CN101727408A - Data encryption method based on hard disk interface controller - Google Patents
Data encryption method based on hard disk interface controller Download PDFInfo
- Publication number
- CN101727408A CN101727408A CN200810232064A CN200810232064A CN101727408A CN 101727408 A CN101727408 A CN 101727408A CN 200810232064 A CN200810232064 A CN 200810232064A CN 200810232064 A CN200810232064 A CN 200810232064A CN 101727408 A CN101727408 A CN 101727408A
- Authority
- CN
- China
- Prior art keywords
- data
- sector
- controller
- bit
- order
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
- Signal Processing For Digital Recording And Reproducing (AREA)
Abstract
The invention relates to a data encryption method based on a hard disk interface controller. The method is characterized in that a storage space with the size being identical with a section buffer zone is formed in a BRAM buffer cache and is used as a cryptograph buffer zone for storing cryptograph. The method comprises encryption and decryption processes and solves the technical problem that the background technology can not simultaneously have the advantages of high safety degree and high speed of writing in or reading out data. The method has the advantages of good confidentiality, safety, reliability, no generation of data expansion under unchanged file size of an encrypted file and no influence on the transmission speed of data between a bus and a hard disk under the circumstance of not using extra hardware equipment, such as a chip.
Description
Technical field
The present invention relates to a kind of data ciphering method, be specifically related to a kind of data ciphering method based on hard disk interface controller.
Background technology
The maximum function of hard disk interface controller is exactly a data storage management, will relate to secret problem since relate to data storage, the technology of data encryption is present also very various, but this field at flash controller, can guarantee also in the rank that can guarantee to encrypt under the condition with reading speed of writing of data that the encryption that realizes data still is worth research.
Even the core cryptographic algorithm of encryption technology, cryptographic algorithm just is meant the computing method that information become ciphertext, the modern encryption algorithm all needs key to finish cryptographic calculation to information usually, its security is based on being used for encrypted secret key, if can secret simultaneously cryptographic algorithm and key, then can improve safety of data greatly.
In general encryption method, data are to encrypt before passing to controller.This ciphering process needs the extra time.When mass data is encrypted,, influence the performance of DISK to Image controller if adopt comparatively complicated cryptographic algorithm must cause writing of data to descend with reading speed; If adopt simple cryptographic algorithm, though guaranteed writing and reading speed of data, but the rank of data encryption is very low, lose the meaning of data encryption, and never possessed a kind of encryption method with the fast advantage of reading speed of writing of the high and data of the rank of encryption in the hard disk interface controller field simultaneously.
In this ciphering process, data encryption is carried out in controller inside, and controller is accepted data from main frame, and it is encrypted, and the ciphertext after will encrypting again writes the Flash chip, like this ciphertext after the data of storing on the Flash chip are exactly some encryptions; And when using data, controller reads encrypt data from the Flash chip, and it is decrypted, and the clear data after will deciphering is again passed to main frame.In whole process, guarantee that data do not change.
Summary of the invention
The object of the present invention is to provide a kind of data ciphering method based on the hard disk controller interface, it combines the read write command of data encryption with the ATA agreement, under the situation that does not change the data line sequential, effectively utilize bus free time, little to the message transmission rate influence; Adopt the cryptographic algorithm of independent research, secret simultaneously cryptographic algorithm and key have improved safety of data.It has solved the technical matters with the fast advantage of reading speed of writing that can not possess the high and data of safe rank in the background technology simultaneously.
Technical solution of the present invention is:
A kind of data encryption/decryption method by hard disk interface controller is characterized in that, opens up one section storage space identical with the sector buffer size in the BRAM buffer area, and as the ciphertext buffer zone of storage ciphertext, this method may further comprise the steps:
[ciphering process]
1) host computer is sent out write order to controller, and simultaneously with DSR, controller receives data from host computer, and is stored in the sector buffer zone;
2) when the sector buffer zone write full or data transmit finish after, controller is provided with the BSY position of status register, and the request signal that clears data;
3) controller pursues sector encryption to the data of sector buffer zone by cryptographic algorithm, will encrypt good deposit data to the ciphertext buffer area;
4) after buffer area total data encryption in sector is finished, ciphertext is write on the formulation sector of Flash chip, after data had been write, controller was removed the BSY signal, sent interrupt request singal INTRQ;
5) after host computer received look-at-me, the status register of Read Controller was removed look-at-me simultaneously, if also have the sector to carry out write operation, enter step 1), otherwise order finished;
[decrypting process]
1) controller receives after host computer sends read command, and read the encrypt data on the Flash chip designated sector during the ciphertext buffer memory gets set BSY position;
2) finish or the ciphertext buffer area is write when full when the encrypt data of being asked transmits, controller pursue sector decryption by decipherment algorithm to the data of ciphertext buffer area, and the data after the deciphering (i.e. plaintext) are stored on the buffer zone of sector;
3) after deciphering is finished or the sector buffer zone write when full, controller is provided with data request signal, and removes the BSY position of status register;
4) after host computer receives request of data, the data on the buffer zone of sector are read, after data are finished, clear data and ask signal, send interrupt request singal INTRQ to host computer;
5) after host computer received look-at-me, the status register of Read Controller was removed look-at-me simultaneously, if also have the sector to carry out write operation, enter step 1), otherwise order finished.
The read write command of the encryption of data and controller to combination, is effectively utilized the wait process of request of data, so less to the influence of data read or write speed;
In computer-internal, data are that unit stores with the byte, and each byte is made up of 8 bits, in this cryptographic algorithm, are that unit carries out data encryption with the position;
Computing machine is that base unit carries out to the read-write of hard disk with the sector, and 512 bytes are deposited in every sector, and this cryptographic algorithm also is that the sector is that unit of transfer carries out, and reading and writing data is corresponding with ciphering process.
For above consideration, above-mentioned cryptographic algorithm may further comprise the steps:
1) is that unit carries out data are encrypted with the sector, from the buffer zone of sector, reads a sectors of data as plaintext;
2) each byte is made up of 8 bits, and it is on average split into m n bit (as 24,42 or 8 1), m*n=8 wherein, and m n bit of order represented a byte (8);
3) every sector 512 bytes expressly are split as 512*m n bit, with being stored in the two dimension position hop count group of this 512*m n bit order;
4) according to the subscript of specific order conversion array element, the formation key element of this order change;
5) m n bit of every order in the array after the conversion formed a new byte, finish encryption.
Similarly, the read write command of the encryption of data and controller to combination, is effectively utilized the wait process of request of data, so less to the influence of data read or write speed;
In computer-internal, data are that unit stores with the byte, and each byte is made up of 8 bits, in this cryptographic algorithm, are that unit carries out data encryption with the position;
Computing machine is that base unit carries out to the read-write of hard disk with the sector, and 512 bytes are deposited in every sector, and this cryptographic algorithm also is that the sector is that unit of transfer carries out, and reading and writing data is corresponding with ciphering process.
From the above considerations, above-mentioned decipherment algorithm may further comprise the steps:
1) is that unit carries out data are decrypted with the sector, reads the encrypt data of a sector from the Flash chip;
2) each byte is made up of 8 bits, and it is on average split into m n bit (as 24,42 or 8 1), m*n=8 wherein, and m n bit of order represented a byte (8);
3) 512 byte encrypt datas with every sector are split as 512*m n bit, with being stored in the two dimension position hop count group of this 512*m n bit order;
4) according to the subscript of key information conversion array element, form new array;
5) m n bit of every order in the array after the conversion formed a new byte, finish deciphering.
Above-mentioned m n bit is two nibbles or four 1/4th bytes or eight 1/8th bytes.
512 bytes of above-mentioned every sector ciphertext are split as 1024 nibbles or 2048 1/4th bytes or 4096 1/8th bytes that comprise order.
Above-mentioned two dimension position hop count group is the two dimension position hop count group of 32*32 or 32*64 or 64*64.
The present invention has the following advantages:
1. adopt the cryptographic algorithm of independent research data itself to be encrypted good confidentiality.
2. ciphering process is finished at the buffer area of controller, combines efficient, safety with storage administration;
3. the encrypt file size is constant, can not produce data expansion.
4. do not need extra hardware device (as chip), can not influence the transfer rate of data between bus and hard disk.
Description of drawings
Fig. 1 is a ciphering process process flow diagram of the present invention;
Fig. 2 is a decrypting process process flow diagram of the present invention.
Embodiment
In hard disk controller inside, a buffer zone that is used for storing hard-disk interface transmission data is arranged, be the sector buffer zone, in getting, opens up the BRAM buffer memory one section storage space again, and identical with the sector buffer size, as the buffer area of storage ciphertext; The bit field array of a two dimension of application in internal memory, big or small 512 bytes are used for storing the intermediate data in the encryption and decryption process.
In the process of write data, data are sent in the buffer zone of sector by interface, sectors of data in the buffer zone of sector is copied in the two-dimensional array, data in the array are encrypted by cryptographic algorithm, encrypted result being stored in the ciphertext buffer area, is repeated aforesaid operations, all encrypt up to all data, ciphertext after will encrypting is again write on the FLASH chip, and write operation is finished.
In the process of read data, the data of designated sector on the FLASH chip are copied in the ciphertext buffer area, the keyhole report data of a sector in the ciphertext buffer area are copied in the two-dimensional array, data in the array are decrypted by decipherment algorithm, decrypted result in being stored in the sector buffer zone, is repeated aforesaid operations, all decipher up to all data, data after will deciphering are again issued host computer, and read operation is finished.
Particularly, a kind of data encryption/decryption method by hard disk interface controller may further comprise the steps:
[ciphering process]
1) host computer is sent out write order to controller, and simultaneously with DSR, controller receives data from host computer, and is stored in the sector buffer zone;
2) when the sector buffer zone write full or data transmit finish after, controller is provided with the BSY position of status register, and the request signal that clears data;
3) controller pursues sector encryption to the data of sector buffer zone by cryptographic algorithm, will encrypt good deposit data to the ciphertext buffer area;
4) after buffer area total data encryption in sector is finished, ciphertext is write on the formulation sector of Flash chip, after data had been write, controller was removed the BSY signal, sent interrupt request singal INTRQ;
5) after host computer received look-at-me, the status register of Read Controller was removed look-at-me simultaneously, if also have the sector to carry out write operation, enter step 1), otherwise order finished;
[decrypting process]
1) controller receives after host computer sends read command, and read the encrypt data on the Flash chip designated sector during the ciphertext buffer memory gets set BSY position;
2) finish or the ciphertext buffer area is write when full when the encrypt data of being asked transmits, controller pursue sector decryption by decipherment algorithm to the data of ciphertext buffer area, and the data after the deciphering (i.e. plaintext) are stored on the buffer zone of sector;
3) after deciphering is finished or the sector buffer zone write when full, controller is provided with data request signal, and removes the BSY position of status register;
4) after host computer receives request of data, the data on the buffer zone of sector are read, after data are finished, clear data and ask signal, send interrupt request singal INTRQ to host computer;
5) after host computer received look-at-me, the status register of Read Controller was removed look-at-me simultaneously, if also have the sector to carry out write operation, enter step 1), otherwise order finished.
Concrete data encryption/decryption method is:
1) is that unit carries out data are encrypted with the sector, from the buffer zone of sector, reads a sectors of data as plaintext;
2) each byte is made up of 8 bits, and it is on average split into 24 bits, and 24 bits of order are represented a byte (8);
3) every sector 512 bytes expressly are split as 1024 4 bits, in the two dimension position hop count group that is stored in a 32*32 with these 1024 4 bit orders;
4) according to the subscript of specific order conversion array element, the formation key element of this order change;
5) 24 bits of every order in the array after the conversion are formed a new byte, finish encryption.
Concrete data encryption/decryption method is:
1) is that unit carries out data are decrypted with the sector, reads the encrypt data of a sector from the Flash chip;
2) each byte is made up of 8 bits, with its on average split into 24 bits (, 24 bits of order are represented a byte (8);
3) 512 byte encrypt datas with every sector are split as 1024 4 bits, in the two dimension position hop count group that is stored in a 32*32 with these 1024 4 bit orders;
4) according to the subscript of key information conversion array element, form new array;
5) 24 bits of every order in the array after the conversion are formed a new byte, finish deciphering.
Claims (6)
1. the data encryption/decryption method by hard disk interface controller is characterized in that, opens up one section storage space identical with the sector buffer size in the BRAM buffer area, and as the ciphertext buffer zone of storage ciphertext, this method may further comprise the steps:
[ciphering process]
1) host computer is sent out write order to controller, and simultaneously with DSR, controller receives data from host computer, and is stored in the sector buffer zone;
2) when the sector buffer zone write full or data transmit finish after, controller is provided with the BSY position of status register, and the request signal that clears data;
3) controller pursues sector encryption to the data of sector buffer zone by cryptographic algorithm, will encrypt good deposit data to the ciphertext buffer area;
4) after buffer area total data encryption in sector is finished, ciphertext is write on the formulation sector of Flash chip, after data had been write, controller was removed the BSY signal, sent interrupt request singal INTRQ;
5) after host computer received look-at-me, the status register of Read Controller was removed look-at-me simultaneously, if also have the sector to carry out write operation, enter step 1), otherwise order finished;
[decrypting process]
1) controller receives after host computer sends read command, and read the encrypt data on the Flash chip designated sector during the ciphertext buffer memory gets set BSY position;
2) finish or the ciphertext buffer area is write when full when the encrypt data of being asked transmits, controller pursue sector decryption by decipherment algorithm to the data of ciphertext buffer area, and the data after the deciphering (i.e. plaintext) are stored on the buffer zone of sector;
3) after deciphering is finished or the sector buffer zone write when full, controller is provided with data request signal, and removes the BSY position of status register;
4) after host computer receives request of data, the data on the buffer zone of sector are read, after data are finished, clear data and ask signal, send interrupt request singal INTRQ to host computer;
5) after host computer received look-at-me, the status register of Read Controller was removed look-at-me simultaneously, if also have the sector to carry out write operation, enter step 1), otherwise order finished.
2. according to claim 1, the data encryption/decryption method by the hard disk controller interface is characterized in that, described cryptographic algorithm may further comprise the steps:
1) is that unit carries out data are encrypted with the sector, from the buffer zone of sector, reads a sectors of data as plaintext;
2) each byte is made up of 8 bits, and it is on average split into m n bit, m*n=8 wherein, and m n bit of order represented a byte;
3) every sector 512 bytes expressly are split as 512*m n bit, with being stored in the two dimension position hop count group of this 512*m n bit order;
4) according to the subscript of specific order conversion array element, the formation key element of this order change;
5) m n bit of every order in the array after the conversion formed a new byte, finish encryption.
3. according to claim 2, the data encryption/decryption method by the hard disk controller interface is characterized in that, described decipherment algorithm may further comprise the steps:
1) is that unit carries out data are decrypted with the sector, reads the encrypt data of a sector from the Flash chip;
2) each byte is made up of 8 bits, and it is on average split into m n bit, m*n=8 wherein, and m n bit of order represented a byte;
3) 512 byte encrypt datas with every sector are split as 512*m n bit, with being stored in the two dimension position hop count group of this 512*m n bit order;
4) according to the subscript of key information conversion array element, form new array;
5) m n bit of every order in the array after the conversion formed a new byte, finish deciphering.
4. arbitrary described according to claim 2~3, the data encryption/decryption method by the hard disk controller interface is characterized in that: described m n bit is two nibbles or four 1/4th bytes or eight 1/8th bytes.
5. according to claim 4, data encryption/decryption method by the hard disk controller interface is characterized in that: 512 bytes of described every sector ciphertext are split as 1024 nibbles or 2048 1/4th bytes or 4096 1/8th bytes that comprise order.
6. according to claim 4, the data encryption/decryption method by the hard disk controller interface is characterized in that: described two dimension position hop count group is the two dimension position hop count group of 32*32 or 32*64 or 64*64.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810232064A CN101727408A (en) | 2008-10-31 | 2008-10-31 | Data encryption method based on hard disk interface controller |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810232064A CN101727408A (en) | 2008-10-31 | 2008-10-31 | Data encryption method based on hard disk interface controller |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101727408A true CN101727408A (en) | 2010-06-09 |
Family
ID=42448321
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810232064A Pending CN101727408A (en) | 2008-10-31 | 2008-10-31 | Data encryption method based on hard disk interface controller |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101727408A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109245884A (en) * | 2018-09-29 | 2019-01-18 | 北京金风科创风电设备有限公司 | Data communication method and device of wind generating set |
| CN109460680A (en) * | 2018-10-30 | 2019-03-12 | 天津津航计算技术研究所 | A kind of hardware enciphering and deciphering implementation method and hardware encryption board based on pci bus |
-
2008
- 2008-10-31 CN CN200810232064A patent/CN101727408A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109245884A (en) * | 2018-09-29 | 2019-01-18 | 北京金风科创风电设备有限公司 | Data communication method and device of wind generating set |
| CN109245884B (en) * | 2018-09-29 | 2021-06-01 | 北京金风科创风电设备有限公司 | Data communication method and device of wind generating set |
| CN109460680A (en) * | 2018-10-30 | 2019-03-12 | 天津津航计算技术研究所 | A kind of hardware enciphering and deciphering implementation method and hardware encryption board based on pci bus |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8321659B2 (en) | Data encryption apparatus, data decryption apparatus, data encryption method, data decryption method, and data transfer controlling apparatus | |
| JP7225220B2 (en) | Storage data encryption/decryption device and method | |
| KR101601790B1 (en) | Storage system including cryptography key selection device and selection method for cryptography key | |
| CN101196855B (en) | Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method | |
| US8165301B1 (en) | Input-output device and storage controller handshake protocol using key exchange for data security | |
| CN102623030B (en) | Recording device, and content-data playback system | |
| CN102073808B (en) | Method for encrypting and storing information through SATA interface and encryption card | |
| CN1592877B (en) | Method and device for encryption/decryption of data on mass storage device | |
| CN100561449C (en) | A kind of hard-disc fan-area data enciphering and deciphering method and system | |
| US8843768B2 (en) | Security-enabled storage controller | |
| US20040172538A1 (en) | Information processing with data storage | |
| US20120137139A1 (en) | Data storage device, data control device and method for encrypting data | |
| US20090316899A1 (en) | Encryption/decryption device and security storage device | |
| US9323943B2 (en) | Decrypt and encrypt data of storage device | |
| KR101496975B1 (en) | Solid-state-disk and input/output method thereof | |
| US8478984B2 (en) | Data encryption apparatus, data decryption apparatus, data encryption method, data decryption method, and data relay apparatus | |
| CN101561751A (en) | USB encryption and decryption bridging chip | |
| CN202049480U (en) | Encryption storage equipment | |
| CN101540191A (en) | Real-time encrypted U disk and high speed encryption-decryption method | |
| CN101727408A (en) | Data encryption method based on hard disk interface controller | |
| JP2007336446A (en) | Data encryption apparatus | |
| CN105468983A (en) | Data transmission method and device based on SATA (Serial Advanced Technology Attachment) interface | |
| WO2015075796A1 (en) | Content management system, host device, and content key access method | |
| US9058295B2 (en) | Encrypt data of storage device | |
| CN108563603B (en) | High-efficient data encryption equipment based on UASP agreement |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20100609 |