CN103345453B - Based on supporting the method that the fixed disk data enciphering card of SATA interface is encrypted - Google Patents
Based on supporting the method that the fixed disk data enciphering card of SATA interface is encrypted Download PDFInfo
- Publication number
- CN103345453B CN103345453B CN201310262952.6A CN201310262952A CN103345453B CN 103345453 B CN103345453 B CN 103345453B CN 201310262952 A CN201310262952 A CN 201310262952A CN 103345453 B CN103345453 B CN 103345453B
- Authority
- CN
- China
- Prior art keywords
- data
- enciphering
- sata
- master controller
- virtual unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 17
- 238000012545 processing Methods 0.000 claims description 4
- 238000013461 design Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
A kind of fixed disk data enciphering card supporting SATA interface, comprise: the virtual unit communicated with host side, the fictitious host computer communicated with equipment end, coordinate master controller and the enciphering and deciphering algorithm module of fictitious host computer and virtual unit work, invention also provides the encipher-decipher method based on this encrypted card, the present invention can realize, to the encryption of data in the memory device with SATA interface, having higher security and compatibility in FPGA platform.
Description
Technical field
The present invention relates to data encoded card technical field, particularly a kind of based on supporting the method that the fixed disk data enciphering card of SATA interface is encrypted.
Background technology
Because network environment is complicated and changeable, be that enterprise or the data storage security of individual all receive certain threat.Relate in particular to the department of sensitive information, such as government, army etc., need especially to protect data important in memory device.Traditional mode uses software to be encrypted the data in storage medium, the problems such as but the cipher modes such as software cryptography also exist that enciphering rate is slow, system resource occupancy is high and safe reliability is low, when current SATA, SAS become main flow memory interface, continue to adopt the mode of software can not meet the requirement fast and safely processed mass data, therefore need to support main flow memory interfaces such as SATA, and adopt the method for hardware to data encryption, obtain the security of better performance and Geng Gao.
It is relatively backward that existing hardware encipher is stuck in memory interface aspect.Such as have a kind of fixed disk data enciphering card providing ide interface, its principle of work obtains data by ide interface from host side, after being encrypted, then exported by another one ide interface data, by the data write hard disk after encryption.But along with the development of storage device interface, ide interface is almost eliminated due to its many inferior position, and SATA has become the main flow interface between memory device and main frame as a kind of high-speed interface.In the fixed disk data enciphering card of existing support SATA interface, encrypting module is often placed on SATA host side or SATA equipment end, user can not change cryptographic algorithm wherein, uses dirigibility and configurability is poor, can not meet the application demand of some special users.
Summary of the invention
In order to overcome the shortcoming of above-mentioned prior art, the object of the present invention is to provide a kind of fixed disk data enciphering card and the encipher-decipher method of supporting SATA interface, user can change the symmetric encipherment algorithm of use, can realize, to the encryption of data in the memory device with SATA interface, there is higher security and compatibility in FPGA platform.
To achieve these goals, the technical solution used in the present invention is:
Support a fixed disk data enciphering card for SATA interface, comprising: the virtual unit communicated with host side, the fictitious host computer communicated with equipment end, coordinate master controller and the enciphering and deciphering algorithm module of fictitious host computer and virtual unit work.
Described virtual unit comprises SATA physical layer of device and SATA device link layer, and virtual unit is connected with master controller.
Described fictitious host computer comprises SATA host-physical layer and SATA host link layer, and fictitious host computer is connected with master controller.
Described enciphering and deciphering algorithm module is connected with master controller by standard interface, embeds symmetric encipherment algorithm in enciphering and deciphering algorithm module.
Described symmetric encipherment algorithm is the symmetric encipherment algorithms such as AES or SM4.
Compared with prior art, encrypted card of the present invention can be encrypted at hardware view the inter-area traffic interarea in SATA interface, improves the performance of storage encryption.
Accompanying drawing explanation
Fig. 1 is the module diagram that the present invention supports the fixed disk data enciphering card of SATA interface.
Embodiment
Describe embodiments of the present invention in detail below in conjunction with drawings and Examples, following examples for illustration of the present invention, but are not used for limiting the scope of the invention.
As shown in Figure 1, a kind of fixed disk data enciphering card supporting SATA interface, comprising: the virtual unit communicated with host side, the fictitious host computer communicated with equipment end, coordinates master controller and the enciphering and deciphering algorithm module of fictitious host computer and virtual unit work.Master controller coordinates fictitious host computer, virtual unit and enciphering and deciphering algorithm module work.
Wherein, fictitious host computer and virtual unit all use the Physical layer in SATA agreement and link layer to form, and between virtual unit and computing machine SATA main frame, between fictitious host computer and hard disk SATA equipment, are all SATA interfaces of standard, support SATAII and SATAI.
The present invention uses the mode of bridge joint that data are received virtual unit end from host side, from virtual host terminal, data are sent to equipment end after data are encrypted, high performance hardware encipher can be carried out to the data in hard disk when not changing existing equipment, and can change the symmetric encipherment algorithm that encryption uses according to different application scenarios, there is algorithm configurability.
The randomizer example introduced below according to Fig. 1 introduces its detailed process:
Circuit in Fig. 1 is divided into four parts, is fictitious host computer, virtual unit, master controller and enciphering and deciphering algorithm respectively.
Computing machine SATA main frame and virtual unit use SATA cable to be connected.
Hard disk SATA equipment and fictitious host computer use SATA cable to be connected.
Flow process to the information through SATA interface is encrypted at hardware view:
1) computing machine SATA main frame carries out write operation to hard disk SATA equipment, and data message is received from virtual unit termination, then flows to master controller;
2) master controller is according to current data information content, sends corresponding order and instruction, then give enciphering and deciphering algorithm module pending data to enciphering and deciphering algorithm module;
3) enciphering and deciphering algorithm module carries out convert and process to data message according to the algorithm used, and the data after processing are returned to master controller again;
4) data message processed is given fictitious host computer by master controller;
5) fictitious host computer sends to hard disk SATA equipment after encapsulating data according to agreement.
Flow process to the information through SATA interface is decrypted at hardware view:
1) computing machine SATA main frame carries out read operation to hard disk SATA equipment, and data message receives from virtual host terminal, then flows to master controller;
2) master controller is according to current data information content, sends corresponding order and instruction, then give enciphering and deciphering algorithm module pending data to enciphering and deciphering algorithm module;
3) data encrypting and deciphering algoritic module carries out convert and process to data message according to the algorithm used, and the data after processing are returned to master controller again;
4) data message processed is given virtual unit by master controller;
5) virtual unit end sends to computing machine SATA main frame after encapsulating data according to agreement.
The design has carried out hardware verification in XilinxXUPV5FPGA platform, demonstrates feasibility and the reliability of encrypted card.For AES symmetric encipherment algorithm, design the data throughput being issued to 249.1 megabyte per seconds in the condition of 256 bit keys, protocol compatibility and software and hardware compatibility all better.Therefore prove that the solution of the present invention is feasible.
Above embodiment is only for illustration of the present invention; and be not limitation of the present invention; the those of ordinary skill of relevant technical field; without departing from the spirit and scope of the present invention; can also make a variety of changes and modification; therefore all equivalent technical schemes also belong to category of the present invention, and scope of patent protection of the present invention should be defined by the claims.
Claims (2)
1. based on supporting the method that the fixed disk data enciphering card of SATA interface is encrypted, information through SATA interface is encrypted at hardware view, the fixed disk data enciphering card of described support SATA interface comprises: the virtual unit communicated with host side, the fictitious host computer communicated with equipment end, coordinates master controller and the enciphering and deciphering algorithm module of fictitious host computer and virtual unit work:
It is characterized in that, encryption method comprises the steps:
1) computing machine SATA main frame carries out write operation to hard disk SATA equipment, and data message is received from virtual unit termination, then flows to master controller;
2) master controller is according to current data information content, sends corresponding order and instruction, then give enciphering and deciphering algorithm module pending data to enciphering and deciphering algorithm module;
3) enciphering and deciphering algorithm module carries out convert and process to data message according to the algorithm used, and the data after processing are returned to master controller again;
4) data message processed is given fictitious host computer by master controller;
5) fictitious host computer sends to hard disk SATA equipment after encapsulating data according to agreement.
2. based on supporting the method that the fixed disk data enciphering card of SATA interface is encrypted, information through SATA interface is encrypted at hardware view, the fixed disk data enciphering card of described support SATA interface comprises: the virtual unit communicated with host side, the fictitious host computer communicated with equipment end, coordinates master controller and the enciphering and deciphering algorithm module of fictitious host computer and virtual unit work:
It is characterized in that, encryption method comprises the steps:
1) computing machine SATA main frame carries out read operation to hard disk SATA equipment, and data message receives from virtual host terminal, then flows to master controller;
2) master controller is according to current data information content, sends corresponding order and instruction, then give enciphering and deciphering algorithm module pending data to enciphering and deciphering algorithm module;
3) data encrypting and deciphering algoritic module carries out convert and process to data message according to the algorithm used, and the data after processing are returned to master controller again;
4) data message processed is given virtual unit by master controller;
5) virtual unit end sends to computing machine SATA main frame after encapsulating data according to agreement.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310262952.6A CN103345453B (en) | 2013-06-27 | 2013-06-27 | Based on supporting the method that the fixed disk data enciphering card of SATA interface is encrypted |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310262952.6A CN103345453B (en) | 2013-06-27 | 2013-06-27 | Based on supporting the method that the fixed disk data enciphering card of SATA interface is encrypted |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103345453A CN103345453A (en) | 2013-10-09 |
| CN103345453B true CN103345453B (en) | 2016-02-24 |
Family
ID=49280251
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310262952.6A Expired - Fee Related CN103345453B (en) | 2013-06-27 | 2013-06-27 | Based on supporting the method that the fixed disk data enciphering card of SATA interface is encrypted |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103345453B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103971069B (en) * | 2014-04-24 | 2016-08-31 | 杭州华澜微电子股份有限公司 | A kind of hybrid hard disk controller with data encryption feature |
| CN105468983B (en) * | 2015-11-17 | 2020-01-03 | 北京华大智宝电子系统有限公司 | Data transmission method and device based on SATA interface |
| CN105550605A (en) * | 2015-12-16 | 2016-05-04 | 北京华虹集成电路设计有限责任公司 | Encryption/decryption engine and implementation method thereof |
| CN106991061A (en) * | 2017-03-31 | 2017-07-28 | 山东超越数控电子有限公司 | A kind of SATA hard disc crypto module and its method of work |
| CN109104275A (en) * | 2018-07-28 | 2018-12-28 | 杭州电子科技大学 | A kind of HSM equipment |
| CN109067523A (en) * | 2018-07-28 | 2018-12-21 | 杭州电子科技大学 | A kind of data ciphering method of encrypted card |
| CN110581764A (en) * | 2019-09-16 | 2019-12-17 | 杭州华澜微电子股份有限公司 | hard disk partition encryption and decryption system, method and device |
| CN111460530B (en) * | 2020-04-01 | 2023-05-05 | 山东华芯半导体有限公司 | SATA encryption card with M.2 interface |
| CN111428258B (en) * | 2020-04-16 | 2023-08-01 | 北京旋极百旺科技有限公司 | Tax control server encryption machine and billing system thereof |
| CN112699356A (en) * | 2020-12-28 | 2021-04-23 | 北京工商大学 | Encryption system for computer mechanical hard disk |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101281502A (en) * | 2008-05-29 | 2008-10-08 | 上海交通大学 | SATA hard disc physical enciphering system based on MEMS enciphered lock and double FPGA |
| EP2407905A1 (en) * | 2010-07-12 | 2012-01-18 | Walton Advanced Engineering Inc. | Encryption flash disk |
| CN102567252A (en) * | 2010-12-09 | 2012-07-11 | 北京华虹集成电路设计有限责任公司 | Method and system for data transmission between hard disc and main unit |
| CN202677382U (en) * | 2012-03-30 | 2013-01-16 | 东莞泰克威科技有限公司 | Mobile hard disk with hardware encryption function and data security protection function in integrated mode |
| CN102884535A (en) * | 2009-12-21 | 2013-01-16 | 英特尔公司 | Protected device management |
| CN102932155A (en) * | 2012-12-05 | 2013-02-13 | 北京华虹集成电路设计有限责任公司 | High-speed storage control SOC chip supporting adoption of hardware encryption algorithm |
-
2013
- 2013-06-27 CN CN201310262952.6A patent/CN103345453B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101281502A (en) * | 2008-05-29 | 2008-10-08 | 上海交通大学 | SATA hard disc physical enciphering system based on MEMS enciphered lock and double FPGA |
| CN102884535A (en) * | 2009-12-21 | 2013-01-16 | 英特尔公司 | Protected device management |
| EP2407905A1 (en) * | 2010-07-12 | 2012-01-18 | Walton Advanced Engineering Inc. | Encryption flash disk |
| CN102567252A (en) * | 2010-12-09 | 2012-07-11 | 北京华虹集成电路设计有限责任公司 | Method and system for data transmission between hard disc and main unit |
| CN202677382U (en) * | 2012-03-30 | 2013-01-16 | 东莞泰克威科技有限公司 | Mobile hard disk with hardware encryption function and data security protection function in integrated mode |
| CN102932155A (en) * | 2012-12-05 | 2013-02-13 | 北京华虹集成电路设计有限责任公司 | High-speed storage control SOC chip supporting adoption of hardware encryption algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103345453A (en) | 2013-10-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103345453B (en) | Based on supporting the method that the fixed disk data enciphering card of SATA interface is encrypted | |
| US20220198052A1 (en) | Data storage method, device, and storage medium | |
| CN102073808B (en) | Method for encrypting and storing information through SATA interface and encryption card | |
| JP2020535693A (en) | Storage data encryption / decryption device and method | |
| KR101349849B1 (en) | Universal secure information storage device | |
| CN105245505A (en) | Data transmitting method and device, data receiving method and device, and receiving-transmitting system | |
| CN103067160A (en) | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) | |
| CN104243510B (en) | A kind of secure network storage system and method | |
| CN104732159A (en) | File processing method and file processing device | |
| CN105354503A (en) | Data encryption/decryption method for storage apparatus | |
| CN106991061A (en) | A kind of SATA hard disc crypto module and its method of work | |
| CN112564887A (en) | Key protection processing method, device, equipment and storage medium | |
| CN103780608A (en) | SM4-algorithm control method based on programmable gate array chip | |
| CN111984985A (en) | HDL source code encryption method based on FPGA hardware system | |
| CN113422832B (en) | File transmission method, device, equipment and storage medium | |
| CN104077243A (en) | SATA hard disc device encryption method and system | |
| CN109784104A (en) | SATA hard disc crypto module and its working method, system and its working method | |
| CN105825135A (en) | Encryption chip, encryption system, encryption method and decryption method | |
| CN103873245B (en) | Dummy machine system data ciphering method and equipment | |
| US20180047307A1 (en) | Techniques for enforcing a depth order policy for graphics in a display scene | |
| CN106100829B (en) | Method and device for encrypted storage | |
| CN105681027A (en) | HSM encrypted information synchronization method, device and system | |
| CN108985109A (en) | A kind of date storage method and device | |
| CN105468983A (en) | Data transmission method and device based on SATA (Serial Advanced Technology Attachment) interface | |
| CN102270182A (en) | Encrypted mobile storage equipment based on synchronous user and host machine authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160224 Termination date: 20160627 |