CN104573441A - Computer with data privacy function and data encryption and hiding method thereof - Google Patents
Computer with data privacy function and data encryption and hiding method thereof Download PDFInfo
- Publication number
- CN104573441A CN104573441A CN201410803060.7A CN201410803060A CN104573441A CN 104573441 A CN104573441 A CN 104573441A CN 201410803060 A CN201410803060 A CN 201410803060A CN 104573441 A CN104573441 A CN 104573441A
- Authority
- CN
- China
- Prior art keywords
- identity information
- solid state
- hard disc
- state hard
- computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Abstract
The invention provides a computer with a data privacy function and a data encryption and hiding method thereof. The computer comprises a computer host, a solid-state drive and an identity information input device, wherein an identity information collection and man-machine interface module is built in the computer host; the solid-state drive is connected with the computer host; the identity information input device is connected with the identity information collection and man-machine interface module; the solid-state drive comprises a public storage region and an encrypted storage region; the identity information input device is used for collecting the identity information of a user; the identity information collection and man-machine interface module is used for receiving the identity information collected by the identity information input device, processing the identity information and sending the processed identity information to the solid-state drive; the solid-state drive receives the identity information sent by the identity information collection and man-machine interface module and authenticates the identity information, and the computer can display, read and write the encrypted storage region only after the identity information authentication is passed, and otherwise, only the public storage region can be displayed, read and written. When the technical scheme is adopted, the relying on the computer host and other peripheral equipment is avoided, and a security computer based on hard disc data encryption and hiding can be conveniently built.
Description
Technical field
The present invention relates to computer data to store and data security arts, particularly a kind of there is data security function computing machine and data encryption and the method hidden.
Background technology
All the time, the safety problem of computing machine (being commonly called as computer) receives much concern, no matter be economic aspect or military aspect, no matter be country, enterprise or individual, also no matter be computer equipment manufacturers, deviser or user, all there is the product demand of computer security aspect.Fail-safe computer has the building mode of various ways, one of them important directions is the security protection for computer hard disk data, also namely by being encrypted hard disc data, the behavior such as can prevent unauthorized operation or illegally crack, thus form a kind of fail-safe computer.
The security protection of computer hard disk data comprises storage area data encryption and hides two aspects.Traditional fixed disk data enciphering can be divided into module side and the large class of hardware mode two.Module data encryption depends on computing power and operating system platform, and security classification is low, also exists simultaneously and takies the defect such as cpu resource, reduction R/W speed of hard disc.
Typical hardware data cipher mode realizes data encrypting and deciphering by a kind of fixed disk data enciphering board; This densifying plate cartoon often adopts PCIE interface shape, and the data communication between the hard disk of adapter and computer for controlling and main frame, can to DISK to Image data encryption.The data encryption of hardware mode overcomes some shortcomings of modular manner, such as complete data encrypting and deciphering computing etc. voluntarily, but still there are some defects: owing to carrying out encryption and decryption to DISK to Image data, affect the start-up and operation performance of computing machine, be only applicable to the mechanical hard disk of low speed; User needs additional configuration to encrypt board, costly; Range of application is narrow, cannot be used for the small computer device such as notebook, flat computer; In addition along with the performance upgrade of the aspects such as computer hardware equipment (such as CPU, mainboard, hard disk etc.), peripheral hardware communications protocol and operating system, also there is upgrade problem etc. in performance and the compatibility of encryption board.
Memory block hiding in, usually adopt modular manner, namely realized by amendment part hard disc data, but modular manner depend on operating system platform, there is potential safety hazard: namely easily utilized wooden horse or leak etc. to crack by unauthorized person.Modular manner also has another one risk to be: the cracker being familiar with operating system file form, can by revising hard disc data multi-section display out again.Generally speaking, the hidden partition of application is thorough not, is can be cracked by the cracker being familiar with operating system file form in theory.
In a word, active computer fixed disk data enciphering and concealing technology exist: take cpu resource, rely on operating system, by outside encryption and decryption board, reduction R/W speed of hard disc, existence cracks hidden danger and user uses problem or the defects such as limited.Therefore, for the above-mentioned defect existed in currently available technology, be necessary to study in fact, to provide a kind of scheme, solve the defect existed in prior art.
Summary of the invention
In order to solve the problems of the technologies described above, the invention provides a kind of there is data security function computing machine and data encryption and the method hidden, adopt solid state hard disc as hard disc of computer, comprise the high-speed data encryption mechanism of solid state hard disc, the Hiding Mechanism in cryptographic storage district and ID authentication mechanism etc., ensure the data security of computing machine from the data encryption of hard-disc storage district and hiding two aspects, make computing machine have better security.Also comprise the setting of open memory block, the dirigibility of the actual use of adding users and convenience simultaneously.
For solving prior art Problems existing, technical scheme of the present invention is:
There is a computing machine for data security function, comprising:
The main frame of built-in identity information acquisition and human-computer interface module, the solid state hard disc be connected with described main frame and the identity information input media be connected with described identity information acquisition and human-computer interface module, wherein,
Described solid state hard disc comprises open memory block and cryptographic storage district;
Described identity information input media is for gathering the identity information of user;
The identity information that described identity information acquisition and human-computer interface module gather for receiving described identity information input media, sends to solid state hard disc to after this identity information process;
Described solid state hard disc receives the identity information of identity information acquisition and human-computer interface module transmission and carries out certification to this identity information, and after identity information certification is passed through, computing machine just can manifest and read and write described cryptographic storage district; Otherwise, only can manifest and read and write open memory block.
Preferably, described solid state hard disc comprises encryption/decryption module, and described encryption/decryption module is used for directly carrying out encryption and decryption operation to data in solid state hard disc.
Preferably, described identity information input media is keyboard or biometric sensor, and described biometric sensor is any one of fingerprint, vocal print or iris sensor.
Preferably, described identity information acquisition and human-computer interface module comprise encrypting module, after being encrypted by identity information, send to solid state hard disc again.
The invention also discloses a kind of data encryption and hidden method of computing machine, comprise the following steps:
(1) computing machine receives the identity information of user's input;
(2) described identity information is sent to solid state hard disc;
(3) solid state hard disc carries out the certification of subscriber identity information;
(4) after authentication is passed through, computing machine could show and read and write described cryptographic storage district, otherwise computing machine only can show and read and write described open memory block.
Preferably, described step (2) is further comprising the steps:
After the identity information of a user's input that () identity information acquisition and human-computer interface module receive, send identity verification message command to solid state hard disc;
B () solid state hard disc, after receiving authentication information order, produces and preserves a random number;
C random number is sent to identity information acquisition and the human-computer interface module of computer terminal by () solid state hard disc;
D () identity information acquisition and human-computer interface module receive random number after, using random number as encryption key, subscriber identity information is encrypted; And the identity information after encryption is sent to solid state hard disc;
Described step (3) is further comprising the steps:
E () solid state hard disc is decrypted operation to the user profile received, and adopt the random number of preserving in a register as decruption key;
F user profile after deciphering is compared with the enrollment status information of preserving in advance by () solid state hard disc: as consistent in comparison, then represent that authentication is passed through, solid state hard disc is decrypted the content in cryptographic storage district automatically, and computing machine can manifest the cryptographic storage district with operating solid-state hard disk; As comparison is inconsistent, then represent failed authentication, solid state hard disc refusal is deciphered the content in cryptographic storage district, and stops computing machine to manifest and operate cryptographic storage district.
Preferably, not by the hiding cryptographic storage district of hard disk during authentication in described step (4), directly hiding this district is realized by solid state hard disc.
Preferably, not by the hiding cryptographic storage district of hard disk during authentication in described step (4), the hard-disk capacity in amendment hard disk and the step of partition information is comprised.
Preferably, not by the hiding cryptographic storage district of hard disk during authentication in described step (4), comprise by revising hard-disk capacity step with the communication command of computing machine.
Preferably, not by the hiding cryptographic storage district of hard disk during authentication in described step (4), the step limiting memory block logical block addressable scope is included in solid state hard disc.
The workflow that data security function of the present invention realizes and mechanism, specific as follows:
1) install special hard disk on computers: the initialization be divided into cryptographic storage district and open memory block of the memory block of this hard disk, wherein the automatic data content to cryptographic storage district of hard disk is encrypted and hides;
2) installation and operation identity information acquisition and human-computer interface module on computers;
3) user is by identity information input media input identity information;
4) identity information acquisition and the identity information of man-machine boundary module faces to input are encrypted;
5) identity information acquisition and human-computer interface module are by the identity information after encryption, are transferred to hard disk by the hard-disk interface of computing machine;
6) hard disk is decrypted the identity information received;
7) identity information after deciphering and the true enrollment status information of preserving are compared by hard disk, namely carry out authentication;
8) after as correct in comparison, authentication is passed through, the hard disk then automatic content to cryptographic storage district is decrypted, amendment hard-disk capacity and partition information, the LBA (Logical Block Addressing) of permission computing machine to cryptographic storage district are read and write simultaneously, and also namely cryptographic storage district can normally be read and write and be operated to computing machine;
9) when as incorrect in comparison, authentication is not passed through, hard disk refusal is deciphered the content in cryptographic storage district, simultaneously hard disk with computer communication order on limit read-write to the LBA (Logical Block Addressing) corresponding to cryptographic storage district, in the physical capacity and partition information of hard disk, delete the information in cryptographic storage district, stop computing machine read-write and operation cryptographic storage district, thus realize the function of keeping secret to computer data.
10) identity information certification by and decrypted state time, exceed one of situations such as the schedule time if there is shut down of computer, dormancy or no user running time, cryptographic storage district can automatically exit decrypted state, reenter encrypted state.
Compared with prior art, technical scheme of the present invention, in data encryption, the encryption and decryption of data is directly achieved in solid state hard disc inside, do not expend cpu resource, do not need extra encryption plate, avoid tool model encryption drawback, maintain the performance of hard disk high-speed read-write simultaneously; Hard disk hiding in, the present invention controls in the communications protocol bottom and logical layer two of hard disk, is difficult to crack; In ID authentication mechanism, add the encrypted transmission to identity information, add confidentiality; The actual use for the convenience of the user of the present invention simultaneously, is also provided with open memory block.In a word, adopt technical scheme of the present invention, do not rely on main frame or other peripheral hardwares, the fail-safe computer of a kind of high data security, high data hiding can be built easily, the computer equipment of various form can be applicable to simultaneously, comprise desktop computer, notebook computer and panel computer etc.
Accompanying drawing explanation
Fig. 1 shows according to a kind of embodiment Organization Chart with the computing machine of data security function of the present invention;
Fig. 2 shows Organization Chart according to another preferred embodiment, and this embodiment Computer adopts windows operating system, and adopts the hard disk of SATA interface, and wherein openly memory block capacity is 206GB; Cryptographic storage district adopts AES encryption, and capacity is 50GB; Dish total volume is 256GB;
Fig. 3 shows the further partition information figure of the flash memory storage medium (52) of the another one embodiment of Fig. 2;
Fig. 4 shows the data encryption of a kind of computing machine of the present invention and the process flow diagram of hidden method.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
On the contrary, the present invention is contained any by the substituting of making on marrow of the present invention and scope of defining of claim, amendment, equivalent method and scheme.Further, in order to make the public have a better understanding to the present invention, in hereafter details of the present invention being described, detailedly describe some specific detail sections.Do not have the description of these detail sections can understand the present invention completely for a person skilled in the art yet.
Fig. 1 shows according to a kind of embodiment Organization Chart with the computing machine of data security function of the present invention, and this computing machine (1) comprises main frame (2), solid state hard disc (5), identity information input media (3), display (4) and other basic peripheral hardwares (6) etc.Main frame (2) comprises identity information acquisition and human-computer interface module (24), CPU and chipset (20), internal memory (22), hard-disk interface (21) and other basic elements of character (23) etc., and can install various types of computer operating system (25).Hard-disk interface (21) can be but be not limited to one of interfaces such as SATA, SAS or PCIE.
Identity information acquisition and human-computer interface module (24) installation and operation are on main frame (2), for receiving the identity information that described identity information input media gathers, send to solid state hard disc (5) to after this identity information process; Encrypting module (241) can be equipped with in it, can be encrypted subscriber identity information, and the identity information after encryption is transferred to solid state hard disc (5) through hard-disk interface (21).
Identity information input media (3), for gathering the identity information of user, can adopt keyboard (31) or biometric sensor (32).Wherein, biometric sensor (32) be fingerprint, the biometric sensor such as vocal print or iris any one; Adopt keyboard (31) as identity information input media, directly can input user key-press password on keyboard.
Solid state hard disc (5) comprises the parts such as processor (51), communication interface (56), data buffer (53), encryption and decryption hardware module (54), storage medium interface (55) and storage medium (52).Wherein the communication interface (56) of solid state hard disc (5) can be but be not limited to one of interfaces such as SATA, SAS or PCIE; Storage medium (52) can be flash memory (NAND Flash), its memory block is divided into open memory block (522) and cryptographic storage district (523), can preserve the enrollment status information (524) of user simultaneously; Encryption and decryption hardware module (54), under the control of processor (51), carries out encryption and decryption operation to the data of solid state hard disc (5); Processor (51) is also responsible for and controls dividing the memory block of storage medium (52), hide, disclose and the registration preservation of subscriber identity information and certification label power etc.
Solid state hard disc (5) is decrypted the identity information received, and the identity information after deciphering is carried out contrasting and authentication with preserved enrollment status information (524): only when contrasting after consistent, authentication passes through, computing machine (1) could normally show and read-write cryptographic storage district (523), otherwise computing machine (1) can only show and read and write open memory block (522).
Fig. 2 shows according to a kind of Organization Chart with the another one embodiment of the computing machine of data security function of the present invention, the operating system of this embodiment Computer is Windows operating system (25), and adopt the total volume of SATA interface to be that the solid state hard disc (5) of 256GB is as Primary Hard Drive, user passes through using keyboard (31) as identity information input media (3), and inputs number password (can contain letter) as identity information.Wherein, identity information acquisition and human-computer interface module (24) adopt AES encryption module (241) to be encrypted number password.Its cryptographic algorithm performed can be but be not limited to one of close SM4, AES, GOST or DES scheduling algorithm of state.
Solid state hard disc (5) comprises the parts such as processor (51), SATA communication interface (56), data buffer (53), AES encryption and decryption hardware module (54), tandom number generator (57), AES key storer (58), storage medium interface (55) and 256GB flash memory storage medium (52).Wherein the key of AES encryption and decryption hardware module (54) comes from the random number that tandom number generator (57) produces, this key is kept at independent AES key storer (58) by processor (51), as the common key of AES encryption algorithm and decipherment algorithm, wherein, cryptographic algorithm can adopt but be not limited to one of cryptographic algorithm such as MD5, SHA1, SHA2, SM4, AES, GOST, DES.
The memory block of 256GB flash memory storage medium (52) is except having MBR Main Boot Record (521), comprise the open memory block (522) of 206GB and 50GB cryptographic storage district (523), also can preserve enrollment status information (524) simultaneously.
Embodiment shown in Fig. 2, to the implementation system of the encryption and decryption operating process of cryptographic storage district (523) and the read-write operation of open memory block (522), specifically describes as follows:
Cryptographic operation flow process, also namely computing machine (1) writes data to solid state hard disc (5) cryptographic storage district (523): computing machine (1) sends data to solid state hard disc (5); The SATA communication interface (56) of hard disk by the data that receive stored in data buffer (53); The AES key of preserving in AES key storer is passed to AES encryption and decryption hardware module (54) by processor (51), as the key of AES encryption algorithm; AES encryption and decryption hardware module (54) AES key received, is encrypted the data of data buffer (53); Processor (51), by the data after encryption, through the cryptographic storage district (523) of storage medium interface (55) write flash memory storage medium (52), thus completes cryptographic operation.
Decryption oprerations flow process, also namely computing machine reads data to HD encryption memory block: under the control of processor (51), the data of cryptographic storage district (523) through storage medium interface (55), are delivered to data buffer (53) by flash memory storage medium (52); The AES key of preserving in AES key storer is passed to AES encryption and decryption hardware module (54) by processor (51), as the key of AES decipherment algorithm; AES encryption and decryption hardware module (54) AES key received, to the decrypt data of data buffer (53); Processor (51), by the data after deciphering, is transferred to computing machine (1) through SATA communication interface (56), thus completes decryption oprerations.
The operating process of open memory block, also namely computing machine reads and writes data to the open memory block of hard disk: under the control of processor (51), computing machine (1) by SATA communication interface, data buffer (113), storage medium interface (115) directly and flash memory storage medium (52) communication, realizes the data read-write operation of the open memory block (121) to flash memory storage medium (52).
Fig. 3 shows the further partition information figure of the storage medium (52) of the another one embodiment of Fig. 2, and total dish capacity is 256GB.Wherein openly memory block (522) comprises the first subregion (525) and the second subregion (526), the address realm of the first subregion (525) is 0x00000800-0x134DEFFF, and capacity is 156GB (actual capacity 154.43GB); The address realm of the second subregion (526) is 0x134DF000-0x19686FFF, and capacity is 50GB (actual capacity 48.83GB).Cryptographic storage district (523) belongs to the 3rd subregion (527), and address realm is 0x19687000-0x1F82F000, and capacity is 50GB (actual capacity 48.83GB).MBR Main Boot Record (521) is 512 bytes.Hiding of cryptographic storage district (523) directly completes in solid state hard disc (5) inside, controlled by processor (51) and implement, mainly comprising the fdisk information of amendment MBR Main Boot Record (521), the hard disc physical capacity data revising recognition of devices order (Identify Device Command) in SATA agreement and limiting computer (1) to three parts such as the LBA (Logical Block Addressing) allowed bands in solid state hard disc (5) read write command.Existing composition graphs 3 and Fig. 2, hiding cryptographic storage district (524), implementation method specifically describes as follows:
1) the fdisk information of the processor (51) amendment MBR Main Boot Record (521) of solid state hard disc (5).
MBR Main Boot Record (521) is made up of 4 parts, and wherein hard disk partition table always has 64 bytes.Be divided into four groups, often group is by a series of information such as total volume, start address, termination address of 16 byte packet containing each subregion, and what do not have subregion then all fills out 0.Its concrete structure is as shown in table 1 below:
Table 1
In the embodiment shown in Figure 2, overall hard disk partition table 2 information that 256GB solid state hard disc (5) is not hiding is as follows:
Table 2
The fdisk information of hard disk handlers (51) amendment MBR Main Boot Record (521), partition information full scale clearance by the 3rd subregion (527) is 0, computing machine will identify the information such as drive and capacity less than cryptographic storage district (523), thus realize the 3rd subregion (527), Ye Ji cryptographic storage district (523) hide, as shown in table 3 below:
Table 3
| Address | Data |
| 0x------------- | -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- |
| 0x0000001A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
| 0x0000001B0 | 00 00 00 00 00 00 00 00 B9 80 BA 53 FF FF 00 20 |
| 0x0000001C0 | 21 00 07 FE FF FF 00 08 00 00 00 E8 4D 13 00 FE |
| 0x0000001D0 | FF FF 07 FE FF FF 00 F0 4D 13 00 80 1A 06 00 00 |
| 0x0000001E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
| 0x0000001F0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA |
2) hard disc physical capacity data is revised in recognition of devices order (the Identify Device Command) order by requiring in amendment SATA agreement.
Recognition of devices order be specify in SATA agreement, an order that hard disk must be supported.Recognition of devices order, for informing performance, the attribute of the computing machine hard disk of carry, comprises the bidding protocol etc. of capacity, sequence number, hard disk title, support.After computing machine sends this order to hard disc apparatus, the information data of device responds 512 byte is to main frame, wherein 60-61 two words define when capacity is less than 128G " sum of user's addressable logical block ", and 100-103 tetra-words define " sum of user's addressable logical block " when capacity is greater than 128G.Computer operating system determines the capacity of a physical disks by the attribute information read in 512 bytes.
In the embodiment shown in Figure 2, hard disk handlers (51) by the value of the 100-103 byte of recognition of devices order by the original hard-disk capacity value of information 0x19686FFF do not hidden, be modified as 0x1F82F000, thus realize hiding cryptographic storage district (523) further.
3) by limiting computer (1) to the allowed band of the LBA (Logical Block Addressing) in the read write command of solid state hard disc (5), come limiting computer (1) read cryptographic storage district (523) content.
Generally, the address of the hard disk bottom layer driving transmission of operating system should not exceed the memory capacity of physical disks, namely can not surmount the maximum address that hard disk controller (51) sets.Certainly, do not get rid of some illegal module and distort bottom layer driving, send illegal address; Even if but so, hard disk controller (51) also can filter these illegal addresses by the read/write address of limiting computer (1), thus guarantees that enciphering hiding subregion (523) cannot be identified or access.
LBA (Logical Block Addressing) is computing machine when sending read write command to hard disk, the address information that can send to hard disc apparatus.Hard disc apparatus reads to computing machine or write data according to concrete LBA (Logical Block Addressing) value.In the embodiment shown in Figure 2; hard disk handlers (51) is by checking the LBA (Logical Block Addressing) value of each read write command; the command reject (CMDR) of the LBA (Logical Block Addressing) of common storage area (522) capacity will be exceeded; even if computing machine (1) can recognize the drive of cryptographic storage district (523); the data content of cryptographic storage district (523) can not be opened, thus protect the data content of cryptographic storage district (523).
In a word, hard disk handlers (51) is by amendment MBR Main Boot Record (521) information, delete the information of encrypted partition, cooperating equipment recognition command amendment hard-disk capacity, limiting computer (1) are to the addressable ranges of logical addresses of solid state hard disc (5) again, thus realize the hidden function of cryptographic storage district (523), disguise and the confidentiality of solid state hard disc (5) data is guaranteed from bottom communication mechanism.
Fig. 4 shows the data encryption of a kind of computing machine of the present invention and the process flow diagram of hidden method, and existing composition graphs 4, Fig. 2 and Fig. 3, be described below a kind of preferred implementation of the present invention:
1) in the upper installation and operation identity information acquisition of main frame (1) and human-computer interface module (24), this module carries AES encryption module (241);
2) user is on identity information acquisition and human-computer interface module (24), by keyboard (31) input number password, and using numerical ciphers as identity information;
3) identity information acquisition and human-computer interface module (24) transfer the identity information that user inputs to ASCII character, and send authentication information order to the processor (51) of solid state hard disc (5);
4) processor (51) of hard disk is after receiving authentication information order, and by the random number that tandom number generator (57) acquisition one is interim, as the AES encryption and decryption key of identity information, and interim preservation in a register;
5) random number is sent to identity information acquisition on computing machine (1) and human-computer interface module (24) by the processor (51) of hard disk;
6), after identity information acquisition and human-computer interface module (24) receive random number, using random number as AES encryption key, and AES encryption is carried out to subscriber identity information;
7) identity information after encryption is passed to the processor (51) of hard disk by identity information acquisition and human-computer interface module (24);
8) processor (51) of hard disk carries out AES decryption oprerations to the user profile received, and adopts the random number of preserving in a register as AES decruption key;
9) user profile after deciphering is compared with user's enrollment status information (524) of former preservation by the processor (51) of hard disk: as comparison is consistent, then represent that authentication is passed through, hard disk is decrypted the content of cryptographic storage district (523) automatically, and computing machine can manifest and operate the cryptographic storage district (523) of hard disk; As comparison is inconsistent, then represent failed authentication, hard disk refusal is deciphered the content of cryptographic storage district (523), and stops computing machine to be read and write and operation cryptographic storage district (523);
10) authenticating result is sent to identity information acquisition and human-computer interface module (24) by the processor (51) of hard disk, and shows authenticating result to user.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, all any amendments done within the spirit and principles in the present invention, equivalent replacement and improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. there is a computing machine for data security function, it is characterized in that, comprising:
The main frame of built-in identity information acquisition and human-computer interface module, the solid state hard disc be connected with described main frame and the identity information input media be connected with described identity information acquisition and human-computer interface module, wherein,
Described solid state hard disc comprises open memory block and cryptographic storage district;
Described identity information input media is for gathering the identity information of user;
The identity information that described identity information acquisition and human-computer interface module gather for receiving described identity information input media, and send to solid state hard disc to after this identity information process;
Described solid state hard disc receives the identity information of identity information acquisition and human-computer interface module transmission and carries out certification to this identity information, and after identity information certification is passed through, computing machine just can manifest and read and write described cryptographic storage district; Otherwise, only can manifest and read and write open memory block.
2. according to a kind of computing machine with data security function described in claim 1, it is characterized in that, described solid state hard disc comprises encryption and decryption hardware module, and described encryption and decryption hardware module is used for directly carrying out encryption and decryption operation to data in solid state hard disc.
3. according to a kind of computing machine with data security function described in claim 1, it is characterized in that, described identity information input media is keyboard or biometric sensor, and described biometric sensor is any one of fingerprint, vocal print or iris sensor.
4. according to a kind of computing machine with data security function described in claim 1, it is characterized in that, described identity information acquisition and human-computer interface module comprise encrypting module, after being encrypted by identity information, send to solid state hard disc again.
5. the data encryption of computing machine described in Claims 1-4 and hidden method, is characterized in that, comprise the following steps:
(1) computing machine receives the identity information of user's input;
(2) described identity information is sent to solid state hard disc;
(3) solid state hard disc carries out the certification of subscriber identity information;
(4) after authentication is passed through, computing machine could show and read and write described cryptographic storage district, otherwise computing machine only can show and read and write described open memory block.
6. computer hard disk data encryption according to claim 5 and hiding method, it is characterized in that, described step (2) is further comprising the steps:
After the identity information of a user's input that () identity information acquisition and human-computer interface module receive, send identity verification message command to solid state hard disc;
B () solid state hard disc, after receiving authentication information order, produces and preserves a random number;
C random number is sent to identity information acquisition and the human-computer interface module of computer terminal by () solid state hard disc;
D () identity information acquisition and human-computer interface module receive random number after, using random number as encryption key, subscriber identity information is encrypted; And the identity information after encryption is sent to solid state hard disc;
Described step (3) is further comprising the steps:
E () solid state hard disc is decrypted operation to the user profile received, and adopt the random number of preserving in a register as decruption key;
F user profile after deciphering is compared with the enrollment status information of preserving in advance by () solid state hard disc: as consistent in comparison, then represent that authentication is passed through, solid state hard disc is decrypted the content in cryptographic storage district automatically, and computing machine can manifest the cryptographic storage district with operating solid-state hard disk; As comparison is inconsistent, then represent failed authentication, solid state hard disc refusal is deciphered the content in cryptographic storage district, and stops computing machine to manifest and operate cryptographic storage district.
7. according to the computer hard disk data encryption described in claim 5 and hiding method, it is characterized in that, not by the hiding cryptographic storage district of hard disk during authentication in described step (4), directly realize hiding this district by solid state hard disc.
8. a kind of computer hard disk data encryption described in claim 7 and the method hidden, it is characterized in that, not by the hiding cryptographic storage district of hard disk during authentication in described step (4), comprise the hard-disk capacity in amendment hard disk and the step of partition information.
9. the computer hard disk data encryption described in claim 7 and the method hidden, it is characterized in that, not by the hiding cryptographic storage district of hard disk during authentication in described step (4), comprise by revising hard-disk capacity step with the communication command of computing machine.
10. the computer hard disk data encryption described in claim 7 and the method hidden, it is characterized in that, not by the hiding cryptographic storage district of hard disk during authentication in described step (4), be included in solid state hard disc the step limiting memory block logical block addressable scope.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410803060.7A CN104573441B (en) | 2014-08-12 | 2014-12-21 | A kind of computer and its data encryption with data security function and hiding method |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410393582 | 2014-08-12 | ||
| CN2014103935824 | 2014-08-12 | ||
| CN201410803060.7A CN104573441B (en) | 2014-08-12 | 2014-12-21 | A kind of computer and its data encryption with data security function and hiding method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104573441A true CN104573441A (en) | 2015-04-29 |
| CN104573441B CN104573441B (en) | 2017-08-29 |
Family
ID=53089483
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410803060.7A Active CN104573441B (en) | 2014-08-12 | 2014-12-21 | A kind of computer and its data encryption with data security function and hiding method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104573441B (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105354479A (en) * | 2015-11-03 | 2016-02-24 | 杭州电子科技大学 | USB flash disk authentication based solid state disk and data hiding method |
| CN105389526A (en) * | 2015-12-03 | 2016-03-09 | 泰华智慧产业集团股份有限公司 | Mobile hard disk integrating encrypted area and non-encrypted area and data storage method for mobile hard disk |
| CN105678197A (en) * | 2015-12-30 | 2016-06-15 | 青岛海信移动通信技术股份有限公司 | Client data saving method and mobile terminal |
| CN106055943A (en) * | 2016-05-30 | 2016-10-26 | 杭州华澜微电子股份有限公司 | Memory disc identity authentication method |
| CN106056007A (en) * | 2016-06-12 | 2016-10-26 | 杭州电子科技大学 | Safe solid state disk capable of hiding disk and method |
| CN107392061A (en) * | 2017-07-21 | 2017-11-24 | 山东华芯半导体有限公司 | A kind of implementation method of the SSD subregion encipherment schemes based on modification MBR |
| CN107403113A (en) * | 2017-07-21 | 2017-11-28 | 山东华芯半导体有限公司 | A kind of method that HD encryption subregion drive is distributed and disappeared automatically |
| CN108509813A (en) * | 2018-03-31 | 2018-09-07 | 北京联想核芯科技有限公司 | A kind of data processing method of safe solid state disk, device and safe solid state disk |
| CN108647158A (en) * | 2018-04-26 | 2018-10-12 | 深圳大普微电子科技有限公司 | A kind of management method and system of the hiding data based on solid state disk |
| CN108933654A (en) * | 2018-07-10 | 2018-12-04 | 刘芳 | For project management multilayer encipher-decipher method |
| CN108989307A (en) * | 2018-07-10 | 2018-12-11 | 刘芳 | For project management multilayer encrypting and deciphering system |
| CN109448203A (en) * | 2018-12-26 | 2019-03-08 | 江苏亨通问天量子信息研究院有限公司 | Control method, device, system and the smart lock of smart lock |
| CN109858431A (en) * | 2019-01-28 | 2019-06-07 | 深圳市力川智控科技有限公司 | It is created the division the method and system with enciphering/deciphering based on iris recognition technology |
| CN112487383A (en) * | 2020-11-17 | 2021-03-12 | 重庆第二师范学院 | Computer system for ensuring information safety and control method thereof |
| CN112699356A (en) * | 2020-12-28 | 2021-04-23 | 北京工商大学 | Encryption system for computer mechanical hard disk |
| CN112836221A (en) * | 2021-01-13 | 2021-05-25 | 深圳安捷丽新技术有限公司 | Multi-security-level partitioned portable solid state disk and design method thereof |
| US11113379B2 (en) | 2017-09-27 | 2021-09-07 | Goertek Technology Co., Ltd. | Unlocking method and virtual reality device |
| CN114900536A (en) * | 2022-05-18 | 2022-08-12 | 华侨大学 | Block chain-based point acceptance consensus storage method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101576857A (en) * | 2008-05-06 | 2009-11-11 | 宇瞻科技股份有限公司 | Automatic locking device and automatic locking method for storage medium |
| CN101788959A (en) * | 2010-02-03 | 2010-07-28 | 武汉固捷联讯科技有限公司 | Solid state hard disk secure encryption system |
| US20110087890A1 (en) * | 2009-10-09 | 2011-04-14 | Lsi Corporation | Interlocking plain text passwords to data encryption keys |
| CN103176917A (en) * | 2011-12-21 | 2013-06-26 | 群联电子股份有限公司 | Storage device protective system and method of locking and unlocking storage device |
| CN103558994A (en) * | 2013-09-29 | 2014-02-05 | 记忆科技(深圳)有限公司 | Method for encrypting solid state disk partitions and solid state disk |
-
2014
- 2014-12-21 CN CN201410803060.7A patent/CN104573441B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101576857A (en) * | 2008-05-06 | 2009-11-11 | 宇瞻科技股份有限公司 | Automatic locking device and automatic locking method for storage medium |
| US20110087890A1 (en) * | 2009-10-09 | 2011-04-14 | Lsi Corporation | Interlocking plain text passwords to data encryption keys |
| CN101788959A (en) * | 2010-02-03 | 2010-07-28 | 武汉固捷联讯科技有限公司 | Solid state hard disk secure encryption system |
| CN103176917A (en) * | 2011-12-21 | 2013-06-26 | 群联电子股份有限公司 | Storage device protective system and method of locking and unlocking storage device |
| CN103558994A (en) * | 2013-09-29 | 2014-02-05 | 记忆科技(深圳)有限公司 | Method for encrypting solid state disk partitions and solid state disk |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105354479A (en) * | 2015-11-03 | 2016-02-24 | 杭州电子科技大学 | USB flash disk authentication based solid state disk and data hiding method |
| CN105389526A (en) * | 2015-12-03 | 2016-03-09 | 泰华智慧产业集团股份有限公司 | Mobile hard disk integrating encrypted area and non-encrypted area and data storage method for mobile hard disk |
| CN105389526B (en) * | 2015-12-03 | 2018-02-23 | 泰华智慧产业集团股份有限公司 | Encrypted area and the mobile hard disk and its date storage method of non-encrypted area integration |
| CN105678197A (en) * | 2015-12-30 | 2016-06-15 | 青岛海信移动通信技术股份有限公司 | Client data saving method and mobile terminal |
| CN106055943A (en) * | 2016-05-30 | 2016-10-26 | 杭州华澜微电子股份有限公司 | Memory disc identity authentication method |
| CN106056007B (en) * | 2016-06-12 | 2019-01-01 | 杭州电子科技大学 | A kind of safe solid state hard disk and method that can hide disk |
| CN106056007A (en) * | 2016-06-12 | 2016-10-26 | 杭州电子科技大学 | Safe solid state disk capable of hiding disk and method |
| CN107392061A (en) * | 2017-07-21 | 2017-11-24 | 山东华芯半导体有限公司 | A kind of implementation method of the SSD subregion encipherment schemes based on modification MBR |
| CN107403113A (en) * | 2017-07-21 | 2017-11-28 | 山东华芯半导体有限公司 | A kind of method that HD encryption subregion drive is distributed and disappeared automatically |
| US11113379B2 (en) | 2017-09-27 | 2021-09-07 | Goertek Technology Co., Ltd. | Unlocking method and virtual reality device |
| CN108509813A (en) * | 2018-03-31 | 2018-09-07 | 北京联想核芯科技有限公司 | A kind of data processing method of safe solid state disk, device and safe solid state disk |
| CN108647158A (en) * | 2018-04-26 | 2018-10-12 | 深圳大普微电子科技有限公司 | A kind of management method and system of the hiding data based on solid state disk |
| CN108933654A (en) * | 2018-07-10 | 2018-12-04 | 刘芳 | For project management multilayer encipher-decipher method |
| CN108989307A (en) * | 2018-07-10 | 2018-12-11 | 刘芳 | For project management multilayer encrypting and deciphering system |
| CN109448203A (en) * | 2018-12-26 | 2019-03-08 | 江苏亨通问天量子信息研究院有限公司 | Control method, device, system and the smart lock of smart lock |
| CN109858431A (en) * | 2019-01-28 | 2019-06-07 | 深圳市力川智控科技有限公司 | It is created the division the method and system with enciphering/deciphering based on iris recognition technology |
| CN109858431B (en) * | 2019-01-28 | 2023-08-11 | 深圳市华弘智谷科技有限公司 | Method and system for creating partition and encrypting/decrypting based on iris recognition technology |
| CN112487383A (en) * | 2020-11-17 | 2021-03-12 | 重庆第二师范学院 | Computer system for ensuring information safety and control method thereof |
| CN112487383B (en) * | 2020-11-17 | 2023-08-08 | 重庆第二师范学院 | Computer system for guaranteeing information security and control method thereof |
| CN112699356A (en) * | 2020-12-28 | 2021-04-23 | 北京工商大学 | Encryption system for computer mechanical hard disk |
| CN112836221A (en) * | 2021-01-13 | 2021-05-25 | 深圳安捷丽新技术有限公司 | Multi-security-level partitioned portable solid state disk and design method thereof |
| CN112836221B (en) * | 2021-01-13 | 2024-02-06 | 深圳安捷丽新技术有限公司 | Multi-security-level partition portable solid state disk and design method thereof |
| CN114900536A (en) * | 2022-05-18 | 2022-08-12 | 华侨大学 | Block chain-based point acceptance consensus storage method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104573441B (en) | 2017-08-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104573441A (en) | Computer with data privacy function and data encryption and hiding method thereof | |
| US10073988B2 (en) | Chipset and host controller with capability of disk encryption | |
| AU2013200681B2 (en) | Security-enhanced computer systems and methods | |
| CN100437618C (en) | Portable information safety device | |
| US20040103288A1 (en) | Apparatus and method for securing data on a portable storage device | |
| CN101587524B (en) | Method for encrypting data memory apparatus based on virtual system | |
| CN105354479A (en) | USB flash disk authentication based solid state disk and data hiding method | |
| CN104951409A (en) | System and method for full disk encryption based on hardware | |
| CN101788959A (en) | Solid state hard disk secure encryption system | |
| CN104090853A (en) | Solid-state disc encryption method and system | |
| CN106022155A (en) | Method and server for security management in database | |
| CN105354503A (en) | Data encryption/decryption method for storage apparatus | |
| CN102693399A (en) | System and method for on-line separation and recovery of electronic documents | |
| CN108491724A (en) | A kind of hardware based computer interface encryption device and method | |
| CN106991061A (en) | A kind of SATA hard disc crypto module and its method of work | |
| CN111177773B (en) | Full disk encryption and decryption method and system based on network card ROM | |
| CN105740733A (en) | Encrypted mobile hard disk and realization method thereof | |
| CN105205416A (en) | Mobile hard disk password module | |
| CN100462993C (en) | Outer placed mobile storage in use for alete information processing | |
| CN103617127A (en) | Memory device with subareas and memorizer area dividing method | |
| CN105279453A (en) | Separate storage management-supporting file partition hiding system and method thereof | |
| TWI789291B (en) | Module and method for authenticating data transfer between a storage device and a host device | |
| CN103930894A (en) | Storage device reader having security function and security method using same | |
| CN106855923A (en) | A kind of electronic installation based on biological identification technology | |
| US20220123932A1 (en) | Data storage device encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: Hangzhou City, Zhejiang province 311200 Xiaoshan District Road No. 66 Building No. 1 building 22 layer Huarui Center Applicant after: SAGE MICROELECTRONICS CORP. Address before: 311200, room 1038, 902 water tower, Jincheng Road, Xiaoshan District, Zhejiang, Hangzhou Applicant before: Hangzhou Sage Microelectronics Technology Co., Ltd. |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: HANGZHOU SAGE MICROELECTRONICS CO., LTD. TO: HANGZHOU SAGE MICROELECTRONICS, CORP. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |