CN106250784A - Full disk encryption method and device - Google Patents
Full disk encryption method and device Download PDFInfo
- Publication number
- CN106250784A CN106250784A CN201610575876.8A CN201610575876A CN106250784A CN 106250784 A CN106250784 A CN 106250784A CN 201610575876 A CN201610575876 A CN 201610575876A CN 106250784 A CN106250784 A CN 106250784A
- Authority
- CN
- China
- Prior art keywords
- encryption
- data field
- field sheet
- terminal unit
- thread
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The disclosure provides a kind of full disk encryption method and device, wherein, described full disk encryption method, comprises determining that the number N of core cpu in terminal unit, and wherein N is greater than the integer of 1;The user data memory block of terminal unit is divided into N number of data field sheet;And concurrently described N number of data field sheet is carried out data encryption.Solve the slow problem of encryption caused due to single-threaded encryption.
Description
Technical field
It relates to encryption technology field, particularly relate to full disk encryption method and device.
Background technology
Along with the development of science and technology, such as the terminal unit such as smart phone, panel computer is used more and more widely.People
Often storing substantial amounts of user data in terminal unit, terminal unit once loses the leakage that will result in user data.
To this end, certain operations system (such as, Android operation system) requires totally to add when terminal unit first powers on after dispatching from the factory
Close (Full Disk Encryption, FDE).
Full disk encryption is automatically to be converted into the data on the external memory (such as, hard disk) of terminal unit not to be understood
Form.Only those have the user of key " reduction " to change.Without suitable certification key, even if hard disk is moved
Go out, be installed on another station terminal equipment, the data on the most not available hard disk.Full disk encryption can manufacture terminal unit
Time install in a device, it is also possible to add by installing special software driver later.
But traditional full disk encryption process is slowly, such as, for the user data memory block of a 64G, totally add
Close process can continue for about ten a few minutes, and this makes Consumer's Experience very poor.
Summary of the invention
In view of this, the disclosure provides a kind of full disk encryption method and device, in order to improve the speed of full disk encryption.
One side according to the disclosure, it is provided that a kind of full disk encryption method, comprises determining that core cpu in terminal unit
Number N, wherein N is greater than the integer of 1;The user data memory block of terminal unit is divided into N number of data field sheet;And it is parallel
Ground carries out data encryption to described N number of data field sheet.
In certain embodiments, described N number of data field sheet is equal in magnitude.
In certain embodiments, concurrently described N number of data field sheet is carried out data encryption to include: start and be respectively directed to N
N number of encryption thread of individual data field sheet;The initial of the data field sheet corresponding with this encryption thread is distributed to each encryption thread
Address and end address;Run described N number of encryption thread concurrently so that described N number of data field sheet is carried out data encryption.
In certain embodiments, described user data memory block is realized by Common Flash Memory UFS.
In certain embodiments, described terminal unit be core cpu number N be the terminal unit of 2,4,8 or 16.
In certain embodiments, described terminal unit is the terminal unit using Android operation system.
According to another aspect of the present disclosure, it is provided that a kind of full disk encryption device, including: core cpu number determines module, uses
In determining the number N of core cpu in terminal unit, wherein N is greater than the integer of 1;Memory block divides module, for terminal being set
Standby user data memory block is divided into N number of data field sheet;And parallel encryption module, for concurrently to described N number of data
District's sheet carries out data encryption.
In certain embodiments, described N number of data field sheet is equal in magnitude.
In certain embodiments, parallel encryption module includes: thread start unit, is respectively directed to N number of data for startup
N number of encryption thread of district's sheet;Allocation unit, for the data corresponding with this encryption thread to the distribution of each encryption thread
The initial address of district's sheet and end address;And performance element, for running described N number of encryption thread with to described N concurrently
Individual data field sheet carries out data encryption.
In certain embodiments, described user data memory block by Common Flash Memory (Universal Flash Storage,
UFS) realize.
Accompanying drawing explanation
By referring to the following drawings description to disclosure embodiment, above-mentioned and other purpose of the disclosure, feature and
Advantage will be apparent from, in the accompanying drawings:
Fig. 1 is the flow chart of the full disk encryption method provided according to disclosure embodiment;
Fig. 2 is the flow chart of the full disk encryption method provided according to disclosure embodiment;
Fig. 3 is the structural representation of the full disk encryption device provided according to disclosure embodiment;
Fig. 4 is the structural representation of parallel encryption module in the full disk encryption device according to the raising of disclosure embodiment.
Detailed description of the invention
Below based on embodiment, the disclosure is described, but the disclosure is not restricted to these embodiments.Under
During literary composition details of this disclosure describes, detailed describe some specific detail sections.Do not have for a person skilled in the art
The description of these detail sections can also understand the disclosure completely.In order to avoid obscuring the essence of the disclosure, known method, mistake
Journey, flow process describe the most in detail.
Flow chart in accompanying drawing, block diagram illustrate the possible system frame of the method for the embodiment of the present invention, system, device
Square frame on frame, function and operation, flow chart and block diagram can represent a module, program segment or only one section of code, institute
State module, program segment and code and be all used to realize the executable instruction of regulation logic function.Rule are realized it should also be noted that described
The executable instruction determining logic function can reconfigure, thus generates new module and program segment.Therefore the square frame of accompanying drawing with
And square frame order is used only to preferably illustrate process and the step of embodiment, and should be in this, as the limit to invention itself
System.
Fig. 1 is the flow chart of the full disk encryption method 100 provided according to disclosure embodiment.
In step S101, determining the number N of core cpu in terminal unit, wherein N is greater than the integer of 1.Implement at some
In example, terminal unit can be core cpu number N be the terminal unit of 2,4,8,10 or 16, but be not limited to this.Real at some
Executing in example, terminal unit can be the terminal unit using Android operation system.
In step S102, the user data memory block of terminal unit is divided into N number of data field sheet.In some embodiments
In, described N number of data field sheet can be equal in magnitude.In certain embodiments, user data memory block can be by Common Flash Memory UFS
Realize.
In step S103, concurrently described N number of data field sheet is carried out data encryption.In certain embodiments, Ke Yiqi
The dynamic N number of encryption thread being respectively directed to N number of data field sheet, to the data that the distribution of each encryption thread is corresponding with this encryption thread
The initial address of district's sheet and end address, and run described N number of encryption thread concurrently so that described N number of data field sheet to be carried out
Data encryption.
Fig. 2 is the flow chart of the full disk encryption method 200 provided according to disclosure embodiment.
In step S201, determining the number N of core cpu in terminal unit, wherein N is greater than the integer of 1.Terminal unit can
To be the terminal unit of such as smart mobile phone, panel computer etc of using Android operation system, it can have 2,4,8,10
Or the mobile terminal of 16 core cpus.
In step S202, the user data memory block of terminal unit is divided into N number of data field sheet.N number of data field sheet can
With equal in magnitude, to guarantee that N number of encryption thread starts simultaneously at and terminates as far as possible simultaneously.The user data memory block of terminal unit
Can be realized by the external memory of terminal unit.In certain embodiments, embedded multi-media card (Embedded can be used
Multi Media Card, eMMC) the user data memory block of terminal unit is realized as external memory.In some embodiments
In, UFS can be used to realize the user data memory block of terminal unit as external memory, UFS has more faster than eMMC
Read or write speed, contributes to improving further the speed of full disk encryption.
In step S203, start the N number of encryption thread being respectively directed to N number of data field sheet.
In step S204, to each encryption thread distribution data field sheet corresponding with this encryption thread initial address and
End address.
In step S205, run described N number of encryption thread concurrently so that described N number of data field sheet is carried out data encryption.
Such as, carrying out with making N number of encryption thread parallel, each encryption thread reads a data block from the data field sheet of its correspondence and enters
Row encryption (this operation performs in internal memory), by this data field sheet of data block back of encryption, then reads next data
Block, encrypted and write back, so moved in circles, until all data blocks in this data field sheet have all been encrypted.
It is described as a example by the terminal unit with 4 core cpus below.If determining that terminal sets in step S201
Got everything ready 4 core cpus, then step S202 the user data memory block of terminal unit can be divided into 4 equal in magnitude
Data field sheet D1, D2, D3 and D4.4 encryptions corresponding respectively to data field sheet D1, D2, D3 and D4 are started in step S203
Thread T1, T2, T3 and T4.Distribute to encrypt thread T1 by initial address and the end address of data field sheet D1 in step S204,
Thread T2, the initial address of data field sheet D3 and end ground are distributed to encrypt in initial address and the end address of data field sheet D2
Thread T3 is distributed to encrypt in location, and the initial address of data field sheet D4 and end address are distributed to encrypt thread T4.In step
S205, operates independently from encrypting thread T1, T2, T3 and T4 parallel and adds respectively data field sheet D1, D2, D3 and D4 being carried out data
Close.
Fig. 3 is the structural representation of the full disk encryption device 300 provided according to disclosure embodiment.
As it is shown on figure 3, full disk encryption device 300 includes that core cpu number determines that module 301, memory block divide module 302
With parallel encryption module 303.
Core cpu number determine module 301 for determining the number N of core cpu in terminal unit, wherein N is greater than 1
Integer.Terminal unit can be the terminal unit of such as smart mobile phone, panel computer etc of using Android operation system, and it can
To have the mobile terminal of 2,4,8,10 or 16 core cpus.
Memory block divides module 302 for the user data memory block of terminal unit is divided into N number of data field sheet.N number of
Data field sheet can be equal in magnitude, to guarantee that N number of encryption thread starts simultaneously at and terminates as far as possible simultaneously.The user of terminal unit
Data storage area can be realized by the external memory of terminal unit.In certain embodiments, external memory can be by traditional
EMMC realizes.In certain embodiments, UFS can be used to store to the user data realizing terminal unit as external memory
District, UFS has more faster read or write speed than eMMC, contributes to improving further the speed of full disk encryption.
Parallel encryption module 303 is for carrying out data encryption to described N number of data field sheet concurrently.
Fig. 4 is the structural representation of parallel encryption module 303 in the full disk encryption device according to the raising of disclosure embodiment.
As shown in Figure 4, parallel encryption module 303 can include thread start unit 303-1, allocation unit 303-2 and perform list
Unit 303-3.
Thread start unit 303-1 is respectively directed to N number of encryption thread of N number of data field sheet for starting.
Allocation unit 303-2 is for the data field sheet corresponding with this encryption thread to the distribution of each encryption thread
Initial address and end address.
Performance element 303-3 is for running described N number of encryption thread so that described N number of data field sheet is carried out data concurrently
Encryption.For example, it is possible to carry out with making N number of encryption thread parallel, each encryption thread reads one from the data field sheet of its correspondence
Individual data block is encrypted (this operation performs in internal memory), by this data field sheet of data block back of encryption, then reads
Next data block, encrypt and write back, so move in circles, all encrypted until all data blocks in this data field sheet
Become.
By above description it can be seen that for there is the terminal unit of multiple (typically, 4) core cpu (such as,
Smart mobile phone or panel computer), traditional full disk encryption scheme does not consider the utilization of multi-CPU core, but with single-threaded side
Formula simply on a core cpu one by one data block be encrypted, the resource utilization of core cpu and external memory is serious the most not
Foot, encryption is slowly.This add secret meeting slowly and directly result in user and can not bear with and force to restart the situation of mobile phone.So
Situation once occur all of user data just will all lose, this is that user is unacceptable.
Embodiment of the disclosure and fully taken into account this point, user data memory block is divided into and core cpu number
Equal data field sheet, and concurrently each data field sheet to be carried out data encryption by equal number of thread respectively, thus
As much as possible make N number of encryption thread be evenly distributed on N number of core cpu to perform.Compared to traditional approach, significantly improve
The calculating resource of CPU and the service efficiency of input and output (Input Output, the IO) resource of external memory, thus improve safety
The speed of encryption.Such as, speed can be improved N times in theory, practical operation is pacified due to the scheduling between other threads
Row and various loss problem, the speed that can reach approximation N times promotes.For example, for have 64G user storage area and
The terminal unit of 4 core cpus, the time of full disk encryption can be foreshortened to a few minutes from ten a few minutes by disclosure embodiment,
Significantly improve Consumer's Experience.
It addition, embodiment of the disclosure that the N number of data field sheet by making division is equal in magnitude, N number of adding can be guaranteed as far as possible
Close thread starts simultaneously at and terminates simultaneously.
It addition, the enforcement of the disclosure can use UFS to replace eMMC as external memory to realize the user of terminal unit
Data storage area, owing to UFS has more faster read or write speed than eMMC, can improve the speed of full disk encryption further.
The method and apparatus that the disclosure provides can be presented as the one or more programs utilizing computer language to encode, with
The form storage of computer-readable medium.Computer-readable recording medium includes computer storage, one or more floppy disk, pressure
In contracting dish (CD), CD, digital video disc (DVD), tape, flash memory, field programmable gate array or other semiconductor device
Circuit configuration or other non-transient tangible computer storage mediums.These one or more programs by processor from computer-readable recording medium
Perform after middle reading to realize the method and system that the disclosure provides.Computer-readable recording medium can be portable, makes
Obtain and the program stored on it can be loaded onto on one or more different computers or other processors to realize above-mentioned basis
Disclosed various aspects.Term used herein " non-transient computer-readable recording medium " only include being considered manufacture or
The computer-readable recording medium of machine.Alternatively, the disclosure can be presented as that the computer-readable different from computer-readable recording medium is situated between
Matter, such as transmitting signal.
The foregoing is only preferred embodiment of the present disclosure, be not limited to the disclosure, for those skilled in the art
For, the disclosure can have various change and change.Any amendment of being made within all spirit in the disclosure and principle, equivalent
Replacement, improvement etc., within should be included in the protection domain of the disclosure.
Claims (10)
1. a full disk encryption method, including:
Determining the number N of core cpu in terminal unit, wherein N is greater than the integer of 1;
The user data memory block of terminal unit is divided into N number of data field sheet;And
Concurrently described N number of data field sheet is carried out data encryption.
Full disk encryption method the most according to claim 1, wherein, described N number of data field sheet is equal in magnitude.
Full disk encryption method the most according to claim 1, wherein, carries out data to described N number of data field sheet concurrently and adds
Close include:
Start the N number of encryption thread being respectively directed to N number of data field sheet;
Initial address and the end address of the data field sheet corresponding with this encryption thread is distributed to each encryption thread;
Run described N number of encryption thread concurrently so that described N number of data field sheet is carried out data encryption.
Full disk encryption method the most according to claim 1, wherein, described user data memory block is come by Common Flash Memory UFS
Realize.
Full disk encryption method the most according to claim 1, wherein, described terminal unit be core cpu number N be 2,4,8,
The terminal unit of 10 or 16.
Full disk encryption method the most according to any one of claim 1 to 5, wherein, described terminal unit is to use Android
The terminal unit of operating system.
7. a full disk encryption device, including:
Core cpu number determines module, and for determining the number N of core cpu in terminal unit, wherein N is greater than the integer of 1;
Memory block divides module, for the user data memory block of terminal unit is divided into N number of data field sheet;And
Parallel encryption module, for carrying out data encryption to described N number of data field sheet concurrently.
Full disk encryption device the most according to claim 7, wherein, described N number of data field sheet is equal in magnitude.
Full disk encryption device the most according to claim 7, wherein, parallel encryption module includes:
Thread start unit, for starting the N number of encryption thread being respectively directed to N number of data field sheet;
Allocation unit, for the initial address of the data field sheet corresponding with this encryption thread to the distribution of each encryption thread
And end address;And
Performance element, for running described N number of encryption thread so that described N number of data field sheet is carried out data encryption concurrently.
Full disk encryption device the most according to claim 7, wherein, described user data memory block is come by Common Flash Memory UFS
Realize.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610575876.8A CN106250784A (en) | 2016-07-20 | 2016-07-20 | Full disk encryption method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610575876.8A CN106250784A (en) | 2016-07-20 | 2016-07-20 | Full disk encryption method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106250784A true CN106250784A (en) | 2016-12-21 |
Family
ID=57613497
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610575876.8A Pending CN106250784A (en) | 2016-07-20 | 2016-07-20 | Full disk encryption method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106250784A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107679409A (en) * | 2017-09-29 | 2018-02-09 | 深圳大学 | A kind of acceleration method and system of data encryption |
| CN111124599A (en) * | 2019-11-08 | 2020-05-08 | 海光信息技术有限公司 | Virtual machine memory data migration method and device, electronic equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101997930A (en) * | 2010-12-24 | 2011-03-30 | 南开大学 | Retransmission-erasure code transmission protocol-based remote mirroring method and system |
| US20130121488A1 (en) * | 2011-11-14 | 2013-05-16 | Samsung Electronics Co., Ltd. | Method and storage device for protecting content |
| CN103440244A (en) * | 2013-07-12 | 2013-12-11 | 广东电子工业研究院有限公司 | Large-data storage and optimization method |
-
2016
- 2016-07-20 CN CN201610575876.8A patent/CN106250784A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101997930A (en) * | 2010-12-24 | 2011-03-30 | 南开大学 | Retransmission-erasure code transmission protocol-based remote mirroring method and system |
| US20130121488A1 (en) * | 2011-11-14 | 2013-05-16 | Samsung Electronics Co., Ltd. | Method and storage device for protecting content |
| CN103440244A (en) * | 2013-07-12 | 2013-12-11 | 广东电子工业研究院有限公司 | Large-data storage and optimization method |
Non-Patent Citations (2)
| Title |
|---|
| 朱克刚: "《IOS 8应用开发实战 205个快速上手的开发技巧》", 31 July 2015 * |
| 朱天楠: "Android系统中隐私数据保护技术研究", 《中国优秀硕士学位论文全文数据库·信息科技辑》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107679409A (en) * | 2017-09-29 | 2018-02-09 | 深圳大学 | A kind of acceleration method and system of data encryption |
| CN111124599A (en) * | 2019-11-08 | 2020-05-08 | 海光信息技术有限公司 | Virtual machine memory data migration method and device, electronic equipment and storage medium |
| CN111124599B (en) * | 2019-11-08 | 2021-04-30 | 海光信息技术股份有限公司 | Virtual machine memory data migration method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9836616B2 (en) | Creating distinct user spaces through user identifiers | |
| KR102137761B1 (en) | Heterogeneous unified memory section and method for manaing extended unified memory space thereof | |
| CN107124271B (en) | Data encryption and decryption method and equipment | |
| US20080195833A1 (en) | Systems, methods and computer program products for operating a data processing system in which a file system's unit of memory allocation is coordinated with a storage system's read/write operation unit | |
| CN107256363B (en) | High-speed encryption and decryption device composed of encryption and decryption module array | |
| CN103810020A (en) | Virtual machine elastic scaling method and device | |
| CN106937275B (en) | Equipment for storing system unique identifier and hardware ID (identity) under android system | |
| US20230244393A1 (en) | Communications to Reclaim Storage Space Occupied by Proof of Space Plots in Solid State Drives | |
| US20190278509A1 (en) | Information Handling System with Multi-key Secure Erase of Distributed Namespace | |
| US11960756B2 (en) | Management of storage space in solid state drives to support proof of space activities | |
| CN113079200A (en) | Data processing method, device and system | |
| US20230244394A1 (en) | Gradually Reclaim Storage Space Occupied by a Proof of Space Plot in a Solid State Drive | |
| US20230188599A1 (en) | Peer to Peer Transfer of Proof of Space Plots to or from Solid State Drives | |
| JP6095330B2 (en) | Information processing apparatus, control method therefor, and program | |
| US20170039397A1 (en) | Encryption/decryption apparatus, controller and encryption key protection method | |
| CN109643344B (en) | Method and apparatus for sharing security metadata memory space | |
| US20150227755A1 (en) | Encryption and decryption methods of a mobile storage on a file-by-file basis | |
| CN113420308A (en) | Data access control method and control system for encryption memory | |
| CN106250784A (en) | Full disk encryption method and device | |
| US10228966B2 (en) | Methods ad systems for hibernation of processes in computing devices | |
| CN103984621B (en) | log separation method and system | |
| CN104063284A (en) | Method and device operating application program | |
| US9177177B1 (en) | Systems and methods for securing storage space | |
| CN101403966A (en) | Method for implementing portable software | |
| CN104123952A (en) | Cache-free disc burning method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20161221 |
|
| WD01 | Invention patent application deemed withdrawn after publication |