CN103345453A - Hard disk data encryption card supporting SATA interface and encryption and decryption method - Google Patents
Hard disk data encryption card supporting SATA interface and encryption and decryption method Download PDFInfo
- Publication number
- CN103345453A CN103345453A CN2013102629526A CN201310262952A CN103345453A CN 103345453 A CN103345453 A CN 103345453A CN 2013102629526 A CN2013102629526 A CN 2013102629526A CN 201310262952 A CN201310262952 A CN 201310262952A CN 103345453 A CN103345453 A CN 103345453A
- Authority
- CN
- China
- Prior art keywords
- sata
- data
- enciphering
- master controller
- sata interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a hard disk data encryption card supporting an SATA interface. The hard disk data encryption card comprises virtual equipment communicated with a host end, a virtual host communicated with an equipment end, a main controller coordinating work of the virtual host and the virtual equipment, and an encryption and decryption module. The invention further provides an encryption and decryption method on the basis of the encryption card. Encryption of data in storage equipment with an SATA interface is achieved in an FPGA platform, and safety and compatibility are high.
Description
Technical field
The present invention relates to the data encoded card technical field, particularly a kind of fixed disk data enciphering card and encipher-decipher method of supporting the SATA interface.
Background technology
Because network environment is complicated and changeable, be that enterprise or individual's data storage security all have been subjected to certain threat.Relate in particular to the department of sensitive information, for example government, army etc. need data important in the memory device are protected especially.Traditional mode is to use software that the data in the storage medium are encrypted, problems such as but cipher modes such as software cryptography exist, and enciphering rate is slow, system resource occupancy height and safe reliability are low, become under the situation of main flow memory interface at current SATA, SAS, continue to adopt the mode of software can not satisfy the requirement that mass data is fast and safely handled, therefore need support main flow memory interfaces such as SATA, and adopt the method for hardware that data are encrypted, obtain the security of more performance and Geng Gao.
It is relatively backward that existing hardware encipher is stuck in the memory interface aspect.A kind of fixed disk data enciphering card that ide interface is provided is for example arranged, and its principle of work is to obtain data by ide interface from host side, after data are encrypted, by the output of another one ide interface, data encrypted is write hard disk again.Yet along with the development of storage device interface, ide interface is because its many inferior position almost is eliminated, and SATA has become main flow interface between memory device and main frame as a kind of high-speed interface.In the fixed disk data enciphering card of existing support SATA interface, encrypting module often is placed on SATA host side or SATA equipment end, the user can not change cryptographic algorithm wherein, and it is relatively poor to use dirigibility and configuration property, can not satisfy some special users' application demand.
Summary of the invention
In order to overcome the shortcoming of above-mentioned prior art, the object of the present invention is to provide a kind of fixed disk data enciphering card and encipher-decipher method of the SATA of support interface, the user can change the symmetric encipherment algorithm of use, can realize that in the FPGA platform encryption of data in the memory device with SATA interface is had higher security and compatibility.
To achieve these goals, the technical solution used in the present invention is:
A kind of fixed disk data enciphering card of supporting the SATA interface comprises: the virtual unit of communicating by letter with host side, the fictitious host computer of communicating by letter with equipment end, master controller and the enciphering and deciphering algorithm module of coordination fictitious host computer and virtual unit work.
Comprise SATA physical layer of device and SATA device link layer in the described virtual unit, virtual unit is connected with master controller.
Comprise SATA main frame Physical layer and SATA host link layer in the described fictitious host computer, fictitious host computer is connected with master controller.
Described enciphering and deciphering algorithm module is connected with master controller by standard interface, embeds symmetric encipherment algorithm in the enciphering and deciphering algorithm module.
Described symmetric encipherment algorithm is symmetric encipherment algorithms such as AES or SM4.
Compared with prior art, encrypted card of the present invention can be encrypted at hardware view the inter-area traffic interarea in the SATA interface, improves the performance of storage encryption.
Description of drawings
Fig. 1 is the module diagram that the present invention supports the fixed disk data enciphering card of SATA interface.
Embodiment
Describe embodiments of the present invention in detail below in conjunction with drawings and Examples, following examples are used for explanation the present invention, but are not used for limiting the scope of the invention.
As shown in Figure 1, a kind of fixed disk data enciphering card of supporting the SATA interface comprises: the virtual unit of communicating by letter with host side, the fictitious host computer of communicating by letter with equipment end, master controller and the enciphering and deciphering algorithm module of coordination fictitious host computer and virtual unit work.Master controller is coordinated fictitious host computer, virtual unit and the work of enciphering and deciphering algorithm module.
Wherein, fictitious host computer and virtual unit all use Physical layer in the SATA agreement and link layer to constitute, between virtual unit and the computing machine SATA main frame, between fictitious host computer and the hard disk SATA equipment, all are SATA interfaces of standard, and support SATA II and SATA I.
The present invention uses the mode of bridge joint that data are received the virtual unit end from host side, data are encrypted the processing back from virtual host terminal data are sent to equipment end, can under the situation of not changing existing equipment, carry out high performance hardware encipher to the data in the hard disk, and can change encrypting the symmetric encipherment algorithm that uses according to different application scenarios, have the algorithm configurability.
Introduce below and introduce its detailed process according to randomizer example shown in Figure 1:
Circuit among Fig. 1 is divided into four parts, is respectively fictitious host computer, virtual unit, master controller and enciphering and deciphering algorithm.
Computing machine SATA main frame uses the SATA cable to be connected with virtual unit.
Hard disk SATA equipment uses the SATA cable to be connected with fictitious host computer.
The flow process that information through the SATA interface is encrypted at hardware view:
1) computing machine SATA main frame carries out write operation to hard disk SATA equipment, and data message is received from the virtual unit termination, flows to master controller then;
2) master controller sends corresponding order and indication according to current data message content to the enciphering and deciphering algorithm module, gives the enciphering and deciphering algorithm module pending data then;
3) the enciphering and deciphering algorithm module is carried out conversion and processing according to the algorithm that uses to data message, and the data after handling are returned to master controller again;
4) master controller is given fictitious host computer with data processed information;
5) fictitious host computer sends to hard disk SATA equipment after according to agreement data being encapsulated.
The flow process that information through the SATA interface is decrypted at hardware view:
1) computing machine SATA main frame carries out read operation to hard disk SATA equipment, and data message receives from virtual host terminal, flows to master controller then;
2) master controller sends corresponding order and indication according to current data message content to the enciphering and deciphering algorithm module, gives the enciphering and deciphering algorithm module pending data then;
3) the data encrypting and deciphering algoritic module carries out conversion and processing according to the algorithm that uses to data message, and the data after handling are returned to master controller again;
4) master controller is given virtual unit with data processed information;
5) the virtual unit end sends to computing machine SATA main frame after according to agreement data being encapsulated.
The design has carried out hardware verification in Xilinx XUPV5FPGA platform, verified feasibility and the reliability of encrypted card.Be example with the AES symmetric encipherment algorithm, design has been issued to the data throughput of 249.1 megabyte per seconds in the condition of 256 bit keys, and protocol compatibility and software and hardware compatibility are all better.Therefore prove that the solution of the present invention is feasible.
Above embodiment only is used for explanation the present invention; and be not limitation of the present invention; the those of ordinary skill in relevant technologies field; under the situation that does not break away from the spirit and scope of the present invention; can also make a variety of changes and modification; therefore all technical schemes that are equal to also belong to category of the present invention, and scope of patent protection of the present invention should be defined by the claims.
Claims (7)
1. a fixed disk data enciphering card of supporting the SATA interface is characterized in that, comprising: the virtual unit of communicating by letter with host side, the fictitious host computer of communicating by letter with equipment end, master controller and the enciphering and deciphering algorithm module of coordination fictitious host computer and virtual unit work.
2. the fixed disk data enciphering card of support SATA interface according to claim 1 is characterized in that comprise SATA physical layer of device and SATA device link layer in the described virtual unit, virtual unit is connected with master controller.
3. the fixed disk data enciphering card of support SATA interface according to claim 1 is characterized in that comprise SATA main frame Physical layer and SATA host link layer in the described fictitious host computer, fictitious host computer is connected with master controller.
4. the fixed disk data enciphering card of support SATA interface according to claim 1 is characterized in that described enciphering and deciphering algorithm module is connected with master controller by standard interface, embeds symmetric encipherment algorithm in the enciphering and deciphering algorithm module.
5. the fixed disk data enciphering card of support SATA interface according to claim 1 is characterized in that described symmetric encipherment algorithm is AES or SM4 symmetric encipherment algorithm.
6. the fixed disk data enciphering based on the described support of claim 1 SATA interface sticks into capable method of encrypting, and the information through the SATA interface is encrypted at hardware view, it is characterized in that, comprises the steps:
1) computing machine SATA main frame carries out write operation to hard disk SATA equipment, and data message is received from the virtual unit termination, flows to master controller then;
2) master controller sends corresponding order and indication according to current data message content to the enciphering and deciphering algorithm module, gives the enciphering and deciphering algorithm module pending data then;
3) the enciphering and deciphering algorithm module is carried out conversion and processing according to the algorithm that uses to data message, and the data after handling are returned to master controller again;
4) master controller is given fictitious host computer with data processed information;
5) fictitious host computer sends to hard disk SATA equipment after according to agreement data being encapsulated.
7. stick into the method for row deciphering based on the fixed disk data enciphering of the described support of claim 1 SATA interface, the information through the SATA interface is decrypted at hardware view, it is characterized in that, comprise the steps:
1) computing machine SATA main frame carries out read operation to hard disk SATA equipment, and data message receives from virtual host terminal, flows to master controller then;
2) master controller sends corresponding order and indication according to current data message content to the enciphering and deciphering algorithm module, gives the enciphering and deciphering algorithm module pending data then;
3) the data encrypting and deciphering algoritic module carries out conversion and processing according to the algorithm that uses to data message, and the data after handling are returned to master controller again;
4) master controller is given virtual unit with data processed information;
5) the virtual unit end sends to computing machine SATA main frame after according to agreement data being encapsulated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310262952.6A CN103345453B (en) | 2013-06-27 | 2013-06-27 | Based on supporting the method that the fixed disk data enciphering card of SATA interface is encrypted |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310262952.6A CN103345453B (en) | 2013-06-27 | 2013-06-27 | Based on supporting the method that the fixed disk data enciphering card of SATA interface is encrypted |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103345453A true CN103345453A (en) | 2013-10-09 |
| CN103345453B CN103345453B (en) | 2016-02-24 |
Family
ID=49280251
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310262952.6A Expired - Fee Related CN103345453B (en) | 2013-06-27 | 2013-06-27 | Based on supporting the method that the fixed disk data enciphering card of SATA interface is encrypted |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103345453B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103971069A (en) * | 2014-04-24 | 2014-08-06 | 杭州华澜微科技有限公司 | Mixed hard disk controller with data encryption function |
| CN105468983A (en) * | 2015-11-17 | 2016-04-06 | 北京华虹集成电路设计有限责任公司 | Data transmission method and device based on SATA (Serial Advanced Technology Attachment) interface |
| CN105550605A (en) * | 2015-12-16 | 2016-05-04 | 北京华虹集成电路设计有限责任公司 | Encryption/decryption engine and implementation method thereof |
| CN106991061A (en) * | 2017-03-31 | 2017-07-28 | 山东超越数控电子有限公司 | A kind of SATA hard disc crypto module and its method of work |
| CN109067523A (en) * | 2018-07-28 | 2018-12-21 | 杭州电子科技大学 | A kind of data ciphering method of encrypted card |
| CN109104275A (en) * | 2018-07-28 | 2018-12-28 | 杭州电子科技大学 | A kind of HSM equipment |
| CN110581764A (en) * | 2019-09-16 | 2019-12-17 | 杭州华澜微电子股份有限公司 | hard disk partition encryption and decryption system, method and device |
| CN111428258A (en) * | 2020-04-16 | 2020-07-17 | 北京旋极百旺科技有限公司 | Tax control server encryption machine and billing system thereof |
| CN111460530A (en) * | 2020-04-01 | 2020-07-28 | 山东华芯半导体有限公司 | SATA encryption card of M.2 interface |
| CN112699356A (en) * | 2020-12-28 | 2021-04-23 | 北京工商大学 | Encryption system for computer mechanical hard disk |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101281502A (en) * | 2008-05-29 | 2008-10-08 | 上海交通大学 | SATA hard disc physical enciphering system based on MEMS enciphered lock and double FPGA |
| EP2407905A1 (en) * | 2010-07-12 | 2012-01-18 | Walton Advanced Engineering Inc. | Encryption flash disk |
| CN102567252A (en) * | 2010-12-09 | 2012-07-11 | 北京华虹集成电路设计有限责任公司 | Method and system for data transmission between hard disc and main unit |
| CN202677382U (en) * | 2012-03-30 | 2013-01-16 | 东莞泰克威科技有限公司 | Mobile hard disk with hardware encryption function and data security protection function in integrated mode |
| CN102884535A (en) * | 2009-12-21 | 2013-01-16 | 英特尔公司 | Protected device management |
| CN102932155A (en) * | 2012-12-05 | 2013-02-13 | 北京华虹集成电路设计有限责任公司 | High-speed storage control SOC chip supporting adoption of hardware encryption algorithm |
-
2013
- 2013-06-27 CN CN201310262952.6A patent/CN103345453B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101281502A (en) * | 2008-05-29 | 2008-10-08 | 上海交通大学 | SATA hard disc physical enciphering system based on MEMS enciphered lock and double FPGA |
| CN102884535A (en) * | 2009-12-21 | 2013-01-16 | 英特尔公司 | Protected device management |
| EP2407905A1 (en) * | 2010-07-12 | 2012-01-18 | Walton Advanced Engineering Inc. | Encryption flash disk |
| CN102567252A (en) * | 2010-12-09 | 2012-07-11 | 北京华虹集成电路设计有限责任公司 | Method and system for data transmission between hard disc and main unit |
| CN202677382U (en) * | 2012-03-30 | 2013-01-16 | 东莞泰克威科技有限公司 | Mobile hard disk with hardware encryption function and data security protection function in integrated mode |
| CN102932155A (en) * | 2012-12-05 | 2013-02-13 | 北京华虹集成电路设计有限责任公司 | High-speed storage control SOC chip supporting adoption of hardware encryption algorithm |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103971069A (en) * | 2014-04-24 | 2014-08-06 | 杭州华澜微科技有限公司 | Mixed hard disk controller with data encryption function |
| CN103971069B (en) * | 2014-04-24 | 2016-08-31 | 杭州华澜微电子股份有限公司 | A kind of hybrid hard disk controller with data encryption feature |
| CN105468983A (en) * | 2015-11-17 | 2016-04-06 | 北京华虹集成电路设计有限责任公司 | Data transmission method and device based on SATA (Serial Advanced Technology Attachment) interface |
| CN105468983B (en) * | 2015-11-17 | 2020-01-03 | 北京华大智宝电子系统有限公司 | Data transmission method and device based on SATA interface |
| CN105550605A (en) * | 2015-12-16 | 2016-05-04 | 北京华虹集成电路设计有限责任公司 | Encryption/decryption engine and implementation method thereof |
| CN106991061A (en) * | 2017-03-31 | 2017-07-28 | 山东超越数控电子有限公司 | A kind of SATA hard disc crypto module and its method of work |
| CN109104275A (en) * | 2018-07-28 | 2018-12-28 | 杭州电子科技大学 | A kind of HSM equipment |
| CN109067523A (en) * | 2018-07-28 | 2018-12-21 | 杭州电子科技大学 | A kind of data ciphering method of encrypted card |
| CN110581764A (en) * | 2019-09-16 | 2019-12-17 | 杭州华澜微电子股份有限公司 | hard disk partition encryption and decryption system, method and device |
| CN111460530A (en) * | 2020-04-01 | 2020-07-28 | 山东华芯半导体有限公司 | SATA encryption card of M.2 interface |
| CN111428258A (en) * | 2020-04-16 | 2020-07-17 | 北京旋极百旺科技有限公司 | Tax control server encryption machine and billing system thereof |
| CN111428258B (en) * | 2020-04-16 | 2023-08-01 | 北京旋极百旺科技有限公司 | Tax control server encryption machine and billing system thereof |
| CN112699356A (en) * | 2020-12-28 | 2021-04-23 | 北京工商大学 | Encryption system for computer mechanical hard disk |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103345453B (en) | 2016-02-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103345453B (en) | Based on supporting the method that the fixed disk data enciphering card of SATA interface is encrypted | |
| US20200372503A1 (en) | Transaction messaging | |
| CN101196855B (en) | Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method | |
| CN102073808B (en) | Method for encrypting and storing information through SATA interface and encryption card | |
| KR101349849B1 (en) | Universal secure information storage device | |
| CN103618705A (en) | Personal code managing tool and method under open cloud platform | |
| CN104219234A (en) | Security method of personal data in cloud storage | |
| CN104901810A (en) | Data encrypted storage method based on domestic cryptographic algorithm | |
| CN104156677A (en) | FPGA-based hard disk encryption and decryption system | |
| CN110474767A (en) | Chip keys method for burn-recording and system under a kind of off-line state | |
| CN105848145A (en) | WIFI intelligent configuration method and device | |
| CN104243510A (en) | Safe network storage system and method | |
| CN103780608A (en) | SM4-algorithm control method based on programmable gate array chip | |
| CN105809068A (en) | High-speed storage control SOC chip supporting adoption of hardware encryption algorithm | |
| CN107911221A (en) | The key management method of solid-state disk data safety storage | |
| CN109784104A (en) | SATA hard disc crypto module and its working method, system and its working method | |
| CN103902932B (en) | Method for encryption through data encryption and decryption device for USB storage devices | |
| CN103873245B (en) | Dummy machine system data ciphering method and equipment | |
| CN103853340A (en) | Touch keyword using national cipher SM1 encryption chip and encryption method thereof | |
| CN104202166B (en) | A kind of erp system datas encryption method | |
| CN102761559A (en) | Private data-based network security sharing method and communication terminal | |
| CN102270182A (en) | Encrypted mobile storage equipment based on synchronous user and host machine authentication | |
| CN103491384B (en) | Encrypting method and device of video and decrypting method and device of video | |
| CN111130788B (en) | Data processing method and system, data reading method and iSCSI server | |
| CN102831080A (en) | Data security protection method for mobile storage equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160224 Termination date: 20160627 |