CN101196855B - Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method - Google Patents
Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method Download PDFInfo
- Publication number
- CN101196855B CN101196855B CN2007103084494A CN200710308449A CN101196855B CN 101196855 B CN101196855 B CN 101196855B CN 2007103084494 A CN2007103084494 A CN 2007103084494A CN 200710308449 A CN200710308449 A CN 200710308449A CN 101196855 B CN101196855 B CN 101196855B
- Authority
- CN
- China
- Prior art keywords
- storage area
- encryption
- cipher text
- text storage
- processing method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a mobile encryption and storage equipment, which comprises a mobile storage area, an encryption key equipment and a universal serial bus hub connecting the mobile storage area with the encryption key equipment; wherein, the universal serial bus hub and the mobile storage area are packed in a host computer; at least two universal serial bus interfaces are provided on the host computer to connect with the universal serial bus hub. The invention also relates to a data encryption and decryption processing method in a ciphertext storage area. The main steps are that: encryption management software sends the ciphertext with symmetrical keys to the encryption key equipment which decrypts the ciphertext to gain symmetrical keys; the symmetrical keys encrypt or decrypt the documents. Through the introduced universal serial bus hub, the invention saves a universal serial bus interface for the computer and facilitates the application of users; through the data encryption and decryption processing method in a ciphertext storage area combined by software and hardware, the invention improves the working speed, lowers the hardware cost and facilitates the storage data with higher security.
Description
Technical field
The present invention relates to a kind of memory device and cipher processing method, especially a kind of mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method.
Background technology
Along with networking and fast development of information technology, information security more and more is subject to people's attention, and the encryption and decryption technology of data storage is also along with the epoch are constantly developing.Movable storage device has become the common equipment of user storage data at present.Common movable storage device comprises memory devices such as portable hard drive, USB flash disk.
Present popular on the market several storage encryption methods: 1, file-level is encrypted; 2, database level is encrypted; 3, media stage is encrypted; 4, embedded encryption device; 5, application encipher.In the media stage encipherment scheme, the user need carry out encryption to confidential data and file, and be kept in the encrypted partition of movable storage device for security consideration.The data encrypting and deciphering process is exactly to realize operations such as read-write, deletion, protection to the confidential data file by certain enciphering and deciphering algorithm, correct corresponding key.Encryption and decryption is handled generally two kinds of schemes: a kind of is software encryption and decryption scheme, and another kind is the hardware enciphering and deciphering scheme.
But because computer function is more now, its USB (universal serial bus) (USB) interface is often not enough.When the user uses movable storage device, owing to there is not unnecessary USB interface to connect encryption key pair equipment, have to interrupt the work of miscellaneous equipment, brought a lot of inconvenience to the user; Finish at computer terminal fully owing to the software encryption and decryption simultaneously, so reliability is not high, but encryption/decryption speed is very fast, hardware enciphering and deciphering need be finished in hardware chip, so reliability is very high, but encryption/decryption speed is slower.
Summary of the invention
The object of the invention provides a kind of mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method, when carrying out data transmission with computing machine, reduce the quantity that takies the computing machine USB interface and can improve operating rate and security of storage data simultaneously, and reduce hardware cost.
For achieving the above object, the invention provides a kind of mobile encrypted memory device, it comprises mobile storage district, encryption key pair equipment and is connected the mobile storage district and the universal serial bus concentrator of encryption key pair equipment that described universal serial bus concentrator and mobile storage district are encapsulated in the main body; At least two USB (universal serial bus) that are connected with described universal serial bus concentrator are arranged on the described main body, one of them is to be used for the USB (universal serial bus) that is connected with computing machine, the USB (universal serial bus) for being used for being connected with encryption key pair equipment.
For achieving the above object, the present invention also provides a kind of cipher text storage area data encrypting and deciphering processing method, may further comprise the steps:
101, after computer terminal detects the mobile storage district that links to each other with described encryption key pair equipment, start the encryption handling software of computer terminal;
102, the operating system of encryption handling software trigger computer terminal is written into the data of cipher text storage area, and encryption handling software obtains the ciphertext of symmetric key and sends to described encryption key pair equipment from the header file of cipher text storage area;
103, described encryption key pair equipment is decrypted by the ciphertext of private key to described symmetric key, obtains symmetric key, and sends to computer terminal;
104, the encryption handling software of described computer terminal is encrypted or the data that read from described cipher text storage area is decrypted the data of desiring to write cipher text storage area by symmetric key.
The universal serial bus concentrator (USB HUB) of the present invention by introducing makes portable hard drive device self just can connect encryption key pair equipment, thereby saved an interface for computer terminal, made things convenient for user's application; Cipher text storage area data encrypting and deciphering processing method by software and hardware combining has improved operating rate, has reduced hardware cost, and makes the storage data have higher-security.
Description of drawings
Fig. 1 is the structural representation of the embodiment of mobile encrypted memory device of the present invention:
Fig. 2 is the process flow diagram of the embodiment one of cipher text storage area data encrypting and deciphering processing method of the present invention;
Fig. 3 is the process flow diagram of the embodiment two of cipher text storage area data encrypting and deciphering processing method of the present invention.
Embodiment
Below in conjunction with drawings and Examples, the present invention is further detailed.
The embodiment one of mobile encrypted memory device of the present invention
As shown in Figure 1, the mobile encrypted memory device of the embodiment of the invention, comprise mobile storage district 3, encryption key pair equipment 2 and be connected the universal serial bus concentrator 6 of mobile storage district 3 and encryption key pair equipment 2, described universal serial bus concentrator 6 and mobile storage district 3 are encapsulated in the main body 7; At least two USB (universal serial bus) that are connected with described universal serial bus concentrator 6 are arranged on the described main body 7, one of them is to be used for the USB (universal serial bus) that is connected with computing machine 1, the USB (universal serial bus) for being used for being connected with encryption key pair equipment 2.
In the use of reality, computing machine 1 end need be equipped with encryption handling software, carries out information interaction by serial line interface and mobile storage district 3 and encryption key pair equipment 2, data write with process of reading in finish encrypting and decrypting.
Above-mentioned mobile storage district 3 can be hard disk or flash memory.
In the mobile storage district 3 of present embodiment, not only can be useful on encrypted ciphertext memory block 5, actual request for utilization for the convenience of the user, the while can also be provided with the stored in clear district 4 of generic storage equipment.Can satisfy the user like this and use this mobile encrypted memory device that the data of need to be keep secret are carried out the encryption and decryption operation of high security, can also satisfy the user simultaneously and use this mobile encrypted memory device to use as ordinary mobile storage.
Encryption key pair equipment 2 inside of present embodiment can comprise an information security chip, the information security chip can be provided with the memory block, be used for depositing public private key pair and certificate of certification, there is PKI in the certificate of certification and can has person identification information, computing machine 1 end can not read the public private key pair storage area, it can only obtain PKI by certificate of certification, and person identification information is used for carrying out identification authentication in the User login process.
Public private key pair described in the present embodiment can adopt asymmetric key algorithm to produce by described information security chip, and private key exists only in the information security chip, and be set to can not output state, described can not output state be that private key can not be read by any equipment in outside, exists only in the information security chip.
Present embodiment can adopt three factor privacy mechanism.Three factors are person identification information, key, movable storage device.Person identification information can be individual subscriber identification code (PIN code), user biological information such as iris and fingerprint etc.; Key can be USB (universal serial bus) key encryption key pair equipment such as (USBKey); Movable storage device can be portable hard drive, USB flash disk etc.The user will carry out encryption and decryption to the storage data just must guarantee that this three factor exists simultaneously, indispensable.Therefore this three factor privacy mechanism have also greatly guaranteed to encrypt the high security of storage data.
The embodiment one of cipher text storage area data encrypting and deciphering processing method of the present invention
As shown in Figure 2, the embodiment of the invention may further comprise the steps:
101, after computer terminal detects the mobile storage district that links to each other with described encryption key pair equipment, start the encryption handling software of computer terminal;
102, the operating system of encryption handling software trigger computer terminal is written into the data of cipher text storage area, and encryption handling software obtains the ciphertext of symmetric key and sends to described encryption key pair equipment from the header file of cipher text storage area; Described symmetric key ciphertext is that cipher text storage area is when creating, when being product export, with the digital certificate PKI in the encryption key pair equipment, can adopt 1024 RSA (a kind of asymmetric key algorithm title) algorithm for encryption to 128 symmetric keys, the ciphertext of the symmetric key that forms, the ciphertext of this symmetric key is kept in the header file of cipher text storage area, and this symmetric key of 128 generates for calling encryption key pair equipment, to guarantee its security intensity;
103, described encryption key pair equipment is decrypted described ciphertext by private key, obtains symmetric key, and sends to computer terminal; Decipherment algorithm can adopt 1024 RSA Algorithm;
104, the encryption handling software of described computer terminal is encrypted or the data that read from described cipher text storage area is decrypted the data of desiring to write cipher text storage area by symmetric key.
Because software encryption technique is by computer terminal, processing speed is very fast but security is not high; Though and pure hardware-based cryptographic security is higher, but processing speed is slow and can cause the information security chip cost to increase than length because of required algorithm numerical digit number, the encryption key pair equipment of present embodiment adopts public and private key enciphering and deciphering algorithm only symmetric key to be carried out encryption and decryption by the information security chip, and finishes the encryption and decryption of storage data by encryption handling software at computer terminal by the symmetric key after the encryption key pair device decrypts.So both solve the expensive low speed problem that adopts hardware encipher fully, improved the safety issue that adopts the software encryption and decryption fully again.Because public and private key encryption and decryption process is to finish at the information security chip internal, and private key only is kept in the information security chip, and anyone can not read private key, so present embodiment has improved operating rate, reduced hardware cost, and made the storage data have higher-security.
The described symmetric key of present embodiment can be for guaranteeing that its security intensity calls described information security chip and generates when described cipher text storage area is created, and the ciphertext of described symmetric key can adopt asymmetric key algorithm to generate to described symmetric key by encryption key pair equipment.
The embodiment two of cipher text storage area data encrypting and deciphering processing method of the present invention
As shown in Figure 3, the difference of present embodiment one and embodiment two is to have added step 1011 and 1012 in the step 701 of embodiment one and step 702.
1011, described encryption handling software ejects person identification information log-in interface;
1012, encryption handling software is judged the person identification information of input, if correct, then execution in step 102, otherwise ejects person identification information errors dialog box.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (3)
1. a cipher text storage area data encrypting and deciphering processing method is characterized in that, may further comprise the steps:
101, after computer terminal detects the mobile storage district that links to each other with encryption key pair equipment, start the encryption handling software of computer terminal;
102, the operating system of the described computer terminal of described encryption handling software trigger is written into the data of cipher text storage area, and described encryption handling software obtains the ciphertext of symmetric key and sends to described encryption key pair equipment from the header file of described cipher text storage area;
103, described encryption key pair equipment is decrypted by the ciphertext of private key to described symmetric key, obtains described symmetric key, and sends to computer terminal;
104, described encryption handling software is encrypted or the data that read from described cipher text storage area is decrypted the data of desiring to write described cipher text storage area by described symmetric key.
2. cipher text storage area data encrypting and deciphering processing method according to claim 1, it is characterized in that: the recalls information safety chip generated when described symmetric key was created at described cipher text storage area, and the ciphertext of described symmetric key adopts asymmetric key algorithm to generate by described encryption key pair equipment to described symmetric key.
3. cipher text storage area data encrypting and deciphering processing method according to claim 1 is characterized in that, also comprises between described step 101 and 102:
1011, described encryption handling software ejects person identification information log-in interface;
1012, described encryption handling software is judged the person identification information of input, if correct, then execution in step 102, otherwise ejects person identification information errors dialog box.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007103084494A CN101196855B (en) | 2007-12-29 | 2007-12-29 | Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007103084494A CN101196855B (en) | 2007-12-29 | 2007-12-29 | Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101196855A CN101196855A (en) | 2008-06-11 |
| CN101196855B true CN101196855B (en) | 2011-01-12 |
Family
ID=39547286
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007103084494A Expired - Fee Related CN101196855B (en) | 2007-12-29 | 2007-12-29 | Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101196855B (en) |
Families Citing this family (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350712B (en) * | 2008-08-25 | 2013-01-23 | 华为终端有限公司 | Data management method and terminal |
| CN102930229B (en) * | 2011-01-18 | 2015-06-03 | 苏州国芯科技有限公司 | Office system for improving data security |
| CN102147779B (en) * | 2011-04-07 | 2014-02-12 | 广东金赋信息科技有限公司 | USB (universal serial bus) peripheral processing unit and USB peripheral processing method |
| CN102201044A (en) * | 2011-04-08 | 2011-09-28 | 山东华芯半导体有限公司 | Universal serial bus (USB) security key |
| CN103366108A (en) * | 2013-04-07 | 2013-10-23 | 谢济鸿 | Iris login authentication method of computer operating system |
| CN103218318A (en) * | 2013-04-08 | 2013-07-24 | 浪潮集团有限公司 | Encrypted mobile hard disk drive with high safety and use method thereof |
| CN103297736A (en) * | 2013-06-13 | 2013-09-11 | 深圳南方汉邦数字技术有限公司 | System and method for data storage and network transmission of video monitoring |
| CN104657671B (en) * | 2013-11-19 | 2019-03-19 | 研祥智能科技股份有限公司 | The access authority management method and system of movable storage device |
| CN103714299A (en) * | 2013-12-25 | 2014-04-09 | 北京握奇数据系统有限公司 | Method and system for encryption and decryption of file of mobile terminal |
| CN104200176A (en) * | 2014-08-28 | 2014-12-10 | 电子科技大学 | System and method for carrying out transparent encryption and decryption on file in intelligent mobile terminal |
| CN106778326A (en) * | 2016-11-28 | 2017-05-31 | 福建升腾资讯有限公司 | A kind of method and system for realizing movable storage device protection |
| CN107592316B (en) * | 2017-09-20 | 2018-08-31 | 山东渔翁信息技术股份有限公司 | A kind of ciphering and deciphering device and method |
| CN108881300A (en) * | 2018-08-02 | 2018-11-23 | 中国科学院信息工程研究所 | A kind of file encryption that supporting mobile phone terminal security cooperation and sharing method and system |
| CN109495670B (en) * | 2018-10-24 | 2020-10-23 | 中山大学 | Format-compatible encryption and decryption method for color JPEG image |
| CN109858431B (en) * | 2019-01-28 | 2023-08-11 | 深圳市华弘智谷科技有限公司 | Method and system for creating partition and encrypting/decrypting based on iris recognition technology |
| CN110287740B (en) * | 2019-06-26 | 2021-08-03 | 深圳豪杰创新电子有限公司 | Mobile storage device and mobile storage system for protecting data security |
| CN110866262A (en) * | 2019-11-05 | 2020-03-06 | 郑州信大捷安信息技术股份有限公司 | Asynchronous encryption and decryption system and method with cooperative work of software and hardware |
| CN112800451A (en) * | 2021-02-24 | 2021-05-14 | 山东华芯半导体有限公司 | Data dump device based on hardware physical isolation |
| CN115273281A (en) * | 2022-07-25 | 2022-11-01 | 重庆长安汽车股份有限公司 | Vehicle Bluetooth key acquisition method, device, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2609069Y (en) * | 2002-04-03 | 2004-03-31 | 杭州中正生物认证技术有限公司 | Fingerprint digital autograph device |
| CN2636326Y (en) * | 2003-06-13 | 2004-08-25 | 北京时代卓易科技发展有限公司 | Safety ciphering and storing device based on USB interface |
| CN1607511A (en) * | 2003-10-14 | 2005-04-20 | 联想(北京)有限公司 | Data protection method and system |
| US7254838B2 (en) * | 2001-05-11 | 2007-08-07 | Lg Electronics, Inc. | Copy protection method and system for digital media |
-
2007
- 2007-12-29 CN CN2007103084494A patent/CN101196855B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7254838B2 (en) * | 2001-05-11 | 2007-08-07 | Lg Electronics, Inc. | Copy protection method and system for digital media |
| CN2609069Y (en) * | 2002-04-03 | 2004-03-31 | 杭州中正生物认证技术有限公司 | Fingerprint digital autograph device |
| CN2636326Y (en) * | 2003-06-13 | 2004-08-25 | 北京时代卓易科技发展有限公司 | Safety ciphering and storing device based on USB interface |
| CN1607511A (en) * | 2003-10-14 | 2005-04-20 | 联想(北京)有限公司 | Data protection method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101196855A (en) | 2008-06-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101196855B (en) | Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method | |
| CN201181472Y (en) | Hardware key device and movable memory system | |
| CN100487715C (en) | Date safety storing system, device and method | |
| TWI411932B (en) | Method for encrypting/decrypting data in non-volatile memory in a storage device and method for processing data | |
| CN101551784B (en) | Method and device for encrypting data in ATA memory device with USB interface | |
| CN101685425A (en) | Mobile storage device and method of encrypting same | |
| US11308241B2 (en) | Security data generation based upon software unreadable registers | |
| CN102567688B (en) | File confidentiality keeping system and file confidentiality keeping method on Android operating system | |
| CN102073808B (en) | Method for encrypting and storing information through SATA interface and encryption card | |
| US20100054477A1 (en) | Accelerated cryptography with an encryption attribute | |
| JPH06102822A (en) | File security system | |
| CN102831346B (en) | A kind of file protecting system carries out the method for file encryption-decryption | |
| CN112560058B (en) | SSD partition encryption storage system based on intelligent password key and implementation method thereof | |
| CN105554038A (en) | Control method for data security during on-line system and off-line system data interaction | |
| CN101751531A (en) | File encryption device with USB electronic key | |
| CN102945339A (en) | Data protection system for computer | |
| CN102053926A (en) | Storage device and data security control method thereof | |
| CN102270182B (en) | Encrypted mobile storage equipment based on synchronous user and host machine authentication | |
| EP2065830B1 (en) | System and method of controlling access to a device | |
| CN101127013A (en) | Enciphered mobile storage apparatus and its data access method | |
| CN101349999A (en) | Safe adapter apparatus for mobile storage and operation method thereof | |
| CN100550735C (en) | The method of multifunction intelligent key equipment and security control thereof | |
| JPH04181282A (en) | Cryptographic system for file | |
| CN112287415B (en) | USB storage device access control method, system, medium, device and application | |
| CN102831080A (en) | Data security protection method for mobile storage equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: SHENZHEN ZHONGZE MINGXIN SCIENCE CO., LTD. Free format text: FORMER OWNER: BEIJING HUADA HENGTAI SCIENCE CO.,LTD. Effective date: 20091016 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20091016 Address after: Shenzhen city Nanshan District South Road No. 97 Huaying building room A909 postal encoding: 518054 Applicant after: Shenzhen Champion Maxiumic Techonlogies Co., Ltd. Address before: B33, 2 floor, building 10, Jiuxianqiao Road, Beijing, Chaoyang District, 100016 Applicant before: Beijing Hengtai Technologies Co., Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: SHENZHEN CHAMPION MAXIUMIC GROUP CO., LTD. Free format text: FORMER NAME: SHENZHEN CHAMPION MAXIUMIC TECHNOLOGIES CO., LTD. |
|
| CP03 | Change of name, title or address |
Address after: 518054, Guangdong, Shenzhen, Nanshan District Province Road No. 8, 2 financial services technology innovation base, 7D Patentee after: Shenzhen Sino core group Co., Ltd. Address before: 518054 Guangdong city of Shenzhen province Nanshan District South Road No. 97 Huaying building room A909 Patentee before: Shenzhen Champion Maxiumic Techonlogies Co., Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110112 Termination date: 20141229 |
|
| EXPY | Termination of patent right or utility model |