CN104573441B - A kind of computer and its data encryption with data security function and hiding method - Google Patents

A kind of computer and its data encryption with data security function and hiding method Download PDF

Info

Publication number
CN104573441B
CN104573441B CN201410803060.7A CN201410803060A CN104573441B CN 104573441 B CN104573441 B CN 104573441B CN 201410803060 A CN201410803060 A CN 201410803060A CN 104573441 B CN104573441 B CN 104573441B
Authority
CN
China
Prior art keywords
identity information
computer
encryption
solid state
hard disc
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410803060.7A
Other languages
Chinese (zh)
Other versions
CN104573441A (en
Inventor
车嵘
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sage Microelectronics Corp
Original Assignee
Sage Microelectronics Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sage Microelectronics Corp filed Critical Sage Microelectronics Corp
Priority to CN201410803060.7A priority Critical patent/CN104573441B/en
Publication of CN104573441A publication Critical patent/CN104573441A/en
Application granted granted Critical
Publication of CN104573441B publication Critical patent/CN104573441B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention proposes a kind of computer and its data encryption and hidden method with data security function, including:Built-in identity information acquisition and the main frame of human-computer interface module, the solid state hard disc being connected with the main frame and the identity information input unit being connected with the identity information acquisition and human-computer interface module, wherein, the solid state hard disc includes open memory block and encryption memory block;The identity information input unit is used for the identity information for gathering user;The identity information acquisition and human-computer interface module are used to receive the identity information that the identity information input unit is gathered, and to being sent to solid state hard disc after identity information processing;The solid state hard disc receives the identity information that identity information acquisition and human-computer interface module send and simultaneously the identity information is authenticated, and identity information certification is by rear, and computer can just show and read and write the encryption memory block;Otherwise, it is only capable of showing and reading and writing open memory block.Using technical scheme, independent of main frame or other peripheral hardwares, it is convenient to build a kind of based on fixed disk data enciphering and hiding fail-safe computer.

Description

A kind of computer and its data encryption with data security function and hiding method
Technical field
It is more particularly to a kind of with data security function the present invention relates to computer data storage and data security arts Computer and its data encryption and hiding method.
Background technology
All the time, the safety problem of computer (being commonly called as computer) receives much concern, either economic aspect or military affairs side Face, either country, enterprise or individual, also either computer equipment manufacturers, designer or user, are present Product demand in terms of computer security.Fail-safe computer has the building mode of diversified forms, and one of important directions are pins Security protection to computer hard disk data, namely by the way that hard disc data is encrypted, unauthorized operation can be prevented or non- Method such as cracks at the behavior, so as to form a kind of fail-safe computer.
The security protection of computer hard disk data includes storage area data and encrypts and hide two aspects.Traditional hard disk number It can be divided into module side and the major class of hardware mode two according to encryption.Module data encryption is flat dependent on computing power and operating system Platform, security classification is low, while there is also take the defects such as cpu resource, reduction R/W speed of hard disc.
Typical hardware data cipher mode is to realize data encrypting and deciphering by a kind of fixed disk data enciphering board;It should add Close board generally uses PCIE interface shapes, and takes over and the data communication between the hard disk and main frame of control computer, can be right DISK to Image data encryption.The data encryption of hardware mode overcomes some shortcomings of modular manner, such as voluntarily completes data Encryption and decryption computing etc., but still suffer from some defects:Due to DISK to Image data carry out encryption and decryption, influence computer startup and Runnability, is only applicable to the mechanical hard disk of low speed;User needs extra configuration encryption board, costly;Application is narrow, nothing Method is used for the small computer devices such as notebook, tablet PC;In addition with computer hardware equipment (such as CPU, Mainboard, hard disk etc.), the performance upgrade in terms of peripheral hardware communications protocol and operating system, encrypt the performance and compatibility of board There is also upgrade problem etc..
Hiding aspect in memory block, generally using modular manner, i.e., is realized, still by changing part hard disc data Modular manner depends on operating system platform, there is potential safety hazard:It is i.e. easily broken using wooden horse or leak etc. by unauthorized person Solution.Modular manner also has another risk to be:It is familiar with the cracker of operating system file form, can be by changing again Hard disc data comes out multi-section display.Generally speaking, the hidden partition of application is not thorough enough, can be theoretically familiar with The cracker of operating system file form cracks.
In a word, active computer fixed disk data enciphering and concealing technology are present:Cpu resource is taken, operating system is relied on, borrows Help outside encryption and decryption board, reduction R/W speed of hard disc, there are problems that cracking hidden danger and user uses or defect. Therefore, for drawbacks described above present in currently available technology, it is necessary to be studied in fact, to provide a kind of scheme, solves existing Defect present in technology.
The content of the invention
In order to solve the above-mentioned technical problem, the invention provides a kind of computer with data security function and its data Encryption and hiding method, using solid state hard disc as hard disc of computer, including solid state hard disc high-speed data encryption mechanism plus Hiding Mechanism and ID authentication mechanism of close memory block etc., are protected from the data encryption of hard-disc storage area and in terms of hiding two Hinder the data safety of computer so that computer has more preferable security.Also include the setting of open memory block, increase simultaneously The flexibility of user's actual use and convenience.
To solve the problem of prior art is present, the technical scheme is that:
A kind of computer with data security function, including:
Built-in identity information acquisition and the main frame of human-computer interface module, with consolidating that the main frame is connected State hard disk and the identity information input unit being connected with the identity information acquisition and human-computer interface module, wherein,
The solid state hard disc includes open memory block and encryption memory block;
The identity information input unit is used for the identity information for gathering user;
The identity information acquisition and human-computer interface module are used to receive the body that the identity information input unit is gathered Part information, to being sent to solid state hard disc after identity information processing;
The solid state hard disc receives the identity information of identity information acquisition and human-computer interface module transmission and the identity is believed Breath is authenticated, and identity information certification is by rear, and computer can just show and read and write the encryption memory block;Otherwise, it is only capable of showing Now with the open memory block of read-write.
Preferably, described solid state hard disc includes encryption/decryption module, and the encryption/decryption module is used for straight in solid state hard disc Connect and encryption and decryption operation is carried out to data.
Preferably, the identity information input unit is keyboard or biometric sensor, the biological characteristic sensing Device is any of fingerprint, vocal print or iris sensor.
Preferably, the identity information acquisition and human-computer interface module include encrypting module, for identity information to be encrypted After be then forwarded to solid state hard disc.
The invention also discloses a kind of data encryption of computer and hidden method, comprise the following steps:
(1) computer receives the identity information of user's input;
(2) identity information is sent to solid state hard disc;
(3) solid state hard disc carries out the certification of subscriber identity information;
(4) authentication is by rear, and computer could show and read and write the encryption memory block, and otherwise, computer is only capable of Show and read and write the open memory block.
Preferably, the step (2) further comprises the steps:
(a) after the identity information for user's input that identity information acquisition and human-computer interface module are received, sent out to solid state hard disc Send checking identity information order;
(b) solid state hard disc produces after authentication information order is received and preserves a random number;
(c) random number is sent to the identity information acquisition and human-computer interface module of computer terminal by solid state hard disc;
(d) identity information acquisition and human-computer interface module are received after random number, using random number as encryption key, to user Identity information is encrypted;And the identity information after encryption is sent to solid state hard disc;
The step (3) further comprises the steps:
(e) solid state hard disc the user profile received is decrypted operation, and using the random number preserved in a register It is used as decruption key;
(f) user profile after decryption and the enrollment status information pre-saved are compared solid state hard disc:As compared Unanimously, then it represents that authentication passes through, the content for encrypting memory block is decrypted automatically for solid state hard disc, and computer can show and operate The encryption memory block of solid state hard disc;Such as compare inconsistent, then it represents that failed authentication, solid state hard disc refusal is in encryption memory block Hold decryption, and prevent computer from showing and operate encryption memory block.
Preferably, fail in described step (4) by hard disk during authentication to encryption memory block hide, directly by Solid state hard disc is realized to be hidden to the area.
Preferably, fail to hide encryption memory block by hard disk during authentication in described step (4), including repair The step of changing hard-disk capacity and the partition information in hard disk.
Preferably, fail to hide encryption memory block by hard disk during authentication in described step (4), including it is logical The communication command with computer is crossed to change hard-disk capacity step.
Preferably, fail to hide encryption memory block by hard disk during authentication in described step (4), be included in The step of memory block logic block addressable scope being limited in solid state hard disc.
Workflow and mechanism that data security function of the present invention is realized, it is specific as follows:
1) special hard disk is installed on computers:The memory block of the hard disk initialized and be divided into encryption memory block and Open memory block, wherein hard disk are encrypted and hidden to the data content for encrypting memory block automatically;
2) installation and operation identity information acquisition and human-computer interface module on computers;
3) user inputs identity information by identity information input unit;
4) identity information of input is encrypted for identity information acquisition and man-machine boundary's module faces;
5) identity information acquisition and human-computer interface module pass the identity information after encryption by the hard-disk interface of computer It is defeated by hard disk;
6) identity information received is decrypted hard disk;
7) identity information after decryption and the true enrollment status information preserved are compared hard disk, that is, are reflected Power;
8) as compared after correct, authentication passes through, then the automatic content to encrypting memory block is decrypted hard disk, changes simultaneously Hard-disk capacity and partition information, permission computer are written and read to the logical block address for encrypting memory block, namely computer can be just Often read-write and operation encryption memory block;
9) such as compare it is incorrect, authenticate not by when, hard disk refusal to encrypt memory block content decrypt, while hard disk exists With limited in computer communication order to encryption memory block corresponding to logical block address read-write, hard disk physical capacity and The information of encryption memory block is deleted on partition information, prevents computer from reading and writing and operation encryption memory block, so as to realize to calculating The function of keeping secret of machine data.
10) when identity information certification is by with decrypted state, grasped if there is computer shutdown, dormancy or no user Make the time more than one of situation such as scheduled time, encryption memory block can automatically exit from decrypted state, reenter encrypted state.
Compared with prior art, technical scheme, in terms of data encryption, is realized directly inside solid state hard disc The encryption and decryption of data, does not expend cpu resource, it is not necessary to extra encryption plate, avoid the drawbacks of tool model is encrypted, together When maintain the performance of hard disk high-speed read-write;At the hiding aspect of hard disk, communications protocol bottom and logic of the present invention in hard disk The aspect of layer two is controlled, it is difficult to cracked;The encrypted transmission to identity information is added in ID authentication mechanism, guarantor is added Close property;The actual use of the present invention for the convenience of the user simultaneously, is also provided with open memory block.In a word, using the technology of the present invention Scheme, independent of main frame or other peripheral hardwares, it is convenient to build a kind of high data security, high data hiding Fail-safe computer, while the computer equipment of various forms can be adapted to, including desktop computer, notebook computer and flat board electricity Brain etc..
Brief description of the drawings
Fig. 1 shows a kind of embodiment Organization Chart of computer with data security function according to the present invention;
Fig. 2 shows Organization Chart according to another preferred embodiment, and the embodiment Computer is used Windows operating systems, and using the hard disk of SATA interface, memory block capacity disclosed in it is 206GB;Memory block is encrypted to use AES encryption, capacity is 50GB;Disk total capacity is 256GB;
Fig. 3 shows the further partition information figure of the flash memory storage medium (52) of Fig. 2 another embodiment;
Fig. 4 shows the flow chart of the data encryption and hidden method of a kind of computer of the invention.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, it is right below in conjunction with drawings and Examples The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.
On the contrary, the present invention covers any replacement done in the spirit and scope of the present invention being defined by the claims, repaiied Change, equivalent method and scheme.Further, in order that the public has a better understanding to the present invention, below to the thin of the present invention It is detailed to describe some specific detail sections in section description.Part without these details for a person skilled in the art Description can also understand the present invention completely.
Fig. 1 shows a kind of embodiment Organization Chart of computer with data security function according to the present invention, the meter Calculation machine (1) includes main frame (2), solid state hard disc (5), identity information input unit (3), display (4) and other bases This peripheral hardware (6) etc..Main frame (2) include identity information acquisition and human-computer interface module (24), CPU and chipset (20), Internal memory (22), hard-disk interface (21) and other basic elements of character (23) etc., and various types of computer operating systems can be installed (25).Hard-disk interface (21) can be, but not limited to, one of interfaces such as SATA, SAS or PCIE.
Identity information acquisition and human-computer interface module (24) installation and operation are on main frame (2), for receiving The identity information that identity information input unit is gathered is stated, to being sent to solid state hard disc (5) after identity information processing;Can in it Encrypting module (241) is equipped with, subscriber identity information can be encrypted, and by the identity information after encryption through hard-disk interface (21) It is transferred to solid state hard disc (5).
Identity information input unit (3) is used for the identity information for gathering user, can use keyboard (31) or biological characteristic Sensor (32).Wherein, biometric sensor (32) is any of the biometric sensors such as fingerprint, vocal print or iris; Using keyboard (31) as identity information input unit, user key-press password can be inputted directly on keyboard.
Solid state hard disc (5) includes processor (51), communication interface (56), data buffer (53), encryption and decryption hardware module (54), the part such as storage medium interface (55) and storage medium (52).The communication interface (56) of wherein solid state hard disc (5) can To be, but not limited to, one of interfaces such as SATA, SAS or PCIE;Storage medium (52) can be flash memory (NAND Flash), Its memory partitioning is into open memory block (522) and encryption memory block (523), while the enrollment status information of user can be preserved (524);Encryption and decryption hardware module (54) is under the control of processor (51), and the data to solid state hard disc (5) carry out encryption and decryption behaviour Make;Processor (51) is also responsible for and controlled storage Division, hiding, the open and subscriber identity information to storage medium (52) Registration preservation and certification label power etc..
The identity information received is decrypted solid state hard disc (5), and by the identity information after decryption and the note that is preserved Volume identity information (524) is contrasted and authenticated:Only after contrast is consistent, authentication passes through, computer (1) could normally show and Read-write encryption memory block (523), otherwise, computer (1) are only able to display and read and write open memory block (522).
Fig. 2 is shown according to a kind of framework of the another embodiment of the computer with data security function of the present invention Figure, the operating system of the embodiment Computer is Windows operating system (25), and use the total capacity of SATA interface for 256GB solid state hard disc (5) is as Primary Hard Drive, and user is by the way that keyboard (31), as identity information input unit (3), and is inputted Number password (can contain letter) is as identity information.Wherein, identity information acquisition and human-computer interface module (24) use AES Number password is encrypted encrypting module (241).Its perform AES can be but be not limited to the close SM4 of state, One of AES, GOST or DES scheduling algorithm.
It is hard that solid state hard disc (5) includes processor (51), SATA communication interfaces (56), data buffer (53), AES encryption and decryption Part module (54), tandom number generator (57), AES key memory (58), storage medium interface (55) and 256GB flash memories The parts such as storage medium (52).The key of wherein AES encryption and decryption hardware module (54) comes from tandom number generator (57) generation Random number, the key is stored in single AES key memory (58) by processor (51), is used as AES encryption algorithm to conciliate The common key of close algorithm, wherein, AES can use but be not limited to MD5, SHA1, SHA2, SM4, AES, GOST, DES etc. One of AES.
The memory block of 256GB flash memory storages medium (52) is in addition to MBR MBRs (521), including 206GB public Memory block (522) and 50GB encryptions memory block (523) are opened, while can also preserve enrollment status information (524).
Embodiment shown in Fig. 2, encryption and decryption operating process and disclosure memory block (522) to encrypting memory block (523) Read-write operation implementation system, be described in detail below:
Cryptographic operation flow, namely computer (1) write data to solid state hard disc (5) encryption memory block (523):Computer (1) data are sent to solid state hard disc (5);The data received are stored in data buffer by the SATA communication interfaces (56) of hard disk (53);The AES key preserved in AES key memory is passed to AES encryption and decryption hardware module (54) by processor (51), as The key of AES encryption algorithm;The received AES key of AES encryption and decryption hardware module (54), to the number of data buffer (53) According to being encrypted;Data after encryption, stored Media Interface Connector (55) are write flash memory storage medium (52) by processor (51) Encrypt memory block (523), so as to complete cryptographic operation.
Decryption oprerations flow, namely computer read data to HD encryption memory block:Under the control of processor (51), Flash memory storage medium (52) will encrypt the stored Media Interface Connector of data (55) of memory block (523), be delivered to data buffer (53);The AES key preserved in AES key memory is passed to AES encryption and decryption hardware module (54) by processor (51), as The key of AES decipherment algorithms;The received AES key of AES encryption and decryption hardware module (54), to the number of data buffer (53) According to being decrypted;Data after decryption are transferred to computer (1), so that complete by processor (51) through SATA communication interfaces (56) Into decryption oprerations.
The operating process of open memory block, namely computer disclose memory block read-write data to hard disk:In processor (51) Control under, computer (1) by SATA communication interfaces, data buffer (113), storage medium interface (115) directly and dodge Storage medium (52) communication is deposited, the data read-write operation to the open memory block (121) of flash memory storage medium (52) is realized.
Fig. 3 shows the further partition information figure of the storage medium (52) of Fig. 2 another embodiment, total disk Capacity is 256GB.Memory block disclosed in it (522) includes the first subregion (525) and the second subregion (526), the first subregion (525) Address realm be 0x00000800-0x134DEFFF, capacity be 156GB (actual capacity 154.43GB);Second subregion (526) Address realm be 0x134DF000-0x19686FFF, capacity be 50GB (actual capacity 48.83GB).Encrypt memory block (523) Belong to the 3rd subregion (527), address realm is 0x19687000-0x1F82F000, and capacity is 50GB (actual capacities 48.83GB).MBR MBRs (521) are 512 bytes.Encrypt the hiding directly in solid state hard disc (5) of memory block (523) Portion is completed, and is controlled by processor (51) and is implemented, and is mainly included the fdisk information of modification MBR MBRs (521), is repaiied Change the hard disc physical capacity data and limitation meter of equipment recognition command in SATA protocol (Identify Device Command) Calculation machine (1) is to three parts such as the logical block address allowed bands in solid state hard disc (5) read write command., will in conjunction with Fig. 3 and Fig. 2 Hiding for memory block (524) is encrypted, implementation is described in detail below:
1) the fdisk information of processor (51) the modification MBR MBRs (521) of solid state hard disc (5).
MBR MBRs (521) are made up of 4 parts, wherein a total of 64 bytes of hard disk partition table.It is divided into four groups, Every group by 16 byte packets the range of information such as total capacity, initial address, termination address containing each subregion, without subregion then All fill out 0.Its concrete structure is as shown in table 1 below:
Table 1
In the embodiment shown in Figure 2, the hiding information of overall hard disk partition table 2 is not as follows for 256GB solid state hard discs (5):
Table 2
The fdisk information of hard disk handlers (51) modification MBR MBRs (521), i.e., by the 3rd subregion (527) Partition information be all cleared to 0, computer will be recognized less than information such as the drives and capacity of encryption memory block (523) so that Realize the 3rd subregion (527) namely encrypt hiding for memory block (523), it is as shown in table 3 below:
Table 3
Address Data
0x------------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
0x0000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000001B0 00 00 00 00 00 00 00 00 B9 80 BA 53 FF FF 00 20
0x0000001C0 21 00 07 FE FF FF 00 08 00 00 00 E8 4D 13 00 FE
0x0000001D0 FF FF 07 FE FF FF 00 F0 4D 13 00 80 1A 06 00 00
0x0000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA
2) the equipment recognition command (Identify Device Command) that is required by changing in SATA protocol order come Change hard disc physical capacity data.
The order that equipment recognition command is specified in SATA protocol, hard disk must be supported.Equipment recognition command is used In informing the computer performance of the hard disk of carry, attribute, including capacity, sequence number, hard disk title, bidding protocol for supporting etc. Deng.Computer is sent after this order to hard disc apparatus, and equipment responds the information data of 512 bytes to main frame, wherein 60- 61 two words define " sum of user's addressable logical block ", tetra- words of 100-103 in the case where capacity is less than 128G Capacity is defined more than " sum of user's addressable logical block " in the case of 128G.Computer operating system is by reading 512 Attribute information in byte determines the capacity of a physical disks.
In the embodiment shown in Figure 2, hard disk handlers (51) by the value of the 100-103 bytes of equipment recognition command by The hard-disk capacity value of information 0x19686FFF not hidden originally, is modified as 0x1F82F000, and encryption is deposited so as to further realize Storage area (523) hide.
3) by limiting allowed band of the computer (1) to the logical block address in the read write command of solid state hard disc (5), come Limit the content that computer (1) reads encryption memory block (523).
Generally, the memory capacity of physical disks is not to be exceeded in the address that the hard disk bottom layer driving of operating system is sent, The maximum address of hard disk controller (51) setting will not be surmounted.Of course it is not excluded some illegal modules distort bottom layer driving, hair Go out illegal address;Even if but in this way, hard disk controller (51) also can filter these by limiting the read/write address of computer (1) Illegal address, so that it is guaranteed that enciphering hiding subregion (523) can not be identified or access.
Logical block address is computer when read write command is sent to hard disk, the address letter that can be sent to hard disc apparatus Breath.Hard disc apparatus reads or write data according to specific logical block address value to computer.In the embodiment shown in Fig. 2 In, hard disk handlers (51) will exceed common storage area (522) and hold by checking the logical block address value of each read write command The command reject (CMDR) of the logical block address of amount, even if computer (1) can recognize the drive of encryption memory block (523), can not beat The data content of encryption memory block (523) is opened, so as to protect the data content of encryption memory block (523).
In a word, hard disk handlers (51) delete the letter of encrypted partition by changing MBR MBRs (521) information Breath, then cooperating equipment recognition command modification hard-disk capacity, limitation computer (1) are to the addressable logical address of solid state hard disc (5) Scope, so as to realize the hidden function of encryption memory block (523), ensures solid state hard disc (5) data from bottom communication mechanism Disguised and confidentiality.
Fig. 4 shows the flow chart of the data encryption and hidden method of a kind of computer of the invention, in conjunction with Fig. 4, Fig. 2 and Fig. 3, a kind of preferred embodiment of the present invention is described as follows:
1) installation and operation identity information acquisition and human-computer interface module (24) on main frame (1), the module is certainly Band AES encryption module (241);
2) user inputs number close on identity information acquisition and human-computer interface module (24) by keyboard (31) Code, and it regard numerical ciphers as identity information;
3) identity information that user inputs is switched to ASCII character by identity information acquisition and human-computer interface module (24), and to The processor (51) of solid state hard disc (5) sends authentication information order;
4) processor (51) of hard disk obtains one after authentication information order is received by tandom number generator (57) Individual interim random number, as the AES encryption and decryption keys of identity information, and is temporarily held in register;
5) random number is sent to identity information acquisition and man-machine interface mould on computer (1) by the processor (51) of hard disk Block (24);
6) identity information acquisition and human-computer interface module (24) are received after random number, using random number as AES encryption key, And AES encryption is carried out to subscriber identity information;
7) identity information acquisition and human-computer interface module (24) pass to the identity information after encryption the processor of hard disk (51);
8) processor (51) of hard disk carries out AES decryption oprerations to the user profile received, and use is stored in register In random number be used as AES decruption keys;
9) processor (51) of hard disk enters the user profile after decryption and the former user's registration identity information (524) preserved Row is compared:Such as compare consistent, then it represents that authentication passes through, the content for encrypting memory block (523) is decrypted automatically for hard disk, calculates Machine can show and operate the encryption memory block (523) of hard disk;Such as compare inconsistent, then it represents that failed authentication, hard disk refusal pair adds The content decryption of close memory block (523), and prevent computer from reading and writing and operation encryption memory block (523);
10) authenticating result is sent to identity information acquisition and human-computer interface module (24) by the processor (51) of hard disk, and Authenticating result is shown to user.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention Any modifications, equivalent substitutions and improvements made within refreshing and principle etc., should be included in the scope of the protection.

Claims (9)

1. a kind of computer with data security function, it is characterised in that including:
Built-in identity information acquisition and the main frame of human-computer interface module, the solid-state being connected with the main frame are hard Disk and the identity information input unit being connected with the identity information acquisition and human-computer interface module, wherein,
The solid state hard disc includes open memory block and encryption memory block;
The identity information input unit is used for the identity information for gathering user;
The identity information acquisition and human-computer interface module are used to receive the identity letter that the identity information input unit is gathered Breath, and to being sent to solid state hard disc after identity information processing;
The solid state hard disc receives the identity information of identity information acquisition and human-computer interface module transmission and the identity information is entered Row certification, identity information certification is by rear, and computer can just show and read and write the encryption memory block;Otherwise, be only capable of showing and The open memory block of read-write,
The identity information acquisition and human-computer interface module include encrypting module, solid for being then forwarded to after identity information is encrypted State hard disk,
The identity information acquisition and human-computer interface module include to being sent to solid state hard disc after identity information processing:
(a) after the identity information for user's input that identity information acquisition and human-computer interface module are received, send and test to solid state hard disc Demonstrate,prove identity information order;
(b) solid state hard disc produces after authentication information order is received and preserves a random number;
(c) random number is sent to the identity information acquisition and human-computer interface module of computer terminal by solid state hard disc;
(d) identity information acquisition and human-computer interface module are received after random number, using random number as encryption key, to user identity Information is encrypted;And the identity information after encryption is sent to solid state hard disc.
2. a kind of computer with data security function according to claim 1, it is characterised in that described solid-state Hard disk includes encryption and decryption hardware module, and the encryption and decryption hardware module is used to directly carry out encryption and decryption to data in solid state hard disc Operation.
3. a kind of computer with data security function according to claim 1, it is characterised in that the identity letter It is keyboard or biometric sensor to cease input unit, and the biometric sensor is fingerprint, vocal print or iris sensor It is any.
4. data encryption and the hidden method of any computer of claims 1 to 3, it is characterised in that comprise the following steps:
(1) computer receives the identity information of user's input;
(2) identity information is sent to solid state hard disc;
(3) solid state hard disc carries out the certification of subscriber identity information;
(4) authentication is by rear, and computer could show and read and write the encryption memory block, and otherwise, computer is only capable of displaying With the read-write open memory block.
5. data encryption according to claim 4 and hiding method, it is characterised in that the step (2) is further wrapped Include following steps:
(a) after the identity information for user's input that identity information acquisition and human-computer interface module are received, send and test to solid state hard disc Demonstrate,prove identity information order;
(b) solid state hard disc produces after authentication information order is received and preserves a random number;
(c) random number is sent to the identity information acquisition and human-computer interface module of computer terminal by solid state hard disc;
(d) identity information acquisition and human-computer interface module are received after random number, using random number as encryption key, to user identity Information is encrypted;And the identity information after encryption is sent to solid state hard disc;
The step (3) further comprises the steps:
(e) solid state hard disc the user profile received is decrypted operation, and using the random number conduct preserved in a register Decruption key;
(f) user profile after decryption and the enrollment status information pre-saved are compared solid state hard disc:Such as compare unanimously, Then represent that authentication passes through, the content for encrypting memory block is decrypted automatically for solid state hard disc, and computer can show and operate solid-state The encryption memory block of hard disk;Such as compare inconsistent, then it represents that failed authentication, content solution of the solid state hard disc refusal to encryption memory block It is close, and prevent computer from showing and operate encryption memory block.
6. data encryption and hiding method according to claim 4, it is characterised in that in described step (4) not Encryption memory block can be hidden by hard disk during authentication, directly be realized by solid state hard disc and the area is hidden.
7. data encryption and hiding method described in claim 6, it is characterised in that fail to lead in described step (4) Hard disk is hidden to encryption memory block when crossing authentication, including changes hard-disk capacity in hard disk and the step of partition information.
8. data encryption and hiding method described in claim 6, it is characterised in that fail to lead in described step (4) Hard disk is hidden to encryption memory block when crossing authentication, including changes by the communication command with computer hard-disk capacity and walk Suddenly.
9. data encryption and hiding method described in claim 6, it is characterised in that fail to lead in described step (4) Hard disk is hidden to encryption memory block when crossing authentication, is included in limitation memory block logic block addressable scope in solid state hard disc The step of.
CN201410803060.7A 2014-08-12 2014-12-21 A kind of computer and its data encryption with data security function and hiding method Active CN104573441B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410803060.7A CN104573441B (en) 2014-08-12 2014-12-21 A kind of computer and its data encryption with data security function and hiding method

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN2014103935824 2014-08-12
CN201410393582 2014-08-12
CN201410803060.7A CN104573441B (en) 2014-08-12 2014-12-21 A kind of computer and its data encryption with data security function and hiding method

Publications (2)

Publication Number Publication Date
CN104573441A CN104573441A (en) 2015-04-29
CN104573441B true CN104573441B (en) 2017-08-29

Family

ID=53089483

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410803060.7A Active CN104573441B (en) 2014-08-12 2014-12-21 A kind of computer and its data encryption with data security function and hiding method

Country Status (1)

Country Link
CN (1) CN104573441B (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105354479A (en) * 2015-11-03 2016-02-24 杭州电子科技大学 USB flash disk authentication based solid state disk and data hiding method
CN105389526B (en) * 2015-12-03 2018-02-23 泰华智慧产业集团股份有限公司 Encrypted area and the mobile hard disk and its date storage method of non-encrypted area integration
CN105678197A (en) * 2015-12-30 2016-06-15 青岛海信移动通信技术股份有限公司 Client data saving method and mobile terminal
CN106055943A (en) * 2016-05-30 2016-10-26 杭州华澜微电子股份有限公司 Memory disc identity authentication method
CN106056007B (en) * 2016-06-12 2019-01-01 杭州电子科技大学 A kind of safe solid state hard disk and method that can hide disk
CN107392061A (en) * 2017-07-21 2017-11-24 山东华芯半导体有限公司 A kind of implementation method of the SSD subregion encipherment schemes based on modification MBR
CN107403113A (en) * 2017-07-21 2017-11-28 山东华芯半导体有限公司 A kind of method that HD encryption subregion drive is distributed and disappeared automatically
CN107609391B (en) 2017-09-27 2023-01-17 歌尔科技有限公司 Unlocking method and virtual reality equipment
CN108509813A (en) * 2018-03-31 2018-09-07 北京联想核芯科技有限公司 A kind of data processing method of safe solid state disk, device and safe solid state disk
CN108647158A (en) * 2018-04-26 2018-10-12 深圳大普微电子科技有限公司 A kind of management method and system of the hiding data based on solid state disk
CN108989307A (en) * 2018-07-10 2018-12-11 刘芳 For project management multilayer encrypting and deciphering system
CN108933654A (en) * 2018-07-10 2018-12-04 刘芳 For project management multilayer encipher-decipher method
CN109448203A (en) * 2018-12-26 2019-03-08 江苏亨通问天量子信息研究院有限公司 Control method, device, system and the smart lock of smart lock
CN109858431B (en) * 2019-01-28 2023-08-11 深圳市华弘智谷科技有限公司 Method and system for creating partition and encrypting/decrypting based on iris recognition technology
CN112487383B (en) * 2020-11-17 2023-08-08 重庆第二师范学院 Computer system for guaranteeing information security and control method thereof
CN112699356A (en) * 2020-12-28 2021-04-23 北京工商大学 Encryption system for computer mechanical hard disk
CN112836221B (en) * 2021-01-13 2024-02-06 深圳安捷丽新技术有限公司 Multi-security-level partition portable solid state disk and design method thereof
CN114900536A (en) * 2022-05-18 2022-08-12 华侨大学 Block chain-based point acceptance consensus storage method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101576857A (en) * 2008-05-06 2009-11-11 宇瞻科技股份有限公司 Automatic locking device and automatic locking method for storage medium
CN101788959A (en) * 2010-02-03 2010-07-28 武汉固捷联讯科技有限公司 Solid state hard disk secure encryption system
CN103176917A (en) * 2011-12-21 2013-06-26 群联电子股份有限公司 Storage device protective system and method of locking and unlocking storage device
CN103558994A (en) * 2013-09-29 2014-02-05 记忆科技(深圳)有限公司 Method for encrypting solid state disk partitions and solid state disk

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8286004B2 (en) * 2009-10-09 2012-10-09 Lsi Corporation Saving encryption keys in one-time programmable memory

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101576857A (en) * 2008-05-06 2009-11-11 宇瞻科技股份有限公司 Automatic locking device and automatic locking method for storage medium
CN101788959A (en) * 2010-02-03 2010-07-28 武汉固捷联讯科技有限公司 Solid state hard disk secure encryption system
CN103176917A (en) * 2011-12-21 2013-06-26 群联电子股份有限公司 Storage device protective system and method of locking and unlocking storage device
CN103558994A (en) * 2013-09-29 2014-02-05 记忆科技(深圳)有限公司 Method for encrypting solid state disk partitions and solid state disk

Also Published As

Publication number Publication date
CN104573441A (en) 2015-04-29

Similar Documents

Publication Publication Date Title
CN104573441B (en) A kind of computer and its data encryption with data security function and hiding method
CN103353931B (en) Security-enhanced computer system and method
CN104951409B (en) A kind of hardware based full disk encryption system and encryption method
US9954826B2 (en) Scalable and secure key management for cryptographic data processing
CN101470783B (en) Identity recognition method and device based on trusted platform module
CN100437618C (en) Portable information safety device
US20070168292A1 (en) Memory system with versatile content control
EP2189922A2 (en) Memory system with versatile content control
US20080052777A1 (en) Method and Apparatus for Managing Shared Passwords on a Multi-User Computer
KR20070098869A (en) Versatile content control with partitioning
US8539250B2 (en) Secure, two-stage storage system
KR20070091349A (en) System for creating control structure for versatile content control
CN105354479A (en) USB flash disk authentication based solid state disk and data hiding method
CN101002211A (en) Data management method, program thereof, and program recording medium
CN107908574A (en) The method for security protection of solid-state disk data storage
CN101441601A (en) Ciphering transmission method of hard disk ATA instruction
CN105095945A (en) SD card capable of securely storing data
WO2006069311A2 (en) Control structure for versatile content control and method using structure
CN103617127A (en) Memory device with subareas and memorizer area dividing method
CN103051593A (en) Method and system for secure data ferry
CN106778326A (en) A kind of method and system for realizing movable storage device protection
CN202486808U (en) Health card reader-writer system
CN101777097A (en) Monitorable mobile storage device
TWM540328U (en) Built-in intelligence security mobile device
TWI789291B (en) Module and method for authenticating data transfer between a storage device and a host device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
C53 Correction of patent for invention or patent application
CB02 Change of applicant information

Address after: Hangzhou City, Zhejiang province 311200 Xiaoshan District Road No. 66 Building No. 1 building 22 layer Huarui Center

Applicant after: SAGE MICROELECTRONICS CORP.

Address before: 311200, room 1038, 902 water tower, Jincheng Road, Xiaoshan District, Zhejiang, Hangzhou

Applicant before: Hangzhou Sage Microelectronics Technology Co., Ltd.

COR Change of bibliographic data

Free format text: CORRECT: APPLICANT; FROM: HANGZHOU SAGE MICROELECTRONICS CO., LTD. TO: HANGZHOU SAGE MICROELECTRONICS, CORP.

GR01 Patent grant
GR01 Patent grant