CN101349999A - Safe adapter apparatus for mobile storage and operation method thereof - Google Patents
Safe adapter apparatus for mobile storage and operation method thereof Download PDFInfo
- Publication number
- CN101349999A CN101349999A CNA200810196938XA CN200810196938A CN101349999A CN 101349999 A CN101349999 A CN 101349999A CN A200810196938X A CNA200810196938X A CN A200810196938XA CN 200810196938 A CN200810196938 A CN 200810196938A CN 101349999 A CN101349999 A CN 101349999A
- Authority
- CN
- China
- Prior art keywords
- firmware
- encryption
- storage device
- operating system
- movable storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention relates to a safety adapter which is used in a movable storage device and an operating method thereof. The safety adapter comprises a host machine interface, a mobile device interface, an encryption and decryption module, a bridge module and a firmware, wherein the firmware is respectively connected with the host machine interface, a movable storage device interface and the encryption and decryption module, the bridge module is respectively connected with the host machine interface, the movable storage device interface and the encryption and decryption module, the operating method which is based on the safety adapter comprises an encryption and decryption read-write operation and a normal read-write operation, wherein the encryption and decryption read-write operation sends a read-write command to the safety adapter through a special driver, and the firmware analyzes the read-write command, the encryption and decryption module is started to encrypt and decrypt read-write data, otherwise, and the encryption and decryption module is not started to realize the normal non-encryption and decryption read-write of a common movable storage device. The invention replaces the encryption and decryption module from a safety movable storage device end to the adapter and a host machine end and realizes the encryption and decryption storage of a plurality of common movable storage devices through the safety adapter, which is convenient for management.
Description
Technical field
Patent of the present invention relates to a kind of safe adapter apparatus and method of operating thereof that is used for mobile storage.
Background technology
Along with development of electronic technology, various portable movable storage devices continue to bring out, and the capacity of movable storage device is increasing, and its use also becomes more and more widely.Units such as the individual of information age, enterprise, country and army all have a large amount of informational needs to store, distribute, and people can select to use movable storage devices such as USB flash disk, portable hard drive, erasable optical disk to store, carry information.For example, people are usually with some information that should not reveal, as various individual numbers of the account, password and backups such as document information that some are important in these memory devices; Trade secrets such as the document information of various enterprises, intellecture property also can be stored, distribute by movable storage device; The secret document of important units such as country, army, information material etc. also need special movable storage device to distribute management.
Movable storage device brings easily simultaneously to people, also exists serious information security hidden danger.In case memory device is lost or is usurped by the people, information material in the memory device may take place by situations such as illegal copies, illegal deletions, these all can bring threat to people's property safety etc.If revealing away, some trade secrets will cause immeasurable loss to enterprise, if country or army's secret are revealed then can be produced more serious consequence.Therefore, the information security of movable storage device becomes a problem demanding prompt solution.
At present; increasing user has had realized that the importance of mobile storage product information safety; the awareness of safety of data protection extensively forms; people grow with each passing day to the demand for security of mobile office and high capacity movable storage device; various safe mobile memory apparatus such as safety mobile hard disc, safe U disc etc. also continue to bring out.Patriot's safety mobile hard disc adopts hardware encryption chip and high-intensity data encryption algorithm at a high speed, supports multiple identification authentication mode, and product has been realized the safe storage of data, has solved the safety problem that the portable hard drive stored in clear causes.It adopts the USB2.0 interface, and all write the data of hard disk, and is all directly real-time encrypted by hardware chip, guarantees data storage safety.The combined with hardware identification has only the user by authentication to carry out read-write operation to the data in the hard disk, and the hard disk by authentication can't not use.Improve the security of equipment, be convenient to equipment control, reduced the potential safety hazard after hard disk is lost.Emerging integrated circuit (ZTEIC) is released in Shenzhen " safe key dish " adopts 32 secure chip processors as main control chip, and plug-in flash chip is realized safe Mobile Storage Function MSF.This scheme adopts the security mechanism of hardware two-way authentication, and the data on the flash chip can guarantee the safety of data fully through the pure hardware encipher of safe main control chip.Each safe Key dish all has unique sequence number, and safe key dish has added the function of mobile storage on the basis of USBkey.
By safe mobile storage product is in the market analyzed, traditional as can be seen mobile storage information security solution mainly realizes by following technological approaches: each memory device all is equipped with the authentication key of a correspondence, equipment itself need carry out various encryptions, use this memory device must use corresponding key simultaneously, otherwise the correct interior information of fetch equipment.In order to improve encryption speed, device interior needs special hardware and carries out cryptographic calculation, and the cost of entire equipment will be than higher like this.Yet along with the increase of quantity of information and the variation of memory device, each user usually uses a plurality of or multiple movable storage device to store private information, will be equipped with a plurality of like this for each user or plurality of devices and corresponding key.The price of present various safe mobile memory apparatus all is the comparison costliness, for example the common unit price of safety mobile hard disc is all more than 2000 yuans, the price of the mobile USB flash disk of safety also is more than several times of common U disk price, and purchasing a plurality of or multiple safe mobile memory apparatus is the very big expense of pen for the user.In addition, because each memory device all has the key of oneself, more key also is difficult to management, and Administrative Security is an importance in the safety approach, and therefore, the security under the more key situation can decrease on the contrary.
In sum, people are badly in need of that a kind of new mobile storage information security solution substitutes or are replenished existing safety approach, the today that particularly be extensive use of, information security faces more threats, especially urgent to the demand of a kind of reasonable price, the safe mobile storage solution being convenient to manage at movable storage device.Therefore, the present invention will propose a kind of safe adapter that is used for mobile storage and solve this problem, and provide the corresponding operating method of this adapter.The safe adapter that we propose is by finishing encryption and decryption functions automatically in adapter, realized the shared cover encryption and decryption equipment of a plurality of movable storage devices, be more convenient for key management and use, and can on common non-encrypted movable storage device, realize encrypting storage, reduce movable storage device effectively and realized the safe and secret cost of information stores.
Summary of the invention
The objective of the invention is in order to overcome above-mentioned the deficiencies in the prior art part, a kind of safe adapter apparatus (Security Adapter for Mobile Storage that is used for movable storage device is proposed, SAMS), this safe adapter apparatus is connected to the general-purpose interface of computing machine, and ordinary mobile storage is connected to the general-purpose interface of adapter, computing machine is operated this adapter by corresponding method of operation, adapter carries out automatic encryption and decryption to the read-write content of movable storage device, on ordinary mobile storage, realize encrypting storage, for the user provides simple, light, portable, easily use, manageability, high security, the safe mobile storage implementation of low price.
Technical scheme of the present invention is:
Referring to Fig. 1.A kind of safe adapter apparatus that is used for movable storage device, comprise: host interface, movable storage device interface, encryption and decryption module, bridge module and firmware, firmware links to each other with host interface, movable storage device interface, encryption and decryption module respectively, and bridge module links to each other with host interface, movable storage device interface, encryption and decryption module respectively; Also encryption and decryption module, bridge module and firmware can be integrated in the chip, constitute a SOC (system on a chip) (SOC:System On Chip), its annexation is identical, as shown in Figure 2;
Movable storage device interface 2, be used for being connected with movable storage device, the connection standard that is adopted includes but not limited to the USB interface standard, the PATA interface specification, the SATA interface specification, the ATA/ATAPI interface specification, PCI/COMPACT pci interface standard, the PCI-E interface specification, the Ethernet interface specification, the scsi interface standard, the pcmcia interface standard, IEEE 1394 interface specifications, the HDMI interface specification, the SDIO interface specification, the mmc card interface specification, DRAM memory interface standard, Flash memory interface standard, the SAS interface specification, the FC-PI interface specification, and with all computer interface standards above-mentioned standard compatibility or that do not enumerate.
Encryption and decryption module 3, be used for and carry out encryption and decryption to reading and writing data, the enciphering and deciphering algorithm that is adopted comprises that all can carry out the various algorithms of encryption and decryption to information, (also claim block cipher as symmetric cryptographic algorithm, as AES, DES, 3DES, IDEA, Twofish), the stream cipher cryptographic algorithm (also claims stream cipher arithmetic, as RC2, RC4, RC5, RC6) or public key algorithm (also claiming asymmetric cryptographic algorithm, as RSA, ECC, DSA) etc.The implementation of encryption and decryption module has two kinds, a kind of is hardware implementation mode, the encryption and decryption module of promptly utilizing safe adapter to carry realizes, another kind is the mode of software-hardware synergism, promptly utilize the encryption and decryption primary module of safe adapter specialized device driver 12 in the main frame and safe adapter encryption and decryption to cooperate and realize, as shown in Figure 3 from the key management of module 6.
Bridge module 4 is used to connect host interface, movable storage device interface and encryption and decryption module.
Firmware 5 is used to accept and resolve the order that main frame sends, and starts the encryption and decryption module and operates, and send related command to movable storage device.
A kind ofly realize the method for operating of the movable storage device safe adapter apparatus of encryption and decryption module comprising encryption and decryption read-write operation method 100 and normal read write operation method 101, referring to Fig. 4 based on hardware.
Encryption and decryption read-write operation method 100, by specific drivers 12, safe adapter apparatus is sent the encryption and decryption read write command, this order is accepted and resolved to firmware, start the encryption and decryption module follow-up read-write operation is carried out encryption and decryption, realize encryption storage ordinary mobile storage.
Normal read write operation method 101 by general operation system driver 13, sends the normal read write order to safe adapter apparatus, this order is accepted and resolved to firmware, movable storage device is read and write, do not started the encryption and decryption module and carry out the encryption and decryption operation, realize non-encrypted storage.
A kind ofly realize the method for operating of the movable storage device safe adapter apparatus of encryption and decryption module comprising encryption and decryption read-write operation method 102 and normal read write operation method 103, referring to Fig. 5 based on software-hardware synergism.
Encryption and decryption read-write operation method 102, by specific drivers 12, safe adapter apparatus sent obtain the encryption and decryption cipher key command, firmware receives also resolves this order, start encryption and decryption from the module " return " key", finish data encrypting and deciphering by the encryption and decryption primary module 8 in the specific drivers 12.
Normal read write operation method 103, consistent with the normal read write operation method of the movable storage device safe adapter apparatus of realizing the encryption and decryption module based on hardware.
Characteristics of the present invention are the encryption and decryption module is moved to adapter and host side from traditional safe mobile memory apparatus end, can realize the encryption and decryption of a plurality of ordinary mobile storage is stored by a safe adapter, a plurality of movable storage devices are shared a key, be convenient to management, and can effectively reduce owing to purchase the cost expense that a plurality of safe mobile memory apparatus bring, even movable storage device is lost, if this safe adapter not, can not read the enciphered message on the movable storage device, have very high security.
Description of drawings
Fig. 1 is the structural representation that the present invention adopts the encryption and decryption module hardware to realize.
Fig. 2 is the structural representation that the present invention adopts the invention of SOC (system on a chip).
Fig. 3 is the structural representation that the present invention adopts encryption and decryption module software-hardware synergism to realize.
Fig. 4 is to realize the operational flowchart of the safe adapter of encryption and decryption module based on hardware.
Fig. 5 is to realize the operational flowchart of the safe adapter of encryption and decryption module based on software-hardware synergism.
Embodiment
Referring to Fig. 1.A kind of safe adapter apparatus that is used for movable storage device, comprise: host interface 1, movable storage device interface 2, encryption and decryption module 3, bridge module 4, and firmware 5, firmware 5 links to each other with host interface 1, movable storage device interface 2, encryption and decryption module 3 respectively, and bridge module 4 links to each other with host interface 1, movable storage device interface 2, encryption and decryption module 3 respectively; In most preferred embodiment, host interface 1 and movable storage device interface 2 have adopted the USB interface standard and the agreement of standard, and deciphering chip has adopted the arm processor of band AES crypto engine.Also encryption and decryption module 3, bridge module 4 and firmware 5 can be integrated in the chip, constitute a SOC (system on a chip) (SOC:System On Chip), its annexation is identical, as shown in Figure 2.The present invention is not limited to adopt above-mentioned interface specification, agreement and cryptographic algorithm.
Safe adapter has three kinds of different implementations, promptly adopts the encryption and decryption module hardware to realize; The employing SOC (system on a chip) realizes; Adopt the collaborative realization of hardware.Hardware implementation mode, the encryption and decryption module of promptly utilizing safe adapter to carry realizes as shown in Figure 1 and Figure 2, the mode of software-hardware synergism is promptly utilized the encryption and decryption primary module 8 of safe adapter specific drivers 12 in the main frame and safe adapter encryption and decryption to cooperate from the key management of module 6 and is realized as shown in Figure 3.In most preferred embodiment, the encryption and decryption module adopts hardware to realize.Host interface 1 and movable storage device interface 2 have adopted the USB interface standard and the agreement of standard, and deciphering chip has adopted the arm processor of band AES crypto engine.Also encryption and decryption module 3, bridge module 4 and firmware 5 can be integrated in the chip, constitute a SOC (system on a chip) (SOC:System On Chip), its annexation as shown in Figure 2.Encryption and decryption module 3 another kind of possible implementations are that the computation process of encryption and decryption is finished by the encryption and decryption primary module 8 of special-purpose driver 12 in the main frame, the related key management functions of encryption and decryption is then provided from module 6 by the encryption and decryption of safe adapter, and its annexation as shown in Figure 3.The present invention is not limited to adopt above-mentioned interface specification, agreement and cryptographic algorithm.
The major function of safe adapter each several part of the present invention is:
Be responsible for being connected with main frame, receive various command and data, on the basis of the sequential operation that guarantees the transmission specification definition, provide the access path of main frame safe adapter by the definition of USB transmission specification by general-purpose interface.Adopt the host interface signal and the definition of USB standard criterion to see Table 1.
Table 1 host interface signal and description
| Title | Direction | Describe |
| Data+ | Two-way | One of differential transfer signal is realized the transmission of visit order and data. |
| Data- | Two-way | One of differential transfer signal is realized the transmission of visit order and data. |
| VDD | Power supply | The power supply input. |
| GND | Power supply | The ground input. |
Movable storage device interface 2
Be responsible for being connected with movable storage device by general-purpose interface, send various command and the data that define by the USB transmission specification to movable storage device, on the basis of the sequential operation that guarantees the transmission specification definition, provide the access path of safe adapter to movable storage device.Adopt the movable storage device interface signal and the definition of USB standard criterion to see Table 1.
Encryption and decryption module 3
Under the control of firmware, carry out encryption and decryption to reading and writing data.
Bridge module 4
Be responsible for the connection between realization host interface and encryption and decryption module and encryption and decryption module and the movable storage device interface, corresponding access path is provided.
Firmware 5
Be responsible for receiving the various operational orders that meet the USB standard that main frame sends, and it is resolved.If host-initiated encryption and decryption module is carried out encryption and decryption, then transmit the visit order between main frame and the movable storage device, and startup encryption and decryption module is carried out encryption and decryption operation and forwarding to follow-up reading and writing data; If main frame does not start encryption and decryption, then simply transmit visit order and data between main frame and movable storage device.
The invention still further relates to method of operating to safe adapter, realize the method for operating of the movable storage device safe adapter apparatus of encryption and decryption module based on hardware, comprise encrypting read/write method of operating 100 and normal read write operation method 101, concrete operation method is seen Fig. 4.
The key step of each method of operating of method of operating that realizes the movable storage device safe adapter apparatus of encryption and decryption module based on hardware is:
The method of operating that adds secret writing: a upper strata operating system 11 receives the encryption write order that application program 10 sends; B upper strata operating system 11 will be encrypted write order and be sent to specific drivers 12; C specific drivers 12 will be encrypted write order and convert the operation that firmware 5 can be resolved to, and send to underlying operating system 14; The operation that d underlying operating system 14 can be resolved firmware 5 sends firmware 5 to by circuit path; E firmware 5 is resolved this and is encrypted write operation, starts 3 pairs of data that will write of encryption and decryption module and encrypts; F firmware 5 generates the normal write operation that the movable storage device firmware can be resolved with the data encrypted packing, realizes the encryption of movable storage device is write; G firmware 5 will encrypt the write operation result and state is sent back to application program 10 through underlying operating system 14, specific drivers 12 and upper strata operating system 11;
The method of operating that deciphering is read: a upper strata operating system 11 receives the deciphering read command that application program 10 sends; B upper strata operating system 11 will be deciphered read command and be sent to specific drivers 12; C specific drivers 12 will be deciphered read command and convert the operation that firmware can be resolved to, and send to underlying operating system 14; The operation that d underlying operating system 14 can be resolved firmware 5 sends firmware 5 to by circuit path; E firmware 5 is resolved this deciphering read operation, generates the normal read operations that the movable storage device firmware can be resolved, and reads enciphered data from movable storage device; F encryption and decryption module 3 receives the enciphered data of reading from movable storage device, firmware 5 starts encryption and decryption module 3 and is decrypted operation; The form packing that data after g firmware 5 will be deciphered require according to host interface; Data underlying operating system 14, specific drivers 12 and upper strata operating system 11 that h firmware 5 will be deciphered after read operation result and the deciphering are sent back to application program 10, realize deciphering and read;
The method of operating of normally writing: a upper strata operating system 11 receives the normal write that application program 10 sends; B upper strata operating system 11 sends to general driving program 13 with normal write; C general driving program 13 converts normal write to operation that firmware can be resolved, and sends to underlying operating system 14; The operation that d underlying operating system 14 can be resolved firmware 5 sends firmware 5 to by circuit path; E firmware 5 is resolved normal write operation, does not start 3 pairs of data that will write of encryption and decryption module and encrypts; F firmware 5 generates the normal write operation that the movable storage device firmware can be resolved with the unencrypted packing data, realizes normally writing movable storage device; G firmware 5 is sent back to application program 10 with write operation result and state through underlying operating system 14, general driving program 13 and upper strata operating system 11;
The method of operating of normal read: a upper strata operating system 11 receives the normal read order that application program 10 sends; B upper strata operating system 11 sends to general driving program 13 with the normal read order; The operation that c general driving program 13 becomes firmware 5 to resolve the normal read command conversion, and send to underlying operating system 14; The operation that d underlying operating system 14 can be resolved firmware 5 sends firmware 5 to by circuit path; E firmware 5 is resolved this normal read operations, generates the normal read operations that the movable storage device firmware can be resolved, and reads the unencrypted data from movable storage device; F firmware 5 does not start encryption and decryption module 3 and is decrypted operation; G firmware 5 requires the normal data of reading in the movable storage device according to host interface form packing; H firmware 5 is sent back to application program 10 with normal read operations result and data through underlying operating system 14, general driving program 13 and upper strata operating system 11.
A kind ofly realize the method for operating of the movable storage device safe adapter apparatus of encryption and decryption module comprising encrypting read/write method of operating and normal read write operation method based on software-hardware synergism; The normal read write operation method, consistent with the normal read write operation method of the movable storage device safe adapter apparatus of realizing the encryption and decryption module based on hardware, the key step of encrypting read/write method of operating is:
The method of operating that adds secret writing: a upper strata operating system 11 receives the encryption write order that application program 10 sends; B upper strata operating system 11 will be encrypted write order and be sent to specific drivers 12; 12 startups of c specific drivers are obtained cipher key command and are converted the operation that firmware 5 can be resolved to, and send to underlying operating system 14; The operation that d underlying operating system 14 can be resolved firmware 5 sends firmware 5 to by circuit path; E firmware 5 is resolved this operation, starts encryption and decryption and obtains encryption key from module 6; F firmware 5 requires the form packing with encryption key according to host interface, and sends back to specific drivers 12 by underlying operating system 14; G specific drivers 12 8 pairs of startup encryption and decryption primary modules will write data and carry out cryptographic operation, and will write data encrypted and carry out changing the operation that firmware can be resolved into according to normal write, and send to underlying operating system 14; The operation that h underlying operating system 14 can be resolved firmware 5 sends firmware 5 to by circuit path; I firmware 5 is resolved normal write operation, and ciphered data packing generates the normal write operation that the movable storage device firmware can be resolved, and realizes normally writing movable storage device; J firmware 5 is sent back to application program 10 with write operation result and state through underlying operating system 14, general driving program 13 and upper strata operating system 11;
The method of operating that deciphering is read: a upper strata operating system 11 receives the deciphering read command that application program 10 sends; B upper strata operating system 11 will be deciphered read command and be sent to specific drivers 12; C specific drivers 12 will be deciphered read command and convert the operation that firmware can be resolved to, and send to underlying operating system 14; The operation that d underlying operating system 14 can be resolved firmware 5 sends firmware 5 to by circuit path; E firmware 5 is resolved this deciphering read operation, generates the normal read operations that the movable storage device firmware can be resolved, and reads enciphered data from movable storage device; Start encryption and decryption simultaneously and obtain decruption key from module 6; F firmware 5 is packed enciphered data and decruption key according to the form that host interface requires; G firmware 5 will be deciphered the data of read operation result and enciphered data and decruption key and send back to specific drivers 12 by underlying operating system 14; H specific drivers 12 receives enciphered data and decruption key, and startup encryption and decryption primary module 8 is decrypted operation; The data that i specific drivers 12 will be deciphered after read operation result and the deciphering are sent back to application program 10 through upper strata operating system 11, realize deciphering and read.
Realize the normal read write operation method 103 of the movable storage device safe adapter apparatus of encryption and decryption module based on software-hardware synergism, consistent with the normal read write operation method of the movable storage device safe adapter apparatus of realizing the encryption and decryption module based on hardware.
Claims (8)
1, a kind of safe adapter that is used for movable storage device, a kind of safe adapter that is used for movable storage device, comprise: host interface (1), movable storage device interface (2), encryption and decryption module (3), bridge module (4) and firmware (5), it is characterized in that: firmware (5) links to each other with host interface (1), movable storage device interface (2), encryption and decryption module (3) respectively, and bridge module (4) links to each other with host interface (1), movable storage device interface (2), encryption and decryption module (3) respectively;
Host interface (1) is responsible for being connected with main frame by general-purpose interface, receives various command and data by the standard transmission normalized definition, on the basis of the sequential operation that guarantees the transmission specification definition, provides the access path of main frame to safe adapter;
Movable storage device interface (2), be responsible for being connected with movable storage device by general-purpose interface, send various command and data to movable storage device by the standard transmission normalized definition, on the basis of the sequential operation that guarantees the transmission specification definition, provide the access path of safe adapter to movable storage device;
Encryption and decryption module (3) is encrypted writing data under the control of firmware, and sense data is decrypted;
Bridge module (4) is responsible for the connection between realization host interface and encryption and decryption module and encryption and decryption module and the movable storage device interface, and corresponding access path is provided;
Firmware (5), be responsible for the various operational orders of the conformance with standard standard of reception main frame transmission, and it is resolved, start or do not start the encryption and decryption module according to Host Command the subsequent reads write data is carried out encryption and decryption, and generate the various operational orders that meet the movable storage device standard criterion, realize actual read-write to movable storage device.
2, the safe adapter that is used for movable storage device according to claim 1 is characterized in that: described host interface standard adopts the parallel interface standard, the serial line interface standard, the general-purpose serial bus USB interface specification, the PATA interface specification, the SATA interface specification, the ATA/ATAPI interface specification, PCI/COMPACT pci interface standard, the PCI-E interface specification, the Ethernet interface specification, the pcmcia interface standard, IEEE 1394 interface specifications, the HDMI interface specification, the scsi interface standard, the SDIO interface specification, the mmc card interface specification, DRAM memory interface standard, Flash memory interface standard, SAS interface specification or FC-PI interface specification.
3, the safe adapter that is used for movable storage device according to claim 1 is characterized in that: the connection standard that described movable storage device interface is adopted is the USB interface standard, the PATA interface specification, the SATA interface specification, the ATA/ATAPI interface specification, PCI/COMPACT pci interface standard, the PCI-E interface specification, the Ethernet interface specification, the scsi interface standard, the pcmcia interface standard, IEEE 1394 interface specifications, the HDMI interface specification, the SDIO interface specification, the mmc card interface specification, DRAM memory interface standard, Flash memory interface standard, SAS interface specification or FC-PI interface specification.
4, the safe adapter that is used for movable storage device according to claim 1, it is characterized in that: encryption and decryption module (3), bridge module (4) and firmware (5) adopt the chip that separates or encryption and decryption module (3), bridge module (4) and firmware (5) are integrated in the chip piece, constitute a SOC (system on a chip) (SoC).
5, the safe adapter that is used for movable storage device according to claim 1, it is characterized in that: when the software-hardware synergism of described encryption and decryption module (3) was realized, the encryption and decryption primary module of safe adapter specific drivers (12) and safe adapter encryption and decryption cooperated realization from the key management of module (6) in the employing main frame.
6, the safe adapter that is used for movable storage device according to claim 1 is characterized in that: described encryption and decryption module (3) adopts symmetric cryptographic algorithm, stream cipher cryptographic algorithm or public key algorithm.
7, a kind ofly realize the method for operating of the movable storage device safe adapter apparatus of encryption and decryption module comprising encrypting read/write method of operating and normal read write operation method based on hardware; The key step of each method of operating is:
The method of operating that adds secret writing: a upper strata operating system (11) receives the encryption write order that application program (10) sends; B upper strata operating system (11) will be encrypted write order and be sent to specific drivers (12); C specific drivers (12) will be encrypted write order and convert the operation that firmware (5) can be resolved to, and send to underlying operating system (14); The operation that d underlying operating system (14) can be resolved firmware (5) sends firmware (5) to by circuit path; E firmware (5) is resolved this encryption write operation, starts encryption and decryption module (3) data that will write are encrypted; F firmware (5) generates the normal write operation that the movable storage device firmware can be resolved with the data encrypted packing, realizes the encryption of movable storage device is write; G firmware (5) will encrypt the write operation result and state is sent back to application program (10) through underlying operating system (14), specific drivers (12) and upper strata operating system (11);
The method of operating that deciphering is read: a upper strata operating system (11) receives the deciphering read command that application program (10) sends; B upper strata operating system (11) will be deciphered read command and be sent to specific drivers (12); C specific drivers (12) will be deciphered read command and convert the operation that firmware can be resolved to, and send to underlying operating system (14); The operation that d underlying operating system (14) can be resolved firmware (5) sends firmware (5) to by circuit path; E firmware (5) is resolved this deciphering read operation, generates the normal read operations that the movable storage device firmware can be resolved, and reads enciphered data from movable storage device; F encryption and decryption module (3) receives the enciphered data of reading from movable storage device, firmware (5) starts encryption and decryption module (3) and is decrypted operation; The form packing that data after g firmware (5) will be deciphered require according to host interface; The data that h firmware (5) will be deciphered after read operation result and the deciphering are sent back to application program (10) through underlying operating system (14), specific drivers (12) and upper strata operating system (11), realize deciphering and read;
The method of operating of normally writing: a upper strata operating system (11) receives the normal write that application program (10) sends; B upper strata operating system (11) sends to general driving program (13) with normal write; C general driving program (13) converts normal write to operation that firmware can be resolved, and sends to underlying operating system (14); The operation that d underlying operating system (14) can be resolved firmware (5) sends firmware (5) to by circuit path; E firmware (5) is resolved normal write operation, does not start encryption and decryption module (3) data that will write are encrypted; F firmware (5) generates the normal write operation that the movable storage device firmware can be resolved with the unencrypted packing data, realizes normally writing movable storage device; G firmware (5) is sent back to application program (10) with write operation result and state through underlying operating system (14), general driving program (13) and upper strata operating system (11);
The method of operating of normal read: a upper strata operating system (11) receives the normal read order that application program (10) sends; B upper strata operating system (11) sends to general driving program (13) with the normal read order; The operation that c general driving program (13) becomes firmware (5) to resolve the normal read command conversion, and send to underlying operating system (14); The operation that d underlying operating system (14) can be resolved firmware (5) sends firmware (5) to by circuit path; E firmware (5) is resolved this normal read operations, generates the normal read operations that the movable storage device firmware can be resolved, and reads the unencrypted data from movable storage device; F firmware (5) does not start encryption and decryption module (3) and is decrypted operation; G firmware (5) requires the normal data of reading in the movable storage device according to host interface form packing; H firmware (5) is sent back to application program (10) with normal read operations result and data through underlying operating system (14), general driving program (13) and upper strata operating system (11).
8, a kind ofly realize the method for operating of the movable storage device safe adapter apparatus of encryption and decryption module comprising encrypting read/write method of operating and normal read write operation method based on software-hardware synergism; The normal read write operation method, consistent with the normal read write operation method of the movable storage device safe adapter apparatus of realizing the encryption and decryption module based on hardware, the key step of encrypting read/write method of operating is:
The method of operating that adds secret writing: a upper strata operating system (11) receives the encryption write order that application program (10) sends; B upper strata operating system (11) will be encrypted write order and be sent to specific drivers (12); C specific drivers (12) startup is obtained cipher key command and is converted the operation that firmware (5) can be resolved to, and sends to underlying operating system (14); The operation that d underlying operating system (14) can be resolved firmware (5) sends firmware (5) to by circuit path; E firmware (5) is resolved this operation, starts encryption and decryption and obtains encryption key from module (6); F firmware (5) requires the form packing with encryption key according to host interface, and sends back to specific drivers (12) by underlying operating system (14); G specific drivers (12) starts encryption and decryption primary module (8) and carries out cryptographic operation to writing data, and will write data encrypted and carry out changing the operation that firmware can be resolved into according to normal write, and sends to underlying operating system (14); The operation that h underlying operating system (14) can be resolved firmware (5) sends firmware (5) to by circuit path; I firmware (5) is resolved normal write operation, and ciphered data packing generates the normal write operation that the movable storage device firmware can be resolved, and realizes normally writing movable storage device; J firmware (5) is sent back to application program (10) with write operation result and state through underlying operating system (14), general driving program (13) and upper strata operating system (11);
The method of operating that deciphering is read: a upper strata operating system (11) receives the deciphering read command that application program (10) sends; B upper strata operating system (11) will be deciphered read command and be sent to specific drivers (12); C specific drivers (12) will be deciphered read command and convert the operation that firmware can be resolved to, and send to underlying operating system (14); The operation that d underlying operating system (14) can be resolved firmware (5) sends firmware (5) to by circuit path; E firmware (5) is resolved this deciphering read operation, generates the normal read operations that the movable storage device firmware can be resolved, and reads enciphered data from movable storage device; Start encryption and decryption simultaneously and obtain decruption key from module (6); F firmware (5) is packed enciphered data and decruption key according to the form that host interface requires; G firmware (5) will be deciphered the data of read operation result and enciphered data and decruption key and send back to specific drivers (12) by underlying operating system (14); H specific drivers (12) receives enciphered data and decruption key, and startup encryption and decryption primary module (8) is decrypted operation; The data that i specific drivers (12) will be deciphered after read operation result and the deciphering are sent back to application program (10) through upper strata operating system (11), realize deciphering and read.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA200810196938XA CN101349999A (en) | 2008-09-12 | 2008-09-12 | Safe adapter apparatus for mobile storage and operation method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA200810196938XA CN101349999A (en) | 2008-09-12 | 2008-09-12 | Safe adapter apparatus for mobile storage and operation method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101349999A true CN101349999A (en) | 2009-01-21 |
Family
ID=40268799
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA200810196938XA Pending CN101349999A (en) | 2008-09-12 | 2008-09-12 | Safe adapter apparatus for mobile storage and operation method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101349999A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102222050A (en) * | 2011-05-23 | 2011-10-19 | 郑州信大捷安信息技术股份有限公司 | Highly-efficient data processing and secure storage method and secure smart cryptographic storage chip |
| CN105468983A (en) * | 2015-11-17 | 2016-04-06 | 北京华虹集成电路设计有限责任公司 | Data transmission method and device based on SATA (Serial Advanced Technology Attachment) interface |
| CN106919865A (en) * | 2017-03-02 | 2017-07-04 | 上海东软载波微电子有限公司 | Data of nonvolatile storage encryption system |
| WO2019075620A1 (en) * | 2017-10-16 | 2019-04-25 | 华为技术有限公司 | Data processing system |
| CN113420267A (en) * | 2021-08-24 | 2021-09-21 | 北京芯愿景软件技术股份有限公司 | Storage device and data reading method |
-
2008
- 2008-09-12 CN CNA200810196938XA patent/CN101349999A/en active Pending
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102222050A (en) * | 2011-05-23 | 2011-10-19 | 郑州信大捷安信息技术股份有限公司 | Highly-efficient data processing and secure storage method and secure smart cryptographic storage chip |
| CN105468983A (en) * | 2015-11-17 | 2016-04-06 | 北京华虹集成电路设计有限责任公司 | Data transmission method and device based on SATA (Serial Advanced Technology Attachment) interface |
| CN105468983B (en) * | 2015-11-17 | 2020-01-03 | 北京华大智宝电子系统有限公司 | Data transmission method and device based on SATA interface |
| CN106919865A (en) * | 2017-03-02 | 2017-07-04 | 上海东软载波微电子有限公司 | Data of nonvolatile storage encryption system |
| CN106919865B (en) * | 2017-03-02 | 2020-06-05 | 上海东软载波微电子有限公司 | Non-volatile memory data encryption system |
| WO2019075620A1 (en) * | 2017-10-16 | 2019-04-25 | 华为技术有限公司 | Data processing system |
| CN110892391A (en) * | 2017-10-16 | 2020-03-17 | 华为技术有限公司 | Data processing system |
| CN113420267A (en) * | 2021-08-24 | 2021-09-21 | 北京芯愿景软件技术股份有限公司 | Storage device and data reading method |
| CN113420267B (en) * | 2021-08-24 | 2021-11-09 | 北京芯愿景软件技术股份有限公司 | Storage device and data reading method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10204240B2 (en) | Encrypting portable media system and method of operation thereof | |
| CN101196855B (en) | Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method | |
| CN100514471C (en) | Method and system of visiting encrypting content on mobile media by device | |
| CN112313683A (en) | Offline storage system and using method | |
| US8352751B2 (en) | Encryption program operation management system and program | |
| CN100437618C (en) | Portable information safety device | |
| RU2014132162A (en) | TRANSFER DATA PROTECTION | |
| CN102073808B (en) | Method for encrypting and storing information through SATA interface and encryption card | |
| CN105243344A (en) | Chipset with hard disk encryption function and host computer controller | |
| CN104063672B (en) | Secure storage method of data | |
| CN103635911A (en) | Storage device and host device for protecting content and method thereof | |
| CN104217180A (en) | Encrypted storage disc | |
| CN102932155A (en) | High-speed storage control SOC chip supporting adoption of hardware encryption algorithm | |
| CN101951315A (en) | Key processing method and device | |
| CN105354503A (en) | Data encryption/decryption method for storage apparatus | |
| CN101349999A (en) | Safe adapter apparatus for mobile storage and operation method thereof | |
| CN102831346A (en) | Method and system for file protection | |
| CN102201044A (en) | Universal serial bus (USB) security key | |
| CN101398824A (en) | Method for implementing data storage by virtual file systems technology after processing | |
| CN203930840U (en) | A kind of hardware encryption card | |
| CN202838313U (en) | Encrypted mobile hard disk of integrated NFC technology | |
| CN204215404U (en) | A kind of cryptographic storage dish | |
| US9979541B2 (en) | Content management system, host device and content key access method | |
| CN1435761A (en) | Mobile data memory unit capable of implementing in-line and off-line encryption/decryption | |
| JPH04181282A (en) | Cryptographic system for file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20090121 |