CN108416232A - encryption method for storage device - Google Patents
encryption method for storage device Download PDFInfo
- Publication number
- CN108416232A CN108416232A CN201810175494.5A CN201810175494A CN108416232A CN 108416232 A CN108416232 A CN 108416232A CN 201810175494 A CN201810175494 A CN 201810175494A CN 108416232 A CN108416232 A CN 108416232A
- Authority
- CN
- China
- Prior art keywords
- storage device
- subregion
- encryption method
- data
- storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
Include the steps that subregion is carried out to storage device and is independently encrypted the invention discloses a kind of encryption method of storage device;The step of storage device is started using the Bootloader of versatility;The step of storage card is started using jabber mode.The method of the present invention to storage device by carrying out subregion, and provide the access mode of each subregion, to improve the Information Security of storage device, and storage device is unlocked and is started using the Bootloader of versatility, improve the versatility of storage device, data are encrypted using I/O link encrypted mode simultaneously, to further improve reliability and the safety of storage device.
Description
Technical field
Present invention relates particularly to a kind of encryption methods for storage device.
Background technology
With the development and the improvement of people's living standards of national economy technology, storage device is early widely used to people
Production and life among, endless facility is brought to the production and life of people.
Storage device includes all types of storage devices such as storage card, mobile storage disc, hard disk, carries data storage
Vital task.And most important resource one of of the data as the present world, the safety of data are particularly important.
The hardware carrier that storage device is stored as data, safety are even more important.Now, it has been widely present various
Encryption method for storage device of various kinds, such as the encryption of full disk encryption, subregion etc., can play hard disc data certain
Protective effect.
But current encryption method, every time unlock are required to input corresponding secret key;If the system started as master
System area can not only be encrypted or activation system before to system area input key be unlocked.But it is above-mentioned no matter which kind of
All there is certain limitation in cipher mode so that encrypted process reliability is not high, is easier to be cracked.
Invention content
The purpose of the present invention is to provide a kind of cryptographic security height, crack the storage device that difficulty is big and enciphering rate is fast
Encryption method.
The encryption method of this storage device provided by the invention, includes the following steps:
Subregion, and the step of each subregion is independently encrypted are carried out to storage device;
The step of storage device is started using the Bootloader of versatility;
The step of storage card is started using jabber mode.
Described carries out subregion to storage device, specially carries out subregion using following rule:
R1. the memory space of storage device is divided into N number of memory block, N is the natural number not less than 2;
R2. n memory block is divided into directorial area in N number of memory block;It is connect by the data of customization and if only if user
Eloquence can access the directorial area and data;N is the natural number no more than N;
If R3. occurring decrypting process mistake during the data to directorial area access, locking storage immediately
All subregions of equipment, to ensure the Information Security of storage device.
Described carries out independent encryption to each subregion, specially I/O link is used to encrypt;Data on each subregion exist
It is encrypted on I/O path.
Described is encrypted as using 256 XTS algorithm for encryption of AES.
The Bootloader using versatility is unlocked and starts to storage device, specially uses
GRUB2 Bootloaders are unlocked and start to storage device.
Described starts storage card using jabber mode, is specially started using following rule:
If r1. storage device starts as master, necessary in setting time T when host starts reading and writing memory card
It reads storage device and is unlocked operation:If continuing to unlock storage device more than setting time T aft engines, system directly locking is deposited
Equipment is stored up, to ensure the data safety of storage device;
The encryption method of this storage device provided by the invention by carrying out subregion to storage device, and provides each
The access mode of subregion, to improve the Information Security of storage device, and using the Bootloader pair of versatility
Storage device is started, and improves the versatility of storage device, while adding to data by the way of IO link encryptions
It is close, to further improve reliability and the safety of storage device.
Description of the drawings
Fig. 1 is the method schematic diagram of the method for the present invention.
Specific implementation mode
It is the method schematic diagram of the method for the present invention as shown in Figure 1:The encryption method of this storage device provided by the invention,
Include the following steps:
Subregion, and the step of each subregion is independently encrypted are carried out to storage device;
Subregion is carried out using following rule when subregion:
R1. the memory space of storage device is divided into N number of memory block, N is the natural number not less than 2;
R2. n memory block is divided into directorial area in N number of memory block;It is connect by the data of customization and if only if user
Eloquence can access the directorial area and data;N is the natural number no more than N;
If R3. occurring decrypting process mistake during the data to directorial area access, locking storage immediately
All subregions of equipment, to ensure the Information Security of storage device;
I/O link encryption specifically may be used when encryption;Data on each subregion are encrypted on I/O path (can be with
It is encrypted using 256 XTS algorithms of AES);Due to being encrypted using I/O link, in the mistake of digital independent and write-in
It is the process of encryption and decryption in journey, therefore prevents to crack the possibility of data from the root cause from hardware;
Storage device is unlocked and is opened using the Bootloader (such as GRUB2 Bootloaders) of versatility
Dynamic step;Due to being solved to storage device using the Bootloader (such as GRUB2 Bootloaders) of versatility
It locks and starts, therefore Windows and Linux series can be guided simultaneously, have good portability;
The step of storage card is started using jabber mode;Specially started using following rule:
If r1. storage device starts as master, necessary in setting time T when host starts reading and writing memory card
It reads storage device and is unlocked operation:If continuing to unlock storage device more than setting time T aft engines, system directly locking is deposited
Equipment is stored up, to ensure the data safety of storage device.
Claims (6)
1. a kind of encryption method of storage device, includes the following steps:
Subregion, and the step of each subregion is independently encrypted are carried out to storage device;
The step of storage device is started using the Bootloader of versatility;
The step of storage card is started using jabber mode.
2. the encryption method of storage device according to claim 1, it is characterised in that described to divide storage device
Area specially carries out subregion using following rule:
R1. the memory space of storage device is divided into N number of memory block, N is the natural number not less than 2;
R2. n memory block is divided into directorial area in N number of memory block;And if only if the data-interface ability that user passes through customization
The directorial area and data can be accessed;N is the natural number no more than N;
If R3. occurring decrypting process mistake during the data to directorial area access, storage device is locked immediately
All subregions, to ensure the Information Security of storage device.
3. the encryption method of storage device according to claim 1 or 2, it is characterised in that described to be carried out to each subregion
Independent encryption specially uses I/O link to encrypt;Data on each subregion are encrypted on I/O path.
4. the encryption method of storage device according to claim 3, it is characterised in that described is encrypted as using AES 256
XTS algorithm for encryption.
5. the encryption method of storage device according to claim 3, it is characterised in that the startup using versatility
Bootstrap is unlocked and starts to storage device, is specially solved to storage device using GRUB2 Bootloaders
It locks and starts.
6. the encryption method of storage device according to claim 3, it is characterised in that described uses jabber mode to depositing
Card storage is started, and is specially started using following rule:
If r1. storage device starts as master, when host starts reading and writing memory card, must read to deposit in setting time T
Storage equipment is unlocked operation:If continuing to unlock storage device more than setting time T aft engines, system directly locks storage and sets
It is standby, to ensure the data safety of storage device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810175494.5A CN108416232A (en) | 2018-03-02 | 2018-03-02 | encryption method for storage device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810175494.5A CN108416232A (en) | 2018-03-02 | 2018-03-02 | encryption method for storage device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108416232A true CN108416232A (en) | 2018-08-17 |
Family
ID=63129544
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810175494.5A Pending CN108416232A (en) | 2018-03-02 | 2018-03-02 | encryption method for storage device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108416232A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112199740A (en) * | 2020-12-03 | 2021-01-08 | 飞天诚信科技股份有限公司 | Encryption lock implementation method and encryption lock |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102955746A (en) * | 2011-08-18 | 2013-03-06 | 北京爱国者信息技术有限公司 | Read-only mode mobile storage device and data access method thereof |
| CN103279431A (en) * | 2013-05-23 | 2013-09-04 | 青岛海信宽带多媒体技术有限公司 | Access method for kinds of permissions of memorizer |
| CN103617127A (en) * | 2013-12-04 | 2014-03-05 | 杭州华澜微科技有限公司 | Memory device with subareas and memorizer area dividing method |
| CN105095945A (en) * | 2014-05-07 | 2015-11-25 | 中兴软创科技股份有限公司 | SD card capable of securely storing data |
| CN107563213A (en) * | 2017-09-29 | 2018-01-09 | 北京计算机技术及应用研究所 | A kind of safe and secret control device of anti-storage device data extraction |
-
2018
- 2018-03-02 CN CN201810175494.5A patent/CN108416232A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102955746A (en) * | 2011-08-18 | 2013-03-06 | 北京爱国者信息技术有限公司 | Read-only mode mobile storage device and data access method thereof |
| CN103279431A (en) * | 2013-05-23 | 2013-09-04 | 青岛海信宽带多媒体技术有限公司 | Access method for kinds of permissions of memorizer |
| CN103617127A (en) * | 2013-12-04 | 2014-03-05 | 杭州华澜微科技有限公司 | Memory device with subareas and memorizer area dividing method |
| CN105095945A (en) * | 2014-05-07 | 2015-11-25 | 中兴软创科技股份有限公司 | SD card capable of securely storing data |
| CN107563213A (en) * | 2017-09-29 | 2018-01-09 | 北京计算机技术及应用研究所 | A kind of safe and secret control device of anti-storage device data extraction |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112199740A (en) * | 2020-12-03 | 2021-01-08 | 飞天诚信科技股份有限公司 | Encryption lock implementation method and encryption lock |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9240883B2 (en) | Multi-key cryptography for encrypting file system acceleration | |
| CN101938497B (en) | Multistage security file structure as well as file access control and secret key management user terminal, service terminal, system and method thereof | |
| CN103366132B (en) | Equipment and method for encryption data | |
| JPH10198606A (en) | Method and system for safely transferring and preserving protection enabled information | |
| US8200964B2 (en) | Method and apparatus for accessing an encrypted file system using non-local keys | |
| CN104573551A (en) | File processing method and mobile terminal | |
| US7841014B2 (en) | Confidential information processing method, confidential information processor, and content data playback system | |
| EP2924953A1 (en) | Method and system for encrypted data synchronization for secure data management | |
| CN102236607B (en) | Data security protection method and data security protection device | |
| CN104778954B (en) | A kind of CD subregion encryption method and system | |
| CN1776563A (en) | File encrypting device based on USB interface | |
| CN106100851B (en) | Password management system, intelligent wristwatch and its cipher management method | |
| Belenko et al. | “Secure Password Managers” and “Military-Grade Encryption” on Smartphones: Oh, Really? | |
| Shekhtman et al. | EngraveChain: Tamper-proof distributed log system | |
| CN111008390A (en) | Root key generation protection method and device, solid state disk and storage medium | |
| CN110213051A (en) | A kind of fine-grained encryption and decryption method and system of catalogue | |
| CN102289607A (en) | Universal serial bus (USB) device verification system and method | |
| CN111177783B (en) | Method and device for preventing mobile storage medium from being divulged | |
| CN106529261A (en) | UKey and method used for synchronization of offline business data | |
| CN111539042B (en) | Safe operation method based on trusted storage of core data files | |
| CN112711764A (en) | Data reading and writing method and device and electronic equipment | |
| CN108416232A (en) | encryption method for storage device | |
| CN109964445A (en) | For protection (anti-clone) method and system of unwarranted duplication | |
| CN112287415B (en) | USB storage device access control method, system, medium, device and application | |
| CN115935391A (en) | Card manufacturing method, card issuing method, device, medium, and program product for IC card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180817 |
|
| RJ01 | Rejection of invention patent application after publication |