CN106650511A - Scheme for improving encryption performance of encryption system - Google Patents
Scheme for improving encryption performance of encryption system Download PDFInfo
- Publication number
- CN106650511A CN106650511A CN201610070000.8A CN201610070000A CN106650511A CN 106650511 A CN106650511 A CN 106650511A CN 201610070000 A CN201610070000 A CN 201610070000A CN 106650511 A CN106650511 A CN 106650511A
- Authority
- CN
- China
- Prior art keywords
- encryption
- solid state
- hard disc
- state hard
- pipe device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
Abstract
The invention relates to a scheme for improving the encryption performance of an encryption system. The scheme at least involves several solid storage media, a security control unit and a main control unit, wherein the main control unit includes at least one encryption unit, and the operation characteristics of the encryption units can be set by the security control unit via a specific interface. By introducing the security control unit, different types of users can introduce new secrecy factors on an encryption channel according to needs to improve the secrecy performance of the system.
Description
Technical field
The present invention relates to encrypt the design of solid state hard disc and realize, it is more particularly to a kind of by independent security management and control device
To strengthen the design of the security performance of secrecy system.
Background technology
Data confidentiality is a critical consideration point of modern data design of memory systems.Loss of data, the stolen damage for causing
The various aspects such as individual privacy, trade secret and national security have been brought disaster in mistake.Store as the mainstream information of contemporary information systems
The solid state hard disc of one of equipment typically all comprising built-in encryption measures cause information carrier lose or it is stolen in the case of will not
Initiation is given away secrets.
In existing design, the crypto engine and encryption handling of system are all realized by solid state hard disc main controller.Though
So this scheme has a low cost, the simple advantage of system architecture, but due to whole system operatio details all in design it is solid
Decide, the requirement of industry can not be met in the high applied environment of some security requirements.
The content of the invention
In order to overcome the above-mentioned deficiencies of the prior art, the invention provides a kind of be based on built-in crypto engine and external security
The scheme of management coprocessor (hereinafter referred to as pacifying pipe device) cooperation, improves above-mentioned various problems.
The technical solution adopted in the present invention is:Main controller chip will be placed in based on multiple crypto engines of algorithms of different
It is interior.Engine selectes, and each crypto engine special can be connect including the multiple control parameters including sweet key and operator scheme by one
Peace pipe device outside mouthful by main controller, Jing secured fashions are incoming.Due to being physically coupled to some realities between main controller and peace pipe device
The potential point of attack can be become in existing scheme, the information transfer in the connection need to be by the safety of such as PKI (public key cryptosyst) etc
Information exchange system is incoming.
Compared with traditional scheme, following advantage is had based on the scheme of peace pipe device:
1. general requirement can adopt the built-in encipherment scheme of main controller.Peace pipe device can be used on guarantor as an optional system element
It is that system design brings new possibility and flexibility in the not high system of level of confidentiality.
2. the introducing for pacifying pipe device carrys out many new possibilities to authentication and authorizing band, and some were difficult in main controller originally
As long as the scheme of middle realization suitably peace pipe scheme is all possibly realized.For example, user's body is worn and has the identity of bluetooth password
Validator, by appropriately designed peace pipe device, as long as the close system access authority of the user will automatic opening.What is authorized makes
As long as user leaves scope hard disk automatic lockout.
Description of the drawings
Fig. 1 is the system block diagram of the present invention;
Fig. 2 is key element graph of a relation of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawings the present invention is further described.
As shown in structure Fig. 1, the key of the present invention is that (lower half marks portion to introducing safety management coprocessor by redness
Point).Peace pipe device includes processor (CPU), and sweet key generator, security parameter memory, external identity checking receives process circuit
Deng.
Fig. 2 show the logical relation of critical piece of the present invention.Between main frame and storage medium (such as NAND Flash)
Data exchange will pacify the number between pipe device and main controller by enciphering/deciphering engine, when peace pipe device has been selected in system design
Must be by the protection of " security parameter exchange " module, with the malicious attack implemented on impedance tie point according to exchanging.
Claims (6)
1. a kind of design of the solid state hard disc of reinforcing security performance includes at least one main controller, and one or more solid-states are deposited
Storage media unit (such as NAND Flash chips), a security management and control coprocessor (peace pipe device), it is characterised in that in main controller
Comprising encryption/decryption element, and the sweet key and operator scheme of the encryption/decryption element can be controlled by above-mentioned peace pipe device.
2. solid state hard disc design according to claim 1, it is characterised in that:Data between main controller and peace pipe device
Exchange and protected by public key algorithm.
3. solid state hard disc design according to claim 2, it is characterised in that:The public key algorithm is RSA or similar
Algorithm.
4. solid state hard disc design according to claim 1, it is characterised in that:The main controller is encapsulated in peace pipe device
In logical multicore encapsulation (MCP).
5. solid state hard disc design according to claim 1, it is characterised in that:It is described peace pipe device can be used to receive with
Process authentication signal.
6. solid state hard disc design according to claim 5, it is characterised in that:The authentication signal wireless communication
Number (such as bluetooth, WiFi, Zigbee etc.) realize.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610070000.8A CN106650511A (en) | 2016-02-01 | 2016-02-01 | Scheme for improving encryption performance of encryption system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610070000.8A CN106650511A (en) | 2016-02-01 | 2016-02-01 | Scheme for improving encryption performance of encryption system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106650511A true CN106650511A (en) | 2017-05-10 |
Family
ID=58848622
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610070000.8A Pending CN106650511A (en) | 2016-02-01 | 2016-02-01 | Scheme for improving encryption performance of encryption system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106650511A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100030982A1 (en) * | 2008-08-04 | 2010-02-04 | Sandisk Il Ltd. | Backing up digital content that is stored in a secured storage device |
| CN103226678A (en) * | 2007-05-09 | 2013-07-31 | 金士顿科技股份有限公司 | Secure and scalable solid state disk system |
| CN104346586A (en) * | 2013-07-25 | 2015-02-11 | 爱国者电子科技有限公司 | Self-destructive data protection storage device and self-destructive data protection method |
| CN204791027U (en) * | 2015-07-02 | 2015-11-18 | 沈阳睿隆鸿业科技有限公司 | Safe solid state hard drives controller |
-
2016
- 2016-02-01 CN CN201610070000.8A patent/CN106650511A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103226678A (en) * | 2007-05-09 | 2013-07-31 | 金士顿科技股份有限公司 | Secure and scalable solid state disk system |
| US20100030982A1 (en) * | 2008-08-04 | 2010-02-04 | Sandisk Il Ltd. | Backing up digital content that is stored in a secured storage device |
| CN104346586A (en) * | 2013-07-25 | 2015-02-11 | 爱国者电子科技有限公司 | Self-destructive data protection storage device and self-destructive data protection method |
| CN204791027U (en) * | 2015-07-02 | 2015-11-18 | 沈阳睿隆鸿业科技有限公司 | Safe solid state hard drives controller |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI730941B (en) | Apparatus and method for authenticating | |
| CN100468438C (en) | Encryption and decryption method for realizing hardware and software binding | |
| US9413535B2 (en) | Critical security parameter generation and exchange system and method for smart-card memory modules | |
| CN101196855B (en) | Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method | |
| US8484486B2 (en) | Integrated cryptographic security module for a network node | |
| US20100254537A1 (en) | Scalable and Secure Key Management For Cryptographic Data Processing | |
| CN107846396B (en) | Memory system and binding method between memory system and host | |
| EP3355231B1 (en) | Mobile data storage device with access control functionality | |
| CN101506815A (en) | Bi-processor architecture for secure systems | |
| CN112560058B (en) | SSD partition encryption storage system based on intelligent password key and implementation method thereof | |
| CN102646077A (en) | Method for full-disk encryption based on trusted cryptography module | |
| CN104200156A (en) | Trusted cryptosystem based on Loongson processor | |
| CN102236756A (en) | File encryption method based on TCM (trusted cryptography module) and USBkey | |
| CN104901810A (en) | Data encrypted storage method based on domestic cryptographic algorithm | |
| CN102136048A (en) | Mobile phone Bluetooth-based ambient intelligent computer protection device and method | |
| CN103440462A (en) | Embedded control method for improving security and secrecy performance of security microprocessor | |
| CN102201044A (en) | Universal serial bus (USB) security key | |
| CN102662874B (en) | Double-interface encryption memory card and management method and system of data in double-interface encryption memory card | |
| CN105809068A (en) | High-speed storage control SOC chip supporting adoption of hardware encryption algorithm | |
| CN103514540B (en) | A kind of excellent shield service implementation method and system | |
| CN102768646A (en) | Serial port hard disk encryption and decryption device | |
| CN207475576U (en) | A kind of safety mobile terminal system based on safety chip | |
| CN102270182A (en) | Encrypted mobile storage equipment based on synchronous user and host machine authentication | |
| CN102831080A (en) | Data security protection method for mobile storage equipment | |
| CN102446140B (en) | Data processing method and movable storage device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| DD01 | Delivery of document by public notice |
Addressee: Solid technology (Hangzhou) Co., Ltd. Document name: Notification of Publication of the Application for Invention |
|
| DD01 | Delivery of document by public notice | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| DD01 | Delivery of document by public notice |
Addressee: Patent director of Tiangu Technology (Hangzhou) Co.,Ltd. Document name: First notice of examination |
|
| DD01 | Delivery of document by public notice | ||
| DD01 | Delivery of document by public notice |
Addressee: Zhang Zhurui Document name: Deemed withdrawal notice |
|
| DD01 | Delivery of document by public notice | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170510 |
|
| WD01 | Invention patent application deemed withdrawn after publication |