storage region, the read-write limiting unit 214 directly rejects the data read request of the data read-write device 50, so as to enhance the security of the whole data.
In certain embodiments, the illustrated data storage unit 204 further comprises a third security level storage area. Accordingly, the user security level includes a first security level, a second security level, and a third security level, the third security level being higher than the second security level, the second security level being higher than the first security level. If the user wants to access the data in the first safety level storage area, the user safety level requirement acquired by the structured light array comparison unit is a first safety level; if the user wants to access the data in the second security level storage area, the user security level requirement acquired by the structured light array comparison unit is the second security level; if the user wants to access the data in the third security level storage area, the structured light array alignment unit obtains a user security level requirement of the third security level.
Preferably, the corresponding relationship between the user security level and the security level storage area accessible to the user can be configured according to actual needs. Taking the data storage area including the first security level storage area 208, the second security level storage area 209, and the third security level storage area 210 as an example, the correspondence relationship may be configured as: a user of a first security level can only access data in the first security level storage area 208, a user of a second security level can only access data in the second security level storage area 209, and a user of a third security level can only access data in the third security level storage area 210. Of course, the correspondence relationship may also be configured as: a user of a first security level can only access data in the first security level storage area 208, a user of a second security level can access data in the first security level storage area 208 and the second security level storage area 209, and a user of a third security level can access data in the first security level storage area 208, the second security level storage area 209 and the third security level storage area 210.
As described above, both the data reading instruction and the data writing instruction sent by the data reading and writing device 50 will pass through the reading and writing limiting unit 214, and if the reading and writing limiting unit 214 determines that the current user security level meets the requirement of accessing the corresponding data storage area, the data reading instruction or the data writing instruction will be sent to the second encryption and decryption circuit 215. The following will further describe the data processing flow of each module in the apparatus according to the present invention, which is related to fig. 8, in conjunction with two processes of reading data from the data storage unit 204 and writing data into the data storage unit 204.
The data reading process is as follows: the read-write limiting unit 214 receives the data reading instruction of the data reading-writing device 50, sends the data reading instruction to the user information comparing unit 207 after determining that the security level of the current user transmitted by the structured light array comparing unit 202 meets the condition (that is, the security level of the current user can access the data storage area of the data to be read), sends the data reading instruction to the read-write control circuit 205 after the user information is checked, and sends the read data to the second encryption-decryption circuit 215 after the data reading circuit 205 reads the data from the data storage area of the corresponding security level according to the data reading instruction. In order to ensure the security of data storage, and therefore, the data to be read is also stored in an encrypted manner in the data storage area, and therefore, the read data needs to be decrypted before being returned to the data read/write device 50, specifically, the second encryption/decryption circuit 215 decrypts the read encrypted data according to the access key information generated by the key generation unit 30, and returns the decrypted data to the data read/write device 50, thereby completing the whole data reading process.
The data writing process is specifically as follows: the read-write limiting unit 214 receives the data write instruction and the data to be written of the data read-write device 50, and after determining that the security level of the current user transmitted by the structured light array comparing unit 202 meets the condition (that is, the security level of the current user can access the data storage area of the data to be written), sends the data to be written to the second encryption/decryption circuit 215, and the second encryption/decryption circuit 215 encrypts the data to be written according to the access key information generated by the key generating unit 30, and sends the encrypted data to be written to the user information comparing unit 207. The user information comparing unit 207 sends the encrypted data to be written to the read-write control circuit 205 after the user information passes the user information verification, and the data read-write circuit 205 stores the encrypted data to be written to the data storage area with the corresponding security level according to the data write instruction, thereby completing the whole data write process.
In some embodiments, as shown in FIG. 8, the apparatus further includes a counter 216 and an erase circuit 217; the counter 216 is connected to the structured light array comparison unit 202 and the erasing circuit 217, respectively, and the erasing circuit 217 is connected to the read-write control circuit 205; the erasing circuit 217 is configured to erase, by the read/write control circuit 205, data in a data storage area in the data storage unit 204 that meets a preset security level when the number of times of errors in the structured light array comparison result counted by the counter 216 exceeds a preset value. Preferably, the preset security level is a security level with a top security rank, such as the highest security level. The structural optical array information is frequently compared and has errors, which shows that the current data storage unit has the possibility of being illegally accessed, and the erasing circuit 217 can timely erase the stored data in the high-security-level data storage area, so that the data security is further enhanced.
The key information is used as a tool for data encryption and decryption, is a key ring for chip security authentication, and is very important for ensuring the security of the key generation process. In order to enhance the security of the key generation process, the present application designs a special key generation unit 30 to generate the finally required key information.
Fig. 1 is a schematic structural diagram of a key generation unit 30 according to an embodiment of the present invention. The key generation unit 30 includes:
a source data decryption unit 301, configured to obtain encrypted source data and decrypt the encrypted source data to obtain a decrypted source key and a decrypted hierarchical encryption/decryption algorithm;
a root key operation unit 305, configured to calculate root key information according to the decrypted source key;
the hierarchical decryption operation unit 306 is configured to obtain hierarchical key information, a hierarchical key encryption and decryption algorithm, and root key information, and decrypt the hierarchical key information with the root key information according to the hierarchical key encryption and decryption algorithm to obtain access key information. Because the access key information is obtained by the source key through a multi-layer encryption means, the security in the key generation process is greatly improved.
As shown in fig. 2, in some embodiments, the key generation unit 30 further includes:
and an algorithm information storage unit 303, configured to store the decrypted hierarchical encryption/decryption algorithm. The hierarchical encryption and decryption algorithm is an algorithm selected when data encryption and decryption are performed subsequently, and specifically may include any one or more of an aes algorithm, a tdes algorithm, and an sm4 algorithm. After the source data decryption unit 301 decrypts the hierarchical encryption/decryption algorithm, the hierarchical encryption/decryption algorithm is stored in the algorithm information storage unit 303, so as to wait for a subsequent call.
And an algorithm selecting unit 311, configured to select different hierarchical encryption/decryption algorithms to the hierarchical decryption operation unit 306 according to the user security level. The user security level refers to the access authority required for accessing different security level storage areas in the data storage unit. The higher the security level of the user, the higher the security of the secure storage area that the user can access, and the more complicated the corresponding key generation process.
For example, user a, user B, and user C may have a low security level, a medium security level, and a high security level. The hierarchical key decryption operation unit comprises a first hierarchical key decryption operation unit, a second hierarchical key decryption operation unit and a third hierarchical key decryption operation unit. The algorithm information storage unit is assumed to store three encryption and decryption algorithms a, b and c.
When the access key information corresponding to the user a is generated, the key generation unit 30 only starts the first-level key decryption operation unit to complete the encryption and decryption operation, and the algorithm selection unit only needs to send the encryption and decryption algorithm a to the first-level key decryption operation unit.
When the access key information corresponding to the user B is generated, the key generation unit 30 starts the first-level key decryption operation unit and the second-level key decryption operation unit to perform encryption and decryption operations, the algorithm selection unit first selects the encryption and decryption algorithm a to send to the first-level key decryption operation unit, and sends the encryption and decryption algorithm B to the second-level key decryption operation unit when the subsequent second-level key decryption operation unit performs encryption and decryption operations.
When generating the access key information corresponding to the user C, the key generation unit 30 not only starts the first-level key decryption operation unit and the second-level key decryption operation unit to perform encryption and decryption operations, but also starts the third-level key decryption operation unit to perform encryption and decryption operations. The algorithm selection unit selects the encryption and decryption algorithm a to be sent to the first-level key decryption operation unit, sends the encryption and decryption algorithm b to the second-level key decryption operation unit when the second-level key decryption operation unit performs encryption and decryption operation, and sends the encryption and decryption algorithm c to the third-level key decryption operation unit subsequently and when the third-level key decryption operation unit performs encryption and decryption operation, so that the third-level key decryption operation unit completes corresponding encryption and decryption operation to output the access key information.
In this embodiment, the algorithm selecting unit 311 selects different hierarchical encryption/decryption algorithms from the algorithm information storage unit 303 to the corresponding hierarchical decryption operation unit 306 according to different security levels of users, so that access of users with different security levels to different security level storage areas in the data storage unit can be differentiated, access of users with different security levels to the data storage unit is not affected, and privacy and security of an access process are further improved.
In some embodiments, the key generation unit 30 further includes:
a hierarchy information storage unit 304 for storing hierarchy key information;
the main control chip 312 is configured to obtain the hierarchical key information in the hierarchical information storage unit 304, and transmit the hierarchical key information to the hierarchical key decryption operation unit 306.
In this way, the decryption algorithm in the access key information generation process comes from the encryption and decryption algorithm in the algorithm information storage unit 303, and is screened by the algorithm selection unit 311, the decryption object of the screened encryption and decryption algorithm is the hierarchical key information sent by the main control chip 312, and the key used in the decryption process is the root key information, which specifically is: the hierarchical decryption operation unit 306 decrypts the hierarchical key information by using the root key information according to the hierarchical key encryption and decryption algorithm, so as to obtain access key information. The hierarchical key information, the hierarchical key encryption and decryption algorithm and the root key information are respectively from different units, so that the safety of the generated access key information is further improved.
In some embodiments, the main control chip 312 is further configured to send corresponding hierarchical key information to the hierarchical decryption unit according to the security level corresponding to the current user. The same data storage unit may be accessed by a plurality of different users, and in order to ensure that the accesses of the users to the same data storage unit are not affected, each data storage area is set with a corresponding security level, and the security levels of the users are matched with corresponding hierarchical key information, so that the key generation unit 30 can generate access key information with different security levels when different users access the data storage area.
For example, user a, user B, and user C may have a low security level, a medium security level, and a high security level. The hierarchical key decryption operation unit comprises a first hierarchical key decryption operation unit, a second hierarchical key decryption operation unit and a third hierarchical key decryption operation unit.
Assuming that the hierarchical key information includes a first-layer source key, a second-layer source key and a third-layer source key, when the access key information corresponding to the user a is generated, the key generation unit 30 only starts the first-layer key decryption operation unit to complete encryption and decryption operations, the algorithm selection unit only needs to send an encryption and decryption algorithm a to the first-layer key decryption operation unit, and the first-layer key decryption operation unit decrypts the first-layer source key by using the root key information according to the encryption and decryption algorithm a to obtain a first-layer key. For user a, the primary key is the required access key information.
When the access key information corresponding to the user B is generated, the key generation unit 30 starts the first-level key decryption operation unit and the second-level key decryption operation unit to perform encryption and decryption operations, the algorithm selection unit first selects the encryption and decryption algorithm a to send to the first-level key decryption operation unit, and after the first-level key decryption operation unit decrypts the first-level key to obtain the first-level key (specifically, refer to the generation process of the access key information of the user a), the first-level key is sent to the second-level key decryption operation unit. When the second-level key decryption operation unit performs decryption operation, the main control chip sends the second-level source key to the second-level key decryption operation unit, and the algorithm selection unit selects the encryption and decryption algorithm b and sends the encryption and decryption algorithm b to the second-level key decryption operation unit. And then the second-level key decryption operation unit decrypts the second-level source key by adopting the first-level key according to an encryption and decryption algorithm b to obtain a second-level key. For user B, the secondary key is the required access key information.
When the access key information corresponding to the user C is generated, the key generation unit 30 not only starts the first-level key decryption operation unit and the second-level key decryption operation unit to perform encryption and decryption operations, but also starts the third-level key decryption operation unit to perform encryption and decryption operations. The algorithm selection unit selects the encryption and decryption algorithm a to be sent to the first-level key decryption operation unit, and sends the encryption and decryption algorithm b to the second-level key decryption operation unit when the second-level key decryption operation unit performs encryption and decryption operation. After the second-level key decryption operation unit decrypts the second-level key to obtain the second-level key (specifically, refer to the generation process of the access key information of the user B), the second-level key is sent to the third-level key decryption operation unit. When the third-level key decryption operation unit performs encryption and decryption operation, the algorithm selection unit selects an encryption and decryption algorithm c to send to the third-level key decryption operation unit, and the main control chip also sends the third-level source key to the third-level key decryption operation unit, so that the third-level key decryption operation unit decrypts the third-level source key by using the second-level key according to the encryption and decryption algorithm c to obtain a third-level key. For user C, the third-level key is the required access key information.
In some embodiments, the key generation unit 30 further includes:
a user identification information storage unit 313 for storing user identification information. Preferably, the user identification information storage unit 313 stores therein user identification information of a plurality of different users. The user identification information is an ID for distinguishing different users, and may be, for example, a password set by each user, such as a string of characters.
A root key operation unit 305, configured to obtain the user identifier information and the decrypted source key, and perform a hash operation on the user identifier information according to the decrypted source key to obtain root key information. Because the root key information is obtained by performing hash operation on the user identification information through the decrypted source key, the bit number of the source key and the generated root key can be kept consistent, and meanwhile, the generated root key information is different when different users perform authentication, so that the security of key generation is further improved.
In some embodiments, the key generation unit 30 further includes: a source data storage unit 301, configured to store encrypted source data, where the source data includes a source key and a hierarchical encryption/decryption algorithm. In this embodiment, the source data storage unit 301 is an OTP storage unit (i.e., a one-time programmable unit), so that source data can be effectively prevented from being tampered. In order to prevent a hacker from directly obtaining source data from the source data storage unit 301, in the present application, the source data is encrypted and then stored in the OTP storage unit, and an initial key used for encrypting the source data may be stored in another storage unit, so as to improve the security of storing the source data.
In order to prevent access key information from being intercepted and tampered during the generation process, in this embodiment, the hierarchical information storage unit is further configured to store handshake request information and handshake response information, as shown in fig. 3, and the key generation unit 30 includes:
and a handshake decryption operation circuit 307, configured to decrypt the access key information by using the access key information to obtain handshake encryption key information. The access key information is easy to intercept or tamper in the transmission process, but if the access key information is decrypted firstly, the difficulty of reverse cracking of a hacker is exponentially increased, so that the access key information is decrypted before key data verification is carried out, and handshake encryption key information is obtained.
And the handshake encryption operation circuit 308 is configured to receive the handshake request information, and encrypt the handshake request information by using the handshake encryption key information to obtain handshake encryption information. Handshake request information, which refers to information to be verified and is encrypted by handshake encryption key information, may be stored in the handshake information storage unit 304 in advance, so as to obtain handshake encryption information.
And a handshake information checking circuit 309, configured to obtain the handshake response information and the handshake encryption information, and determine whether the handshake response information and the handshake encryption information are matched, if yes, the access key information is output through checking. The handshake response information refers to check standard information which is pre-stored in the handshake information storage unit 304 and is obtained by encrypting the handshake request information. By comparing the handshake response information with the handshake encryption information, whether the current access key information is tampered or not can be deduced, and if the two are matched, the access key information can be output.
As shown in fig. 3, the key generation unit 30 may generate the access key information of a corresponding hierarchy according to the security level of the user, and the higher the security level of the user is, the higher the security of the generated access key information is.
Taking the example of the key level as three security levels, the key generation unit 30 includes a key selection unit 310. The decryption operation unit includes a primary decryption operation unit 3061, a secondary decryption operation unit 3062, and a tertiary decryption operation unit 3063. The handshake decryption operation circuit comprises a first-stage handshake decryption operation circuit 3071, a second-stage handshake decryption operation circuit 3072 and a third-stage handshake decryption operation circuit 3073. The handshake encryption operation circuit comprises a first-stage handshake encryption operation circuit 3081, a second-stage handshake encryption operation circuit 3082 and a third-stage handshake encryption operation circuit 3083. The algorithm information storage unit 303 is provided with a plurality of encryption and decryption algorithms, including a first-level encryption and decryption algorithm, a second-level encryption and decryption algorithm, and a third-level encryption and decryption algorithm, and sequentially selects the algorithms through a first-level algorithm selection unit 3111, a second-level algorithm selection unit 3112, and a third-level algorithm selection unit 3113. The hierarchical key information includes a first layer source key, a second layer source key, and a third layer source key.
The key generation unit 30 described in fig. 3 operates as follows: the key generation unit 30 acquires the current user rank and outputs access key information matching the user rank to the key recording unit 40 through the key selection unit 310. Assuming that the user level has three levels, the key selection unit 310 may select a primary key or a secondary key or a tertiary key for output according to the security level of the current user. Preferably, the security level of the third-level key is higher than that of the second-level key, and the security level of the second-level key is higher than that of the first-level key.
The primary key is generated as follows:
the source data decryption unit 302 obtains the encrypted source key and the hierarchical encryption/decryption algorithm in the source data storage unit 301 for decryption, obtains a decrypted source key and a hierarchical encryption/decryption algorithm, sends the decrypted source key to the root key operation unit 305, and stores the decrypted hierarchical key encryption/decryption algorithm in the algorithm information storage unit 303. And the root key operation unit acquires the user identification information and the decrypted source key, and performs hash operation on the user identification information according to the decrypted source key to obtain root key information.
The next-level decryption operation unit 3061 receives the first-level source key of the level information storage unit 304, and the first-level algorithm selection unit 3111 selects the first-level key encryption and decryption algorithm to the first-level decryption operation unit 3061, so that the first-level decryption operation unit 3061 decrypts the first-level source key by applying the root key information through the first-level key encryption and decryption algorithm to obtain the first-level key. If the security level of the current user is one level, the key selection unit 310 may select the one level key output.
Before output, in order to prevent the first-level key from being tampered in the transmission process, the generated first-level key needs to be verified, specifically, the first-level key is encrypted once by using the first-level key through the first-level handshake decryption operation circuit 3071, so that first-level handshake encryption key information is obtained. And then, the first-level handshake request data transmitted by the hierarchical information storage unit 304 is received through the first-level handshake encryption operation circuit 3081, and the first-level handshake request data is encrypted by using the first-level handshake encryption key information, so as to obtain first-level handshake encryption information. And then, receiving the first layer handshake response data transmitted by the hierarchical information storage unit 304, comparing the first layer handshake response data with the first layer handshake encryption information, and if the first layer handshake response data and the first layer handshake encryption information match, indicating that the first-level key is not tampered, outputting the first layer handshake response data through the key selection unit 310.
The secondary key is generated as follows:
the generation process of the secondary key is similar to that of the primary key, and the difference is that the primary key is used as an input parameter (equivalent to a root key input when the primary key is generated) for generating the secondary key, specifically, the secondary decryption operation unit 3062 receives the second-layer source key of the hierarchical information storage unit 304, and the secondary algorithm selection unit 3112 selects the secondary key encryption/decryption algorithm to the secondary decryption operation unit 3062, so that the secondary decryption operation unit 3062 applies the primary key to decrypt the second-layer source key by using the secondary key encryption/decryption algorithm, and a secondary key is obtained. If the security level of the current user is secondary, key selection unit 310 may select the secondary key output.
Before output, in order to prevent the second-level key from being tampered in the transmission process, the generated second-level key needs to be verified, specifically, the second-level key is encrypted once by using the second-level key through the second-level handshake decryption operation circuit 3072, so that the second-level handshake encryption key information is obtained. And then, the second-level handshake request data transmitted by the hierarchical information storage unit 304 is received through the second-level handshake encryption operation circuit 3082, and the second-level handshake request data is encrypted by using the second-level handshake encryption key information, so as to obtain second-level handshake encryption information. And then receiving second-layer handshake response data transmitted by the hierarchical information storage unit 304, comparing the second-layer handshake response data with the second-layer handshake encryption information, and if the two match, indicating that the secondary key is not tampered, outputting the second-layer handshake response data through the key selection unit 310, otherwise, sending a prompt message.
The generation process of the tertiary key is as follows:
the generation process of the third-level key is similar to that of the second-level key, and the difference is that the second-level key is used as an input parameter for generating the third-level key (equivalent to the first-level key input during generation of the second-level key), specifically, the third-level decryption operation unit 3063 receives the third-level source key of the hierarchical information storage unit 304, and the third-level algorithm selection unit 3113 selects the third-level key encryption/decryption algorithm to the third-level decryption operation unit 3062, so that the third-level decryption operation unit 3063 decrypts the third-level source key by using the second-level key using the third-level key encryption/decryption algorithm, and obtains the third-level key. If the security level of the current user is three levels, the key selection unit 310 may select the three levels of key outputs.
Before outputting the third-level key, in order to prevent the third-level key from being tampered in the transmission process, the generated third-level key needs to be verified, specifically, the third-level key is encrypted once by using the third-level key through the third-level handshake decryption operation circuit 3073, so as to obtain the third-level handshake encryption key information. And then, the third-level handshake request data transmitted by the hierarchical information storage unit 304 is received through the three-level handshake encryption operation circuit 3083, and the third-level handshake request data is encrypted by using the three-level handshake encryption key information, so as to obtain third-level handshake encryption information. And then, receiving third-layer handshake response data transmitted by the hierarchical information storage unit 304, comparing the third-layer handshake response data with the third-layer handshake encryption information, and if the third-layer handshake response data and the third-layer handshake encryption information are matched, indicating that the third-layer key is not tampered, outputting the third-layer handshake response data through the key selection unit 310, otherwise, sending a prompt message.
Of course, in other embodiments, the number of the set user levels may also be other numbers, such as two security levels or more than four security levels, and correspondingly, the number of the hierarchies required for generating the access key information may also be other numbers, which are specifically set according to actual needs. When the access key information has other levels, the generation manner thereof may refer to the key generation process shown in fig. 3, which is not described herein again.
In some embodiments, the access key information generated by the key generation unit 30 may be stored in the key recording unit 40 to wait until a selective call of another function module.
As shown in fig. 4, the present application also provides a key generation method, which is applied to the key generation unit described in the present application, and the method includes the following steps:
firstly, in step S401, a source data decryption unit acquires encrypted source data for decryption to obtain a decrypted source key and a decrypted hierarchical encryption and decryption algorithm;
then step S402 is carried out, the root key operation unit calculates to obtain root key information according to the decrypted source key;
and then, in the step S403, the hierarchy decryption operation unit acquires hierarchy key information, a hierarchy key encryption and decryption algorithm and root key information, and decrypts the hierarchy key information by using the root key information according to the hierarchy key encryption and decryption algorithm to obtain access key information.
Generally, the key generation unit 30 needs to perform certain factory settings before being put into use, specifically, some verification data needed in the key generation process is solidified inside the key generation unit 30, as shown in fig. 5, the method includes the following steps:
the process first advances to step S501 to preset a user security level and stores the set user security level in the user level storage unit.
And then proceeds to step S502 to set the source key.
Step S502 may be followed by step S503 of obtaining hierarchical key information and handshake request information through a derivation algorithm according to the source key; synchronously, step S505 may be entered to set a corresponding security level and user identification information corresponding to the user for the current user.
Step S503 may be followed by step S504 of storing the hierarchical key information and the handshake request information in a hierarchical key information storage unit.
Then, the process proceeds to step S506 to complete the initial setting of the user key.
As shown in fig. 6, in some embodiments, the key generation method includes the steps of:
the method first proceeds to step S601, where the source data storage unit stores encrypted source data, where the source data includes a source key and a hierarchical encryption/decryption algorithm.
Then, in step S602, the source data decryption unit may obtain the encrypted source data for decryption, to obtain a decrypted source key and a decrypted hierarchical encryption/decryption algorithm, send the decrypted source key to the root key operation unit, and store the decrypted hierarchical key encryption/decryption algorithm in the algorithm information storage unit.
In parallel with step S601 and step S602, it may be proceeded to step S603 where the hierarchy information storage unit stores hierarchy key information; the user identification information storage unit stores user identification information.
After step S602 and step S603, step S604 may be performed by the root key operation unit to obtain the user identifier information and the decrypted source key, and perform hash operation on the user identifier information according to the decrypted source key to obtain root key information.
After step S604, the step S605 may be performed by the hierarchical decryption operation unit to obtain the hierarchical key encryption and decryption algorithm, the hierarchical key information, and the root key information, and the hierarchical key encryption and decryption algorithm is used to decrypt the hierarchical key information using the root key information, so as to obtain the access key information.
It should be noted that, although the above embodiments have been described herein, the scope of the present invention is not limited thereby. Therefore, based on the innovative concept of the present invention, the changes and modifications of the embodiments described herein, or the equivalent structure or equivalent process changes made by the contents of the specification and the drawings of the present invention, directly or indirectly apply the above technical solutions to other related technical fields, all included in the scope of the present invention.
Claims (10)
1. A high security level data access device based on structured light array recognition, the device comprising: the system comprises a structured light array comparison unit, a legal structured light array information storage unit, a user grade storage unit, a user verification information storage unit, a first decryption circuit, a verification key storage unit, a key generation unit, a digital signature operation unit, a user information comparison unit, a read-write control circuit and a data storage unit; the data storage unit comprises a first security level storage area and a second security level storage area;
the structure light array comparison unit is respectively connected with the structure light array acquisition unit, the legal structure light array information storage unit, the user grade storage unit, the user verification information storage unit and the key generation unit, the key generation unit is connected with the digital signature operation unit, and the digital signature operation unit is connected with the user information comparison unit;
the first decryption circuit is respectively connected with the user verification information storage unit, the verification key storage unit and the user information comparison unit, the user information comparison unit is connected with the read-write control circuit, and the read-write control circuit is respectively connected with the first safety level storage area and the second safety level storage area.
2. The structured light array based identification high security level data access device as claimed in claim 1, wherein the device comprises a second encryption/decryption circuit, and the second encryption/decryption circuit is connected to the key generation unit and the user information comparison unit respectively.
3. The structured light array based identified high security level data access device according to claim 2, further comprising a read-write limiting unit, wherein the read-write limiting unit is connected to the second encryption/decryption unit and the structured light array comparison unit respectively;
the reading and writing limiting unit is used for acquiring the current user security level transmitted by the structured light array comparison unit after receiving a data reading and writing instruction sent by data reading and writing equipment, and limiting the position of a data storage area in the data storage unit which can be accessed by the data reading and writing instruction according to the current user security level.
4. The structured light array identification based high security level data access device of claim 1, further comprising a counter and an erase circuit; the counter is respectively connected with the structured light array comparison unit and the erasing circuit, and the erasing circuit is connected with the read-write control circuit.
5. The structured light array identification based high security level data access device of claim 1, further comprising a key recording unit coupled to the key generation unit.
6. The structured light array recognition-based high security level data access device of claim 1, wherein the read-write control circuit is a NAND read-write controller.
7. The structured light array identification-based high security level data access device of claim 1, wherein the key generation unit comprises a source data decryption unit, a root key operation unit and a hierarchy decryption operation unit; the source data decryption unit is connected with a root key operation unit, and the root key operation unit is connected with a hierarchy decryption operation unit;
the source data decryption unit is used for acquiring the encrypted source data for decryption to obtain a decrypted source key and a decrypted hierarchical encryption and decryption algorithm;
a root key operation unit, configured to calculate root key information according to the decrypted source key;
and the hierarchy decryption operation unit is used for acquiring hierarchy key information, a hierarchy key encryption and decryption algorithm and root key information, and decrypting the hierarchy key information by adopting the root key information according to the hierarchy key encryption and decryption algorithm to obtain access key information.
8. The structured light array identification based high security level data access device of claim 7, wherein the key generation unit further comprises:
a hierarchy information storage unit for storing hierarchy key information;
and the main control chip is connected with the hierarchy information storage unit and the hierarchy decryption operation unit and is used for acquiring hierarchy key information from the hierarchy information storage unit according to the security level corresponding to the current user and sending the hierarchy key information to the hierarchy decryption operation unit.
9. The structured light array identification-based high security level data access device of claim 8, wherein the hierarchical decryption operation unit comprises a primary decryption operation unit and a secondary decryption operation unit; the hierarchical key information includes first hierarchical key information and second hierarchical key information; the hierarchical encryption and decryption algorithm comprises a first hierarchical encryption and decryption algorithm and a second hierarchical encryption and decryption algorithm;
the main control chip is distributed and connected with the primary decryption operation unit and the secondary decryption operation unit and is used for acquiring primary hierarchy key information from the hierarchy information storage unit, transmitting the primary hierarchy key information to the primary decryption operation unit, acquiring secondary hierarchy key information from the hierarchy information storage unit and transmitting the secondary hierarchy key information to the secondary decryption operation unit;
the first-level decryption operation unit is used for decrypting the first-level key information by adopting the root key information according to the first-level key encryption and decryption algorithm to obtain a first-level key;
and the second-level decryption operation unit is used for acquiring the first-level key and decrypting the second-level key information by adopting the first-level key information according to the second-level key encryption and decryption algorithm to obtain a second-level key.
10. The structured light array identification based high security level data access device of claim 8, wherein the hierarchical information storage unit is further configured to store handshake request information and handshake response information;
the key generation unit further comprises a handshake decryption operation circuit, a handshake encryption operation circuit and a handshake information check circuit, wherein the handshake decryption operation circuit is connected with the main control chip and the handshake encryption operation circuit in a distributed manner, and the handshake encryption operation circuit is connected with the handshake information check circuit;
the handshake decryption operation circuit is used for decrypting the access key information by adopting the access key information to obtain handshake encryption key information;
the handshake encryption operation circuit is used for receiving the handshake request information sent by the main control chip and encrypting the handshake request information by adopting the handshake encryption key information to obtain handshake encryption information;
and the handshake information check circuit is used for acquiring the handshake encryption information and handshake response information sent by the main control chip, judging whether the handshake encryption information and the handshake response information are matched, and outputting the access key information if the handshake encryption information and the handshake response information are matched.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202022645007.2U CN213814671U (en) | 2020-11-16 | 2020-11-16 | High-security-level data access device based on structured light array recognition |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202022645007.2U CN213814671U (en) | 2020-11-16 | 2020-11-16 | High-security-level data access device based on structured light array recognition |
Publications (1)
Publication Number | Publication Date |
---|---|
CN213814671U true CN213814671U (en) | 2021-07-27 |
Family
ID=76933942
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202022645007.2U Active CN213814671U (en) | 2020-11-16 | 2020-11-16 | High-security-level data access device based on structured light array recognition |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN213814671U (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115859338A (en) * | 2023-02-15 | 2023-03-28 | 毛茸茸(西安)智能科技有限公司 | Chip data security protection method based on multi-stage key dynamic verification |
-
2020
- 2020-11-16 CN CN202022645007.2U patent/CN213814671U/en active Active
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115859338A (en) * | 2023-02-15 | 2023-03-28 | 毛茸茸(西安)智能科技有限公司 | Chip data security protection method based on multi-stage key dynamic verification |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6268788B1 (en) | Apparatus and method for providing an authentication system based on biometrics | |
US6230272B1 (en) | System and method for protecting a multipurpose data string used for both decrypting data and for authenticating a user | |
US8572392B2 (en) | Access authentication method, information processing unit, and computer product | |
US5844497A (en) | Apparatus and method for providing an authentication system | |
KR101659110B1 (en) | Method for authenticating access to a secured chip by a test device | |
US8819443B2 (en) | Methods and devices for authentication and data encryption | |
US9858401B2 (en) | Securing transactions against cyberattacks | |
US7131009B2 (en) | Multiple factor-based user identification and authentication | |
CN103929306B (en) | The approaches to IM of intelligent cipher key equipment and intelligent cipher key equipment | |
US20030219121A1 (en) | Biometric key generation for secure storage | |
CN112364323A (en) | High-security storage access method and device based on user iris recognition | |
CN101291224A (en) | Method and system for processing data in communication system | |
US20120096280A1 (en) | Secured storage device with two-stage symmetric-key algorithm | |
JPH11306088A (en) | Ic card and ic card system | |
CN112836221B (en) | Multi-security-level partition portable solid state disk and design method thereof | |
CN112887085B (en) | Method, device and system for generating security key of SSD (solid State disk) main control chip | |
CN109214164A (en) | Computer communication security login method Internet-based and system | |
CN112364324A (en) | High-security-level data access method and device based on voiceprint recognition | |
CN112272090B (en) | Key generation method and device | |
CN112906071B (en) | Data protection method and device based on page temperature dynamic cold-hot switching | |
CN213814671U (en) | High-security-level data access device based on structured light array recognition | |
CN112364316B (en) | High-security-level data access method and device based on structured light array identification | |
CN213814673U (en) | Multi-security-level storage access device based on user fingerprint identification | |
CN112347446A (en) | Multi-security-level storage access method and device based on user face recognition | |
CN213817804U (en) | Secret key generating device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP01 | Change in the name or title of a patent holder | ||
CP01 | Change in the name or title of a patent holder |
Address after: No.302, no.6, zone 2, Fuhai Industrial Zone, Fuyong community, Fuyong street, Bao'an District, Shenzhen City, Guangdong Province Patentee after: Shenzhen anjilite New Technology Co.,Ltd. Address before: No.302, no.6, zone 2, Fuhai Industrial Zone, Fuyong community, Fuyong street, Bao'an District, Shenzhen City, Guangdong Province Patentee before: Shenzhen anjili New Technology Co.,Ltd. |