CN106325775B - A kind of the optical storage hardware device and method of data redundancy/encryption - Google Patents
A kind of the optical storage hardware device and method of data redundancy/encryption Download PDFInfo
- Publication number
- CN106325775B CN106325775B CN201610719910.4A CN201610719910A CN106325775B CN 106325775 B CN106325775 B CN 106325775B CN 201610719910 A CN201610719910 A CN 201610719910A CN 106325775 B CN106325775 B CN 106325775B
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- redundancy
- storage
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/061—Improving I/O performance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G06F3/0622—Securing storage systems in relation to access
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0673—Single storage device
- G06F3/0674—Disk device
- G06F3/0677—Optical disk device, e.g. CD-ROM, DVD
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0683—Plurality of storage devices
- G06F3/0689—Disk arrays, e.g. RAID, JBOD
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Human Computer Interaction (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Signal Processing For Digital Recording And Reproducing (AREA)
Abstract
The present invention relates to field of data storage, in particular to the optical storage hardware device and method of a kind of data redundancy/encryption.The optical storage hardware device mainly includes operation control processor, under the auxiliary of encrypting and decrypting coprocessor and randomizer, operation control processor can do redundancy processing and encryption to data, realize the encryption to data before imprinting enters CD.And the optical storage hardware device connects multiple CD-ROM equipments by light storage device adaptor interface, and engraving data is written in multiple CDs by the light storage device adaptor interface, realizes the redundancy of data.Therefore, not only optical storage data can only pass through software realization data redundancy encryption to effective solution to data redundancy/encryption optical storage hardware device at this stage, the low problem low with encryption and decryption complexity of existing performance, redundancy/encryption speed can also be improved, the load of host is reduced, the whole efficiency of CD library facilities is improved.
Description
Technical field
The present invention relates to field of data storage, in particular to a kind of optical storage hardware device of data redundancy/encryption
And method.
Background technique
Data storage medium mainly includes magnetic storage medium and optical storage media at this stage.The principle of magnetic storage is mangneto electricity
Inhibition effect can be subdivided into disk storage and tape storage again.Although disk storage has that storage speed is fast, memory capacity is big and letter
Revisable advantage is ceased, but its power consumption is big, big by strong magnetic influence and the service life is short, just needed more within especially enterprise-level application 3~5 years
Disk is changed, the bottleneck of its development is had become;The advantage of tape storage be that its is cheap, dilatation is convenient and technology very at
It is ripe, be widely used in offline storage, but its error rate in data storage procedure is high, it is cumbersome to restore data and need compared with
High Conservation environment also results in tape storage and develops slowly.And optical storage technology is using laser irradiation medium, laser and Jie
Matter interaction, causes the property of medium to change and stores information.Optical disc storage has storage life is long (to save
Can be more than 100 years), data save that stable and not easy to lose, Information Security is high and data can not change not by forceful electric power magnetic influence,
It can save offline and the advantages that dilatation facilitates, but its capacity is small.For the small problem of optical storage capacity, user can pass through
CD server or CD tower form carry out the storage of mass data.Therefore, the application scenarios of optical disc storage are mainly long term archival number
According to storage.
During data storage medium is evolving, the requirement of Information Security is also higher and higher.At this stage, light is deposited
The data redundancy encipherment scheme of storage hardware device only has software realization, i.e., before data are sent to CD-ROM drive imprinting, passes through software journey
Ordered pair data carry out encryption and redundancy processing, send the data to CD-ROM drive imprinting again later.But the low encryption and decryption of this mode performance
Complexity is low, can be cracked by reverse means after Write once optical disc.It solves the problems, such as this, needs using hardware
Equipment is realized.Data encryption complexity and redundancy, liberation data clothes can be increased by the redundancy encryption of hardware realization data
Business device resource, improves overall performance.
Summary of the invention
The purpose of the present invention is to provide a kind of optical storage hardware devices of data redundancy/encryption, to solve optical storage number
According to can only be by software realization data redundancy encryption, and the low problem low with encryption and decryption complexity of existing performance.
The present invention provides a kind of optical storage hardware devices of data redundancy/encryption comprising:
Host communication interface and light storage device adaptor interface, the optical storage hardware device pass through the host communication
Interface connects more than one host, connects more than one light storage device by the light storage device adaptor interface and realizes number
According to redundant storage;
The host communication interface is connected with operation control processor, and operation control processor is total by internal data communication
Line is connected with firmware memory, buffer memory adapter, optical storage adapter;Operation control processor by high-speed bus with
Machine accesses memory RAM and is connected;The firmware memory is connected by data communication bus with processor, and it is erasable to have programming
Write attribute, for storing the redundancy/cryptography infrastructure control logic of this hardware device;
The operation control processor includes central processing unit, encrypting and decrypting processing unit, redundancy processing unit,
The encrypting and decrypting processing unit is connect with central processing unit, the redundancy processing unit element and the central processing
Unit connection;
Encrypting and decrypting processing unit is made of encrypting and decrypting coprocessor and key secure storage module, the encrypting and decrypting
Coprocessor includes enciphering and deciphering algorithm accelerator, programmable Cryptographic Extensions module, randomizer;The key secure storage
Module includes internal storage region and external key exchange adapter, and the internal storage region and the encrypting and decrypting coprocessor are logical
Integrated encapsulation is crossed, the external key exchange adapter connects external key storage medium by data-interface;
It further include data cached storage unit, the data cached storage unit is by data cached storage adapter and outside
High-capacity and high-speed storage medium composition, the data cached storage adapter are suitable by data communication bus and CPU and optical storage
Orchestration is connected, and the external high-capacity and high-speed storage medium is connect with data cached storage adapter.
It in some embodiments, preferably, further include EPROM, the EPROM is connect with the operation control processor,
Redundancy/cryptography infrastructure control logic is modified for programmatic.
In some embodiments, preferably, which is characterized in that the encrypting and decrypting coprocessor carries out symmetric cryptography processing
With asymmetric encryption processing.
In some embodiments, preferably, the host communication interface is PCIE or SAS or SATA interface, the CD-ROM drive
End interface is SAS or SATA controller.
The present invention also provides a kind of methods of hardware realization data redundancy/encryption comprising: it is hard using above-mentioned optical storage
Part equipment, specific steps are as follows:
Step 1: host communication interface connects more than one host, and data enter the optical storage by host communication interface
Hardware device;
Step 2: determining whether data are encrypted, if being encrypted, carry out step 3;If without adding
Close processing then carries out step 4;
Step 3: data carry out symmetrical/asymmetric compound data encryption processing, obtain ciphertext and stealthy key;
Step 4: determining whether to carry out redundancy processing, if carrying out redundancy processing, step 5 is carried out, if at without redundancy
Reason, then carry out step 6;
Step 5: ciphertext is handled according to RAID redundant fashion, obtains striping RAID data and RAID with confidence
Breath;
Step 6: engraving data being written in light storage device, the engraving data includes that the RAID data, RAID match
Confidence breath and stealthy key.
In some embodiments, preferably, the encryption in the step 3 includes realization two-stage encryption flow, including
Symmetric cryptography processing and asymmetric encryption processing;
To be encrypted using symmetric cryptographic key to data, the asymmetric encryption processing is for the symmetric cryptography processing
Secondary encryption, which is carried out, using asymmetric key pair symmetric key obtains secondary key;Stealthy key is by unsymmetrical key public affairs
Key, secondary key, data summarization signature collectively constitute.
In some embodiments, preferably, the symmetric cryptographic key is generated by hardware random number generator;It is described non-right
Key is claimed to be inputted by security medium outside encryption system.
In some embodiments, preferably, it is slow to be temporarily stored in data before CD is written for the engraving data in the step 6
It deposits in memory;The data of pre-read are cached in data buffer memory first in optical storage media.
In some embodiments, preferably, the data storage includes random access memory ram and massive store
Device, the mass storage are furnished with solid-state disk SSD.
In some embodiments, preferably, it is described hidden during light storage device is written in engraving data by the step 6
PMA region and the track leading-out zone of optical medium is written in shape key.
A kind of optical storage hardware device of data redundancy/encryption provided in an embodiment of the present invention compared with prior art should
Optical storage hardware device can realize the redundancy or encryption of data, which mainly includes integration data processing
Device, the processor can do redundancy processing and encryption to data, realize the encryption to data before imprinting enters CD
Processing.The optical storage hardware device connects multiple main frames by host communication interface, realizes the mode of redundancy link, that is, guarantees
In the case where wherein idle situation occurs in any host, data still can be transferred to optical storage hardware device.But with for the moment
Between put only one host to the optical storage hardware device be written data.The optical storage hardware device is adapted to by light storage device
Device interface connects multiple CD-ROM equipments, the light storage device adaptor interface by normal data and redundancy check data in the same time
It records in multiple CDs, realizes the redundancy of data.By above-mentioned a series of processing, effective solution optical storage number at this stage
According to can only be by software realization data redundancy encryption, the low problem low with encryption and decryption complexity of existing performance, and can mention
Highly redundant/encryption speed reduces the IO load of host, improves safety, reliability and the globality of CD server class equipment
Energy and efficiency.
Detailed description of the invention
Fig. 1 is data redundancy/encryption optical storage hardware device multi-path redundancy mode signal in one embodiment of the invention
Figure;
Fig. 2 is the data flowchart of data redundancy/encryption optical storage hardware device in one embodiment of the invention;
Fig. 3 is that data redundancy/encryption optical storage hardware device is written at the information of CD in one embodiment of the invention
Manage flow diagram;
Fig. 4 is data redundancy/encryption optical storage hardware device data in one embodiment of the invention on CD media
Physical structure schematic diagram.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiments of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
Member's every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
Can only be by software realization data redundancy encryption for optical storage data at this stage, and existing performance is low
The problem low with encryption and decryption complexity, the invention proposes a kind of optical storage hardware device of data redundancy/encryption and hardware are real
The method of existing data redundancy/encryption.
As shown in Figure 1, Figure 2, Figure 3 shows, data redundancy/encryption optical storage hardware device specifically includes:
Host communication interface and light storage device adaptor interface, optical storage hardware device are connected by host communication interface
Multiple main frames Host connects multiple CD-ROM equipment Drivers by light storage device adaptor interface, then the optical storage hardware is set
The standby connection type for realizing multi-path redundancy guarantees that any Host occurs under not working condition wherein, additionally it is possible to guarantee data
Can normal transmission write data into multiple CD-ROM equipments into the optical storage hardware device, and through the optical storage hardware device
In the CD of Drivers, the redundancy of data is realized.For convenience of statement, data redundancy/encryption optical storage hardware device is referred to as
For Br-RAID equipment, realize that data redundancy/encryption method is known as Br-RAID based on the optical storage hardware device.
The host communication interface of Br-RAID equipment is connected with operation control processor, and operation control processor includes center
Processing unit, encrypting and decrypting processing unit, redundancy processing unit, when data enter Br-RAID by host communication interface
Equipment, encryption judgment component are made whether the judgement of encryption to data, if data needs are encrypted, data are by adding
Close element is encrypted, which can be handled for symmetric cryptography, is also possible to asymmetric encryption processing.Also, add
It is sequentially connected inside close decryption coprocessor, randomizer and encryption element, encrypting and decrypting coprocessor, random number occur
Device assists encryption element that data are encrypted.The equipment further includes key safe storage, key safe storage with
Encrypting and decrypting coprocessor exchanges adapter connection by key, and key exchanges adapter assist process device and key storage media
Communication helps the data exchange in processor processing ciphering process, is detached from secure storage without key simultaneously in the ciphertext of generation
Container.
Encrypting and decrypting processing unit is made of encrypting and decrypting coprocessor and key secure storage module, at encrypting and decrypting association
Reason device includes enciphering and deciphering algorithm accelerator, programmable Cryptographic Extensions module, randomizer;Key secure storage module includes
Internal storage region and external key exchange adapter, and internal storage region and encrypting and decrypting coprocessor pass through integrated envelope
Dress, external key exchange adapter and connect external key storage medium by data-interface.Data carry out band after encrypting in advance
Formula redundancy processing method, it is ensured that any external non-volatile row storage equipment will not retain clear data, striping in the process
Redundancy Design afterwards can resist the physical damage of optical medium to a certain extent.
Data encryption hardware partition design structure and internal streaming data processing method, it is ensured that any level-one in the process
Clear text key is limited in encryption and decryption processing unit always in operation, and it is total to be not present in CPU, RAM, EPROM, data communication
In the non-security module such as line, external memory, optical storage media.
Operation control processor further includes redundancy determination element, redundant element, encrypts judgment component and encryption element, redundancy
Judgment component connection, redundancy determination element are connect with redundant element, and redundancy determination element is made whether redundancy processing to data
Judgement, redundant element carry out redundancy processing to it in turn.Processor treated data directly will be (internal in write-in two-level cache
RAM and external large capacity cache memory), optical medium is written in data by optical storage adapter in a manner of PW.
Br-RAID equipment further includes firmware memory (in an implementation usually using erasable programmable read-only register
EPROM), firmware memory by bus connect operation control processor, for by basic control program Solidification wherein.
In one embodiment, Br-RAID equipment redundancy uses RAID reference format, and at above-mentioned encryption and key
Reason is using AES+PKCS hybrid mode, i.e. primary encryption processing is using AES encryption, and key handling is using PKCS
Encryption, and redundancy uses standard RAID stripe redundancy.Redundant arithmetic uses standard RAID algorithm.Stripe size (Psize) is logical
The size for the data packet writing mode (PW mode) that optical medium is supported is crossed to determine, and stripe size can be according to application scenarios tune
Whole, range is traditionally arranged to be Psize~Psize*8N (number that N is CD).
PKCS encryption uses external security storage write-in Br-RAID equipment, wherein public key Public Key (PubKey) is public
Storage is opened, private key Private Key (PriKey) encryption is stored in safety zone, and key length is not less than 1024 word bits.Every group
CD generates one group of AES password ([AES-PW], Rijndael algorithm), and key length is 128,192 or 256, passes through
Optical head is written after encrypting [AES-PW] using PKCS in PubKey.The system of the Host of Br-RAID equipment connection need to support UDF
Or other are the compact disk file system that unit is written with sector, the optical medium driver of connection supports PW/IPN mode.Data are write
Entry format must use the CD writing mode based on sector/data packet, and the imprinting mode of CD-ROM drive is defaulted as PW mode.?
It is identical as CD-ROM drive hardware supported under other modes.During light storage device is written in engraving data, it is different from the prior art
It is middle that key and data are stored in data field together, the PMA region of stealthy key write-in optical medium and track are exported in the application
The non-data area in area more improves the confidentiality of data.
As shown in figure 4, Br-RAID equipment need to control the write-in of data with read operation.Data write-in requires number
According to Br-RAID is written with UDF format, and CD-ROM drive is written in a manner of PW, reading data requires CD-ROM drive to obtain in the form of sector (packet)
Data are converted into UDF mode, and serve data to Host.
The equipment that Br-RAID equipment requirement is connected and used is with uniformity, and Br-RAID equipment connects CD-ROM drive, CD exists
It necessarily requires specification consistent in same group, is capable of being replaced mutually for indifference.
Further, the mistake for operating single driver is considered as whole event, is passed up to Host, and Host stops data
Transmission.
In the case, the host communication interface of Br-RAID equipment is PCIE or SAS or SATA interface, and the optical storage is set
Standby adaptor interface is SAS or SATA controller.Br-RAID is to be connect by SAS/SATA interface with host and CD-ROM equipment,
Multiple CD-ROM equipments are invented into one piece of biggish light storage device of capacity, and the data of the equipment are written by redundancy in host
Each physical disc is written after verification/encryption.For the requirement for meeting carrying cost (space and capacity), the design primarily directed to
Blu-ray disc media, and compatible other media for meeting related specifications.
In typical application scenarios, the agreement of interface include between Br-RAID and host connection using PCIE (speed is extremely
Few X4).If multi-path redundancy should be used to be connected to Host using SAS interface.If using SATA interface, the SATA interface
At least use V2.5 version.Further, Br-RAID connects with SAS or SATA controller that CD-ROM drive connects for SAS/SATA is compatible
Mouthful, CD-ROM drive also correspondingly uses SAS/SATA interface (SAS 3Gb/s, SATARev2.5).
In common application environment, the operating mode of Br-RAID equipment mainly includes bridge mode, redundant mode, redundancy
Encryption mode.Bridge mode is that host communication interface is connected to light storage device adaptor interface, and directly CD-ROM equipment is transferred
To Host, it is equivalent to a SAS/SATA controller.Redundant mode is that the data only carry out redundancy processing, passes through the Br-
RAID device stores the data in multiple CD-ROM drives in a manner of look-alike disk RAID, supports RAID, RAID0, RAID1, RAID0+
1, the redundancy strategies such as RAID5, RAID6, RAID50 and RAID60.The redundancy encryption mode is that the data carry out redundancy processing
And encryption, the data in multiple CD-ROM drives are stored to the data of encryption by the Br-RAID equipment in a manner of RAID, are propped up
Hold RAID0+1, RAID5, RAID6, RAID50 and RAID60 redundant arithmetic.
For the optical storage hardware device of above-mentioned data redundancy/encryption, a kind of hardware realization data redundancy/encryption is proposed
Method, next, elaborating to this method:
Using above-mentioned optical storage hardware device, specific steps include:
Step 1: host communication interface connects more than one host, and data enter the optical storage by host communication interface
Hardware device;
Step 2: determining whether data are encrypted, if being encrypted, carry out step 3;If without adding
Close processing then carries out step 4;
Step 3: data are encrypted, and obtain ciphertext and stealthy key;
Step 4: determining whether to carry out redundancy processing, if carrying out redundancy processing, step 5 is carried out, if at without redundancy
Reason, then carry out step 6;
Step 5: ciphertext or clear data are handled according to RAID standard, obtain data raid information and raid configuration
Information;
Step 6: the CD in compact disk equipment is written into engraving data, the engraving data includes the data RAID information
With RAID configuration information or the data and RAID configuration information, stealthy key.
If encryption is symmetric cryptography, in step 3 further include: carried out after secondary encryption obtains encryption to key
Key, and the secondary encryption is asymmetric encryption, the engraving data in step 6 further includes the encrypted secret key.If
First encryption is asymmetric encryption, and the engraving data in step 6 further includes the public key and RAID information abstract label
Name.
In one embodiment, after data enter Br-RAID equipment, the processing of step 1-4 is carried out, aes algorithm is first passed through
Symmetric cryptography is carried out to data, converts encrypted ciphertext for data, then carry out through key of the asymmetric arithmetic PKCS to AES
Encryption obtains encrypted secret key.Step 5 is carried out therewith, and the RAID cutting by standard is band of the range in 4K~4M.Finally,
These are written in data of optical disk sector by step 6 by encryption and bands of redundancy in a manner of PW/IPW, by encrypted secret key,
Public key, signing messages and RAID information write-in PMA region or the leading-out zone external space.
As shown in figure 4, the optical head information of write-in mainly includes RAID configuration information, PKCS public key, AES password (warp
PKCS encryption) and RAID signing messages.Head information is written to PMA section and the export area of CD.Above-mentioned four are believed
Backup of the breath write-in export area as PMA region can read information from export area once PMA region is damaged.
Second ciphertext is temporarily stored in crypto key memory before reading external data exchanger, the imprinting number in step 6
Be temporarily stored in data storage according to before CD is written, and step 6 by engraving data be written light storage device during, will be hidden
PMA region and the track leading-out zone of optical medium is written in shape key.Data storage includes random access memory ram and large capacity
Memory, the mass storage are furnished with high speed flash memory or solid-state hard disk SSD.RAM is level cache, non-volatile great Rong
It measures memory (high speed flash memory, SSD) and is used as L2 cache.Br-RAID is used using write-in caching technology, the data of host write-in
Writing mode is buffered, buffer area is first written in data to be written, deposits in batches with PW mode write-in light after area's data to be buffered are sufficient
Storage media is write as unit of sector using UDF2.5 or more version or other compact disk file systems for supporting sector to store
Enter data.
These are only the preferred embodiment of the present invention, is not intended to restrict the invention, for those skilled in the art
For member, the invention may be variously modified and varied.All within the spirits and principles of the present invention, it is made it is any modification,
Equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (10)
1. a kind of optical storage hardware device of data redundancy/encryption characterized by comprising
Host communication interface and light storage device adaptor interface, the optical storage hardware device pass through the host communication interface
More than one host is connected, more than one light storage device is connected by the light storage device adaptor interface and realizes that data are superfluous
Balance storage;
The host communication interface is connected with operation control processor, and the operation control processor is total by internal data communication
Line is connected with firmware memory, buffer memory adapter, optical storage adapter;And processor passes through high speed at the operation control
Bus is connected with random access memory ram;The firmware memory is connected by data communication bus with processor, is had
Erasable write attribute is programmed, for storing the redundancy/cryptography infrastructure control logic of this hardware device;
The operation control processor includes central processing unit, encrypting and decrypting processing unit, redundancy processing unit, described
Encrypting and decrypting processing unit is connect with central processing unit, the redundancy processing unit element and the central processing unit
Connection;
Encrypting and decrypting processing unit is made of encrypting and decrypting coprocessor and key secure storage module, at the encrypting and decrypting association
Reason device includes enciphering and deciphering algorithm accelerator, programmable Cryptographic Extensions module, randomizer;The key secure storage module
Adapter is exchanged including internal storage region and external key, the internal storage region and the encrypting and decrypting coprocessor pass through one
Body integration packaging, the external key exchange adapter connect external key storage medium by data-interface;
It further include data cached storage unit, the data cached storage unit is by data cached storage adapter and outside great Rong
High speed storing medium composition is measured, the data cached storage adapter passes through data communication bus and CPU and optical storage adapter
It is connected, the external high-capacity and high-speed storage medium is connect with data cached storage adapter.
2. the optical storage hardware device of data redundancy/encryption as described in claim 1, which is characterized in that it further include EPROM,
The EPROM is connect with the operation control processor, modifies redundancy/cryptography infrastructure control logic for programmatic.
3. the optical storage hardware device of data redundancy/encryption as described in claim 1, which is characterized in that the encrypting and decrypting
Coprocessor carries out symmetric cryptography processing and asymmetric encryption processing.
4. the optical storage hardware device of data redundancy/encryption as described in claim 1, which is characterized in that the host communication
Interface is PCIE or SAS or SATA interface, and the light storage device adaptor interface is SAS or SATA controller.
5. a kind of method of hardware realization data redundancy/encryption, which is characterized in that described in any item using claim 1-4
Optical storage hardware device, specific steps include:
Step 1: host communication interface connects more than one host, and data enter the optical storage hardware by host communication interface
Equipment;
Step 2: determining whether data are encrypted, if being encrypted, carry out step 3;If at encryption
Reason, then carry out step 4;
Step 3: data carry out symmetrical/asymmetric compound data encryption processing, obtain ciphertext and stealthy key;
Step 4: determine whether to carry out redundancy processing, if carrying out redundancy processing, carries out step 5, if without redundancy processing,
Carry out step 6;
Step 5: ciphertext is handled according to RAID redundant fashion, obtains striping RAID data and RAID configuration information;
Step 6: engraving data being written in light storage device, the engraving data includes the RAID data, RAID with confidence
Breath and stealthy key.
6. the method for hardware realization data redundancy/encryption as claimed in claim 5, which is characterized in that adding in the step 3
Close processing includes realizing two-stage encryption flow, including symmetric cryptography handles and asymmetric encryption processing;
To be encrypted using symmetric cryptographic key to data, the asymmetric encryption processing is utilization for the symmetric cryptography processing
Asymmetric key pair symmetric key carries out secondary encryption and obtains secondary key;Stealthy key is by unsymmetrical key public key, two
Secondary key, data summarization signature collectively constitute.
7. the method for hardware realization data redundancy/encryption as claimed in claim 6, which is characterized in that the symmetric cryptography is close
Key is generated by hardware random number generator;The unsymmetrical key is inputted by security medium outside encryption system.
8. the method for hardware realization data redundancy/encryption as claimed in claim 5, which is characterized in that the quarter in the step 6
Record data are temporarily stored in data buffer memory before CD is written;The data of pre-read are cached in first in optical storage media
In data buffer memory.
9. the method for hardware realization data redundancy/encryption as claimed in claim 8, which is characterized in that the data buffer storage is deposited
Reservoir includes random access memory ram and mass storage, and the mass storage is furnished with solid disk SSD.
10. the method for hardware realization data redundancy/encryption as claimed in claim 5, which is characterized in that the step 6 will carve
During recording data write-in light storage device, the PMA region of the stealth key write-in optical medium and track leading-out zone.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610719910.4A CN106325775B (en) | 2016-08-24 | 2016-08-24 | A kind of the optical storage hardware device and method of data redundancy/encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610719910.4A CN106325775B (en) | 2016-08-24 | 2016-08-24 | A kind of the optical storage hardware device and method of data redundancy/encryption |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106325775A CN106325775A (en) | 2017-01-11 |
CN106325775B true CN106325775B (en) | 2019-03-22 |
Family
ID=57790720
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610719910.4A Active CN106325775B (en) | 2016-08-24 | 2016-08-24 | A kind of the optical storage hardware device and method of data redundancy/encryption |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106325775B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107170470A (en) * | 2017-03-29 | 2017-09-15 | 山东超越数控电子有限公司 | A kind of CD-ROM drive and imprinting, read method with hardware encrypting |
CN106970889B (en) * | 2017-05-10 | 2023-12-12 | 鸿秦(北京)科技有限公司 | SATA bridge chip and working method thereof |
CN108920093B (en) * | 2018-05-30 | 2022-02-18 | 北京三快在线科技有限公司 | Data reading and writing method and device, electronic equipment and readable storage medium |
CN112702318A (en) * | 2020-12-09 | 2021-04-23 | 江苏通付盾信息安全技术有限公司 | Communication encryption method, decryption method, client and server |
CN115618396B (en) * | 2022-11-28 | 2023-04-07 | 云账户技术(天津)有限公司 | Data encryption method and device |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5313617A (en) * | 1990-03-19 | 1994-05-17 | Hitachi, Ltd. | Multi-disc optical data storage system for use with a host computer for emulating a magnetic disc device |
CN1748206A (en) * | 2003-02-07 | 2006-03-15 | 松下电器产业株式会社 | Terminal device and data protection system having it |
CN101105738A (en) * | 2006-07-13 | 2008-01-16 | 国际商业机器公司 | Apparatus, system, and method for concurrent storage pool migration and backup |
CN101359279A (en) * | 2008-10-06 | 2009-02-04 | 浪潮电子信息产业股份有限公司 | ISCSI disc array controller with internal path redundant function |
CN101577138A (en) * | 2008-05-09 | 2009-11-11 | 上海凌锐信息技术有限公司 | Self-burning separated type shooting device and method for realizing encryption burning |
CN202049480U (en) * | 2011-04-18 | 2011-11-23 | 上海北大方正科技电脑系统有限公司 | Encryption storage equipment |
US8650471B2 (en) * | 2011-06-28 | 2014-02-11 | Dell Products L.P. | System and method for look-aside parity based raid |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090198885A1 (en) * | 2008-02-04 | 2009-08-06 | Manoj Jose K | System and methods for host software stripe management in a striped storage subsystem |
-
2016
- 2016-08-24 CN CN201610719910.4A patent/CN106325775B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5313617A (en) * | 1990-03-19 | 1994-05-17 | Hitachi, Ltd. | Multi-disc optical data storage system for use with a host computer for emulating a magnetic disc device |
CN1748206A (en) * | 2003-02-07 | 2006-03-15 | 松下电器产业株式会社 | Terminal device and data protection system having it |
CN101105738A (en) * | 2006-07-13 | 2008-01-16 | 国际商业机器公司 | Apparatus, system, and method for concurrent storage pool migration and backup |
CN101577138A (en) * | 2008-05-09 | 2009-11-11 | 上海凌锐信息技术有限公司 | Self-burning separated type shooting device and method for realizing encryption burning |
CN101359279A (en) * | 2008-10-06 | 2009-02-04 | 浪潮电子信息产业股份有限公司 | ISCSI disc array controller with internal path redundant function |
CN202049480U (en) * | 2011-04-18 | 2011-11-23 | 上海北大方正科技电脑系统有限公司 | Encryption storage equipment |
US8650471B2 (en) * | 2011-06-28 | 2014-02-11 | Dell Products L.P. | System and method for look-aside parity based raid |
Non-Patent Citations (1)
Title |
---|
基于信息冗余的数据完整性保障技术;王志刚;《楚雄师范学院学报》;20021230;第17卷(第6期);第5页-第9页 |
Also Published As
Publication number | Publication date |
---|---|
CN106325775A (en) | 2017-01-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106325775B (en) | A kind of the optical storage hardware device and method of data redundancy/encryption | |
CN103065102B (en) | Data encryption mobile storage management method based on virtual disk | |
CN102073808B (en) | Method for encrypting and storing information through SATA interface and encryption card | |
US11416417B2 (en) | Method and apparatus to generate zero content over garbage data when encryption parameters are changed | |
US9064135B1 (en) | Hardware implemented key management system and method | |
US20080063209A1 (en) | Distributed key store | |
CN104217180B (en) | A kind of encryption storage dish | |
CN107785044A (en) | Electricity buffering NV DIMM and its application method | |
US9032218B2 (en) | Key rotation for encrypted storage media using a mirrored volume revive operation | |
US20080063197A1 (en) | Storing encrypted data keys to a tape to allow a transport mechanism | |
US8843768B2 (en) | Security-enabled storage controller | |
CN112560058B (en) | SSD partition encryption storage system based on intelligent password key and implementation method thereof | |
CN108139984A (en) | Secure subsystem | |
KR102292641B1 (en) | Memory controller, operating method thereof and memory system including the same | |
US20080063198A1 (en) | Storing EEDKS to tape outside of user data area | |
CN107609428A (en) | Date safety storing system and method | |
CN105809068A (en) | High-speed storage control SOC chip supporting adoption of hardware encryption algorithm | |
EP4109270A1 (en) | Memory bus integrity and data encryption (ide) | |
CN105205416A (en) | Mobile hard disk password module | |
US20190377693A1 (en) | Method to generate pattern data over garbage data when encryption parameters are changed | |
US11349643B2 (en) | Techniques for using local key management in a data storage system | |
CN112887077B (en) | SSD main control chip random cache confidentiality method and circuit | |
CN204215404U (en) | A kind of cryptographic storage dish | |
CN202041958U (en) | Encryption card supporting SATA interface | |
CN105224889A (en) | Business datum specific store system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20200117 Address after: Room 612, floor 6, No. 23, Zhichun Road, Haidian District, Beijing 100089 Patentee after: BEIJING ZHONGKE KAIDI SOFTWARE CO., LTD. Address before: 100191, Bai Yan building, 238 middle Fourth Ring Road, Haidian District, Beijing, 1505 Co-patentee before: Ba Ren Patentee before: BEIJING ZHONGKE KAIDI SOFTWARE CO., LTD. Co-patentee before: Bai Yan |