CN102932134A - Device and method for realizing data transmission encryption through sata interface - Google Patents
Device and method for realizing data transmission encryption through sata interface Download PDFInfo
- Publication number
- CN102932134A CN102932134A CN2012104137979A CN201210413797A CN102932134A CN 102932134 A CN102932134 A CN 102932134A CN 2012104137979 A CN2012104137979 A CN 2012104137979A CN 201210413797 A CN201210413797 A CN 201210413797A CN 102932134 A CN102932134 A CN 102932134A
- Authority
- CN
- China
- Prior art keywords
- encryption
- module
- data
- decryption
- protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a technical scheme of a device for data transmission encryption. The device comprises a microprocessor and an interface circuit which is connected with a host device, wherein the interface circuit is connected with a protocol analysis module, a first input caching module and a first output caching module are arranged for the protocol analysis module and a paper piece of the microprocessor, the microprocessor is also connected with a FLASH memory module and an encryption and decryption module, a second input caching module and a second output caching module are arranged for the protocol analysis module and the paper piece of the encryption and decryption module, and the microprocessor is connected with the encryption and decryption module. The device of the scheme is additionally arranged on a transmission medium, the data can be encrypted during the transmission process without additional memory equipment; and moreover, the encryption speed of the scheme is high, the transmission speed of the data cannot be influenced, the data which reaches a local end is a ciphertext, and the transmission data can only be read out through the decryption of the device of the scheme, so that the data safety during the whole transmission process is ensured.
Description
Technical field
What the present invention relates to is a kind of device and method of encrypting by sata Interface realization transfer of data.
Background technology
In the prior art; known technology is that the protection to content is relatively outlines of present security fields in long-distance video transfer of data, VPN, electronic document transmission course; very easily be subject to hacker's attack when crossing the some transmission medium data such as network when data communication device; if but with the ready-made protection guarantee of data of transmitting; just be that the hacker has stolen data, also be difficult to crack in the valid period in data.
At present more common safe transmission mode is a kind of to be before enciphered data of transmission, and this kind mode need to be encrypted before the transmission of data, and operating efficiency is lower and need to increase extra storage hardware equipment; Another kind is that the data of transmission are encrypted by underlying protocol, but this kind mode does not need extra memory device just can obtain the safety encipher guarantee can only realize two sides' safety certification, can not support multipart identification authentication, and can only guarantee the safety of data in the process of transmission, data are arrived not regulation of local safety, and this is the existing weak point of prior art.
Summary of the invention
Purpose of the present invention is exactly for the existing deficiency of prior art, and provide a kind of technical scheme of data transfer encryption method and device of the SATA of being applicable to hardware storage device, increase the device of this programme at transmission medium, data can be encrypted in transmission course does not need extra memory device, and the enciphering rate of this programme is fast, can not affect data transfer speed, the data that arrive local side are ciphertexts, must just can read out by the device deciphering of this programme the data of transmission, guarantee the fail safe of data in whole transmission course.
This programme is achieved by the following technical measures: a kind of device of realizing the transfer of data encryption by the sata hard-disk interface, include microprocessor, the interface circuit that is connected with main process equipment, the characteristics of this programme are: described interface circuit is connected with a protocol-analysis model, described protocol-analysis model is connected with microprocessor by the first input buffer module, also be provided with the first output buffer module between described microprocessor and the protocol-analysis model, described microprocessor also is connected with a FLASH memory module, in addition, also has an encryption and decryption module, described protocol-analysis model is connected with the encryption and decryption module by the second input buffer module, also be provided with the second output buffer module between described encryption and decryption module and the protocol-analysis model, described microprocessor is connected with the encryption and decryption module.
Interface circuit can be connected with the SATA hardware storage device, protocol-analysis model 7 is analyzed the SATA order, and whether differentiation needs the order of encryption and decryption, do not need the order of encryption and decryption directly data to be reached the first input-buffer and finally be transferred to microprocessor, need the order of encryption and decryption then will need the data of encryption and decryption to reach the second input-buffer and notify the encryption and decryption module; The instruction that the encryption and decryption module is sent according to protocol-analysis model determines whether needs to transferring to the data encrypting and deciphering of the second input-buffer, and what wherein enciphering and deciphering algorithm adopted is the close algorithm of state, the mode of hardware enciphering and deciphering; Microprocessor, resolve and reply the interactive command of main process equipment end start detection hardware equipment, resolve the encryption and decryption order that the main process equipment end sends, random produce new KEY and be stored in the FLASH in the microprocessor or read be stored to the KEY data in the FLASH in the microprocessor, at last KEY is sent in the encryption and decryption module.
A kind of method that realizes the transfer of data encryption by the sata hard-disk interface is characterized in that comprising the steps:
1) interface circuit is connected with main process equipment, sets up communication;
2) the main process equipment end drives the order that layer sends detection hardware equipment;
3) microprocessor reads the hard disc apparatus information that has cured in the FLASH memory module and is sent to the first output buffer module;
4) main process equipment end driving layer reads the content of the first output buffer module and confirms as hard disc apparatus according to content information;
5) the main process equipment end drives layer transmission and writes data command;
6) whether encryption and decryption order is ordered in the protocol-analysis model analysis, if execution in step 7 then), otherwise execution in step 12);
7) data of the second input buffer module Receiving Host equipment end transmission;
8) the encryption and decryption module begins encryption and decryption data;
9) result data of encryption and decryption is sent to the second output buffer module;
10) main process equipment drives the order that layer sends read data;
11) the protocol analysis module selects data upload to the main process equipment of the second output buffer module or the first output buffer module to drive layer;
12) data of the first input buffer module Receiving Host equipment end transmission;
13) microprocessor reads the data of the first input buffer module and analyzes, and produces key and is sent to the encryption and decryption module according to analysis result;
14) match accordingly authentication information and send in the first output buffer module, and wait for execution in step 10);
15) protocol-analysis model receives and explains that the order data that main process equipment sends determines whether to add the continuation encryption and decryption, and if it is execution in step 5), otherwise finish this encryption and decryption.
In step 2) in when setting up communication, the order of the BIOS detection hardware equipment that protocol-analysis model Receiving Host equipment end is sent also is sent to microprocessor, microprocessor reads the hard disc apparatus information that has cured in the FLASH memory module and is sent to the first output buffer module, protocol-analysis model sends to main process equipment with hard disc apparatus information, main process equipment is confirmed as hard disc apparatus, connection setup.
Description of drawings
Fig. 1 is the structural representation of the specific embodiment of the invention.
Fig. 2 is the flow chart of the specific embodiment of the invention.
Among the figure, 1 is microprocessor, and 2 is interface circuit, and 3 is protocol-analysis model, and 4 is the first input buffer module, and 5 is the first output buffer module, and 6 is the encryption and decryption module, and 7 is the second input buffer module, and 8 is the second output buffer module, and 9 is the FLASH memory module.
Embodiment
For clearly demonstrating the technical characterstic of this programme, below by an embodiment, and in conjunction with its accompanying drawing, this programme is set forth.
Can find out by accompanying drawing, the device that passes through the encryption of sata hard-disk interface realization transfer of data of this programme, include microprocessor 1, the interface circuit 1 that is connected with main process equipment, described interface circuit 1 is connected with a protocol-analysis model 3, described protocol-analysis model 3 is connected with microprocessor 1 by the first input buffer module 4, also be provided with the first output buffer module 5 between described microprocessor 1 and the protocol-analysis model 3, described microprocessor 1 also is connected with a FLASH memory module 9, in addition, also has an encryption and decryption module 6, described protocol-analysis model 3 is connected with encryption and decryption module 6 by the second input buffer module 7, also be provided with the second output buffer module 7 between described encryption and decryption module 6 and the protocol-analysis model 3, described microprocessor 1 is connected with encryption and decryption module 6.
Realize the method that transfer of data is encrypted by the sata hard-disk interface, it is characterized in that comprising the steps:
1) interface circuit is connected with main process equipment, sets up communication;
2) the main process equipment end drives the order that layer sends detection hardware equipment;
3) microprocessor reads the hard disc apparatus information that has cured in the FLASH memory module and is sent to the first output buffer module;
4) main process equipment end driving layer reads the content of the first output buffer module and confirms as hard disc apparatus according to content information;
5) the main process equipment end drives layer transmission and writes data command;
6) whether encryption and decryption order is ordered in the protocol-analysis model analysis, if execution in step 7 then), otherwise execution in step 12);
7) data of the second input buffer module Receiving Host equipment end transmission;
8) the encryption and decryption module begins encryption and decryption data;
9) result data of encryption and decryption is sent to the second output buffer module;
10) main process equipment drives the order that layer sends read data;
11) the protocol analysis module selects data upload to the main process equipment of the second output buffer module or the first output buffer module to drive layer;
12) data of the first input buffer module Receiving Host equipment end transmission;
13) microprocessor reads the data of the first input buffer module and analyzes, and produces key and is sent to the encryption and decryption module according to analysis result;
14) match accordingly authentication information and send in the first output buffer module, and wait for execution in step 10);
15) protocol-analysis model receives and explains that the order data that main process equipment sends determines whether to add the continuation encryption and decryption, and if it is execution in step 5), otherwise finish this encryption and decryption.
In step 2) in when setting up communication, the order of the BIOS detection hardware equipment that protocol-analysis model Receiving Host equipment end is sent also is sent to microprocessor, microprocessor reads the hard disc apparatus information that has cured in the FLASH memory module and is sent to the first output buffer module, protocol-analysis model sends to main process equipment with hard disc apparatus information, main process equipment is confirmed as hard disc apparatus, connection setup.
The present invention is not limited in above-mentioned embodiment, and the variation that those of ordinary skills make in essential scope of the present invention, remodeling, interpolation or replacement also should belong to protection scope of the present invention.
Claims (3)
1. one kind is passed through the device that the sata hard-disk interface realizes that transfer of data is encrypted, include microprocessor, the interface circuit that is connected with main process equipment, it is characterized in that: described interface circuit is connected with a protocol-analysis model, described protocol-analysis model is connected with microprocessor by the first input buffer module, also be provided with the first output buffer module between described microprocessor and the protocol-analysis model, described microprocessor also is connected with a FLASH memory module, in addition, also has an encryption and decryption module, described protocol-analysis model is connected with the encryption and decryption module by the second input buffer module, also be provided with the second output buffer module between described encryption and decryption module and the protocol-analysis model, described microprocessor is connected with the encryption and decryption module.
2. a method of encrypting by sata Interface realization transfer of data is characterized in that comprising the steps:
1) interface circuit is connected with main process equipment, sets up communication;
2) the main process equipment end drives the order that layer sends detection hardware equipment;
3) microprocessor reads the hard disc apparatus information that has cured in the FLASH memory module and is sent to the first output buffer module;
4) main process equipment end driving layer reads the content of the first output buffer module and confirms as hard disc apparatus according to content information;
5) the main process equipment end drives layer transmission and writes data command;
6) whether encryption and decryption order is ordered in the protocol-analysis model analysis, if execution in step 7 then), otherwise execution in step 12);
7) data of the second input buffer module Receiving Host equipment end transmission;
8) the encryption and decryption module begins encryption and decryption data;
9) result data of encryption and decryption is sent to the second output buffer module;
10) main process equipment drives the order that layer sends read data;
11) the protocol analysis module selects data upload to the main process equipment of the second output buffer module or the first output buffer module to drive layer;
12) data of the first input buffer module Receiving Host equipment end transmission;
13) microprocessor reads the data of the first input buffer module and analyzes, and produces key and is sent to the encryption and decryption module according to analysis result;
14) match accordingly authentication information and send in the first output buffer module, and wait for execution in step 10);
15) protocol-analysis model receives and explains that the order data that main process equipment sends determines whether to add the continuation encryption and decryption, and if it is execution in step 5), otherwise finish this encryption and decryption.
3. data transfer encryption method according to claim 2, it is characterized in that: in step 2) in when setting up communication, the order of the BIOS detection hardware equipment that protocol-analysis model Receiving Host equipment end is sent also is sent to microprocessor, microprocessor reads the hard disc apparatus information that has cured in the FLASH memory module and is sent to the first output buffer module, protocol-analysis model sends to main process equipment with hard disc apparatus information, main process equipment is confirmed as hard disc apparatus, connection setup.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210413797.9A CN102932134B (en) | 2012-10-26 | 2012-10-26 | Device and method for realizing data transmission encryption through sata interface |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210413797.9A CN102932134B (en) | 2012-10-26 | 2012-10-26 | Device and method for realizing data transmission encryption through sata interface |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102932134A true CN102932134A (en) | 2013-02-13 |
| CN102932134B CN102932134B (en) | 2015-03-11 |
Family
ID=47646842
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210413797.9A Active CN102932134B (en) | 2012-10-26 | 2012-10-26 | Device and method for realizing data transmission encryption through sata interface |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102932134B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105550605A (en) * | 2015-12-16 | 2016-05-04 | 北京华虹集成电路设计有限责任公司 | Encryption/decryption engine and implementation method thereof |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN200994141Y (en) * | 2006-11-27 | 2007-12-19 | 广东电子工业研究院有限公司 | Network encryption card with PCI interface |
| CN101281500A (en) * | 2008-05-29 | 2008-10-08 | 上海交通大学 | Mobile hard disc enciphering system of SCM controlling MEMS strong chain |
| CN102073808A (en) * | 2010-11-17 | 2011-05-25 | 北京曙光天演信息技术有限公司 | Method for encrypting and storing information through SATA interface and encryption card |
| US8165301B1 (en) * | 2006-04-04 | 2012-04-24 | Bitmicro Networks, Inc. | Input-output device and storage controller handshake protocol using key exchange for data security |
-
2012
- 2012-10-26 CN CN201210413797.9A patent/CN102932134B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8165301B1 (en) * | 2006-04-04 | 2012-04-24 | Bitmicro Networks, Inc. | Input-output device and storage controller handshake protocol using key exchange for data security |
| CN200994141Y (en) * | 2006-11-27 | 2007-12-19 | 广东电子工业研究院有限公司 | Network encryption card with PCI interface |
| CN101281500A (en) * | 2008-05-29 | 2008-10-08 | 上海交通大学 | Mobile hard disc enciphering system of SCM controlling MEMS strong chain |
| CN102073808A (en) * | 2010-11-17 | 2011-05-25 | 北京曙光天演信息技术有限公司 | Method for encrypting and storing information through SATA interface and encryption card |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105550605A (en) * | 2015-12-16 | 2016-05-04 | 北京华虹集成电路设计有限责任公司 | Encryption/decryption engine and implementation method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102932134B (en) | 2015-03-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109257327B (en) | Communication message safety interaction method and device for power distribution automation system | |
| CN102638568B (en) | Cloud storage system and data managing method thereof | |
| CN104917741B (en) | A kind of plain text document public network secure transmission system based on USBKEY | |
| CN103685323A (en) | Method for realizing intelligent home security networking based on intelligent cloud television gateway | |
| CN103546289B (en) | USB (universal serial bus) Key based secure data transmission method and system | |
| CN101610150B (en) | Third-party digital signature method and data transmission system | |
| CN104539439A (en) | Data transmission method and terminal | |
| CN103795534A (en) | Password-based authentication method and apparatus executing the method | |
| CN104579679B (en) | Wireless public network data forwarding method for agriculture distribution communication equipment | |
| CN103780609A (en) | Cloud data processing method and device and cloud data security gateway | |
| CN102801730A (en) | Information protection method and device for communication and portable devices | |
| CN103986582A (en) | Data encryption transmission method, device and system based on dynamic encryption technology | |
| CN113542428B (en) | Vehicle data uploading method and device, vehicle, system and storage medium | |
| CN109309910A (en) | Communication data transmission method, system, equipment and computer readable storage medium | |
| CN103544453A (en) | USB (universal serial bus) KEY based virtual desktop file protection method and device | |
| CN104202170A (en) | Identity authentication system and method based on identifiers | |
| CN104902469A (en) | Secure communication method facing wireless communication network of power transmission lines | |
| CN105049953A (en) | Set-top-box data encryption method and system | |
| JP2016046799A (en) | Agent for providing security cloud service, security key device for security cloud service | |
| KR101709276B1 (en) | Endpoint Security Server Management System | |
| KR102569893B1 (en) | Method of providing secure in-vehicle network communication and appratus for implementing the same | |
| CN103384249A (en) | Network access authentication method, device and system and authentication server | |
| CN103281324A (en) | Safety communication method for Android client side | |
| CN104346586A (en) | Self-destructive data protection storage device and self-destructive data protection method | |
| CN104486441B (en) | Long-range control method based on FTP |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address |
Address after: Xinluo Avenue high tech Zone of Ji'nan City, Shandong province 250101 orsus No. 1166 building 15-16 Patentee after: Shandong Zhongfu Information Industry Co., Ltd. Address before: 250101 Shandong city of Ji'nan province high tech Zone Shun Road No. 2000 Shun Tai Plaza No. 9 Building 8 layer Patentee before: Shandong Zhongfu Information Industry Co., Ltd. |