CN101996339B - Data perturbation with solve upset method and storage media controller thereof and stocking system - Google Patents
Data perturbation with solve upset method and storage media controller thereof and stocking system Download PDFInfo
- Publication number
- CN101996339B CN101996339B CN200910168280.6A CN200910168280A CN101996339B CN 101996339 B CN101996339 B CN 101996339B CN 200910168280 A CN200910168280 A CN 200910168280A CN 101996339 B CN101996339 B CN 101996339B
- Authority
- CN
- China
- Prior art keywords
- data
- function
- upset
- produce
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of data perturbation and solve upset method and storage media controller thereof and stocking system, the method comes from an initial data of a host computer system in order to upset.Notebook data is upset method and is included producing a random number and being stored in a storage element by produced random number.Notebook data is upset method and is also included receiving a user password from host computer system, use one first function to produce a whole pad value according to produced random number and the user password received, and use one second function to produce a temporary value according to produced whole pad value and a key.Notebook data is upset method and is also included using one the 3rd function to produce upset data of corresponding initial data according to produced temporary value with above-mentioned initial data.Base this, can the initial data of protected host system effectively.
Description
Technical field
The invention relates to a kind of data perturbation and solve upset method and storage media controller thereof and stocking system.
Background technology
Gradually accept along with user to use stored value card and prepayment Stored Value so that the use of smart card becomes increasingly popular.Smart card (SmartCard) is the integrated circuit chips (IC wafer) of the assembly with such as microprocessor, card operation system, safe module and memorizer, to allow holder to perform scheduled operation.Smart card provides calculating, encryption, two-way communication and security function so that this card can also reach the function being protected by the data that it is stored in addition to storing the function of data.Although smart card provides an encoder to carry out the function to data encryption, but when this information needs to be reduced, still needing, another is different from the decoder of encoder, owing to the circuit of encoder and decoder is the most complex, the area taken needed for it is relatively big, and this, for today that system bulk requires increasingly stringent, is a big problem, therefore how to hold concurrently therefore data confidentiality grade and system bulk microminiaturization, the problem to be developed for current pole.
Summary of the invention
The present invention provides a kind of data perturbation and solves upset method, and it can protect stored data effectively.
The present invention provides a kind of storage media controller, and it can protect the data being stored in storage element effectively.
The present invention provides a kind of stocking system, and it can effectively be protected and be stored in data therein.
The present invention provides a kind of data processing method, and it can effectively be protected and be stored in data therein.
The embodiment of the present invention proposes a kind of data perturbation method, in order to upset the initial data coming from a host computer system.Notebook data is upset method and is included providing a storage media controller, produces a random number and is stored in a storage element by produced random number.Notebook data is upset method and is also included receiving a user password from host computer system, uses one first function to produce a whole pad value according to above-mentioned random number and above-mentioned user password, and uses one second function to produce a temporary value according to above-mentioned whole pad value and a key.Notebook data is upset method and is also included that thus storage media controller uses one the 3rd function to produce upset data of corresponding above-mentioned initial data according to above-mentioned temporary value with above-mentioned initial data.
The embodiment of the present invention proposes a kind of storage media controller, in order to upset the initial data coming from a host computer system.This storage media controller includes microprocessor unit, stores media interfaces, host interface unit and data encoding unit.Store media interfaces and be electrically connected to microprocessor unit, in order to connect storage media.Host interface unit is electrically connected to microprocessor unit, in order to connect above-mentioned host computer system.Data encoding unit is electrically connected to microprocessing unit, in order to use one first function to produce a whole pad value according to a random number and the user password coming from above-mentioned host computer system, using one second function produce a temporary value and use one the 3rd function to produce upset data of this initial data corresponding according to above-mentioned temporary value and an initial data according to above-mentioned whole pad value with a key, wherein above-mentioned random number is stored in above-mentioned storage element by data encoding unit.
The embodiment of the present invention proposes a kind of stocking system, and it includes adapter, storage element and storage media controller.Adapter is for electrically connecting to a host computer system and reception comes from an initial data and a user password of this host computer system.Storage media controller is electrically connected with so far adapter and this storage element, in order to produce a random number, to use one first function to produce a whole pad value according to this random number and above-mentioned user password, one second function is used to produce a temporary value according to this whole pad value and a key, one the 3rd function is used to produce upset data of this initial data corresponding according to this temporary value with an initial data, and this is upset in data write extremely above-mentioned storage element, wherein produced random number is stored in above-mentioned storage element by storage media controller.
The embodiment of the present invention proposes a kind of data de-scrambling unrest method, in order to upset the upset data being stored in a storage element according to the user password solution coming from a host computer system.Notebook data solution upsets method and includes reading a random number from above-mentioned storage element, uses one first function to produce a whole pad value according to this random number and above-mentioned user password.Notebook data solution upset method also includes using one second function to produce a temporary value according to above-mentioned whole pad value and a key, and is used one threeth function to produce an initial data of corresponding this upset data according to this temporary value with above-mentioned upset data by a storage media controller.
The embodiment of the present invention proposes a kind of data processing method, and it includes providing a storage media controller, and receives one first key and one second key respectively.Notebook data processing method also includes that thus storage media controller uses the first key to encrypt the second key to produce a temporary value, receive the initial data coming from a host computer system, and used one threeth function to produce upset data of corresponding initial data according to temporary value with initial data by storage media controller.
Based on above-mentioned, the embodiment of the present invention is the temporary value producing to upset data in time every time performing upset program according to user password and random value, and the temporary value that therefore can avoid upsetting data is cracked, and affects the safety of protected data.
For the features described above of the present invention and advantage can be become apparent, special embodiment below, and coordinate institute's accompanying drawings to be described in detail below.
Accompanying drawing explanation
Fig. 1 is the schematic block diagram of stocking system shown according to embodiments of the present invention;
Fig. 2 is the flow chart of data perturbation method shown according to embodiments of the present invention;
Fig. 3 is the data flow diagram performing upset method shown according to embodiments of the present invention;
Fig. 4 is the flow chart of data de-scrambling unrest method shown according to embodiments of the present invention;
Fig. 5 is the data flow diagram performing to solve upset method shown according to embodiments of the present invention.
Main element symbol description
100: stocking system;110: storage media controller;
120: adapter;130: storage element;
152: microprocessor unit;154: data encoding unit;
156: store media interfaces unit;158: host interface unit;
172: random number generator;174: shade device;
176: data perturbation device;200: host computer system;
300: bus-bar;S201、S203、S205、S207、S209、
S211, S213: upset the step of method;
S401, S403, S405, S407, S409, WC1: data write instruction;
S411: solve the step of upset method;
RD1: initial data;PW1: user password;
K1: key;RN1: random number;
PV1: whole pad value;T1: temporary value;
SD1: upset data;RC1: data read command.
Detailed description of the invention
The present embodiment proposes a kind of stocking system, wherein in host computer system is intended at this stocking system, store data (i.e., initial data) time, this stocking system can use the temporary value of instant generation that initial data performs the upset program upset data with generation correspondence, and stores this upset data.And when host computer system is intended to read from this stocking system reading data (that is, initial data), this stocking system can use the temporary value of instant generation to come corresponding upset data and perform a solution upset program to reduce initial data.Owing to upsetting and solving that to upset the temporary value that used be immediately to produce in operation, and it is not stored in stocking system, therefore can be effectively prevented unauthorized persons and crack stocking system upsets machine-processed and in illegal access stocking system data.
Fig. 1 is the schematic block diagram of stocking system shown according to embodiments of the present invention.
Refer to Fig. 1, in general, stocking system 100 is to operate use together with host computer system 200, so that host computer system 200 can write data into stocking system 100 or read data from stocking system 100.
Stocking system 100 includes storage media controller (also can be called for short, controller) 110, adapter 120 and storage element 130.
Storage media controller 110 can perform with hardware pattern or multiple logic gate of firmware pattern implementation or control instruction, and carries out the write of data, reading etc. in storage element 130 according to the instruction of host computer system 200.
Storage media controller 110 includes microprocessor unit 152, data encoding unit 154, stores media interfaces unit 156 and host interface unit 158.
Microprocessor unit 152 in order to data encoding unit 154, store the cooperative cooperatings such as media interfaces unit 156 and host interface unit 158 to carry out the various runnings of stocking system 100.
Data encoding unit 154 is electrically connected to microprocessor unit 152, and in order to perform the data perturbation mechanism according to the present embodiment.Data encoding unit 154 includes random number generator 172, shade device 174 and data perturbation device 176.
Random number generator 172 is electrically connected to microprocessor unit 152, and produces random number according to the instruction of microprocessor unit 152.Such as, in the present embodiment, random number generator 172 can produce the random number of a length of 8 bit groups (Byte).But, the invention is not restricted to this, random number generator 172 also can produce 3 bit groups, 12 bit groups, or the random number of random length according to the setting of user.In the present embodiment, random number produced by random number generator 172 be for the data to be stored are carried out upset program or to upset data carry out solve upset program one of them parameter.Particularly, microprocessor unit 152 can store random number produced by random number generator 172, be beneficial to follow-up to upset data carry out solve upset program, such as, random number produced by random number generator 172 is stored in storage element 130 by microprocessor unit 152.Additionally, in an alternative embodiment of the invention, storage media controller 110 also can configure non-volatility memorizer to deposit random number produced by random number generator 172.
Shade device 174 is electrically connected to microprocessor unit 152, and produces whole pad value and temporary value according to the instruction of microprocessor unit 152.Whole pad value produced by shade device 174 and temporary value are also that the data for be stored host computer system 200 carry out upset program or to the parameter upsetting data and carry out solving upset program.It is noted that microprocessor unit 152 can store produced random value, to be used as solution upset, but in the present embodiment, produced by shade device 174, whole pad value can not be stored with temporary value.It is to say, whole pad value and temporary value are to produce in time carrying out upset program or solve upset program every time, and will be deleted after using.
Specifically, shade device 174 is configured with the first function, and shade device 174 can use the first function to produce whole pad value according to random value produced by user password and random number generator 172.Here, user password is to be provided by host computer system 200, and it is sent to storage media controller 110 by host computer system 200.In addition, first function is to preset operation function, it is in order to edit inputted data (i.e., user password and random number) and by the data inputted filling a to predetermined length using as whole pad value and by the data extending that inputted to a predetermined length using as whole pad value, wherein this predetermined length can set according to intended encryption strength or data treated length, i.e. the longest then encryption strength of this predetermined length is the highest or data process quantity the more, in the present embodiment, this predetermined length is set to 24 bit groups, but it also can need according to user and be set as random length, should be as limit.In the present embodiment, shown in the first function such as formula (1):
PV=F (PW, SHIFT, RN, PAD, PWL) (1)
Wherein PV represents whole pad value, and SHIFT represents that shift value, PW represent user password, and RN represents that random value, PAD represent filling bit, and PWL represents user Password Length.Here, shift value is to make the whole pad value edited the most chaotic, and clog bit in order to expand the length of the whole pad value edited.In the present embodiment, whole pad value, shift value, user password, random value, filling bit and user Password Length are all to represent with 16 carries, wherein user password be 8 bit groups, shift value be that 1 bit group, random value are 8 bit groups and user Password Length is 4 bit groups.Therefore, in the example that the whole pad value of expection is 24 bit groups, shade device 174 can be using the 0 × 00 of 3 (=24-8-1-8-4) individual bit group as filling bit.That is, in the present embodiment, shade device 174 can edit to produce the whole pad value of 24 bit groups according to the order of the user Password Length of the user password of 8 bit groups, the shift value of 1 bit group, the random value of 8 bit groups, the filling bit of 3 bit groups and 4 bit groups.
Such as, it is " F69F2445DF4F9B17 when random number16" and user password be " 6BC11B206162636416" time, the whole pad value of produced 24 the bit groups of shade device 174 is " 6BC11B2061626364-80-F69F2445DF4F9B17-000000-0000000816”。
It will be appreciated that formula (1) is only implementation the first function, the invention is not restricted to this, any function that random number and user password can carry out editing and producing the whole pad value of expection length all can be as the first function.
Such as, in an alternative embodiment of the invention, the first function formula (2) can also carry out implementation:
PV=F (PW, RN) (2)
Wherein the first function is only as parameter and to utilize user password and random number with a predetermined rule combination or the whole pad value repeating to produce a tentation data length with random number using above-mentioned user password.Such as, it is " F69F2445DF4F9B17 when random number16" and user password be " 6BC11B206162636416" time, the whole pad value of produced 24 the bit groups of shade device 174 can be " F69F2445DF4F9B17-6BC11B2061626364-F69F2445DF4F9B1716" or " 6BC11B2061626364-F69F2445DF4F9B17-6BC11B206162636416”。
Additionally, in another embodiment, the first function formula (3) can also carry out implementation:
PV=F (PW, RN, PAD) (3)
It is wherein only using above-mentioned user password, random number and filling bit as parameter, and the data length the filling bit whole data length of pad value that is based on being produced, the data length of random number determine with the data length of user password.Such as, it is " F69F2445DF4F9B17 at random number16" and user password be " 6BC11B206162636416" example in; owing to random number and user password are all 8 bit groups, therefore when being intended to the whole pad value producing 24 bit groups, shade device 174 can use the filling bit " F69F2445DF4F9B17-0000000000000000-6BC11B2061626364 of 8 bit groups16" or " F69F2445DF4F9B17-6BC11B2061626364-000000000000000016" as whole pad value.
Additionally, in another embodiment, the first function formula (4) can also carry out implementation:
PV=F (PW, RN, PAD, PWL) (4)
It is wherein only using above-mentioned user password, random number, filling bit and user Password Length as parameter.Such as, it is " F69F2445DF4F9B17 at random number16", user password is " 6BC11B206162636416" and user Password Length be " 0000000816" example in, the whole pad value of produced 24 the bit groups of shade device 174 can be " F69F2445DF4F9B17-6BC11B2061626364-00000000-0000000816" or " F69F2445DF4F9B17-00000000-00000008-6BC11B206162636416" as whole pad value.
It is worth mentioning that, in addition to user password with random number, the length of above-mentioned shift value or user password can act also as producing the parameter of whole pad value, therefore for the length of produced whole pad value can be made equal to above-mentioned predetermined length, above-mentioned filling bit can adjust its length according to the parameter used, wherein clog the length of bit to be not more than above-mentioned predetermined length and deduct the length of user password and random number, as shown in following formula (5).
PADLength≤DeLength-(PWLength+RNLength)(5)
Wherein PADLength represents the length of filling bit, and DeLength represents that predetermined length, PWLength represent the length of user password, and RNLength represents the length of random number.
In the present embodiment, shade device 174 is configured with the second function, and shade device 174 can use the second function to produce temporary value according to key and produced whole pad value.Such as, the second function is the encryption function of data encryption standards (DataEncryptionStandard, DES), and key is used as the key in DES function.In other words, whole pad value as an input value to the second function and can will be encrypted ciphertext produced by whole pad value as temporary value by key by shade device 174.At this, shade device 174 is using user password as key, but the invention is not restricted to this, in an alternative embodiment of the invention, the user of host computer system 200 also can input one be different from above-mentioned user password another expected from user key as key, and shade device 174 can store the user key of user input to be used as solving upset.Additionally, stocking system 100 also can be using one group of preset value as this key in time dispatching from the factory.
In another embodiment, user key or user password are for one first key, and the whole pad value that shade device 174 is received is for one second key, and shade device 174 can use this first key to utilize this second key of the second function encrypting to produce a ciphertext as temporary value.
In the present embodiment, although the present embodiment is using the encryption function of DES as the second function, but the invention is not restricted to this, the decryption function of DES can act also as above-mentioned second function.It is to say, in the decryption function example as the second function using DES, whole pad value is to be regarded as ciphertext input to the second function and to decipher plaintext produced by whole pad value as temporary value by key.
In addition, it must be appreciated, above-mentioned second function is not limited to DES, in an alternative embodiment of the invention, any symmetrical expression function is (such as, high-order encryption standard (AdvancedEncryptionStandard, AES) encryption or decryption function), asymmetric function is (such as, RSA (Rivest-Shamir-Adleman) encryption function) or informative abstract (MessageDigest) function is (such as, 5th generation message summary (MessageDigest5, MD5) function or Secure Hash standard (SecureHashStandard, SHA) function) all can be as second function of the present embodiment.
Data perturbation device 176 is electrically connected to microprocessor unit 152, and according to the instruction of microprocessor unit 152, initial data is performed upset program to produce upset data or to perform to solve upset program to upsetting data.Specifically, in data perturbation device 176, it is configured with the 3rd function, and data perturbation device 176 uses the 3rd function produce upset data or use the 3rd function to reduce initial data according to temporary value produced by shade device 174 with having upset data according to temporary value produced by shade device 174 and initial data.In the present embodiment, the 3rd function is a mutual exclusion (XOR) function, however, it is necessary to be appreciated that and the invention is not restricted to this, the 3rd function can be other logical operations functions, or is mostly the combination of a logical operations function.
It is worth mentioning that, in the present embodiment, shade device 174 is by the second function (i.e., des encryption function) length of produced temporary value is the same as using the length of whole pad value produced by the first function, therefore the 3rd function is used (i.e. when data perturbation device 176, XOR function) when upsetting initial data, the length of initial data also needs to be equal to the length of temporary value.Such as, in the present embodiment, shade device 174 utilizes the first function to produce the whole pad value of 24 bit groups with user Password Length according to random number, user password, and utilizes the second function to produce the temporary value of 24 bit groups according to whole pad value and key.Therefore, in the case of initial data is also 24 bit groups, data perturbation device 176 direct basis temporary value can use the 3rd function to produce the upset data of 24 bit groups.It is to say, in the present embodiment, whole pad value the length of length and temporary value be the same as the length of initial data.But, it must be appreciated, the invention is not restricted to this, when the length of produced temporary value differs with the length of initial data, stocking system can also clog bit group or to repeat to expand temporary value in the way of temporary value so that the length of temporary value after Kuo Chonging is identical with the length of initial data, or by many for original data division individual sub-initial datas so that the length of sub-initial data and the length of temporary value are identical.
In the present embodiment, random number generator 172, shade device 174 are with a hardware pattern implementation with data perturbation device 176.But the invention is not restricted to this, in an alternative embodiment of the invention, random number generator 172, shade device 174 can also a firmware pattern be embodied in storage media controller 110 with data perturbation device 176.Such as, to include that the random number generator 172 of multiple programming, shade device 174 are burned onto a formula memorizer (such as with data perturbation device 176, read only memory (ReadOnlyMemory, ROM) it is embedded in storage media controller 110 in) and by this formula memorizer, when stocking system 100 operates, random number generator 172, shade device 174 can have been performed block management schemes according to embodiments of the present invention and data writing mechanism by microprocessor unit 152 with multiple machine instructions of data perturbation device 176.
Additionally, in an alternative embodiment of the invention, random number generator 172, shade device 174 can also software pattern be stored in storage element 130 with the control instruction of data perturbation device 176.Same, when stocking system 100 operates, random number generator 172, shade device 174 can be performed by microprocessor unit 152 with multiple control instructions of data perturbation device 176.
Store media interfaces unit 156 and be electrically connected to microprocessor unit 152 and in order to access storage element 130.It is to say, the data being intended to write to storage element 130 can be converted to the receptible form of storage element 130 via storing media interfaces unit 156.
Host interface unit 158 is electrically connected to microprocessor unit 152 and in order to receive and to identify the instruction that host computer system 200 is transmitted.It is to say, the instruction that host computer system 200 is transmitted can be sent to microprocessor unit 152 by host interface unit 158 with data.In the present embodiment, host interface unit 158 is safety digit (securedigital, SD) interface.nullBut,It must be appreciated and the invention is not restricted to this,Host interface unit 158 can also be sequence advanced person adnexa (SerialAdvancedTechnologyAttachment,SATA) interface、Communication serial bus (UniversalSerialBus,USB) interface、Institute of Electrical and Electric Engineers (InstituteofElectricalandElectronicEngineers,IEEE) 1394 interface、High-speed peripheral part connecting interface (PeripheralComponentInterconnectExpress,PCIExpress)、Memory stick (MemorySick,MS) interface、Multi Media Card (MultiMediaCard,MMC) interface、Compact flash (CompactFlash,CF) interface、Integrated driving electronic interface (IntegratedDeviceElectronics,IDE) or other be suitable for data transmission interfaces.
Though additionally, be not illustrated in the present embodiment, but storage media controller 110 also further includes error correction unit and Power Management Unit etc. and controls the circuit of storage element.
Adapter 120 is electrically connected to storage media controller 110 and in order to connect host computer system 200 by bus-bar 300.In the present embodiment, adapter 120 is SD adapter.But, it must be appreciated and the invention is not restricted to this, adapter 120 can also be SATA connector, USB connector, IEEE1394 adapter, PCIExpress adapter, MS adapter, MMC adapter, CF adapter, IDE connector or other adapters being suitable for.
Storage element 130 is electrically connected to storage media controller 110 and in order to store data.In the present embodiment, storage element 130 has a hidden area to deposit random number produced by random number generator 172.Here, refer to only can be writable by storage media controller 110 with the region read in so-called hidden area, and the region that host computer system 200 cannot access.In the present embodiment, storage element 130 is the memorizer (OneTimeProgrammemory, OTP) that once stylizes.However, it is necessary to be appreciated that, storage element 130 can be non-volatility memorizer (such as, flash memory), magnetic disc or other any applicable storage media.
Fig. 2 is the flow chart of data perturbation method shown according to embodiments of the present invention, and Fig. 3 is the data flow diagram performing upset method shown according to embodiments of the present invention.
Referring to Fig. 2 and Fig. 3, when host computer system 200 data to be stored are to stocking system 100, the microprocessor unit 152 of storage media controller 110 can be via data write instruction WC1 of host interface unit 158 Receiving Host system 200, the initial data RD1 to be stored and user password PW1 in step s 201.Specifically, stocking system 100 can protect the data stored by user according to the password set by user.Therefore, when user is intended in stocking system 100 store data, user need to provide presetting user password.Such as, in an embodiment of the present invention, user is to cooperate with a software interface to use stocking system, and wherein this software interface provides a password field to input user password for user.
Whether random number is had during microprocessor unit 152 can judge storage element 130 in step S203.If storage element 130 does not stores random number, then in step S205, random number generator 172 can produce one group of random number as random number under the control of microprocessor unit 152.Such as, in Fig. 3, not having any random number in storage element 130, therefore random number generator 172 can produce one group of random number R N1.
Afterwards, in step S207, shade device 174 uses the first function to produce whole pad value PV1 according to random number R N1 and user password PW1, and shade device 174 uses the second function to produce temporary value T1 according to produced whole pad value PV1 and key K1 in step S209.As it has been described above, in basis, shade device 174 is using user password PW1 as key K1.But, user key can be set as in the example of key at user, above-mentioned software interface also can provide a key field to set user key for user.
Then, in step S211, data perturbation device 176 uses the 3rd function to produce upset data SD1 according to temporary value T1 with initial data RD1.Finally, in step S213, produced upset data SD1 can be write to storage element 130 with random value RN1 by microprocessor unit 152 by storing media interfaces unit 156.
Based on above-mentioned, owing to storage media controller 110 is that the upset data after upsetting are to replace initial data with in write to storage element 130, therefore, when host computer system 200 is intended to read stored data, it is initial data by the data convert upset that storage media controller 110 must carry out solving upset program.
Fig. 4 is the flow chart of data de-scrambling unrest method shown according to embodiments of the present invention, and Fig. 5 is the data flow diagram performing to solve upset method shown according to embodiments of the present invention.
Referring to Fig. 4 and Fig. 5, when host computer system 200 is intended to from stocking system 100 the initial data RD1 read, in step S401, the microprocessor unit 152 of storage media controller 110 can be via the data read command RC1 and user password PW1 of host interface unit 158 Receiving Host system 200.
In step S403, microprocessor unit 152 meeting is all crossed and is stored random number R N1 and upset data SD1 that media interfaces unit 156 reading is stored in storage element 130.
Afterwards, in step S405, shade device 174 uses the first function to produce whole pad value PV1 according to random number R N1 and user password PW1, and shade device 174 uses the second function to produce temporary value T1 according to produced whole pad value PV1 and key K1 in step S 407.As it has been described above, in basis, shade device 174 is using user password PW1 as key K1.
Then, in step S409, data perturbation device 176 uses the 3rd function to reduce initial data RD1 according to temporary value T1 with upsetting data SD1.Finally, in step S411, microprocessor unit 152 can send the initial data RD1 reduced to host computer system 200 by host interface unit 158.It is noted that in the present embodiment, host computer system 200 must provide for correct user password just can correctly solve the upset data stored by upset, and otherwise host computer system 200 will receive incorrect data.It is to say, the data that storage media controller 110 performs obtained by solution upset program according to the user password of mistake will not be the initial data stored by host computer system 200.
It is noted that in embodiments of the present invention, when storage element 130 has many upset data of corresponding many initial datas in the same time, these upset data must be the parameter using identical random number as above-mentioned upset program.It is to say, after only all upset data in storage element 130 are reduced back initial data the most, the random value being stored in storage element 130 just can be erased by storage media controller 110, and produces new random value in time writing data next time.But, the invention is not restricted to this, provide sufficient space to store in the example of many randoms number at storage element 130, storage media controller 110 also can be that each the corresponding random number of initial data generation one is used to carry out above-mentioned upset program.
In sum, data are upset by the temporary value that the embodiment of the present invention is based on immediately producing, and owing to this temporary value can't be stored in stocking system, therefore increase considerably the difficulty cracking upset data.Additionally, in the program of upset or anti-upset program, temporary value is all (such as, encryption function or decryption function) to produce in the same manner, therefore need not configuration and performs the circuit of inverse operation, and can significantly reduce the volume of stocking system.Furthermore, after upset data stored in stocking system are reduced the most, the stocking system of the present embodiment can regenerate random value, and thus produces different temporary value, therefore can more guarantee the safety of the data using this temporary value to be protected.
It is last it is noted that above example is only limited in order to technical scheme to be described, although the present invention being described in detail with reference to preferred embodiment, it will be understood by those within the art that: technical scheme still can be modified or equivalent by it, and these amendments or equivalent also can not make amended technical scheme depart from the spirit and scope of technical solution of the present invention.
Claims (30)
1. a data perturbation method, including:
Produce a random number and produced random number is stored in a storage element;
A data write instruction, an initial data and a user password is received from a host computer system;
One first function is used to produce a whole pad value according to this random number and this user password;
One second function is used to produce a temporary value according to this whole pad value and a key;
One the 3rd function is used to produce should upset data of initial data according to this temporary value and this initial data;
Store these upset data in this storage element to complete this data write instruction;
From this host computer system, receive a data read command and from this host computer system, again receive this user password;
These upset data and this random number is read from this storage element;
This first function is used to regenerate this whole pad value according to this random number read from this storage element with this user password again received from this host computer system;
This whole pad value and this key according to regenerating use this second function to regenerate this temporary value;
The 3rd function is used to produce the initial data of corresponding these upset data read from this storage element according to this temporary value regenerated with these upset data read from this storage element;And
The initial data of these upset data correspondence read from this storage element sends this host computer system to respond this data read command.
Data perturbation method the most according to claim 1, the step wherein using this first function to produce this whole pad value according to this random number and this user password includes: produce this whole pad value by this first function this random number of editor and this user password.
Data perturbation method the most according to claim 2, also includes using at least one of the length of this user password, a filling bit and a shift value to produce this whole pad value, and wherein the length of this whole pad value is equal to a predetermined length.
Data perturbation method the most according to claim 3, wherein this predetermined length is same as the length of this initial data.
Data perturbation method the most according to claim 3, wherein
PADLength≦DeLength-(PWLength+RNLength)
Wherein PADLength represents the length of this filling bit, and DeLength represents this predetermined length, and PWLength represents the length of this user password, and RNLength represents the length of this random number.
Data perturbation method the most according to claim 1, wherein this second function is a symmetrical expression function, an asymmetric function or an informative abstract function.
Data perturbation method the most according to claim 1, wherein the 3rd function is a logical operations function.
Data perturbation method the most according to claim 1, also includes using this user password as this key.
Data perturbation method the most according to claim 1, also includes producing this key randomly and this key produced being stored in this storage element.
Data perturbation method the most according to claim 6, wherein this symmetrical expression function is a high-order encryption standard function or a data encryption standards function.
11. data perturbation methods according to claim 6, wherein this asymmetric function is a rsa encryption function.
12. data perturbation methods according to claim 6, wherein this informative abstract function is one the 5th generation message abstract function or a Secure Hash canonical function.
13. data perturbation methods according to claim 7, wherein this logical operations function is a mutual exclusion function.
14. data perturbation methods according to claim 1, also include:
Expanding this temporary value, wherein the length of this temporary value expanded is equal to the length of this initial data.
15. data perturbation methods according to claim 1, also include:
Splitting this initial data is many sub-initial datas, and the length of the sub-initial data of at least a part of which one is equal to the length of this temporary value.
16. 1 kinds of storage media controllers, including:
One microprocessor unit;
One stores media interfaces unit, is electrically connected to this microprocessor unit, in order to connect storage media;
One host interface unit, is electrically connected to this microprocessor unit, in order to connect this host computer system;And
One data encoding unit, is electrically connected to this microprocessor unit,
Wherein a random number is stored in this storage element by this microprocessor unit,
Wherein this microprocessor unit receives a data write instruction, an initial data and a user password from this host computer system,
In order to use one first function to produce a whole pad value according to this random number and this user password coming from this host computer system, according to this whole pad value with one key use one second function produce a temporary value and according to this temporary value with one initial data use one the 3rd function produce to should initial data one upset data
Wherein these upset data are stored in this storage element to complete this data write instruction by this microprocessor unit,
Wherein this microprocessor unit receives a data read command from this host computer system and again receives this user password from this host computer system, and reads these upset data and this random number from this storage element,
Wherein this data encoding unit uses this first function to regenerate this whole pad value according to this random number read from this storage element with this user password again received from this host computer system, this whole pad value and this key according to regenerating use this second function to regenerate this temporary value, and use the 3rd function to produce the initial data of corresponding these upset data read from this storage element according to this temporary value regenerated with these upset data read from this storage element
Wherein the initial data of these upset data that correspondence is read from this storage element by this microprocessor unit sends this host computer system to respond this data read command.
17. storage media controllers according to claim 16, wherein this data encoding unit includes:
One random number generator, in order to produce this random number;
One shade device, in order to set this key, to use this first function produce this whole pad value and use this second function to produce this temporary value;And
One data perturbation device, in order to use the 3rd function to produce should these upset data of initial data.
18. storage media controllers according to claim 16, wherein this data encoding unit by this first function this random number of editor and this user password to produce this whole pad value.
19. storage media controllers according to claim 18, wherein this data encoding unit also use the length of this user password, filling bit and a shift value at least one to produce this whole pad value, wherein the length of this whole pad value is equal to a predetermined length.
20. storage media controllers according to claim 19, wherein this predetermined length is same as the length of this initial data.
21. storage media controllers according to claim 19, wherein
PADLength≦DeLength-(PWLength+RNLength)
Wherein PADLength represents the length of this filling bit, and DeLength represents this predetermined length, and PWLength represents the length of this user password, and RNLength represents the length of this random number.
22. 1 kinds of stocking systems, including:
A connector, is for electrically connecting to a host computer system and reception comes from a data write instruction of this host computer system, an initial data and a user password;
One storage element;And
One storage media controller, is electrically connected to this adapter and this storage element, in order to produce a random number and produced random number be stored in this storage element,
Wherein this storage media controller uses one first function to produce a whole pad value according to this random number and this user password, one second function is used to produce a temporary value according to this whole pad value and a key, according to this temporary value with one initial data use one the 3rd function produce to should initial data one upset data, and these upset data are write to this storage element to complete this data write instruction
Wherein this storage media controller receives a data read command from this host computer system and again receives this user password from this host computer system, and reads these upset data and this random number from this storage element,
Wherein this storage media controller uses this first function to regenerate this whole pad value according to this random number read from this storage element with this user password again received from this host computer system, this whole pad value and this key according to regenerating use this second function to regenerate this temporary value, and use the 3rd function to produce the initial data of corresponding these upset data read from this storage element according to this temporary value regenerated with these upset data read from this storage element
Wherein the initial data of these upset data that correspondence is read from this storage element by this storage media controller sends this host computer system to respond this data read command.
23. according to the described stocking system of claim 22, wherein this storage media controller by this first function this random number of editor with this user password to produce this whole pad value.
24. stocking system according to claim 23, wherein this storage media controller also use the length of this user password, filling bit and a shift value at least one to produce this whole pad value, wherein the length of this whole pad value is equal to a predetermined length.
25. 1 kinds of data processing methods, this data processing method includes:
Receive one first key and one second key respectively;
Use this first key to encrypt this second key and produce a temporary value;
Receive the data write instruction coming from a host computer system and an initial data;
According to this temporary value and this initial data use one the 3rd function produce to should initial data upset data and by these upset data write a to storage element to complete this data write instruction, wherein this original data division is many sub-initial datas, the length of at least one sub-initial data is equal to the length of this temporary value, to produce this upset data;
From this host computer system, receive a data read command and the most again receive this first key and this second key;
This upset data are read from this storage element;
This first key is used to encrypt this second key to regenerate this temporary value;
Use the 3rd function to produce the initial data of corresponding these upset data read from this storage element according to this temporary value regenerated with these upset data read from this storage element;And
The initial data of these upset data correspondence read from this storage element sends this host computer system to respond this data read command.
26. data processing methods according to claim 25, wherein this second key is to be produced by this first key.
27. data processing methods according to claim 25, wherein the length of this second key is equal to the length of this initial data.
28. data processing methods according to claim 25, also include: use the 3rd function to reduce this initial data according to this temporary value and these upset data.
29. data processing methods according to claim 25, wherein the 3rd function is a logical function.
30. data processing methods according to claim 25, also include:
Expanding this temporary value, the length of this temporary value the most expanded is equal to the length of this initial data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910168280.6A CN101996339B (en) | 2009-08-20 | 2009-08-20 | Data perturbation with solve upset method and storage media controller thereof and stocking system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910168280.6A CN101996339B (en) | 2009-08-20 | 2009-08-20 | Data perturbation with solve upset method and storage media controller thereof and stocking system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101996339A CN101996339A (en) | 2011-03-30 |
| CN101996339B true CN101996339B (en) | 2016-08-03 |
Family
ID=43786476
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910168280.6A Active CN101996339B (en) | 2009-08-20 | 2009-08-20 | Data perturbation with solve upset method and storage media controller thereof and stocking system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101996339B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109962776B (en) * | 2017-12-25 | 2022-02-08 | 亚旭电脑股份有限公司 | Encryption method and decryption method |
| TWI681655B (en) * | 2018-10-08 | 2020-01-01 | 瑞昱半導體股份有限公司 | Method for performing bit level management in a wireless local area network system, transmitter and receiver |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101118586A (en) * | 2006-08-04 | 2008-02-06 | 佳能株式会社 | Information processing apparatus, data processing apparatus, and methods thereof |
| CN101419652A (en) * | 2008-08-22 | 2009-04-29 | 航天信息股份有限公司 | Software and hardware combined program protecting method |
-
2009
- 2009-08-20 CN CN200910168280.6A patent/CN101996339B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101118586A (en) * | 2006-08-04 | 2008-02-06 | 佳能株式会社 | Information processing apparatus, data processing apparatus, and methods thereof |
| CN101419652A (en) * | 2008-08-22 | 2009-04-29 | 航天信息股份有限公司 | Software and hardware combined program protecting method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101996339A (en) | 2011-03-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103164666B (en) | The method for protecting the storage arrangement and certification storage arrangement of secure data | |
| TWI401583B (en) | Data scramble and reverse-scranble method, data processing method, and controller and storage system thereof | |
| CN102419807A (en) | Secure erase system for a solid state non-volatile memory device | |
| TWI747007B (en) | Configurable security memory region | |
| CN104346103A (en) | Instruction executing method, memory controller and memory storage device | |
| CN209402526U (en) | The key storage device of safety chip | |
| CN110781532B (en) | Card opening device and method for verifying and enabling data storage device by using card opening device | |
| CN103718185A (en) | Authenticator, authenticatee and authentication method | |
| CN101615161B (en) | Method for encrypting and decrypting hard disk, hard disk driving device and hard disk | |
| TW201207862A (en) | Memory identification code generating method, management method, controller and storage system | |
| CN102768716A (en) | Memory card and reading, data encryption, key generation and password changing method thereof | |
| CN107315966B (en) | Solid state disk data encryption method and system | |
| CN103257938B (en) | Data guard method, Memory Controller and memorizer memory devices | |
| CN110489351B (en) | Chip fingerprint management device and security chip | |
| CN102750982A (en) | Burning method and system of encrypted memory chip | |
| CN101996339B (en) | Data perturbation with solve upset method and storage media controller thereof and stocking system | |
| CN103365605A (en) | Information storage device and method | |
| CN103347017A (en) | Data processing method and system on chip | |
| CN104077243A (en) | SATA hard disc device encryption method and system | |
| CN102651079A (en) | IC (integrated circuit) card management method occupying memory space for a short time and IC card management system | |
| CN103176917A (en) | Storage device protective system and method of locking and unlocking storage device | |
| CN104573537A (en) | Data processing method, memory storage device and memory control circuit unit | |
| CN101251885A (en) | Method and apparatus for protecting software program safety in MCU | |
| CN103034594A (en) | Memory storage device and memory controller and password authentication method thereof | |
| CN102375943B (en) | Identification code generation method, memory management method, controller and storage system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |