CN108563603B - High-efficient data encryption equipment based on UASP agreement - Google Patents
High-efficient data encryption equipment based on UASP agreement Download PDFInfo
- Publication number
- CN108563603B CN108563603B CN201810349859.1A CN201810349859A CN108563603B CN 108563603 B CN108563603 B CN 108563603B CN 201810349859 A CN201810349859 A CN 201810349859A CN 108563603 B CN108563603 B CN 108563603B
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- uasp
- host
- asynchronous
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/42—Bus transfer protocol, e.g. handshake; Synchronisation
- G06F13/4282—Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2213/00—Indexing scheme relating to interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F2213/0036—Small computer system interface [SCSI]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2213/00—Indexing scheme relating to interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F2213/0042—Universal serial bus [USB]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a high-efficiency data encryption device based on a UASP protocol, which comprises a USB3.0device controller, a UASP controller, an encryption engine and a data buffer area at a device end; the Host end comprises an application software app and a data buffer area; also included is a program that implements the following functions: the Host end application software reads out the plaintext of the file to be encrypted from the hard disk to the memory data buffer area; the Host end application software sends the plaintext data in the memory to the encryption equipment end; the encryption equipment terminal receives the plaintext data to an encryption engine through a UASP driver, starts encryption and places the encrypted ciphertext data to a data buffer area of the equipment terminal; sending the ciphertext data to a Host end; the Host receives the ciphertext data through the application software app and stores the ciphertext data in the memory; and writing the ciphertext data back to the hard disk through the application software. The final product of the UASP-based high-efficiency data encryption equipment is very convenient to carry, data encryption and decryption are completed at any time and any place, and the secret key is positioned in the equipment, so that the safety is ensured.
Description
Technical Field
The invention belongs to the technical field of computer information security, and particularly relates to high-efficiency data encryption equipment based on a UASP protocol.
Background
UASP (USB Attached SCSI protocol) is a new transmission protocol in the SCSI (Small Computer System Interface) protocol family in recent years, because it completely conforms to SAM-4 specification (SCSI Architecture Model 4), and supports asynchronous queue transmission, under the condition that both communication parties are well matched, the transmission efficiency of the underlying physical Interface can be close to full bandwidth, and it is very efficient. The transmission medium of the UASP bottom layer is USB, and a command channel, a state channel, a data OUT channel and a data IN channel are respectively established by utilizing 4 batch pipelines (Bulk Pipe) of the USB.
The USB3.0 can realize the maximization of transmission efficiency after carrying the UASP by means of the transmission rate of up to 5 Gbps. The UASP PROTOCOL is used to realize high-speed STORAGE OF data between devices, AND FOR example, US patent publication No. US20110296106a1 entitled "SYSTEM FOR real testing multiple-PORT STORAGE MEDIA BASED ON UASP PROTOCOL OF USB specific information 3.0 AND METHOD THEREOF" proposes a MULTI-PORT STORAGE MEDIA SYSTEM BASED ON the UASP PROTOCOL OF USB 3.0. However, how to ensure the security of data while achieving high transmission efficiency by using the UASP protocol is still a problem to be solved.
Disclosure of Invention
The invention aims to provide UASP-based efficient data encryption equipment, which realizes efficient encryption of key data by relying on UASP asynchronous queue technology and a bottom USB3.0 ultra-high-speed physical interface.
In order to achieve the above object, the technical solution adopted by the present invention is a high-efficiency data encryption Device based on UASP protocol, which comprises a usb3.0Device controller, a UASP controller, an encryption engine, and respective drivers of the three, and further comprises a data buffer at the Device end; the Host end comprises an application software app and a data buffer area; also included is a program that implements the following functions:
s1: reading a plaintext of a file to be encrypted from a hard disk to a memory data buffer area by the Host-end application software app;
s2: the Host-end application software app sends plaintext data in the memory to the encryption Device end through a UASP driver provided by an operating system;
s3: the encryption Device receives the plaintext data to an encryption engine through a UASP driver of the Device, starts encryption, and puts encrypted ciphertext data to a data buffer of the Device;
s4: the encryption equipment sends the ciphertext data to a Host end through a UASP driver of a Device end;
s5: the Host receives the ciphertext data through the application software app and stores the ciphertext data in the memory;
s6: and the Host end writes the ciphertext data back to the hard disk or stores the ciphertext data to other positions through the application software app.
Further, the Host-side application software app generates the UASP asynchronous queue by means of an asynchronous IO API provided by the operating system.
The data length of the asynchronous IO request generated by the Host-side application software app each time does not exceed the capacity of the device-side data buffer.
And the Host terminal continuously submits the asynchronous IO request to the device terminal, and when all asynchronous writing and asynchronous reading are finished, one complete file encryption action is finished.
In the encryption operation, asynchronously writing corresponding encryption and asynchronously reading corresponding reading encryption results; in the decryption operation, asynchronous "write" corresponds to decryption, and asynchronous "read" corresponds to reading the decryption result.
The buffer area of the Device end is small, and 32KB can achieve high performance so as to save hardware resources.
Compared with the prior art, the invention has the following beneficial effects:
1, the final product of the UASP-based high-efficiency data encryption equipment is very convenient to carry, the encryption and decryption of data can be completed at any time and any place, and the form is similar to a U Key; the secret key is positioned in the equipment, so that the safety is ensured;
2, the high bandwidth of USB3.0 can be fully utilized based on the UASP protocol, and very efficient encryption and decryption are realized;
3, based on the UASP protocol, the buffer requirement on the equipment end is extremely low, and the 32KB SRAM can achieve high performance;
4, the Host-side application software app can directly operate the encryption equipment through the application program without installing a driver, and the drive-free operation is really realized.
Drawings
FIG. 1 is a flow chart of single-stroke data encryption transmission;
fig. 2 is a flow chart of multi-stroke data encryption transmission.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
The specific encryption algorithm selection and key management modes provided by the invention are irrelevant to the technical framework provided by the invention. The encryption equipment of the invention needs to be internally provided with an encryption engine, and can adopt any symmetric encryption algorithm such as AES, SM1, SM4 and the like to encrypt and decrypt the data flowing through. In the key management, the encryption key may be generated randomly in the inside, the key may be generated by asymmetric algorithm negotiation such as RSA and SM2, or any other acceptable key management method may be used.
The invention mainly realizes the USB device end supporting UASP, and then needs to compile USB host end software, and the two parts cooperate to realize the data encryption and decryption process. When the device is inserted into a USB host supporting UASP, the device can be identified as a mass storage device by the host, and host-side software can access the device without installing any driver, so that data encryption and decryption are realized. FIG. 1 is an application scenario of the present invention, which includes a Host end and a Device end, and arrows represent a process of encrypting (and decrypting) a piece of data.
The single-stroke data encryption process in fig. 1 is described as follows:
1. reading a plaintext of a file to be encrypted from a hard disk (FileSystem) to a memory (Buffer) by host-side application software (App);
2. the host application software sends the plaintext data in the memory to the encryption equipment through UASP drive provided by the operating system;
3. the encryption equipment receives plaintext data to an encryption and decryption Engine (Crypto Engine) through UASP drive of the equipment end, starts encryption, and puts encrypted ciphertext data into a Buffer memory (Buffer) of the equipment end;
4. the encryption equipment sends the ciphertext data to the host end through the UASP drive of the equipment end
5. The host receives the cipher text data through the application software and stores the cipher text data in the memory
6. The host writes the ciphertext data back to the hard disk (or stores the ciphertext data to other positions) through the application software
The single-stroke data encryption does not form an asynchronous queue, the high bandwidth of the USB3.0 cannot be fully utilized, and the bandwidth can be fully utilized by combining multi-stroke transmission with UASP, and a schematic diagram of the method is shown in FIG. 2.
The command queue in fig. 2 has 4 commands to be executed issued by host, which are write, read, write, and read in sequence, and are distinguished by tag inside the command structure, and denoted as CMD1, CMD2, CMD3, and CMD4(CMD is an abbreviation of command). The writing and reading occur in pairs, and each pair of writing and reading realizes one data encryption operation (see fig. 1). The Device terminal sequentially analyzes the commands and executes corresponding data receiving and receipt sending, wherein the data receiving is accompanied with the encryption action of the encryption engine, and the specific flow is explained as follows:
device first parses CMD1 and notifies host that CMD1 can be executed;
2, when the Host receives the notification, executing CMD1 and sending the data to be encrypted to the device; the device starts the encryption engine and receives the data. At the moment, the device CPU is released, and the analysis and the pretreatment of the CMD2 are continuously carried out;
3. after the data encryption is finished, the device informs the host CMD1 of being executed in a very short time and informs the host that CMD2 can be executed;
when the Host receives the notification, executing CMD2, and reading the ciphertext data back to the Host from the device; at this time, the CPU of the device can continue the preprocessing of CMD 3;
5. after the transmission of the ciphertext data is finished, the host considers that the encryption of the first block of data is finished; the device informs the host of the completion of the execution of CMD2 in a very short time and informs the host of the execution of CMD 3;
after receiving the notification, the Host continues to execute CMD3 and CMD 4; the flow of executing CMD3 and CMD4 is the same as CMD1 and CMD 2.
In step 3 and step 5 of this flow, the device notifies the host in a very short time, which is ensured by the asynchronous queue mechanism and the software and hardware cooperation of the device end. As seen by a time axis, the time occupied by the interval in fig. 2 is very short, which ensures that the receiving and encrypting and returning the ciphertext are basically continuous, thereby maximally ensuring the bandwidth utilization. This is the key to ensuring full utilization of the USB3.0 high bandwidth.
The implementation of the invention depends on the software and hardware cooperation of the USB3.0device end, namely, the USB host end (generally PC or application software App) is required to realize the program cooperating with the USB host end.
The technical scheme of a preferred embodiment is as follows:
1, Device end hardware resources, including USB3.0device controller, encryption engine, DMA, etc.;
2, the Device end needs to have a continuous SRAM as data buffer, and 32KB is enough;
3, a firmware program of the Device end needs to realize driving programs of a USB, an encryption engine and a DMA, and a UASP protocol is realized to realize efficient response to an asynchronous queue issued by host;
4, the PC program at the Host end needs to generate a UASP asynchronous queue by means of an asynchronous IO API provided by the OS;
5, the data length of each asynchronous IO request of the PC program at the Host end does not exceed the buffer size of the device end;
6, the Host continuously submits the asynchronous IO request to be issued to the device, and when all asynchronous writing and asynchronous reading are finished, a complete file encryption action is finished;
7. the encryption and decryption schemes are similar: for encryption, asynchronous "writes" are encryption; asynchronous "reading" is taking the encrypted result; for decryption, asynchronous "writes" are decryption, and asynchronous "reads" are fetching of the decryption result.
The above description of the specific embodiments is not intended to limit the present invention, and any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (6)
1. A high-efficient data encryption equipment based on UASP agreement, characterized by that include USB3.0device controller, UASP controller, encryption engine and their respective driver in the Device end, also include a data buffer; the Host end comprises an application software app and a data buffer area; also included is a program that implements the following functions:
s1: reading a plaintext of a file to be encrypted from a hard disk to a memory data buffer area by the Host-end application software app;
s2: the Host-end application software app sends plaintext data in the memory to the encryption Device end through a UASP driver provided by an operating system;
s3: the encryption Device receives the plaintext data to an encryption engine through a UASP driver of the Device, starts encryption, and puts encrypted ciphertext data to a data buffer of the Device;
s4: the encryption equipment sends the ciphertext data to a Host end through a UASP driver of a Device end;
s5: the Host receives the ciphertext data through the application software app and stores the ciphertext data in the memory;
s6: and the Host end writes the ciphertext data back to the hard disk or stores the ciphertext data to other positions through the application software app.
2. A UASP protocol based efficient data encryption device as recited in claim 1, wherein the Host-side application software app generates UASP asynchronous queues via an asynchronous IO API provided by the operating system.
3. A UASP protocol based efficient data encryption device as recited in claim 2, wherein the data length of the asynchronous IO request generated by the Host-side application software app each time does not exceed the capacity of the device-side data buffer.
4. A UASP protocol based efficient data encryption device as recited in claim 2, wherein the Host side continuously submits asynchronous IO requests to the device side, and when all asynchronous writes and asynchronous reads are finished, a complete file encryption operation is finished.
5. A UASP protocol-based efficient data encryption device as defined in claim 4 wherein asynchronous "write" corresponds to encryption and asynchronous "read" corresponds to reading of encryption results during encryption operations; in the decryption operation, asynchronous "write" corresponds to decryption, and asynchronous "read" corresponds to reading the decryption result.
6. A UASP protocol based efficient data encryption Device as recited in claim 1, wherein the Device side data buffer has a size not higher than 32 KB.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810349859.1A CN108563603B (en) | 2018-04-18 | 2018-04-18 | High-efficient data encryption equipment based on UASP agreement |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810349859.1A CN108563603B (en) | 2018-04-18 | 2018-04-18 | High-efficient data encryption equipment based on UASP agreement |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108563603A CN108563603A (en) | 2018-09-21 |
| CN108563603B true CN108563603B (en) | 2020-12-29 |
Family
ID=63535541
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810349859.1A Active CN108563603B (en) | 2018-04-18 | 2018-04-18 | High-efficient data encryption equipment based on UASP agreement |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108563603B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111125739A (en) * | 2019-12-26 | 2020-05-08 | 山东方寸微电子科技有限公司 | Data encryption method, data decryption method, data encryption and decryption equipment and data encryption and decryption system based on SATA (Serial advanced technology attachment) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN204669402U (en) * | 2015-04-03 | 2015-09-23 | 王爱华 | A kind of cloud data message encrypting and decrypting system based on USB flash disk |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101655894B (en) * | 2008-08-19 | 2012-06-27 | 上海华虹集成电路有限责任公司 | Method for improving throughput of grouping algorithm on general serial bus encryption lock |
| US20110296106A1 (en) * | 2010-06-01 | 2011-12-01 | Hsieh-Huan Yen | System for realizing multi-port storage media based on a uasp protocol of a usb specification version 3.0 and method thereof |
| CN102291391A (en) * | 2011-07-21 | 2011-12-21 | 西安百盛信息技术有限公司 | Safe transmission method for data in cloud service platform |
| CN103729324A (en) * | 2014-01-22 | 2014-04-16 | 浪潮电子信息产业股份有限公司 | Security protection device of cloud storage file based on USB3.0 interface |
| CN204215404U (en) * | 2014-09-07 | 2015-03-18 | 杭州华澜微科技有限公司 | A kind of cryptographic storage dish |
| US10108559B2 (en) * | 2015-06-17 | 2018-10-23 | Xitron LLC | Apparatus for transmitting data through the universal serial bus, converting to SCSI protocols for computer peripherals |
| CN105159774B (en) * | 2015-07-08 | 2018-06-12 | 清华大学 | A kind of API request order-preserving processing method and system |
-
2018
- 2018-04-18 CN CN201810349859.1A patent/CN108563603B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN204669402U (en) * | 2015-04-03 | 2015-09-23 | 王爱华 | A kind of cloud data message encrypting and decrypting system based on USB flash disk |
Non-Patent Citations (2)
| Title |
|---|
| The single-chip solution of embedded USB encryptor;Hanlin Chen;《2010 IEEE International Conference on Information Theory and Information Security》;20110117;第2011卷(第01期);全文 * |
| 一种高速免驱USB加密卡的设计与实现;张锋;《计算机工程》;20171214;第43卷(第11期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108563603A (en) | 2018-09-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8165301B1 (en) | Input-output device and storage controller handshake protocol using key exchange for data security | |
| CN107256363B (en) | High-speed encryption and decryption device composed of encryption and decryption module array | |
| US11397820B2 (en) | Method and apparatus for processing data, computer device and storage medium | |
| US20130290736A1 (en) | Data storage device, data control device and method for encrypting data | |
| CN109240952B (en) | High-speed data encryption NVMe-SATA converter circuit | |
| CN104217180B (en) | A kind of encryption storage dish | |
| WO2017206754A1 (en) | Storage method and storage device for distributed file system | |
| CN110163011B (en) | High-speed safe hard disk design method | |
| CN109067523A (en) | A kind of data ciphering method of encrypted card | |
| US20100128874A1 (en) | Encryption / decryption in parallelized data storage using media associated keys | |
| CN104160407A (en) | Using storage controller bus interfaces to secure data transfer between storage devices and hosts | |
| US8478984B2 (en) | Data encryption apparatus, data decryption apparatus, data encryption method, data decryption method, and data relay apparatus | |
| CN107092835A (en) | The computer data enciphering device and method of a kind of virtual memory disk | |
| CN109104275A (en) | A kind of HSM equipment | |
| CN104243510A (en) | Safe network storage system and method | |
| CN109325356A (en) | A kind of encryption card architecture | |
| CN109840434A (en) | A kind of method for secure storing based on the close chip of state | |
| CN115344881A (en) | Hard disk encryption and decryption device and method, hard disk and I/O interface | |
| CN108563603B (en) | High-efficient data encryption equipment based on UASP agreement | |
| CN114547663A (en) | Method for realizing data encryption, decryption and reading by high-speed chip based on USB interface | |
| CN106970889B (en) | SATA bridge chip and working method thereof | |
| CN202838313U (en) | Encrypted mobile hard disk of integrated NFC technology | |
| CN204215404U (en) | A kind of cryptographic storage dish | |
| CN106845254A (en) | A kind of encrypted data transmission line for computer | |
| CN104268489A (en) | DEVICE MAPPER-based encryption card performance optimization method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Room 803-1, North Building, 9 Shuntai Square, 2000 Shunhua Road, Jinan City, Shandong Province, 250101 Applicant after: Shandong Fangcun Microelectronics Technology Co.,Ltd. Address before: 210000 R203 room, east of 2 building, 1 Garden Road, Jiangpu street, Pukou District, Nanjing, Jiangsu. Applicant before: NANJING FANGCUN MICROELECTRONICS TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: An Efficient Data Encryption Device Based on UASP Protocol Effective date of registration: 20230912 Granted publication date: 20201229 Pledgee: Qilu Bank Co.,Ltd. Jinan West Market Branch Pledgor: Shandong Fangcun Microelectronics Technology Co.,Ltd. Registration number: Y2023980056373 |