CN105224889A - Business datum specific store system - Google Patents
Business datum specific store system Download PDFInfo
- Publication number
- CN105224889A CN105224889A CN201510662904.5A CN201510662904A CN105224889A CN 105224889 A CN105224889 A CN 105224889A CN 201510662904 A CN201510662904 A CN 201510662904A CN 105224889 A CN105224889 A CN 105224889A
- Authority
- CN
- China
- Prior art keywords
- business datum
- algorithm unit
- memory module
- unstructured data
- specific store
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Abstract
The present invention relates to a kind of business datum specific store system, described system comprises: the sub-application system realizing business demand, carries out business operation in order to user; Structural data memory module, in order to the structural data in storage service operating process; Unstructured data memory module, in order to the unstructured data in storage service operating process, and the unstructured data stored in described unstructured data memory module be based on storage medium infill layer after enciphered data.Adopt the business datum specific store system of this kind of structure, strengthen the security of infosystem business datum, utilize hard-wired cryptographic algorithm in storage medium, promote the read-write efficiency of data, and prevent from revealing because hard disc physical cracks the business datum caused.
Description
Technical field
The present invention relates to field of computer technology, particularly relate to high duty of secrecy data storage technology, specifically refer to a kind of business datum specific store system.
Background technology
Along with popularizing of applied information system various in social life, infosystem also creates a large amount of data, and for the system that some confidentiality are higher, data security seems particularly important.At present, the safety practice that most system is taked has: file-level is encrypted, and this generally embedding at this one deck of network attached storage NAS for non-structured data protection mode realizes, and the greatest problem that this implementation is brought is the impact of performance; Data base encryption, encrypt similar with file-level, data base encryption realizes encipherment protection for structural data, but owing to designing a large amount of query modification statement in database manipulation, therefore data base encryption can cause significant impact to system.
Summary of the invention
The object of the invention is the shortcoming overcoming above-mentioned prior art, provide a kind of business datum specific store system that can realize.
To achieve these goals, business datum specific store system of the present invention has following formation:
This business datum specific store system, its principal feature is, described system comprises:
Realize the sub-application system of business demand, carry out business operation in order to user;
Structural data memory module, in order to the structural data in storage service operating process;
Unstructured data memory module, in order to the unstructured data in storage service operating process, and the unstructured data stored in described unstructured data memory module be based on storage medium infill layer after enciphered data.
Further, described unstructured data memory module is provided with randomizer, hardware based cryptographic algorithm unit and storage unit.
Further, described hardware based cryptographic algorithm unit is aes algorithm unit, ECC algorithm unit, RSA Algorithm unit, DES algorithm unit, 3DES algorithm unit, SM2 algorithm unit, SM3 algorithm unit or SM4 algorithm unit.
Further, described storage unit comprises hidden area and open district, is provided with physical isolation between described hidden area and described open district, and under system closedown, dormancy or rebooting status, described hidden area enters hidden state automatically.
Again further, described sub-application system comprises:
User profile identification module, for obtaining user profile and password, and is sent to unstructured data memory module by described user profile and password;
Whether correctly user profile described in described hardware based cryptographic algorithm unit identification also judges and password, and will identify that structural feedback is to described sub-application system.
Have employed the business datum specific store system in this invention, strengthen the security of infosystem business datum, utilize hard-wired cryptographic algorithm in storage medium, promote the read-write efficiency of data, and prevent from revealing because hard disc physical cracks the business datum caused, this technology can also improve the reliability of system when abnormal power-down, encryption SSD supports SMART instruction, command queue at full speed, the functions such as defragmentation, its pair of subregion physical isolation, the function of hidden partition, hard disk Brute Force can well be prevented, compare traditional business datum being directly stored in hard disk, business datum specific store has higher security, stability, reliability.
Accompanying drawing explanation
Fig. 1 is the structural representation of the first embodiment of business datum specific store system of the present invention.
Fig. 2 is the Organization Chart of business datum specific store system of the present invention.
Fig. 3 is the flow chart of steps of a kind of method of operating of business datum specific store system of the present invention.
Embodiment
In order to more clearly describe technology contents of the present invention, conduct further description below in conjunction with specific embodiment.
Refer to shown in Fig. 1 to Fig. 3, The present invention gives a kind of business datum specific store system, it is encrypted data based on storage medium, the cryptographic algorithm utilizing storage medium built-in realizes the efficient cryptographic to system business data, both can ensure the safety of system data, not affect again the read-write efficiency of data.
The present invention is based on cryptographic storage medium, give a kind of business datum specific store system, it is disposed as shown in Figure 1 substantially, and system can be divided into three parts: realize the sub-application system of business demand, structural data memory module (database purchase), unstructured data memory module (business datum specific store).Structural data stores by the partial data in traditional database purchase applied information system, the unstructured data data that mainly some levels of confidentiality are higher, adopts encryption SSD to store.As shown in Figure 2, the cryptographic algorithm (comprising AES, ECC, RSA, DES/3DES, SM2, SM3, SM4 etc.) that wherein SSD is built-in adopts hardware module to realize and randomizer, for non-structured business datum provides the information security of chip-scale.The present invention has carried out cryptographic storage in storage medium layer to business datum, when ensure that read or write speed, drastically increases the security of business datum.Please again consulting shown in Fig. 1, is the structural representation of the first embodiment of business datum specific store system of the present invention.Business datum specific store system of the present invention comprises:
Realize the sub-application system of business demand, carry out business operation in order to user;
Structural data memory module, in order to the structural data in storage service operating process;
Unstructured data memory module, in order to the unstructured data in storage service operating process, and the unstructured data stored in described unstructured data memory module be based on storage medium infill layer after enciphered data.
In a preferred embodiment, described unstructured data memory module is provided with randomizer, hardware based cryptographic algorithm unit and storage unit.
In a preferred embodiment, described hardware based cryptographic algorithm unit is aes algorithm unit, ECC algorithm unit, RSA Algorithm unit, DES algorithm unit, 3DES algorithm unit, SM2 algorithm unit, SM3 algorithm unit or SM4 algorithm unit.
In a preferred embodiment, described storage unit comprises hidden area and open district, is provided with physical isolation between described hidden area and described open district.
In a preferred embodiment, described sub-application system comprises:
User profile identification module, for obtaining user profile and password, and is sent to unstructured data memory module by described user profile and password;
Whether correctly user profile described in described hardware based cryptographic algorithm unit identification also judges and password, and will identify that structural feedback is to described sub-application system.
Referring to shown in Fig. 3, is the flow chart of steps of a kind of method of operating of business datum specific store system of the present invention.
System user first will insert the mandate UKey representing its people before logging in sub-application system, then personal identification number is inputted, system is after acquisition personal identification number and terminal user's personal information, these information are sent to encryption SSD (i.e. unstructured data memory module), by storage medium, user identity is identified, and recognition result is returned to sub-application system.
After user logs in the success of sub-application system, antithetical phrase application system can carry out business operation, the structural data produced in business operation process is stored in database (i.e. structural data memory module), and unstructured data is stored in encryption SSD (i.e. unstructured data memory module).
Encryption SSD (i.e. unstructured data memory module) is divided into hidden area and open district, adopts physical isolation, by BIOS codon usage subregion.Wherein, hidden area is supported manually and automatic two kinds of stealth modes:
Manually hide, namely hidden by the hidden partition of software to mSATA module;
Automatically hide, namely in system reboot, shutdown, dormancy, 15 minutes these four kinds of situations of nothing operation, mSATA module will be hidden automatically.
User can be opened the hidden partition of mSATA module by UKey, also opens by BIOS password.For the user employing UKey, unrestricted choice business datum can be stored in public partition or hidden partition.
Have employed the business datum specific store system in this invention, strengthen the security of infosystem business datum, utilize hard-wired cryptographic algorithm in storage medium, promote the read-write efficiency of data, and prevent from revealing because hard disc physical cracks the business datum caused, this technology can also improve the reliability of system when abnormal power-down, encryption SSD supports SMART instruction, command queue at full speed, the functions such as defragmentation, its pair of subregion physical isolation, the function of hidden partition, hard disk Brute Force can well be prevented, compare traditional business datum being directly stored in hard disk, business datum specific store has higher security, stability, reliability.
In this description, the present invention is described with reference to its specific embodiment.But, still can make various amendment and conversion obviously and not deviate from the spirit and scope of the present invention.Therefore, instructions and accompanying drawing are regarded in an illustrative, rather than a restrictive.
Claims (5)
1. a business datum specific store system, is characterized in that, described system comprises:
Realize the sub-application system of business demand, carry out business operation in order to user;
Structural data memory module, in order to the structural data in storage service operating process;
Unstructured data memory module, in order to the unstructured data in storage service operating process, and the unstructured data stored in described unstructured data memory module be based on storage medium infill layer after enciphered data.
2. business datum specific store system according to claim 1, is characterized in that, described unstructured data memory module is provided with randomizer, hardware based cryptographic algorithm unit and storage unit.
3. business datum specific store system according to claim 2, it is characterized in that, described hardware based cryptographic algorithm unit is aes algorithm unit, ECC algorithm unit, RSA Algorithm unit, DES algorithm unit, 3DES algorithm unit, SM2 algorithm unit, SM3 algorithm unit or SM4 algorithm unit.
4. business datum specific store system according to claim 2, it is characterized in that, described storage unit comprises hidden area and open district, physical isolation is provided with between described hidden area and described open district, and under system closedown, dormancy or rebooting status, described hidden area enters hidden state automatically.
5. business datum specific store system according to claim 4, is characterized in that, described sub-application system comprises:
User profile identification module, for obtaining user profile and password, and is sent to unstructured data memory module by described user profile and password;
Whether correctly user profile described in described hardware based cryptographic algorithm unit identification also judges and password, and will identify that structural feedback is to described sub-application system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510662904.5A CN105224889A (en) | 2015-10-14 | 2015-10-14 | Business datum specific store system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510662904.5A CN105224889A (en) | 2015-10-14 | 2015-10-14 | Business datum specific store system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105224889A true CN105224889A (en) | 2016-01-06 |
Family
ID=54993851
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510662904.5A Pending CN105224889A (en) | 2015-10-14 | 2015-10-14 | Business datum specific store system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105224889A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108154043A (en) * | 2016-12-05 | 2018-06-12 | 中标软件有限公司 | The safety protecting method of software cryptography solid state disk |
| CN109271813A (en) * | 2018-10-26 | 2019-01-25 | 杭州华澜微电子股份有限公司 | A kind of safety storage apparatus, mobile memory system and method for secure storing |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090089263A1 (en) * | 2006-04-21 | 2009-04-02 | Microsoft Corporation | Parsing Unstructured Resources |
| CN101477568A (en) * | 2009-02-12 | 2009-07-08 | 清华大学 | Integrated retrieval method for structured data and non-structured data |
| CN103793334A (en) * | 2014-01-14 | 2014-05-14 | 上海上讯信息技术股份有限公司 | Mobile storage device based data protecting method and mobile storage device |
| CN104504505A (en) * | 2014-12-12 | 2015-04-08 | 北京航天新风机械设备有限责任公司 | Data acquisition system based on process |
-
2015
- 2015-10-14 CN CN201510662904.5A patent/CN105224889A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090089263A1 (en) * | 2006-04-21 | 2009-04-02 | Microsoft Corporation | Parsing Unstructured Resources |
| CN101477568A (en) * | 2009-02-12 | 2009-07-08 | 清华大学 | Integrated retrieval method for structured data and non-structured data |
| CN103793334A (en) * | 2014-01-14 | 2014-05-14 | 上海上讯信息技术股份有限公司 | Mobile storage device based data protecting method and mobile storage device |
| CN104504505A (en) * | 2014-12-12 | 2015-04-08 | 北京航天新风机械设备有限责任公司 | Data acquisition system based on process |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108154043A (en) * | 2016-12-05 | 2018-06-12 | 中标软件有限公司 | The safety protecting method of software cryptography solid state disk |
| CN109271813A (en) * | 2018-10-26 | 2019-01-25 | 杭州华澜微电子股份有限公司 | A kind of safety storage apparatus, mobile memory system and method for secure storing |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103065102B (en) | Data encryption mobile storage management method based on virtual disk | |
| CN104951409B (en) | A kind of hardware based full disk encryption system and encryption method | |
| WO2020192406A1 (en) | Method and apparatus for data storage and verification | |
| CN100437618C (en) | Portable information safety device | |
| CN201408535Y (en) | Trusted hard disk facing to trusted computation cryptograph supporting platform | |
| CN104573441A (en) | Computer with data privacy function and data encryption and hiding method thereof | |
| CN102693399B (en) | System and method for on-line separation and recovery of electronic documents | |
| CN104090853A (en) | Solid-state disc encryption method and system | |
| CN112560058B (en) | SSD partition encryption storage system based on intelligent password key and implementation method thereof | |
| CN101082883A (en) | Storage apparatus having multiple layer encrypting protection | |
| CN103336746A (en) | Safety encrypted USB (Universal Serial Bus) flash disk and data encryption method thereof | |
| CN107908574A (en) | The method for security protection of solid-state disk data storage | |
| CN104901810A (en) | Data encrypted storage method based on domestic cryptographic algorithm | |
| CN106682521B (en) | File transparent encryption and decryption system and method based on driver layer | |
| CN105809068A (en) | High-speed storage control SOC chip supporting adoption of hardware encryption algorithm | |
| CN103823726A (en) | SIM (subscriber identity module) card data backup method and terminal | |
| CN110543775B (en) | Data security protection method and system based on super-fusion concept | |
| CN105205416A (en) | Mobile hard disk password module | |
| CN101930521A (en) | File protecting method and device thereof | |
| CN104361297B (en) | A kind of file encryption-decryption method based on (SuSE) Linux OS | |
| CN102346716B (en) | Encryption method and decryption method of hard disk storage device and encryption and decryption system used for hard disk storage device | |
| US10033732B1 (en) | Systems and methods for detecting cloning of security tokens | |
| CN105760789A (en) | Protection method for encryption key in encrypted mobile solid-state disk | |
| CN103473512A (en) | Mobile storage medium management method and mobile storage medium management device | |
| CN105224889A (en) | Business datum specific store system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160106 |
|
| RJ01 | Rejection of invention patent application after publication |