CN106325775B - A kind of the optical storage hardware device and method of data redundancy/encryption - Google Patents

A kind of the optical storage hardware device and method of data redundancy/encryption Download PDF

Info

Publication number
CN106325775B
CN106325775B CN201610719910.4A CN201610719910A CN106325775B CN 106325775 B CN106325775 B CN 106325775B CN 201610719910 A CN201610719910 A CN 201610719910A CN 106325775 B CN106325775 B CN 106325775B
Authority
CN
China
Prior art keywords
data
encryption
redundancy
storage
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610719910.4A
Other languages
Chinese (zh)
Other versions
CN106325775A (en
Inventor
巴任
白岩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING ZHONGKE KAIDI SOFTWARE CO., LTD.
Original Assignee
Beijing Zhongke Kaidi Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Zhongke Kaidi Software Co Ltd filed Critical Beijing Zhongke Kaidi Software Co Ltd
Priority to CN201610719910.4A priority Critical patent/CN106325775B/en
Publication of CN106325775A publication Critical patent/CN106325775A/en
Application granted granted Critical
Publication of CN106325775B publication Critical patent/CN106325775B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/061Improving I/O performance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0622Securing storage systems in relation to access
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system
    • G06F3/0673Single storage device
    • G06F3/0674Disk device
    • G06F3/0677Optical disk device, e.g. CD-ROM, DVD
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system
    • G06F3/0683Plurality of storage devices
    • G06F3/0689Disk arrays, e.g. RAID, JBOD

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Signal Processing For Digital Recording And Reproducing (AREA)

Abstract

The present invention relates to field of data storage, in particular to the optical storage hardware device and method of a kind of data redundancy/encryption.The optical storage hardware device mainly includes operation control processor, under the auxiliary of encrypting and decrypting coprocessor and randomizer, operation control processor can do redundancy processing and encryption to data, realize the encryption to data before imprinting enters CD.And the optical storage hardware device connects multiple CD-ROM equipments by light storage device adaptor interface, and engraving data is written in multiple CDs by the light storage device adaptor interface, realizes the redundancy of data.Therefore, not only optical storage data can only pass through software realization data redundancy encryption to effective solution to data redundancy/encryption optical storage hardware device at this stage, the low problem low with encryption and decryption complexity of existing performance, redundancy/encryption speed can also be improved, the load of host is reduced, the whole efficiency of CD library facilities is improved.

Description

A kind of the optical storage hardware device and method of data redundancy/encryption
Technical field
The present invention relates to field of data storage, in particular to a kind of optical storage hardware device of data redundancy/encryption And method.
Background technique
Data storage medium mainly includes magnetic storage medium and optical storage media at this stage.The principle of magnetic storage is mangneto electricity Inhibition effect can be subdivided into disk storage and tape storage again.Although disk storage has that storage speed is fast, memory capacity is big and letter Revisable advantage is ceased, but its power consumption is big, big by strong magnetic influence and the service life is short, just needed more within especially enterprise-level application 3~5 years Disk is changed, the bottleneck of its development is had become;The advantage of tape storage be that its is cheap, dilatation is convenient and technology very at It is ripe, be widely used in offline storage, but its error rate in data storage procedure is high, it is cumbersome to restore data and need compared with High Conservation environment also results in tape storage and develops slowly.And optical storage technology is using laser irradiation medium, laser and Jie Matter interaction, causes the property of medium to change and stores information.Optical disc storage has storage life is long (to save Can be more than 100 years), data save that stable and not easy to lose, Information Security is high and data can not change not by forceful electric power magnetic influence, It can save offline and the advantages that dilatation facilitates, but its capacity is small.For the small problem of optical storage capacity, user can pass through CD server or CD tower form carry out the storage of mass data.Therefore, the application scenarios of optical disc storage are mainly long term archival number According to storage.
During data storage medium is evolving, the requirement of Information Security is also higher and higher.At this stage, light is deposited The data redundancy encipherment scheme of storage hardware device only has software realization, i.e., before data are sent to CD-ROM drive imprinting, passes through software journey Ordered pair data carry out encryption and redundancy processing, send the data to CD-ROM drive imprinting again later.But the low encryption and decryption of this mode performance Complexity is low, can be cracked by reverse means after Write once optical disc.It solves the problems, such as this, needs using hardware Equipment is realized.Data encryption complexity and redundancy, liberation data clothes can be increased by the redundancy encryption of hardware realization data Business device resource, improves overall performance.
Summary of the invention
The purpose of the present invention is to provide a kind of optical storage hardware devices of data redundancy/encryption, to solve optical storage number According to can only be by software realization data redundancy encryption, and the low problem low with encryption and decryption complexity of existing performance.
The present invention provides a kind of optical storage hardware devices of data redundancy/encryption comprising:
Host communication interface and light storage device adaptor interface, the optical storage hardware device pass through the host communication Interface connects more than one host, connects more than one light storage device by the light storage device adaptor interface and realizes number According to redundant storage;
The host communication interface is connected with operation control processor, and operation control processor is total by internal data communication Line is connected with firmware memory, buffer memory adapter, optical storage adapter;Operation control processor by high-speed bus with Machine accesses memory RAM and is connected;The firmware memory is connected by data communication bus with processor, and it is erasable to have programming Write attribute, for storing the redundancy/cryptography infrastructure control logic of this hardware device;
The operation control processor includes central processing unit, encrypting and decrypting processing unit, redundancy processing unit, The encrypting and decrypting processing unit is connect with central processing unit, the redundancy processing unit element and the central processing Unit connection;
Encrypting and decrypting processing unit is made of encrypting and decrypting coprocessor and key secure storage module, the encrypting and decrypting Coprocessor includes enciphering and deciphering algorithm accelerator, programmable Cryptographic Extensions module, randomizer;The key secure storage Module includes internal storage region and external key exchange adapter, and the internal storage region and the encrypting and decrypting coprocessor are logical Integrated encapsulation is crossed, the external key exchange adapter connects external key storage medium by data-interface;
It further include data cached storage unit, the data cached storage unit is by data cached storage adapter and outside High-capacity and high-speed storage medium composition, the data cached storage adapter are suitable by data communication bus and CPU and optical storage Orchestration is connected, and the external high-capacity and high-speed storage medium is connect with data cached storage adapter.
It in some embodiments, preferably, further include EPROM, the EPROM is connect with the operation control processor, Redundancy/cryptography infrastructure control logic is modified for programmatic.
In some embodiments, preferably, which is characterized in that the encrypting and decrypting coprocessor carries out symmetric cryptography processing With asymmetric encryption processing.
In some embodiments, preferably, the host communication interface is PCIE or SAS or SATA interface, the CD-ROM drive End interface is SAS or SATA controller.
The present invention also provides a kind of methods of hardware realization data redundancy/encryption comprising: it is hard using above-mentioned optical storage Part equipment, specific steps are as follows:
Step 1: host communication interface connects more than one host, and data enter the optical storage by host communication interface Hardware device;
Step 2: determining whether data are encrypted, if being encrypted, carry out step 3;If without adding Close processing then carries out step 4;
Step 3: data carry out symmetrical/asymmetric compound data encryption processing, obtain ciphertext and stealthy key;
Step 4: determining whether to carry out redundancy processing, if carrying out redundancy processing, step 5 is carried out, if at without redundancy Reason, then carry out step 6;
Step 5: ciphertext is handled according to RAID redundant fashion, obtains striping RAID data and RAID with confidence Breath;
Step 6: engraving data being written in light storage device, the engraving data includes that the RAID data, RAID match Confidence breath and stealthy key.
In some embodiments, preferably, the encryption in the step 3 includes realization two-stage encryption flow, including Symmetric cryptography processing and asymmetric encryption processing;
To be encrypted using symmetric cryptographic key to data, the asymmetric encryption processing is for the symmetric cryptography processing Secondary encryption, which is carried out, using asymmetric key pair symmetric key obtains secondary key;Stealthy key is by unsymmetrical key public affairs Key, secondary key, data summarization signature collectively constitute.
In some embodiments, preferably, the symmetric cryptographic key is generated by hardware random number generator;It is described non-right Key is claimed to be inputted by security medium outside encryption system.
In some embodiments, preferably, it is slow to be temporarily stored in data before CD is written for the engraving data in the step 6 It deposits in memory;The data of pre-read are cached in data buffer memory first in optical storage media.
In some embodiments, preferably, the data storage includes random access memory ram and massive store Device, the mass storage are furnished with solid-state disk SSD.
In some embodiments, preferably, it is described hidden during light storage device is written in engraving data by the step 6 PMA region and the track leading-out zone of optical medium is written in shape key.
A kind of optical storage hardware device of data redundancy/encryption provided in an embodiment of the present invention compared with prior art should Optical storage hardware device can realize the redundancy or encryption of data, which mainly includes integration data processing Device, the processor can do redundancy processing and encryption to data, realize the encryption to data before imprinting enters CD Processing.The optical storage hardware device connects multiple main frames by host communication interface, realizes the mode of redundancy link, that is, guarantees In the case where wherein idle situation occurs in any host, data still can be transferred to optical storage hardware device.But with for the moment Between put only one host to the optical storage hardware device be written data.The optical storage hardware device is adapted to by light storage device Device interface connects multiple CD-ROM equipments, the light storage device adaptor interface by normal data and redundancy check data in the same time It records in multiple CDs, realizes the redundancy of data.By above-mentioned a series of processing, effective solution optical storage number at this stage According to can only be by software realization data redundancy encryption, the low problem low with encryption and decryption complexity of existing performance, and can mention Highly redundant/encryption speed reduces the IO load of host, improves safety, reliability and the globality of CD server class equipment Energy and efficiency.
Detailed description of the invention
Fig. 1 is data redundancy/encryption optical storage hardware device multi-path redundancy mode signal in one embodiment of the invention Figure;
Fig. 2 is the data flowchart of data redundancy/encryption optical storage hardware device in one embodiment of the invention;
Fig. 3 is that data redundancy/encryption optical storage hardware device is written at the information of CD in one embodiment of the invention Manage flow diagram;
Fig. 4 is data redundancy/encryption optical storage hardware device data in one embodiment of the invention on CD media Physical structure schematic diagram.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiments of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people Member's every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
Can only be by software realization data redundancy encryption for optical storage data at this stage, and existing performance is low The problem low with encryption and decryption complexity, the invention proposes a kind of optical storage hardware device of data redundancy/encryption and hardware are real The method of existing data redundancy/encryption.
As shown in Figure 1, Figure 2, Figure 3 shows, data redundancy/encryption optical storage hardware device specifically includes:
Host communication interface and light storage device adaptor interface, optical storage hardware device are connected by host communication interface Multiple main frames Host connects multiple CD-ROM equipment Drivers by light storage device adaptor interface, then the optical storage hardware is set The standby connection type for realizing multi-path redundancy guarantees that any Host occurs under not working condition wherein, additionally it is possible to guarantee data Can normal transmission write data into multiple CD-ROM equipments into the optical storage hardware device, and through the optical storage hardware device In the CD of Drivers, the redundancy of data is realized.For convenience of statement, data redundancy/encryption optical storage hardware device is referred to as For Br-RAID equipment, realize that data redundancy/encryption method is known as Br-RAID based on the optical storage hardware device.
The host communication interface of Br-RAID equipment is connected with operation control processor, and operation control processor includes center Processing unit, encrypting and decrypting processing unit, redundancy processing unit, when data enter Br-RAID by host communication interface Equipment, encryption judgment component are made whether the judgement of encryption to data, if data needs are encrypted, data are by adding Close element is encrypted, which can be handled for symmetric cryptography, is also possible to asymmetric encryption processing.Also, add It is sequentially connected inside close decryption coprocessor, randomizer and encryption element, encrypting and decrypting coprocessor, random number occur Device assists encryption element that data are encrypted.The equipment further includes key safe storage, key safe storage with Encrypting and decrypting coprocessor exchanges adapter connection by key, and key exchanges adapter assist process device and key storage media Communication helps the data exchange in processor processing ciphering process, is detached from secure storage without key simultaneously in the ciphertext of generation Container.
Encrypting and decrypting processing unit is made of encrypting and decrypting coprocessor and key secure storage module, at encrypting and decrypting association Reason device includes enciphering and deciphering algorithm accelerator, programmable Cryptographic Extensions module, randomizer;Key secure storage module includes Internal storage region and external key exchange adapter, and internal storage region and encrypting and decrypting coprocessor pass through integrated envelope Dress, external key exchange adapter and connect external key storage medium by data-interface.Data carry out band after encrypting in advance Formula redundancy processing method, it is ensured that any external non-volatile row storage equipment will not retain clear data, striping in the process Redundancy Design afterwards can resist the physical damage of optical medium to a certain extent.
Data encryption hardware partition design structure and internal streaming data processing method, it is ensured that any level-one in the process Clear text key is limited in encryption and decryption processing unit always in operation, and it is total to be not present in CPU, RAM, EPROM, data communication In the non-security module such as line, external memory, optical storage media.
Operation control processor further includes redundancy determination element, redundant element, encrypts judgment component and encryption element, redundancy Judgment component connection, redundancy determination element are connect with redundant element, and redundancy determination element is made whether redundancy processing to data Judgement, redundant element carry out redundancy processing to it in turn.Processor treated data directly will be (internal in write-in two-level cache RAM and external large capacity cache memory), optical medium is written in data by optical storage adapter in a manner of PW.
Br-RAID equipment further includes firmware memory (in an implementation usually using erasable programmable read-only register EPROM), firmware memory by bus connect operation control processor, for by basic control program Solidification wherein.
In one embodiment, Br-RAID equipment redundancy uses RAID reference format, and at above-mentioned encryption and key Reason is using AES+PKCS hybrid mode, i.e. primary encryption processing is using AES encryption, and key handling is using PKCS Encryption, and redundancy uses standard RAID stripe redundancy.Redundant arithmetic uses standard RAID algorithm.Stripe size (Psize) is logical The size for the data packet writing mode (PW mode) that optical medium is supported is crossed to determine, and stripe size can be according to application scenarios tune Whole, range is traditionally arranged to be Psize~Psize*8N (number that N is CD).
PKCS encryption uses external security storage write-in Br-RAID equipment, wherein public key Public Key (PubKey) is public Storage is opened, private key Private Key (PriKey) encryption is stored in safety zone, and key length is not less than 1024 word bits.Every group CD generates one group of AES password ([AES-PW], Rijndael algorithm), and key length is 128,192 or 256, passes through Optical head is written after encrypting [AES-PW] using PKCS in PubKey.The system of the Host of Br-RAID equipment connection need to support UDF Or other are the compact disk file system that unit is written with sector, the optical medium driver of connection supports PW/IPN mode.Data are write Entry format must use the CD writing mode based on sector/data packet, and the imprinting mode of CD-ROM drive is defaulted as PW mode.? It is identical as CD-ROM drive hardware supported under other modes.During light storage device is written in engraving data, it is different from the prior art It is middle that key and data are stored in data field together, the PMA region of stealthy key write-in optical medium and track are exported in the application The non-data area in area more improves the confidentiality of data.
As shown in figure 4, Br-RAID equipment need to control the write-in of data with read operation.Data write-in requires number According to Br-RAID is written with UDF format, and CD-ROM drive is written in a manner of PW, reading data requires CD-ROM drive to obtain in the form of sector (packet) Data are converted into UDF mode, and serve data to Host.
The equipment that Br-RAID equipment requirement is connected and used is with uniformity, and Br-RAID equipment connects CD-ROM drive, CD exists It necessarily requires specification consistent in same group, is capable of being replaced mutually for indifference.
Further, the mistake for operating single driver is considered as whole event, is passed up to Host, and Host stops data Transmission.
In the case, the host communication interface of Br-RAID equipment is PCIE or SAS or SATA interface, and the optical storage is set Standby adaptor interface is SAS or SATA controller.Br-RAID is to be connect by SAS/SATA interface with host and CD-ROM equipment, Multiple CD-ROM equipments are invented into one piece of biggish light storage device of capacity, and the data of the equipment are written by redundancy in host Each physical disc is written after verification/encryption.For the requirement for meeting carrying cost (space and capacity), the design primarily directed to Blu-ray disc media, and compatible other media for meeting related specifications.
In typical application scenarios, the agreement of interface include between Br-RAID and host connection using PCIE (speed is extremely Few X4).If multi-path redundancy should be used to be connected to Host using SAS interface.If using SATA interface, the SATA interface At least use V2.5 version.Further, Br-RAID connects with SAS or SATA controller that CD-ROM drive connects for SAS/SATA is compatible Mouthful, CD-ROM drive also correspondingly uses SAS/SATA interface (SAS 3Gb/s, SATARev2.5).
In common application environment, the operating mode of Br-RAID equipment mainly includes bridge mode, redundant mode, redundancy Encryption mode.Bridge mode is that host communication interface is connected to light storage device adaptor interface, and directly CD-ROM equipment is transferred To Host, it is equivalent to a SAS/SATA controller.Redundant mode is that the data only carry out redundancy processing, passes through the Br- RAID device stores the data in multiple CD-ROM drives in a manner of look-alike disk RAID, supports RAID, RAID0, RAID1, RAID0+ 1, the redundancy strategies such as RAID5, RAID6, RAID50 and RAID60.The redundancy encryption mode is that the data carry out redundancy processing And encryption, the data in multiple CD-ROM drives are stored to the data of encryption by the Br-RAID equipment in a manner of RAID, are propped up Hold RAID0+1, RAID5, RAID6, RAID50 and RAID60 redundant arithmetic.
For the optical storage hardware device of above-mentioned data redundancy/encryption, a kind of hardware realization data redundancy/encryption is proposed Method, next, elaborating to this method:
Using above-mentioned optical storage hardware device, specific steps include:
Step 1: host communication interface connects more than one host, and data enter the optical storage by host communication interface Hardware device;
Step 2: determining whether data are encrypted, if being encrypted, carry out step 3;If without adding Close processing then carries out step 4;
Step 3: data are encrypted, and obtain ciphertext and stealthy key;
Step 4: determining whether to carry out redundancy processing, if carrying out redundancy processing, step 5 is carried out, if at without redundancy Reason, then carry out step 6;
Step 5: ciphertext or clear data are handled according to RAID standard, obtain data raid information and raid configuration Information;
Step 6: the CD in compact disk equipment is written into engraving data, the engraving data includes the data RAID information With RAID configuration information or the data and RAID configuration information, stealthy key.
If encryption is symmetric cryptography, in step 3 further include: carried out after secondary encryption obtains encryption to key Key, and the secondary encryption is asymmetric encryption, the engraving data in step 6 further includes the encrypted secret key.If First encryption is asymmetric encryption, and the engraving data in step 6 further includes the public key and RAID information abstract label Name.
In one embodiment, after data enter Br-RAID equipment, the processing of step 1-4 is carried out, aes algorithm is first passed through Symmetric cryptography is carried out to data, converts encrypted ciphertext for data, then carry out through key of the asymmetric arithmetic PKCS to AES Encryption obtains encrypted secret key.Step 5 is carried out therewith, and the RAID cutting by standard is band of the range in 4K~4M.Finally, These are written in data of optical disk sector by step 6 by encryption and bands of redundancy in a manner of PW/IPW, by encrypted secret key, Public key, signing messages and RAID information write-in PMA region or the leading-out zone external space.
As shown in figure 4, the optical head information of write-in mainly includes RAID configuration information, PKCS public key, AES password (warp PKCS encryption) and RAID signing messages.Head information is written to PMA section and the export area of CD.Above-mentioned four are believed Backup of the breath write-in export area as PMA region can read information from export area once PMA region is damaged.
Second ciphertext is temporarily stored in crypto key memory before reading external data exchanger, the imprinting number in step 6 Be temporarily stored in data storage according to before CD is written, and step 6 by engraving data be written light storage device during, will be hidden PMA region and the track leading-out zone of optical medium is written in shape key.Data storage includes random access memory ram and large capacity Memory, the mass storage are furnished with high speed flash memory or solid-state hard disk SSD.RAM is level cache, non-volatile great Rong It measures memory (high speed flash memory, SSD) and is used as L2 cache.Br-RAID is used using write-in caching technology, the data of host write-in Writing mode is buffered, buffer area is first written in data to be written, deposits in batches with PW mode write-in light after area's data to be buffered are sufficient Storage media is write as unit of sector using UDF2.5 or more version or other compact disk file systems for supporting sector to store Enter data.
These are only the preferred embodiment of the present invention, is not intended to restrict the invention, for those skilled in the art For member, the invention may be variously modified and varied.All within the spirits and principles of the present invention, it is made it is any modification, Equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.

Claims (10)

1. a kind of optical storage hardware device of data redundancy/encryption characterized by comprising
Host communication interface and light storage device adaptor interface, the optical storage hardware device pass through the host communication interface More than one host is connected, more than one light storage device is connected by the light storage device adaptor interface and realizes that data are superfluous Balance storage;
The host communication interface is connected with operation control processor, and the operation control processor is total by internal data communication Line is connected with firmware memory, buffer memory adapter, optical storage adapter;And processor passes through high speed at the operation control Bus is connected with random access memory ram;The firmware memory is connected by data communication bus with processor, is had Erasable write attribute is programmed, for storing the redundancy/cryptography infrastructure control logic of this hardware device;
The operation control processor includes central processing unit, encrypting and decrypting processing unit, redundancy processing unit, described Encrypting and decrypting processing unit is connect with central processing unit, the redundancy processing unit element and the central processing unit Connection;
Encrypting and decrypting processing unit is made of encrypting and decrypting coprocessor and key secure storage module, at the encrypting and decrypting association Reason device includes enciphering and deciphering algorithm accelerator, programmable Cryptographic Extensions module, randomizer;The key secure storage module Adapter is exchanged including internal storage region and external key, the internal storage region and the encrypting and decrypting coprocessor pass through one Body integration packaging, the external key exchange adapter connect external key storage medium by data-interface;
It further include data cached storage unit, the data cached storage unit is by data cached storage adapter and outside great Rong High speed storing medium composition is measured, the data cached storage adapter passes through data communication bus and CPU and optical storage adapter It is connected, the external high-capacity and high-speed storage medium is connect with data cached storage adapter.
2. the optical storage hardware device of data redundancy/encryption as described in claim 1, which is characterized in that it further include EPROM, The EPROM is connect with the operation control processor, modifies redundancy/cryptography infrastructure control logic for programmatic.
3. the optical storage hardware device of data redundancy/encryption as described in claim 1, which is characterized in that the encrypting and decrypting Coprocessor carries out symmetric cryptography processing and asymmetric encryption processing.
4. the optical storage hardware device of data redundancy/encryption as described in claim 1, which is characterized in that the host communication Interface is PCIE or SAS or SATA interface, and the light storage device adaptor interface is SAS or SATA controller.
5. a kind of method of hardware realization data redundancy/encryption, which is characterized in that described in any item using claim 1-4 Optical storage hardware device, specific steps include:
Step 1: host communication interface connects more than one host, and data enter the optical storage hardware by host communication interface Equipment;
Step 2: determining whether data are encrypted, if being encrypted, carry out step 3;If at encryption Reason, then carry out step 4;
Step 3: data carry out symmetrical/asymmetric compound data encryption processing, obtain ciphertext and stealthy key;
Step 4: determine whether to carry out redundancy processing, if carrying out redundancy processing, carries out step 5, if without redundancy processing, Carry out step 6;
Step 5: ciphertext is handled according to RAID redundant fashion, obtains striping RAID data and RAID configuration information;
Step 6: engraving data being written in light storage device, the engraving data includes the RAID data, RAID with confidence Breath and stealthy key.
6. the method for hardware realization data redundancy/encryption as claimed in claim 5, which is characterized in that adding in the step 3 Close processing includes realizing two-stage encryption flow, including symmetric cryptography handles and asymmetric encryption processing;
To be encrypted using symmetric cryptographic key to data, the asymmetric encryption processing is utilization for the symmetric cryptography processing Asymmetric key pair symmetric key carries out secondary encryption and obtains secondary key;Stealthy key is by unsymmetrical key public key, two Secondary key, data summarization signature collectively constitute.
7. the method for hardware realization data redundancy/encryption as claimed in claim 6, which is characterized in that the symmetric cryptography is close Key is generated by hardware random number generator;The unsymmetrical key is inputted by security medium outside encryption system.
8. the method for hardware realization data redundancy/encryption as claimed in claim 5, which is characterized in that the quarter in the step 6 Record data are temporarily stored in data buffer memory before CD is written;The data of pre-read are cached in first in optical storage media In data buffer memory.
9. the method for hardware realization data redundancy/encryption as claimed in claim 8, which is characterized in that the data buffer storage is deposited Reservoir includes random access memory ram and mass storage, and the mass storage is furnished with solid disk SSD.
10. the method for hardware realization data redundancy/encryption as claimed in claim 5, which is characterized in that the step 6 will carve During recording data write-in light storage device, the PMA region of the stealth key write-in optical medium and track leading-out zone.
CN201610719910.4A 2016-08-24 2016-08-24 A kind of the optical storage hardware device and method of data redundancy/encryption Active CN106325775B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610719910.4A CN106325775B (en) 2016-08-24 2016-08-24 A kind of the optical storage hardware device and method of data redundancy/encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610719910.4A CN106325775B (en) 2016-08-24 2016-08-24 A kind of the optical storage hardware device and method of data redundancy/encryption

Publications (2)

Publication Number Publication Date
CN106325775A CN106325775A (en) 2017-01-11
CN106325775B true CN106325775B (en) 2019-03-22

Family

ID=57790720

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610719910.4A Active CN106325775B (en) 2016-08-24 2016-08-24 A kind of the optical storage hardware device and method of data redundancy/encryption

Country Status (1)

Country Link
CN (1) CN106325775B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107170470A (en) * 2017-03-29 2017-09-15 山东超越数控电子有限公司 A kind of CD-ROM drive and imprinting, read method with hardware encrypting
CN106970889B (en) * 2017-05-10 2023-12-12 鸿秦(北京)科技有限公司 SATA bridge chip and working method thereof
CN108920093B (en) * 2018-05-30 2022-02-18 北京三快在线科技有限公司 Data reading and writing method and device, electronic equipment and readable storage medium
CN112702318A (en) * 2020-12-09 2021-04-23 江苏通付盾信息安全技术有限公司 Communication encryption method, decryption method, client and server
CN115618396B (en) * 2022-11-28 2023-04-07 云账户技术(天津)有限公司 Data encryption method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5313617A (en) * 1990-03-19 1994-05-17 Hitachi, Ltd. Multi-disc optical data storage system for use with a host computer for emulating a magnetic disc device
CN1748206A (en) * 2003-02-07 2006-03-15 松下电器产业株式会社 Terminal device and data protection system having it
CN101105738A (en) * 2006-07-13 2008-01-16 国际商业机器公司 Apparatus, system, and method for concurrent storage pool migration and backup
CN101359279A (en) * 2008-10-06 2009-02-04 浪潮电子信息产业股份有限公司 ISCSI disc array controller with internal path redundant function
CN101577138A (en) * 2008-05-09 2009-11-11 上海凌锐信息技术有限公司 Self-burning separated type shooting device and method for realizing encryption burning
CN202049480U (en) * 2011-04-18 2011-11-23 上海北大方正科技电脑系统有限公司 Encryption storage equipment
US8650471B2 (en) * 2011-06-28 2014-02-11 Dell Products L.P. System and method for look-aside parity based raid

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090198885A1 (en) * 2008-02-04 2009-08-06 Manoj Jose K System and methods for host software stripe management in a striped storage subsystem

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5313617A (en) * 1990-03-19 1994-05-17 Hitachi, Ltd. Multi-disc optical data storage system for use with a host computer for emulating a magnetic disc device
CN1748206A (en) * 2003-02-07 2006-03-15 松下电器产业株式会社 Terminal device and data protection system having it
CN101105738A (en) * 2006-07-13 2008-01-16 国际商业机器公司 Apparatus, system, and method for concurrent storage pool migration and backup
CN101577138A (en) * 2008-05-09 2009-11-11 上海凌锐信息技术有限公司 Self-burning separated type shooting device and method for realizing encryption burning
CN101359279A (en) * 2008-10-06 2009-02-04 浪潮电子信息产业股份有限公司 ISCSI disc array controller with internal path redundant function
CN202049480U (en) * 2011-04-18 2011-11-23 上海北大方正科技电脑系统有限公司 Encryption storage equipment
US8650471B2 (en) * 2011-06-28 2014-02-11 Dell Products L.P. System and method for look-aside parity based raid

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于信息冗余的数据完整性保障技术;王志刚;《楚雄师范学院学报》;20021230;第17卷(第6期);第5页-第9页

Also Published As

Publication number Publication date
CN106325775A (en) 2017-01-11

Similar Documents

Publication Publication Date Title
CN106325775B (en) A kind of the optical storage hardware device and method of data redundancy/encryption
CN103065102B (en) Data encryption mobile storage management method based on virtual disk
CN102073808B (en) Method for encrypting and storing information through SATA interface and encryption card
US11416417B2 (en) Method and apparatus to generate zero content over garbage data when encryption parameters are changed
US9064135B1 (en) Hardware implemented key management system and method
US20080063209A1 (en) Distributed key store
CN104217180B (en) A kind of encryption storage dish
CN107785044A (en) Electricity buffering NV DIMM and its application method
US9032218B2 (en) Key rotation for encrypted storage media using a mirrored volume revive operation
US20080063197A1 (en) Storing encrypted data keys to a tape to allow a transport mechanism
US8843768B2 (en) Security-enabled storage controller
CN112560058B (en) SSD partition encryption storage system based on intelligent password key and implementation method thereof
CN108139984A (en) Secure subsystem
KR102292641B1 (en) Memory controller, operating method thereof and memory system including the same
US20080063198A1 (en) Storing EEDKS to tape outside of user data area
CN107609428A (en) Date safety storing system and method
CN105809068A (en) High-speed storage control SOC chip supporting adoption of hardware encryption algorithm
EP4109270A1 (en) Memory bus integrity and data encryption (ide)
CN105205416A (en) Mobile hard disk password module
US20190377693A1 (en) Method to generate pattern data over garbage data when encryption parameters are changed
US11349643B2 (en) Techniques for using local key management in a data storage system
CN112887077B (en) SSD main control chip random cache confidentiality method and circuit
CN204215404U (en) A kind of cryptographic storage dish
CN202041958U (en) Encryption card supporting SATA interface
CN105224889A (en) Business datum specific store system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20200117

Address after: Room 612, floor 6, No. 23, Zhichun Road, Haidian District, Beijing 100089

Patentee after: BEIJING ZHONGKE KAIDI SOFTWARE CO., LTD.

Address before: 100191, Bai Yan building, 238 middle Fourth Ring Road, Haidian District, Beijing, 1505

Co-patentee before: Ba Ren

Patentee before: BEIJING ZHONGKE KAIDI SOFTWARE CO., LTD.

Co-patentee before: Bai Yan