CN101266636A - Computer safe memory card and storage method - Google Patents
Computer safe memory card and storage method Download PDFInfo
- Publication number
- CN101266636A CN101266636A CNA2008100204658A CN200810020465A CN101266636A CN 101266636 A CN101266636 A CN 101266636A CN A2008100204658 A CNA2008100204658 A CN A2008100204658A CN 200810020465 A CN200810020465 A CN 200810020465A CN 101266636 A CN101266636 A CN 101266636A
- Authority
- CN
- China
- Prior art keywords
- computer
- pci
- card
- data
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention relates to the computer secure storage field. Particularly, the invention relates to a computer data secure storage card, and belongs to the computer storage technology field. The invention joints a PCI storing board on a PCI interface of a computer main board, and chips are arranged on the PCI storing board. The PCI storing board is manufactured by adopting integrated logic circuit. Installation steps of the PCI storing board are: (1) arranging the storage card on PCI slot of the computer main board; (2) making use of USB or optical disk to write starting procedure into disk C; (3) setting up and starting the storage card, and finishing connection. Making use of the secure storage card of the invention to save file is safe and reliable and is provided with very good advantages.
Description
Technical field
The present invention relates to the computer security field of storage, the present invention relates to a kind of Computer Data Security storage card more precisely.Belong to computer memory technical field.
Background technology:
Fire wall and intrusion protection be enough active data safety methods again, and existing encryption method has limitation, at present popular on the market several encryption methods:
1. embedded encryption device: embedded encryption device is placed in the storage area network (SAN), between the server of memory device and request enciphered data.This equipment can be protected static data to encrypting by above-mentioned these equipment, one tunnel data that are sent to memory device, then the data that turn back to application is decrypted.
Embedded encryption device is easy to be mounted to point-to-point solution, and difficulty is big but expansion is got up, perhaps the cost height.If be deployed in the many corporate environments of port number, perhaps a plurality of websites need be protected, and will go wrong.In this case, stride distributed storage environment install the required cost of hardware device in batch can be high surprising.In addition, each equipment must separately or be divided into and is configured in small batches and manages, and this has added white elephant to management.
2. database level is encrypted
When data storage was inside database, database level was encrypted and with regard to realizing the data field is encrypted.This deployment mechanisms makes row levels encrypt again, encrypts because it is this one-level of row in database table.For the companies that sensitive data all is placed in the database row or two row, database level is encrypted both economical.But, because encryption and decryption are generally carried out by software rather than hardware, so this process can cause the performance of total system the unaffordable decline of people to occur allowing.
3. file-level is encrypted
File-level is encrypted and can be realized on main frame, also can be at this one deck of network attached storage (NAS) equipment with embedded realization.Decide on specific implementation, this encryption method also can cause performance issue--when carrying out the data backup operation, can bring some limitation, and all the more so when database is backed up.Particularly, file-level adds secret meeting and causes quite difficulty of key management, thereby has added an other layer-management--and need discern association key according to the file-level directory location, and carry out association.If do not use the file-level method to come Backup Data, and use other DB Backup application software, such as Oracle RMAN, file-level is encrypted also can bring a difficult problem.
4, device level is encrypted
It is a kind of emerging method that device level is encrypted, and it relates to encrypts the static data on the memory device (comprising hard disk and tape).Provide very high transparency though device level is encrypted as the user and uses, the protective effect that provides is very limited: data are not process encryption in transmission course.Have only to have arrived memory device, data are just encrypted, and steal physical storage medium so the device level encryption can only be taken precautions against the someone.In addition, if use this technology in isomerous environment, may need to use a plurality of key management application software, this has just increased the complicacy of cipher key management procedures, thereby has strengthened the risk that the data recovery faces.
5, static data is encrypted
By the safe storage application platform, directly be deployed to the storage organization the inside.Be the system that is connected on the storage organization, it has whole functions of exchange.Except other data managements and data protection application, it can also directly provide many cryptographic services in the SAN the inside.Can support the multiple network agreement simultaneously, such as optical-fibre channel, FCIP and iSCSI, also support SAN/NAS to merge.This technology is still key management finally, and who has grasped key, and who just can open the gate.
Summary of the invention
Purpose of the present invention just is at above-mentioned the deficiencies in the prior art, and a kind of computer security storing technology is provided.
The present invention takes following technical scheme to realize:
Computer safe memory card, comprise computing machine, it is characterized in that on the pci interface of computer motherboard, being connected to the PCI memory board, described PCI memory board is provided with chip, described PCI memory board adopts integrated logic circuit making sheet, realizes connecting, write, storing and hiding worker's function with computer motherboard.
Aforesaid computer safe memory card is characterized in that its installation steps are: (1) storage card is installed on the PCI slot on the computer motherboard; (2) utilize USB or CD that start-up routine is write the C dish; (3) are installed and are started storage card, and connection finishes.
Aforesaid computer safe memory card is characterized in that wherein said chip is at least three, is single-row or array, and this array way is a serial or parallel connection.
Aforesaid computer security storage means is characterized in that its concrete steps are:
A, installation integrated circuit board; B, input start-up routine; C, install cycle power; D, installation encipheror; E, input integrated circuit board sequence number; F, setting enter password; G, unlatching password enter the encrypted card program; H, click are encrypted to indicate plaintext are become ciphertext; I, clear data is called in encrypted card or ciphertext is accessed, click expressly and indicate, ciphertext is become expressly; J, click are preserved to indicate with the ciphertext preservation or with plaintext and are called in the word document, revise or edit; K, end.
The computer security storage means is characterized in that it comprises triple enciphered methods:
1, storage card working procedure static data is encrypted, and when coding, is provided with the program that expressly becomes ciphertext, promptly after expressly importing, becomes ciphertext by program;
2, sequence number is set, makes it soft, the symmetrical connection of hardware, input digit or English are password;
3, dynamic link libraries is set, in dynamic link libraries, but input digit or English are password, also can adopt biometrics identification technology, as fingerprint, iris etc.
Safe storage card encryption storage means is invented at the data storage safety problem specially, and its storage medium is the computer card with three kinds of functional chips, and the mode that it is taked is and the diverse way of traditional data save mode.
On safe memory card, a PCI chip is arranged, be used for controlling the chip of pci bus interface, there has been it just can finish safe memory card and has been connected with computer motherboard.This stores the first step of data with regard to having realized the hardware on computer motherboard.The connected mode of pci interface is different fully with connected modes such as serial ports, parallel port, USB interface.Common illegal invasion person from network can only enter hard disk or serial ports, the storer that USB ins succession.And enter hardware program on the mainboard, then be very difficult thing.With after computer motherboard is connected, the start-up routine of must packing into just can be finished connection at safe memory card.Its step: 1, storage card is installed on the PCI slot on the computer motherboard; 2, utilize USB or CD that start-up routine is write the C dish; 3, the startup storage card is installed, connection finishes.
Memory function: on safe memory card, have a have flash memory capability storage chip, it is the chip that is used for finishing the data storage function.The capacity of storage card is also along with the volume change of this chip block changes.This chip block cans be compared to a storage repository.Can establish one separately, also can array, but this array way serial or parallel connection.In this way, we can be organized into a huge array chip data repository fully.
The encrypt and decrypt function: on safe memory card, a dsp chip must be arranged, it is used for controlling the safe memory card logical circuit.By it, the clear text file that we can freely be kept at entire chapter in the storage chip becomes cryptograph files, and DSP itself just has the function that simulating signal is converted into digital signal.We are referred to as clear text file simulating signal, cryptograph files we are referred to as digital signal.What digital signal showed in the computing machine read-write program is the numeric character of 1+0 or this class of 0+1, and the implication of this numeric character can't be understood.
The safe memory card that uses integrated circuit that this three chip is coupled together, we can realize the function of safe storage data information.
We can call in the file in the hard disk in the safe memory card.Be exactly the data conversion storage in D dish or other storage medium to storage card, it is become expressly preserves, also can become the ciphertext preservation, if we think the modification data, also can under the plaintext situation, revise, in case of emergency, also can delete one or whole money number with erasable.And this deletion can't recover, and after the data of preserving in the hard disk deletion, under situation with good conditionsi, still can recover, when operating system will write file on hard disk, at first write fileinfo in the DIR district, these information comprise filename, suffix name, file size and modification date, find idle space that file is preserved in the DATA district then, and bunch number write the DIR district, thereby finish the whole work that writes data with what deposit file in the DATA district.Operation during the system-kill file is then simply many, it only needs to make this document first character in the DIR district into E5, each that in file allocation table this document is taken bunch list item is clear 0, and just expression is this document deletion, and in fact it does not carry out any rewriting to the DATA district.Common high-level formatting program has just rewritten FAT table, not with the data dump in DATA district; And when hard disk carried out subregion, also just revised MBR and OBR, do not rewrite the data in the DATA district.Rewritten just because of the data in the DATA district are difficult, thereby also brought chance for restore data.In fact various data are recovered software, also utilize all vestiges residual in the DATA district just, come restore data, the ultimate principle that whole data that Here it is are recovered.
But under the situation of the cryptograph files of depositing in this storage card, we can change the entire chapter data expressly into, also can use expressly calling out in the hard disk from card.When data are preserved on storage card, be to form in the mode that unique document is arranged, behind a copy of it file delete, or behind the Delete All, without any information stay, so, just do not had the recovery condition yet.
The invention has the beneficial effects as follows: in general, network is stolen file data, and it expressly has been the thing that is difficult to that ciphertext is become, and is adding the second heavy sequence number, is not to use the software of symmetry, can't read.Have only special user, use three re-encryptions, can reach purpose safe against all possibilities.
Description of drawings:
1, computer safe memory card structural representation of the present invention;
2, computer safe memory card workflow diagram of the present invention.
Embodiment:
According to computer safe memory card of the present invention and the storage means shown in Fig. 1-2: wherein computer main board 1, pci interface 2, PCI memory board 3, chip 41, chip 42, chip 43.PCI memory board 3 connects with computer main board by pci interface 2, and chip 41, chip 42 and chip 43 are arranged on the PCI memory board 3, and PCI memory board 3 adopts the making sheet of many integrated logic circuits.The function of on three chip blocks, make start-up routine module, logical circuit control module respectively, writing storage module; After finishing module, make logic card, can according to circumstances make 6 layers of version or 8 laminates; Can make the storage integrated circuit board of the various specification of different size notebook and PC, industrial computer as required; During use, storage card is inserted the computer PCI interface connect with computer motherboard; Also can make computer motherboard with computer motherboard with having the module of memory card function with memory function; With storage card connect with computer motherboard finish after, the input start-up routine, finish installation procedure, can use.The present invention inserts this integrated circuit board in expanded slot of computer, moves corresponding program, and itself and mainboard are installed, and self-editing then Crypted password is hidden and made it can't see the existence of this card in explorer.During use, according to the read-write program input data.Erasable.Even data is stolen by illegal user, also can't read the data in the card, thereby reach the purpose of information protection.
This storage card storage means is: A, storage card is installed on the PCI slot on the computer motherboard; B, utilize USB or CD that start-up routine is write the C dish, start-up routine is installed, install and start storage card, connection finishes; C, install cycle power; D, installation encipheror; E, input integrated circuit board sequence number; F, setting enter password; G, unlatching password enter the encrypted card program; H, click are encrypted to indicate plaintext are become ciphertext; I, clear data is called in encrypted card or ciphertext is accessed, click expressly and indicate, ciphertext is become expressly; J, click are preserved to indicate with the ciphertext preservation or with plaintext and are called in the word document, revise or edit; K, end.
Computer security storage means of the present invention is characterized in that it comprises triple enciphered methods:
1, storage card working procedure static data is encrypted, and when coding, is provided with the program that expressly becomes ciphertext, promptly after expressly importing, becomes ciphertext by program;
2, sequence number is set, makes it soft, the symmetrical connection of hardware, input digit or English are password;
3, dynamic link libraries is set, in dynamic link libraries, but input digit or English are password, also can adopt biometrics identification technology, as fingerprint, iris etc.
Except that above-mentioned described embodiment, the technical scheme that form obtained that all employings are equal to replacement or equivalent transformation all drops within protection scope of the present invention.
Claims (4)
1, computer safe memory card comprises computing machine, it is characterized in that being connected on the pci interface of computer motherboard the PCI memory board, and described PCI memory board is provided with chip; Described PCI memory board adopts integrated logic circuit making sheet.
2, computer safe memory card according to claim 1 is characterized in that its installation steps are: (1) storage card is installed on the PCI slot on the computer motherboard; (2) utilize USB or CD that start-up routine is write the C dish; (3) are installed and are started storage card, and connection finishes.
3, computer safe memory card according to claim 1 is characterized in that wherein said chip is at least three, is single-row or array, and this array way is a serial or parallel connection.
4, computer security storage means according to claim 2 is characterized in that its concrete steps are:
A, installation integrated circuit board; B, input start-up routine; C, install cycle power; D, installation encipheror; E, input integrated circuit board sequence number; F, setting enter password; G, unlatching password enter the encrypted card program; H, click are encrypted to indicate plaintext are become ciphertext; I, clear data is called in encrypted card or ciphertext is accessed, click expressly and indicate, ciphertext is become expressly; J, click are preserved to indicate with the ciphertext preservation or with plaintext and are called in the word document, revise or edit; K, end.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008100204658A CN101266636A (en) | 2008-03-07 | 2008-03-07 | Computer safe memory card and storage method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008100204658A CN101266636A (en) | 2008-03-07 | 2008-03-07 | Computer safe memory card and storage method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101266636A true CN101266636A (en) | 2008-09-17 |
Family
ID=39989048
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008100204658A Pending CN101266636A (en) | 2008-03-07 | 2008-03-07 | Computer safe memory card and storage method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101266636A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109643239A (en) * | 2016-09-02 | 2019-04-16 | 格马尔托股份有限公司 | The optimization of JAVA card application memory occupied space |
-
2008
- 2008-03-07 CN CNA2008100204658A patent/CN101266636A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109643239A (en) * | 2016-09-02 | 2019-04-16 | 格马尔托股份有限公司 | The optimization of JAVA card application memory occupied space |
| CN109643239B (en) * | 2016-09-02 | 2023-09-05 | 泰雷兹数字安全法国简易股份公司 | JAVA card application memory footprint optimization |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11263020B2 (en) | System and method for wiping encrypted data on a device having file-level content protection | |
| US10348497B2 (en) | System and method for content protection based on a combination of a user pin and a device specific identifier | |
| US8412934B2 (en) | System and method for backing up and restoring files encrypted with file-level content protection | |
| US8433901B2 (en) | System and method for wiping encrypted data on a device having file-level content protection | |
| US8589680B2 (en) | System and method for synchronizing encrypted data on a device having file-level content protection | |
| CN103106372B (en) | For lightweight privacy data encryption method and the system of android system | |
| CN102882923B (en) | Secure storage system and method for mobile terminal | |
| US7257717B2 (en) | Method with the functions of virtual space and data encryption and invisibility | |
| CN100446024C (en) | Protection method and system of electronic document | |
| US20120237024A1 (en) | Security System Using Physical Key for Cryptographic Processes | |
| JP2017126314A (en) | Computer program, secret management method, and system | |
| CN101441601B (en) | Ciphering transmission method of hard disk ATA instruction and system | |
| US8539250B2 (en) | Secure, two-stage storage system | |
| US8200964B2 (en) | Method and apparatus for accessing an encrypted file system using non-local keys | |
| JP2006301849A (en) | Electronic information storage system | |
| CN103294969A (en) | File system mounting method and file system mounting device | |
| CN108572861A (en) | A kind of guard method, system, equipment and the storage medium of virtual credible root | |
| CN104361297B (en) | A kind of file encryption-decryption method based on (SuSE) Linux OS | |
| CN116594567A (en) | Information management method and device and electronic equipment | |
| JP2006172351A (en) | Method and system for content expiration date management by use of removable medium | |
| CN101266636A (en) | Computer safe memory card and storage method | |
| CN112380559A (en) | Android file password box system based on dual-chaos hash file control | |
| CN1285039C (en) | Method for enciphering concealed data having virtual space | |
| CN215576603U (en) | Hard disk medium encryption device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20080917 |