CN108563603A - A kind of efficient data encryption device based on UASP agreements - Google Patents
A kind of efficient data encryption device based on UASP agreements Download PDFInfo
- Publication number
- CN108563603A CN108563603A CN201810349859.1A CN201810349859A CN108563603A CN 108563603 A CN108563603 A CN 108563603A CN 201810349859 A CN201810349859 A CN 201810349859A CN 108563603 A CN108563603 A CN 108563603A
- Authority
- CN
- China
- Prior art keywords
- data
- uasp
- encryption
- host
- asynchronous
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/42—Bus transfer protocol, e.g. handshake; Synchronisation
- G06F13/4282—Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2213/00—Indexing scheme relating to interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F2213/0036—Small computer system interface [SCSI]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2213/00—Indexing scheme relating to interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F2213/0042—Universal serial bus [USB]
Abstract
The invention discloses a kind of efficient data encryption devices based on UASP agreements, include USB3.0Device controllers, UASP controllers, crypto engine and data buffer zone in equipment end;Include an application software app and a data buffer zone at the ends Host;It also include the program of a realization following functions:The ends Host application software reads plaintext document to be encrypted to internal storage data buffering area from hard disk;The ends Host application software sends the clear data in memory to encryption device end;Encryption device end receives above-mentioned clear data to crypto engine by UASP drivers and starts encryption, and encrypted ciphertext data are put to the data buffer zone of equipment end;Ciphertext data are sent to the ends Host;The ends Host receive ciphertext data by application software app and deposit to memory;Ciphertext data are written back to hard disk by application software.The present invention is based on the final products of the efficient data encryption device of UASP to be highly convenient for carrying, and completes the encryption and decryption of data whenever and wherever possible, and key is located inside equipment, ensures safety.
Description
Technical field
The invention belongs to computer information safety technique fields, and in particular to a kind of efficient data based on UASP agreements adds
Close equipment.
Background technology
UASP (USB Attached SCSI Protocol) is SCSI (Small Computer System in recent years
Interface, small computer system interface) a kind of emerging transport protocol of protocol suite, because it complies fully with SAM-4 specifications
(SCSI Architecture Model 4) supports asynchronous queue's transmission, in the case of communicating pair no-float, bottom
The efficiency of transmission of physical interface can be wide close to filled band, extremely efficiently.The transmission medium of UASP bottoms is USB, utilizes the 4 of USB
A bulk pipe (Bulk Pipe) establishes command channel, stator channel, the channels data OUT, the channels data IN respectively.
USB3.0 relies on the transmission rate of up to 5Gbps, and the maximization of efficiency of transmission may be implemented after carrying UASP.It is existing
There are the disclosure in the high speed storing of equipment room using UASP protocol realizations data, such as Publication No. in patent document
US20110296106A1, entitled " SYSTEM FOR REALIZING MULTI-PORT STORAGE MEDIA BASED ON
The U.S. of 3.0 AND METHOD THEREOF " of A UASP PROTOCOL OF A USB SPECIFICATION VERSION
Patent proposes a kind of multiport storage media system of the UASP agreements based on USB3.0.But it is passed using UASP protocol realization height
While defeated efficiency, how to ensure that the safety of data is still a problem to be solved.
Invention content
Present invention aims at a kind of efficient data encryption device based on UASP is proposed, asynchronous queue's skill of UASP is relied on
The USB3.0 ultrahigh speed physical interfaces of art and bottom realize the efficient cryptographic to critical data.
To achieve the above object, the technical solution adopted by the present invention sets for a kind of efficient data encryption based on UASP agreements
It is standby, include USB3.0Device controllers, UASP controllers, crypto engine and the respective driving journey of three at the ends Device
Sequence also includes a data buffer zone;Include an application software app and a data buffer zone at the ends Host;Also include one
A program for realizing following functions:
S1:The ends Host application software app reads plaintext document to be encrypted to internal storage data buffering area from hard disk;
S2:The UASP drivers that the ends Host application software app provides the clear data in memory via operating system
It is sent to the ends encryption device Device;
S3:The ends encryption device Device receive above-mentioned clear data to encryption by the UASP drivers at the ends Device and draw
Encryption is held up and started, encrypted ciphertext data are put to the data buffer zone at the ends Device;
S4:Encryption device sends ciphertext data to the ends Host by the UASP drivers at the ends Device;
S5:The ends Host receive ciphertext data by application software app and deposit to memory;
S6:Ciphertext data are written back to hard disk by application software app or preserved to other positions by the ends Host.
Further, application software app in the ends Host generates UASP asynchronous queues by the asynchronous IO API that operating system provides.
The data length for the asynchronous I/O Request that the ends Host application software app is generated every time is buffered no more than device end datas
The capacity in area.
Continuously submit asynchronous I/O Request to the ends device, at the end of all asynchronous writes and asynchronous reading all, one in the ends Host
Secondary complete file encryption action terminates.
Asynchronous in cryptographic operation " writing " corresponding encryption, asynchronous " reading " is corresponding to read encrypted result;It is different in decryption oprerations
" writing " corresponding decryption is walked, asynchronous " reading " is corresponding to read decrypted result.
The buffering area at the required ends Device is smaller, and 32KB can reach high-performance, to save hardware resource.
Compared with prior art, the invention has the advantages that:
1, the present invention is based on the final products of the efficient data encryption device of UASP to be highly convenient for carrying, at any time with
The encryption and decryption of data is completed on ground, and form is similar to U Key;Key is located inside equipment, ensures safety;
2, the high bandwidth of USB3.0 can be made full use of based on UASP agreements, realize very efficient encryption and decryption;
3, UASP agreements are based on, extremely low to the buffer requirements of equipment end, 32KB SRAM can reach high-performance;
4, Host end application software app, which do not have to installation driving, directly to operate encryption device by application program, very
Just accomplish free drive.
Description of the drawings
Fig. 1 is the flow chart of single Data Encryption Transmission;
Fig. 2 is the flow chart of more Data Encryption Transmissions.
Specific implementation mode
The invention will now be described in further detail with reference to the accompanying drawings.
Specific Encryption Algorithm selection proposed by the present invention and key management mode with technology frame proposed by the invention
Frame is unrelated.The encryption device of the present invention needs built-in encryption engine, and the arbitrary symmetric encipherment algorithm pair such as AES, SM1, SM4 may be used
The data flowed through carry out encryption and decryption.In terms of key management, you can encryption key is randomly generated with inside, can also by RSA,
The asymmetric arithmetics such as SM2 are negotiated to generate key, can also use other arbitrary acceptable key management modes.
The present invention is mainly to realize the USB device end for supporting UASP, next needs to write usb host end software, Shuan Fangpei
It closes and realizes data encrypting and deciphering process.When equipment is inserted into the usb host for supporting UASP, can a great Rong be identified as by host
Storage device is measured, host side software, which does not have to any driving of installation, can access the equipment, realize data encrypting and deciphering.Fig. 1 is this
One application scenarios of invention, including the ends Host and the ends Device, arrow represent a data encryption and (decrypt flow therewith substantially
It is identical) flow.
Single data encryption flow in Fig. 1 is described below:
1. host side application software (App) reads plaintext document to be encrypted to memory from hard disk (FileSystem)
(Buffer);
2. host side application software drives the clear data in memory to encryption via the UASP that operating system provides and sets
Preparation is sent;
3. encryption device receives clear data to crypto-engine (Crypto by the UASP drivings of equipment end
Engine), and start encryption, encrypted ciphertext data are put to equipment end buffer memory (Buffer);
4. encryption device sends ciphertext data to host side by the UASP drivings of equipment end
5. host side receives ciphertext data by application software and deposits to memory
6. ciphertext data are written back to hard disk (or preserving to other positions) by host side by application software
Single data encryption does not form asynchronous queue, is unable to fully the high bandwidth using USB3.0, is transmitted using more
It bright can then make full use of bandwidth, schematic diagram as shown in Figure 2 in conjunction with UASP.
Have 4 pending orders that host is issued in the command queue of Fig. 2, be followed successively by write, reading and writing, reading, and order tie
Using tag as distinguishing inside structure, it is expressed as CMD1, CMD2, CMD3, CMD4 (abbreviation of CMD i.e. command (order)).It writes, read
Occur in pairs, a data encryption operation is realized per a pair of write-read (see Fig. 1).The ends Device parse these and order and execute successively
Corresponding data receiver and receipt are sent, and wherein data receiver can be explained along with the encryption acts of crypto engine, detailed process
It is as follows:
1.Device parses CMD1 first, and notifies host that can execute CMD1;
2.Host is notified, executes CMD1, be-encrypted data is sent to device;Device starts crypto engine, connects
Receive data.Device CPU are released at this time, continue the parsing and pretreatment of CMD2;
3. after data encryption, device notifies host CMD1 to execute within the extremely short time, and notifies
Host can execute CMD2;
4.Host is notified, executes CMD2, and ciphertext data are read back host from device;The CPU of device can at this time
To continue the pretreatment of CMD3;
5. after ciphertext data transmission, host thinks that the encryption of the first block number evidence has been completed;Device is then extremely short
Time in notice host CMD2 executed, and notify host that can execute CMD3;
After 6.Host is notified, CMD3, CMD4 are continued to execute;Execute the flow and CMD1, CMD2 phase of CMD3, CMD4
Together.
In the step 3 of this flow, step 5, device notifies the time of host extremely short, this be asynchronous queue's mechanism and
What the software-hardware synergism at the ends device was ensured.By the way that from the point of view of time shaft, the time that " interval " in Fig. 2 occupies is extremely short,
It ensure that " receive and encrypt " and " returning to ciphertext " is continuous substantially, to ensure that bandwidth availability ratio to the maximum extent.This
It is the key that ensure to make full use of USB3.0 high bandwidths.
The implementation of the present invention relies on the software and hardware cooperation at the ends USB3.0Device, i.e., needs the ends USB host (general simultaneously
It is PC or application software App) realize matched program.
The technical solution of one most preferred embodiment is as follows:
The hardware resource at the ends 1.Device will have USB3.0Device controllers, crypto engine, DMA etc.;
The ends 2.Device need one piece of continuous SRAM as data buffer, and 32KB is enough;
The firmware program at the ends 3.Device needs to realize the driver of USB, crypto engine, DMA, and to realize that UASP is assisted
View realizes the efficient response to the host asynchronous queues issued;
The PC programs at the ends 4.Host need to generate UASP asynchronous queues by the asynchronous IO API that OS is provided;
The PC programs at the ends 5.Host every time asynchronous I/O Request data length be no more than the ends device buffer sizes;
6.Host continuously submits asynchronous I/O Request to be issued to device, when all asynchronous writes and asynchronous reading are all tied
When beam, primary complete file encryption acts the completion that leaves it at that;
7. encryption is similar with decryption scheme:For encryption, asynchronous " writing " is encryption;Asynchronous " reading " is to take encrypted result;It is right
In decryption, asynchronous " writing " is decryption, and asynchronous " reading " is to take decrypted result.
The description of the above specific implementation mode is not intended to limit the invention, all within the spirits and principles of the present invention institute
Any modification, equivalent substitution, improvement and etc. of work, should all be included in the protection scope of the present invention.
Claims (6)
1. a kind of efficient data encryption device based on UASP agreements, it is characterised in that include USB3.0Device at the ends Device
Controller, UASP controllers, crypto engine and the respective driver of three also include a data buffer zone;In Host
End includes an application software app and a data buffer zone;It also include the program of a realization following functions:
S1:The ends Host application software app reads plaintext document to be encrypted to internal storage data buffering area from hard disk;
S2:The ends Host application software app is the UASP drivers that the clear data in memory is provided via operating system to adding
The ends close equipment Device are sent;
S3:The ends encryption device Device receive above-mentioned clear data to crypto engine simultaneously by the UASP drivers at the ends Device
Start encryption, encrypted ciphertext data are put to the data buffer zone at the ends Device;
S4:Encryption device sends ciphertext data to the ends Host by the UASP drivers at the ends Device;
S5:The ends Host receive ciphertext data by application software app and deposit to memory;
S6:Ciphertext data are written back to hard disk by application software app or preserved to other positions by the ends Host.
2. the efficient data encryption device according to claim 1 based on UASP agreements, it is characterised in that apply at the ends Host
Software app generates UASP asynchronous queues by the asynchronous IO API that operating system provides.
3. the efficient data encryption device according to claim 2 based on UASP agreements, it is characterised in that apply at the ends Host
The data length for the asynchronous I/O Request that software app is generated every time is no more than the capacity of device end data buffering areas.
4. the efficient data encryption device according to claim 2 based on UASP agreements, it is characterised in that the ends Host are continuous
Submit asynchronous I/O Request to the ends device, at the end of all asynchronous writes and asynchronous reading all, primary complete file encryption is dynamic
Work terminates.
5. the efficient data encryption device according to claim 4 based on UASP agreements, it is characterised in that in cryptographic operation
In asynchronous " writing " corresponding encryption, asynchronous " readings " is corresponding to read encrypted result;In decryption oprerations, asynchronous " writing " corresponding decryption is different
Walk " reading " corresponding reading decrypted result.
6. the efficient data encryption device according to claim 1 based on UASP agreements, it is characterised in that the Device
The capacity of the data buffer zone at end is not higher than 32KB.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810349859.1A CN108563603B (en) | 2018-04-18 | 2018-04-18 | High-efficient data encryption equipment based on UASP agreement |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810349859.1A CN108563603B (en) | 2018-04-18 | 2018-04-18 | High-efficient data encryption equipment based on UASP agreement |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108563603A true CN108563603A (en) | 2018-09-21 |
| CN108563603B CN108563603B (en) | 2020-12-29 |
Family
ID=63535541
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810349859.1A Active CN108563603B (en) | 2018-04-18 | 2018-04-18 | High-efficient data encryption equipment based on UASP agreement |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108563603B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111125739A (en) * | 2019-12-26 | 2020-05-08 | 山东方寸微电子科技有限公司 | Data encryption method, data decryption method, data encryption and decryption equipment and data encryption and decryption system based on SATA (Serial advanced technology attachment) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101655894A (en) * | 2008-08-19 | 2010-02-24 | 上海华虹集成电路有限责任公司 | Method for improving throughput of grouping algorithm on general serial bus encryption lock |
| US20110296106A1 (en) * | 2010-06-01 | 2011-12-01 | Hsieh-Huan Yen | System for realizing multi-port storage media based on a uasp protocol of a usb specification version 3.0 and method thereof |
| CN102291391A (en) * | 2011-07-21 | 2011-12-21 | 西安百盛信息技术有限公司 | Safe transmission method for data in cloud service platform |
| CN103729324A (en) * | 2014-01-22 | 2014-04-16 | 浪潮电子信息产业股份有限公司 | Security protection device of cloud storage file based on USB3.0 interface |
| CN204215404U (en) * | 2014-09-07 | 2015-03-18 | 杭州华澜微科技有限公司 | A kind of cryptographic storage dish |
| CN204669402U (en) * | 2015-04-03 | 2015-09-23 | 王爱华 | A kind of cloud data message encrypting and decrypting system based on USB flash disk |
| CN105159774A (en) * | 2015-07-08 | 2015-12-16 | 清华大学 | API request order-preserving processing method and system |
| US20160371201A1 (en) * | 2015-06-17 | 2016-12-22 | Xitron LLC | Apparatus for transmitting data through the universal serial bus, converting to scsi protocols for computer peripherals |
-
2018
- 2018-04-18 CN CN201810349859.1A patent/CN108563603B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101655894A (en) * | 2008-08-19 | 2010-02-24 | 上海华虹集成电路有限责任公司 | Method for improving throughput of grouping algorithm on general serial bus encryption lock |
| US20110296106A1 (en) * | 2010-06-01 | 2011-12-01 | Hsieh-Huan Yen | System for realizing multi-port storage media based on a uasp protocol of a usb specification version 3.0 and method thereof |
| CN102291391A (en) * | 2011-07-21 | 2011-12-21 | 西安百盛信息技术有限公司 | Safe transmission method for data in cloud service platform |
| CN103729324A (en) * | 2014-01-22 | 2014-04-16 | 浪潮电子信息产业股份有限公司 | Security protection device of cloud storage file based on USB3.0 interface |
| CN204215404U (en) * | 2014-09-07 | 2015-03-18 | 杭州华澜微科技有限公司 | A kind of cryptographic storage dish |
| CN204669402U (en) * | 2015-04-03 | 2015-09-23 | 王爱华 | A kind of cloud data message encrypting and decrypting system based on USB flash disk |
| US20160371201A1 (en) * | 2015-06-17 | 2016-12-22 | Xitron LLC | Apparatus for transmitting data through the universal serial bus, converting to scsi protocols for computer peripherals |
| CN105159774A (en) * | 2015-07-08 | 2015-12-16 | 清华大学 | API request order-preserving processing method and system |
Non-Patent Citations (2)
| Title |
|---|
| HANLIN CHEN: "The single-chip solution of embedded USB encryptor", 《2010 IEEE INTERNATIONAL CONFERENCE ON INFORMATION THEORY AND INFORMATION SECURITY》 * |
| 张锋: "一种高速免驱USB加密卡的设计与实现", 《计算机工程》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111125739A (en) * | 2019-12-26 | 2020-05-08 | 山东方寸微电子科技有限公司 | Data encryption method, data decryption method, data encryption and decryption equipment and data encryption and decryption system based on SATA (Serial advanced technology attachment) |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108563603B (en) | 2020-12-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20120137139A1 (en) | Data storage device, data control device and method for encrypting data | |
| US8321659B2 (en) | Data encryption apparatus, data decryption apparatus, data encryption method, data decryption method, and data transfer controlling apparatus | |
| CN104217180B (en) | A kind of encryption storage dish | |
| US9152825B2 (en) | Using storage controller bus interfaces to secure data transfer between storage devices and hosts | |
| CN107256363B (en) | High-speed encryption and decryption device composed of encryption and decryption module array | |
| CN109240952B (en) | High-speed data encryption NVMe-SATA converter circuit | |
| CN107092835A (en) | The computer data enciphering device and method of a kind of virtual memory disk | |
| CN110163011B (en) | High-speed safe hard disk design method | |
| KR20190075363A (en) | Semiconductor memory device, memory system and memory module including the same | |
| US8478984B2 (en) | Data encryption apparatus, data decryption apparatus, data encryption method, data decryption method, and data relay apparatus | |
| CN107609428A (en) | Date safety storing system and method | |
| CN109840434A (en) | A kind of method for secure storing based on the close chip of state | |
| KR101496975B1 (en) | Solid-state-disk and input/output method thereof | |
| CN108563603A (en) | A kind of efficient data encryption device based on UASP agreements | |
| CN106970889B (en) | SATA bridge chip and working method thereof | |
| CN204215404U (en) | A kind of cryptographic storage dish | |
| CN104268489A (en) | Method for optimizing performance of encryption card based on DEVICE MAPPER | |
| CN105468983A (en) | Data transmission method and device based on SATA (Serial Advanced Technology Attachment) interface | |
| JP5481354B2 (en) | Information processing device | |
| US20220416997A1 (en) | Handling unaligned transactions for inline encryption | |
| CN114547663A (en) | Method for realizing data encryption, decryption and reading by high-speed chip based on USB interface | |
| KR20100133184A (en) | Solid state drive device | |
| CN111290830B (en) | Virtual machine migration method, processor and electronic equipment | |
| US20160026582A1 (en) | Encrypt data of storage device | |
| CN101727408A (en) | Data encryption method based on hard disk interface controller |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room 803-1, North Building, 9 Shuntai Square, 2000 Shunhua Road, Jinan City, Shandong Province, 250101 Applicant after: Shandong Fangcun Microelectronics Technology Co.,Ltd. Address before: 210000 R203 room, east of 2 building, 1 Garden Road, Jiangpu street, Pukou District, Nanjing, Jiangsu. Applicant before: NANJING FANGCUN MICROELECTRONICS TECHNOLOGY Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: An Efficient Data Encryption Device Based on UASP Protocol Effective date of registration: 20230912 Granted publication date: 20201229 Pledgee: Qilu Bank Co.,Ltd. Jinan West Market Branch Pledgor: Shandong Fangcun Microelectronics Technology Co.,Ltd. Registration number: Y2023980056373 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |