CN218273385U - Hard disk access control circuit, system, solid state disk and storage device - Google Patents
Hard disk access control circuit, system, solid state disk and storage device Download PDFInfo
- Publication number
- CN218273385U CN218273385U CN202221691256.8U CN202221691256U CN218273385U CN 218273385 U CN218273385 U CN 218273385U CN 202221691256 U CN202221691256 U CN 202221691256U CN 218273385 U CN218273385 U CN 218273385U
- Authority
- CN
- China
- Prior art keywords
- circuit
- key
- control circuit
- hard disk
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The utility model discloses a hard disk access control circuit, system, solid state hard drives and storage device, wherein hard disk access control circuit includes: the system comprises a master control state machine, a first key memory, a random number generator, a key reading control circuit, a first hash algorithm circuit, an input control circuit and a comparison circuit; the first key memory, the random number generator, the key reading control circuit, the first hash algorithm circuit, the input control circuit and the comparison circuit are all in control connection with the master control state machine; the first key memory is connected with the key reading control circuit; the key reading control circuit and the random number generator are both connected with the first hash algorithm circuit; the first hash algorithm circuit and the input control circuit are both connected with the comparison circuit. The utility model discloses resistance "replay attack" that can be better has improved solid state hard disk's security.
Description
Technical Field
The utility model relates to a storage technology field especially relates to a hard disk access control circuit, system, solid state hard drives and storage equipment.
Background
Solid State Disks (SSD) are a substitute for traditional mechanical hard disks. The internal circuit of a typical solid state disk comprises a main control chip, DDR memory particles, NAND Flash memory chip particles, SPI Flash particles and the like. In some application scenarios, the solid state disk has a requirement on data security, that is, it is ensured that only authorized personnel are allowed to access data in the solid state disk, and an access request of an illegal user should be denied. One currently adopted security access mode is to adopt a fixed authorization code and a fixed system ID (Identity identification number) value, which is relatively poor in security and unable to resist "replay attack", as long as an attacker can monitor 1 normal access process by an illegal means, and then adopt the same authorization code and the same ID value, the security system of the solid state disk can be cheated, and cracking is realized.
Therefore, a solid state disk access system which is better resistant to 'replay attack' is needed.
SUMMERY OF THE UTILITY MODEL
In view of the above problem, the utility model provides a hard disk access control circuit, system, solid state hard drives and storage device can be better resist "replay attack", has improved solid state hard drives's security.
In a first aspect, the present application provides the following technical solutions through an embodiment:
a hard disk access control circuit comprising:
the system comprises a master control state machine, a first key memory for storing a key, a random number generator for generating a random number, a key reading control circuit for reading the key in the first key memory, a first hash algorithm circuit for generating a first digest value based on the random number and the key, an input control circuit for receiving a second digest value generated by a host based on the random number and the key, and a comparison circuit for comparing the first digest value with the second digest value; the first key memory, the random number generator, the key reading control circuit, the first hash algorithm circuit, the input control circuit and the comparison circuit are all in control connection with the master control state machine; the first key memory is connected with the key reading control circuit; the key reading control circuit and the random number generator are both connected with the first hash algorithm circuit; the first hash algorithm circuit and the input control circuit are both connected with the comparison circuit.
Optionally, the system further includes a key write control circuit for writing a key into the first key storage, the key write control circuit is connected to the master control state machine in a control manner, and the key write control circuit is connected to the first key storage.
Optionally, the system further comprises a first cache register and a second cache register, and the first cache register and the second cache register are both in control connection with the master control state machine; the first hash algorithm circuit is connected with the comparison circuit through the first cache register, and the input control circuit is connected with the comparison circuit through the second cache register.
Optionally, the first key storage is a charged erasable programmable read only memory.
In a second aspect, based on the same inventive concept, the present application provides the following technical solutions through an embodiment:
a solid state disk comprises an interface circuit and the hard disk access control circuit in any one of the first aspect; the interface circuit is connected with the comparison circuit.
Optionally, the interface circuit is a PCIe interface circuit and/or a SATA interface circuit.
In a third aspect, based on the same inventive concept, the present application provides the following technical solutions through an embodiment:
a hard disk access control system comprises a host and a hard disk access control circuit of any one of the first aspect; the host comprises an output interface circuit and a second hash algorithm circuit for generating a second digest value based on the random number and the key; the second hash algorithm circuit is connected with the random number generator and the output interface circuit.
Optionally, the host further includes a second key storage, and the second key storage is connected to the hash algorithm circuit.
Optionally, the host further includes a third buffer register, and the hash algorithm circuit is connected to the output interface circuit through the third buffer register.
In a fourth aspect, based on the same inventive concept, the present application provides the following technical solutions through an embodiment:
a storage device comprising a hard disk access control system as described in any of the preceding third aspects.
The embodiment of the utility model provides an in the technical scheme who provides, following technological effect or advantage have at least:
the embodiment of the utility model provides a provide a hard disk access control circuit, system, solid state hard drives and storage device, wherein hard disk access control circuit includes: the system comprises a master control state machine, a first key memory for storing a key, a random number generator for generating a random number, a key reading control circuit for reading the key in the first key memory, a first hash algorithm circuit for generating a first digest value based on the random number and the key, an input control circuit for receiving a second digest value generated by a host based on the random number and the key, and a comparison circuit for comparing the first digest value with the second digest value; the first key memory, the random number generator, the key reading control circuit, the first hash algorithm circuit, the input control circuit and the comparison circuit are all in control connection with the master control state machine; the first key memory is connected with the key reading control circuit; the key reading control circuit and the random number generator are both connected with the first hash algorithm circuit; the first hash algorithm circuit and the input control circuit are both connected with the comparison circuit. Because the random number generator is added in the hard disk access control circuit in the embodiment, random numbers for performing hash calculation by the hard disk access control circuit every time are different, even if an attacker monitors and records communication contents between the hard disk access control circuit and the hard disk access control circuit, the attacker still does not know what value (random number) the next expected call is, so that the attacker cannot crack in a 'replay' mode, and the safety of the hard disk is effectively improved.
The above description is only an overview of the technical solutions of the present invention, and in order to make the technical means of the present invention more clearly understood, the present invention may be implemented according to the content of the description, and in order to make the above and other objects, features, and advantages of the present invention more obvious and understandable, the following detailed description of the present invention is given.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a schematic structural diagram of a hard disk access control circuit in an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a solid state disk in an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a hard disk access control system according to an embodiment of the present invention;
fig. 4 is a flowchart of authentication between the host and the hard disk in the embodiment of the present invention.
Reference numerals:
10-a hard disk access control circuit; 11-a master state machine; 12-a first key store; 13-a random number generator; 14-a key reading control circuit; 15-a first hash algorithm circuit; 16-an input control circuit; 17-a comparison circuit; 18-a key write control circuit; 19-a first cache register; 20-a second cache register; 100-solid state disk; 200-a host; 201-a second key store; 202-a second hash algorithm circuit; 204-output interface circuitry; 205-a third cache register; 301-interface circuitry; 302-a processor; 303-DRAM controller; 304-a flash memory controller; 305-DRAM memory; 306-flash memory array.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Referring to fig. 1, a hard disk access control circuit 10 according to an embodiment of the present invention is shown, where the hard disk access control circuit 10 includes: a master state machine 11; a first key store 12 for storing keys; a random number generator 13 for generating random numbers; a key read control circuit 14 for reading a key in the first key storage 12; a first hash algorithm circuit 15 for generating a first digest value based on said random number and said key; an input control circuit 16 for receiving a second digest value generated by the host based on the random number and the secret key; and a comparison circuit 17 for comparing the first digest value and the second digest value.
The first key memory 12, the random number generator 13, the key reading control circuit 14, the first hash algorithm circuit 15, the input control circuit 16 and the comparison circuit 17 are all in control connection with the master control state machine 11; the first key memory 12 is connected with the key reading control circuit 14; the key reading control circuit 14 and the random number generator 13 are both connected with the first hash algorithm circuit 15; the first hash algorithm circuit 15 and the input control circuit 16 are both connected to a comparison circuit 17. It should be noted that, in this embodiment, the main state controller 11 and other circuit structures of the hard disk access control circuit 10 may have a control connection relationship, and some structures described later are not shown in the drawings.
The hard disk access control circuit 10 operates on the principle that a predetermined key may be stored in the first key storage 12 first. When data needs to be written into or read from the hard disk, the master control state machine 11 may control the key reading control circuit 14 to read the stored key from the first key storage 12, and send the key to the first hash algorithm circuit 15; the master state machine 11 also controls the random number generator 13 to generate a random number and sends the random number to the first hash algorithm circuit 15 and the host connected to the hard disk. Then, the master state machine 11 may control the first hash algorithm circuit 15 to perform a hash calculation to obtain the first digest value. On the host side, the same second hash algorithm circuit 202 may be arranged in the host to perform hash calculation on the random number and the key to obtain a second digest value. Then, the master control state machine 11 controls the comparison circuit 17 to compare the first abstract value with the second abstract value, if the first abstract value and the second abstract value are the same, the authentication is passed, and the communication interface is opened, so that the hard disk data can be accessed through the host; otherwise, determining as an illegal host, and deactivating a communication interface between the hard disk and the host.
Because the random number generator 13 is added in the application, random numbers of hash calculation performed by the hard disk access control circuit 10 every time are different, even if an attacker monitors and records communication contents between the random numbers and the hard disk access control circuit, the attacker still does not know what value (random number) the next expected call should be, so that the attacker cannot crack in a 'playback' mode, and the safety of the hard disk is effectively improved.
In this embodiment, the hash algorithm circuit is specifically configured to perform a calculation on a set of input data, that is, calculate a random number and a secret key, so as to obtain a calculation result, that is, a digest value or a hash value. The hash algorithm is also called as digest algorithm or hash algorithm, and the result is a hash value, also called as digest value. For example, common hash algorithms are: SHA1, SHA3, SHA256, SM3, MD5, and so on.
The hard disk access control circuit 10 in this embodiment may further include a key write control circuit 18 for writing a key into the first key storage 12, the key write control circuit 18 is in control connection with the master state machine 11, and the key write control circuit 18 is connected with the first key storage 12. For example, an administrator can periodically adjust and replace the keys in the key storage through the key write control circuit 18, thereby improving security. The first key storage 12 may be a charged Erasable Programmable read only memory (EEPROM).
The hard disk access control circuit 10 in this embodiment may further include a first cache register 19 and a second cache register 20, where the first cache register 19 and the second cache register 20 are both in control connection with the master control state machine 11; the first hash algorithm circuit 15 is connected to the comparison circuit 17 via a first buffer register 19, and the input control circuit 16 is connected to the comparison circuit 17 via a second buffer register 20. When the first digest value calculated by the hash algorithm circuit can be temporarily cached in the first cache register, the second digest value obtained by the input control circuit 16 can be temporarily cached in the second cache register 20; when the comparison circuit 17 is working, the first abstract value and the second abstract value can be extracted at the same time for comparison calculation.
Referring to fig. 2, in another embodiment of the present invention, a solid state disk 100 is further provided, where the solid state disk 100 includes an interface circuit 301 and a hard disk access control circuit 10 described in any of the foregoing embodiments; the interface circuit 301 is connected to the comparison circuit 17. The interface circuit 301 may be a PCIe interface circuit and/or a SATA interface circuit. It is understood that the interface circuit 301 may belong to a controller chip portion of the solid state disk 100, and the controller chip portion of the solid state disk 100 may further include a processor (CPU) 302, a DRAM (Dynamic Random Access Memory) controller 303, and a flash Memory controller 304; in addition, the storage portion of the solid state disk 100 may include, without limitation, a DRAM memory 305 and a Flash memory array 306 (e.g., a NAND Flash memory array). The above-described structures not described in detail are prior art known to those skilled in the art. For example, the processor 302, the flash memory controller 304, the DRAM controller 303, and the like can be specifically implemented in the book "deep and shallow SSD" of mechanical industry publisher, which is not described in detail in this embodiment.
Referring to fig. 3, in another embodiment of the present invention, a hard disk access control system is further provided, including a host 200 and the hard disk access control circuit 10 (which may also be the solid state disk 100 in the foregoing embodiment) in any one of the foregoing embodiments; the host 200 comprises an output interface circuit 204 and a second hash algorithm circuit 202 for generating a second digest value based on the random number and the key; the second hash algorithm circuit 202 is connected to the random number generator 13 and the output interface circuit 204. The host 200 may be a Personal Computer (PC), without limitation.
It is understood that the random number generator 13 in the solid state disk 100 may be further connected to the second hash algorithm circuit 202 of the host 200; alternatively, the host 200 may be provided with the same random number generator 13 connected to the hash algorithm circuit, and the two random number generators 13 are guaranteed to generate the same random number each time. A second key storage 201 is also provided in the host 200, and the second key storage 201 is connected to the hash algorithm circuit. The second key store 201 stores the same keys as the first key store 12. The host 200 may further comprise a third cache register 205, the hash algorithm circuit being connected to the output interface circuit 204 via the third cache register 205. The second digest value calculated by the second hash algorithm circuit 202 is temporarily stored in the third cache register 205, so that the second digest value is transmitted to the input control circuit 16 of the solid state disk 100 through the output interface circuit 204.
Referring to fig. 4, the principle of the hard disk access control system in the present embodiment is further illustrated and described by an example.
Before application deployment is performed on the solid state disk 100, 1 key B may be constructed and written into the first key storage 12 of the solid state disk 100 and the second key storage 201 of the host 200, so that both ends of the solid state disk 100 and the host 200 are the same key B.
Next, the solid state disk 100 is deployed into the host 200, and needs to be authenticated and authorized. If the host is illegal, the authentication process cannot be completed, and the solid state disk 100 cannot respond to the data read-write access of the host 200; if the host is legal, the solid state disk 100 can be read and written normally through the authentication process. The authentication and authorization process is as follows:
when the authentication starts, the master state machine 11 in the solid state disk 100 controls the random number generator 13 to generate 1 random number a, and sends the random number a to the host 200. Next, the solid state disk 100 starts the first hash algorithm circuit 15 based on the random number a and the secret key B, and calculates a first digest value C. At the host end, the host 200 receives the random number a, and in combination with the key B, invokes the second hash algorithm circuit 202 to calculate a second digest value D; the host 200 outputs the second digest value D to the solid-state disk 100. After receiving the second digest value D, the solid state disk 100 compares the second digest value D with the first digest value C. If the first digest value C and the second digest value D are the same, which indicates that the host 200 is "legal", the communication interface (PCIe, SATA, or PCI) is turned on, and the PC is allowed to access the data in the SSD; otherwise, if the host 200 is an illegal host, the communication interface is disabled, and the read-write access request of the host 200 to the solid state disk 100 is not responded.
Through the deployment process, the safety of the data in the solid state disk 100 can be effectively improved, the data in the solid state disk 100 cannot be read on the host 200 which fails in authentication, and due to the existence of the random number generator 13, the data for calculating the digest value every time are different, so that the 'replay' attack can be effectively resisted.
In another embodiment of the present invention, there is provided a storage device including the hard disk access control system in any one of the foregoing embodiments.
It should be noted that, because the storage device provided in this embodiment adopts the hard disk access control system in the foregoing embodiment, or adopts the hard disk access control circuit 10 in the foregoing embodiment, effective effects of the storage device may refer to descriptions and explanations in the hard disk access control system or the hard disk access control circuit 10 in the foregoing embodiment, and are not described in detail in this embodiment.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: rather, the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the apparatus of an embodiment may be adaptively changed and disposed in one or more apparatuses other than the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Moreover, those of skill in the art will understand that although some embodiments herein include some but not other features included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Claims (10)
1. A hard disk access control circuit, comprising:
a master state machine, a first key storage for storing a key, a random number generator for generating a random number, a key reading control circuit for reading the key in the first key storage, a first hash algorithm circuit for generating a first digest value based on the random number and the key, an input control circuit for receiving a second digest value generated by a host based on the random number and the key, and a comparison circuit for comparing the first digest value and the second digest value;
the first key memory, the random number generator, the key reading control circuit, the first hash algorithm circuit, the input control circuit and the comparison circuit are all in control connection with the master control state machine; the first key memory is connected with the key reading control circuit; the key reading control circuit and the random number generator are both connected with the first hash algorithm circuit; the first hash algorithm circuit and the input control circuit are both connected with the comparison circuit.
2. The hard disk access control circuit of claim 1 further comprising a key write control circuit for writing a key into the first key store, the key write control circuit in control connection with the master state machine, the key write control circuit in connection with the first key store.
3. The hard disk access control circuit of claim 1, further comprising a first cache register and a second cache register, both the first cache register and the second cache register being in control connection with the master state machine; the first hash algorithm circuit is connected with the comparison circuit through the first cache register, and the input control circuit is connected with the comparison circuit through the second cache register.
4. The hard disk access control circuit of claim 1 wherein the first key memory is a powered erasable programmable read only memory.
5. A solid state disk comprising an interface circuit and the disk access control circuit of any of claims 1-4; the interface circuit is connected with the comparison circuit.
6. The solid state disk of claim 5, wherein the interface circuit is a PCIe interface circuit and/or a SATA interface circuit.
7. A hard disk access control system comprising a host and the hard disk access control circuit of any one of claims 1 to 4; the host comprises an output interface circuit and a second hash algorithm circuit for generating a second digest value based on the random number and the key; the second hash algorithm circuit is connected with the random number generator and the output interface circuit.
8. The hard disk access control system of claim 7 wherein the host further comprises a second key store, the second key store coupled to the hash algorithm circuit.
9. The hard disk access control system of claim 7 wherein the host further comprises a third cache register, the hash algorithm circuit coupled to the output interface circuit through the third cache register.
10. A storage device comprising the hard disk access control system of any one of claims 7 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202221691256.8U CN218273385U (en) | 2022-06-29 | 2022-06-29 | Hard disk access control circuit, system, solid state disk and storage device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202221691256.8U CN218273385U (en) | 2022-06-29 | 2022-06-29 | Hard disk access control circuit, system, solid state disk and storage device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN218273385U true CN218273385U (en) | 2023-01-10 |
Family
ID=84760790
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202221691256.8U Active CN218273385U (en) | 2022-06-29 | 2022-06-29 | Hard disk access control circuit, system, solid state disk and storage device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN218273385U (en) |
-
2022
- 2022-06-29 CN CN202221691256.8U patent/CN218273385U/en active Active
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11809335B2 (en) | Apparatuses and methods for securing an access protection scheme | |
| US10540297B2 (en) | Memory organization for security and reliability | |
| US10592873B2 (en) | Edit transactions for blockchains | |
| US10339333B2 (en) | Method and apparatus for controlling application to access memory | |
| CN103226679B (en) | Secure and scalable solid state disk system | |
| CN111723383A (en) | Data storage and verification method and device | |
| JP7101318B2 (en) | Data attestation in memory | |
| TW201207862A (en) | Memory identification code generating method, management method, controller and storage system | |
| US9268941B1 (en) | Method for secure software resume from low power mode | |
| US11683155B2 (en) | Validating data stored in memory using cryptographic hashes | |
| US9928385B2 (en) | Periodic memory refresh in a secure computing system | |
| CN115659379B (en) | Bus access authority control method and device | |
| CN108171041A (en) | For the method and apparatus for carrying out authentication to the application program for accessing memory | |
| CN218273385U (en) | Hard disk access control circuit, system, solid state disk and storage device | |
| CN115310110A (en) | Solid state disk access control circuit, system and solid state disk | |
| US11228443B2 (en) | Using memory as a block in a block chain | |
| JP2022526934A (en) | Validation of memory commands based on blockchain | |
| CN103105783B (en) | embedded element and control method | |
| CN217640204U (en) | Solid state disk and solid state disk access control system | |
| CN110443070A (en) | More host shared memory systems and data completeness protection method | |
| CN117407928B (en) | Storage device, data protection method for storage device, computer apparatus, and medium | |
| CN108804930B (en) | Mobile phone storage system capable of preventing information from being stolen | |
| US20220138114A1 (en) | Using memory as a block in a block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |