CN109711208B - USB interface equipment data encryption conversion device and working method thereof - Google Patents

USB interface equipment data encryption conversion device and working method thereof Download PDF

Info

Publication number
CN109711208B
CN109711208B CN201811376885.XA CN201811376885A CN109711208B CN 109711208 B CN109711208 B CN 109711208B CN 201811376885 A CN201811376885 A CN 201811376885A CN 109711208 B CN109711208 B CN 109711208B
Authority
CN
China
Prior art keywords
data
control module
usb
module
read
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811376885.XA
Other languages
Chinese (zh)
Other versions
CN109711208A (en
Inventor
姚智慧
孟辰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Computer Technology and Applications
Original Assignee
Beijing Institute of Computer Technology and Applications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Computer Technology and Applications filed Critical Beijing Institute of Computer Technology and Applications
Priority to CN201811376885.XA priority Critical patent/CN109711208B/en
Publication of CN109711208A publication Critical patent/CN109711208A/en
Application granted granted Critical
Publication of CN109711208B publication Critical patent/CN109711208B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention relates to a USB interface equipment data encryption conversion device and a working method thereof, relating to the technical field of data real-time processing. The USB Phy interface module based on the OTG mode provides a source end USB interface and a target end USB interface, and by designing a read-write control module, an encryption control module, a key exchange module, a bitmap management module, a file system analysis module, a destruction control module and the like which are integrated with an ULPI interface, the source end USB interface supports the disconnection of a storage color number of a host or a universal USB interface, the target end USB interface is connected with a universal USB interface storage device, and supports the functions of data encryption, key safety exchange, file system analysis, bitmap management, working mode configuration, destruction control and the like, thereby meeting the application requirements of encrypted storage between the host and the universal USB interface storage device, encrypted transfer between the universal USB interface storage device and data machine backup, data safety destruction of the universal USB interface storage device and the like.

Description

USB interface equipment data encryption conversion device and working method thereof
Technical Field
The invention relates to the technical field of data real-time processing, in particular to a USB interface equipment data encryption conversion device and a working method thereof.
Background
With the development of USB interface bus technology and the widespread application of mobile storage devices, especially the wide application of mass storage devices, it has become a normal state for people to store/backup/exchange data, install application software/operating system, etc. by using USB interface storage devices. Along with the storage of a large amount of data in these general-purpose large-capacity USB interface mobile storage devices, a large amount of personal privacy, sensitive data, confidential information, and the like are not controlled due to the loss of the mobile storage device, unauthorized access, and the like, and thus, the problem that must be solved when using the mobile storage device in important application occasions has been solved.
Therefore, the technologies of data encryption, clear and secret area isolation control, password/fingerprint access control and the like of the mobile storage device are adopted, and become basic measures for guaranteeing the data security of the USB interface storage device:
and encrypting the mobile data. The USB interface controller with encryption function or the safety chip is adopted to design and provide special safe mobile storage equipment with data encryption function.
And (5) isolation control of the bright and dense areas. The USB interface controller based firmware provides isolation control of a clear area and a secret area, access to data of the secret area is controlled in a password authentication mode, the data security strength depends heavily on functions provided by the controller, access control to the secret area is achieved based on the password authentication mode, and the data protection strength is weak.
Password or fingerprint access control. The method adopts a dialog box, a digital key and other modes to input a verification password or adopts a fingerprint identification mode to carry out identification authentication to control data access to the mobile storage equipment, generally belongs to special storage equipment, and the password is solidified in the mobile storage equipment, so that the password verification is simple and the security protection measures for the password are lacked.
Aiming at the general USB interface storage equipment which is used in large quantity, the security and secrecy technology has certain defects on how to safely, conveniently and efficiently realize data encryption.
Disclosure of Invention
Technical problem to be solved
The technical problem to be solved by the invention is as follows: how to safely, conveniently and efficiently realize data encryption.
(II) technical scheme
In order to solve the technical problem, the invention provides a data encryption conversion device for USB interface equipment, which comprises a comprehensive control module 1, a mode control module 2, a key exchange module 3, a file system analysis module 4, a source end read-write control module 5, a source end data buffer 6, an encryption control module 7, a target end data buffer 8, a target end read-write control module 9, a bitmap management module 10, a destruction control module 11, a source end USB PHY interface module 12 and a target end USB PHY interface module 13;
the comprehensive control module 1 is used for taking charge of coordination control of each function module in the USB interface equipment data encryption conversion device, and comprises the steps of coordinating and forwarding an access command and non-encrypted data of a source end read-write control module 5 to a target end read-write control module 9, acquiring a working key from a key exchange module 3, synthesizing the working key and an identification code of the device into a key for encryption and decryption required by an encryption control module 7, acquiring configuration information of a mode control module 2 and performing system control according to the configuration information;
the mode control module 2 is used for monitoring the function switch setting, and determining the type of the external equipment of the source end USB interface, the data encryption and decryption access flow direction between the host and the external universal USB interface storage equipment, the encryption transfer or backup control mode between the external USB interface equipment and the data destruction mode of the target end USB interface storage equipment;
the key exchange module 3 is used for connecting an external key injection device through a key injection interface and completing identity authentication between the USB interface device data encryption conversion device and the key injection device and encryption transmission and transfer of a working key by adopting an asymmetric encryption algorithm;
the system comprises a file system analysis module 4, a source end read-write control module 5, a comprehensive control module 1, a source end data buffer area 6 and a file system analysis module 4, wherein the file system analysis module 4 is used for analyzing partition table parameters, file system types and data cluster chain structures read from a storage device by the source end read-write control module 5 when the source end USB interface is connected with the storage device, determining a data operation address needing encryption transfer or backup, the source end read-write control module 5 is used for realizing a USB interface protocol control function based on an ULPI interface protocol, adopting a configurable design of a working mode, controlling and generating or analyzing a USB PHY interface module 12 of the source end to interact and use a USB data packet through a transmission mode design, and separating access control parameters in the data packet from user data, wherein the access control parameters and non-encrypted data are transmitted to the comprehensive control module 1, data to be encrypted are transmitted to;
the source end data buffer area 6 is used for receiving data to be encrypted from the source end read-write control module 5 in an FIFO working mode during encryption so as to provide the data to the encryption control module 7 for data encryption; during decryption, the decryption data output from the encryption control module 7 is received and provided to the source read-write control module 5 so as to respond to the read data operation of the host;
the encryption control module 7 is used for realizing data encryption and decryption control by adopting key expansion, linear shift transformation, nonlinear replacement and round iteration design based on a symmetric cryptographic algorithm, and an encryption key required by the encryption control module 7 is provided by the comprehensive control module 1;
the target end data buffer area 8 is used for receiving the encrypted data output by the encryption control module 7 and providing the encrypted data to the target end read-write control module 9 during encryption by adopting an FIFO working mode so as to control the writing into the target end USB interface storage equipment; receiving data to be decrypted from the target end read-write control module 9 during decryption, providing the data to the encryption control module 7 for data decryption, and responding to the read data operation of the host;
a target end read-write control module 9, which is used for realizing the control function of the USB host interface protocol based on the ULPI interface protocol, and controls and generates and receives a USB data packet for interaction of a target end USB PHY interface module 13 through the design of a transmission mode, and separates the access control parameter in the data packet from the user data, wherein the access control parameter and the non-encrypted data are transmitted to the comprehensive control module 1, the data to be decrypted are transmitted to a target end data buffer area 8, when the target end read-write control module 9 performs data read-write operation on target end USB interface storage equipment, the data read-write address is provided for the bitmap management module 10, the bitmap management module 10 determines the encryption state of the access address data, and simultaneously, when destruction is triggered, the overwrite data packet generated by the receiving control module 11 is received;
the bitmap management module 10 is used for establishing a storage equipment access address data encryption identification bitmap in units of sectors or clusters for the target USB interface storage equipment, and carrying out bitmap initialization, updating and maintenance according to the working mode of the USB interface equipment data encryption conversion device and the target read-write control module 9 access address;
the destruction control module 11 is configured to construct a USB protocol write operation data packet and provide the USB protocol write operation data packet to the target read-write control module 9, and control the target USB interface storage device to perform the full-disk data overwriting destruction operation for the number of times of 1, 3, and 7 according to different destruction control modes, where 512 byte block data is formed by a random number, a sequence number, and a fixed number;
the source end USB PHY interface module 12 is used for providing a USB protocol physical layer interface, supporting an OTG working mode and determining that the source end interface is externally connected with a USB host or a universal USB interface storage device according to a host or device working mode selected by the mode control module 2, wherein when the working mode is set as the host, the USB Phy interface module 12 is set as a USB device end interface, one end of the USB Phy interface module is connected with the host USB interface, and the other end of the USB Phy interface module is connected with the source end read-write control module 5 through the ULPI interface and responds to host access; when the working mode is set as the device, the USB Phy interface module 12 is configured as a USB host interface, one end of the USB host interface is connected with an external USB interface storage device, and the other end of the USB host interface is connected with the source end read-write control module 5 through the ULPI interface to control the access to the USB interface storage device;
and the target end USB PHY interface module 13 is used for providing a USB protocol physical layer interface, one end of the target end USB PHY interface module is connected with an external USB interface storage device, and the other end of the target end USB PHY interface module is connected with the target end read-write control module 9 through an ULPI interface to control access to the USB interface storage device.
Preferably, the device further comprises a power supply module 14, which is used for supporting the power supply of the external power adapter and the power supply of the USB interface of the host when the operating mode setting is configured as the host, and providing the required operating power supply for each functional module of the data encryption and conversion device of the USB interface device.
Preferably, the file system parsing module 4 is specifically configured to:
determining the type of a file system and the address of a partition table, a file allocation table, a file index table or a directory area according to the read magnetic disk parameter information, a main partition table and a boot sector of the source USB interface storage device;
and establishing a file cluster chain structure according to the file allocation table, the file index table or the directory area, and determining the storage address and the data block size of the file to be transferred or backed up.
Preferably, the bitmap management module 10 is specifically configured to:
reading a bitmap data block and a bitmap validity identifier of the target USB interface storage device after electrifying, and if the bitmap validity identifier is invalid, triggering the target storage device to overwrite data 8' h00 in a full disk manner and reestablishing and initializing bitmap data reading;
when encrypted data are written into the target storage device, according to the access address of the target read-write control module 9, inquiring the relevant data position in the corresponding bitmap and setting 1, wherein the current access address data represent the encrypted data; when data backup is carried out on target end storage equipment, the access address corresponds to a relevant data bit in a bitmap and is clear 0, and the data representing the access address is not subjected to encryption operation;
when data is read from the target end USB interface storage device, according to the access address of the target end read-write control module 9, inquiring the identification information in the corresponding bitmap and providing the identification information to the target end read-write control module 9, and determining whether the data needs to be decrypted and restored or not;
when the data of the target USB interface storage device is destroyed, the target USB interface storage device is triggered to overwrite data 8' h00 in a full disk mode.
The invention also provides a working method of the device, which comprises the following steps:
after the power module 14 supplies power through an external power supply or a source end USB interface external host, the self-checking of the power-on system is completed, the current working mode is obtained through the mode control module 2, and then the working key required by the encryption control module 7 is safely obtained from the outside through the key exchange module 3;
the comprehensive control module 1 acquires a current working mode according to the mode control module 2, configures a source end USB Phy interface module 12 into an equipment mode or a host mode through a source end read-write control module 5, and configures a target end USB Phy interface module 13 into the host mode through a target end read-write control module 9;
and according to the current configuration mode, one of an encryption mode, a decryption mode, a backup mode and a data destruction mode is selected to operate.
Preferably, the host data is encrypted and stored in the external USB storage device mode, that is, the source USB interface is connected to the host, and the encryption mode is selected:
the host writes the operation command, after the USB interface physical layer protocol control is realized through the USB Phy module 12, the USB interface protocol layer control is realized through the source end read-write control module 5;
the source end read-write control module 5 caches the data to be written in the USB storage device received from the host to the source end data buffer 6 according to the data transmission type and the command, and transmits the write operation command to the target end read-write control module 9 through the comprehensive control module 1;
the encryption control module 7 encrypts the data stored in the source end data buffer 6 and stores the encrypted data in the target end data buffer 8;
the target end read-write control module 9 reads the data of the target end data buffer area 8, and accesses the control mode according to the USB host end interface protocol to form a USB protocol write operation data packet, and sends the USB protocol write operation data packet to the target end USB Phy module 13 through the ULPI interface, the target end USB Phy module 13 writes the encrypted data into the target end universal USB interface storage device, and simultaneously updates the bitmap management module 10 according to the address and the data block size of the data write storage device.
Preferably, for the host to read the encrypted data mode from the external USB storage device, that is, the source USB interface is externally connected to the host, and to select the decryption mode:
the host writes the operation command, after the USB interface physical layer protocol control is realized through the USB Phy module 12, the USB interface protocol layer control is realized through the source end read-write control module 5;
the source end read-write control module 5 transmits the read operation command received from the host to the target end read-write control module 9 through the comprehensive control module 1 according to the data transmission type and the command;
the target end read-write control module 9 forms a USB protocol read operation data packet according to a USB host end interface protocol access control mode, and sends the USB protocol read operation data packet to a target end USB Phy module 13 through an ULPI interface;
the USB Phy module 13 waits for receiving the data of the target universal USB interface storage device and sends the data to the target read-write control module 9;
the target end read-write control module 9 inquires the bitmap management module 10 according to the access address and the size of the data block, and directly transmits the data with the bitmap identification in the non-encrypted state to the source end read-write control module 5 through the comprehensive control module 1; for the data marked in the encrypted state, the data is sent to a target end data buffer area 8, decrypted by an encryption control module 7, sent to a source end data buffer area 6 and read by a source end read-write control module 5;
the source end read-write control module 5 feeds back the received read operation data to the source end USB Phy module 12, and finally the source end USB Phy module 12 provides the read operation data to the host;
for an external USB storage device encryption unloading mode, namely a source end USB interface is externally connected with the USB storage device, and a decryption mode is selected:
the source end read-write control module 5 obtains source end USB storage equipment information and file system information in a USB host mode through the USB Phy module 12 and provides the source end USB storage equipment information and the file system information to the comprehensive control module 1; the target end read-write control module 9 obtains target end USB storage equipment information through the USB Phy module 13 according to a USB host mode and provides the information to the comprehensive control module 1, and under the control of the destruction control module 11, the target end USB storage equipment is filled with data 8' h00 in a full disk mode, and meanwhile, the bitmap management module 10 initializes bitmap files;
the integrated control module 1 respectively reads a main partition table, a FAT table, a directory area and a data area of the source-end USB interface storage device according to the file system type of the source-end USB interface storage device, and after sector data filled with non-data 8' h00 is encrypted by the encryption control module, the target-end read-write control module 9 controls writing to the target-end USB interface storage device; if the integrated control module 1 cannot acquire the file system type of the source-end USB interface storage device, reading full disk data from the read source-end USB interface storage device one by one, encrypting sector data filled with non-data 8' h00, and controlling the write to the target-end USB interface storage device by the target-end read-write control module 9;
the bitmap management module 10 updates the sector encryption bitmap flag information bit corresponding to the corresponding sector address for the sector not filled with data 8' h 00.
Preferably, for the external USB storage device data backup mode, that is, the source USB interface connects the USB storage device externally, and the backup mode is selected:
the source end read-write control module 5 obtains source end USB storage equipment information and file system information in a USB host mode through the USB Phy module 12 and provides the source end USB storage equipment information and the file system information to the comprehensive control module 1; the target end read-write control module 9 obtains target end USB storage equipment information through the USB Phy module 13 according to a USB host mode and provides the information to the comprehensive control module 1, and under the control of the destruction control module 11, the target end USB storage equipment is filled with data 8' h00 in a full disk mode, and meanwhile, the bitmap management module 10 initializes bitmap files;
the comprehensive control module 1 respectively reads a main partition table, a FAT table, a directory area and a data area of the source-end USB interface storage device according to the file system type of the source-end USB interface storage device, and controls the target-end read-write control module 9 to write sector data filled with non-data 8' h00 to the target-end USB interface storage device; if the integrated control module 1 cannot acquire the file system type of the source-end USB interface storage device, the integrated control module sequentially reads the full disk data from the read source-end USB interface storage device, and controls the write to the target-end USB interface storage device by the target-end read-write control module 9 for the sector data filled with the non-data 8' h 00.
Preferably, for the data destruction mode:
the target end read-write control module 9 obtains the target end USB storage device information and the total number of sectors in a USB host mode through the USB Phy module 13;
the comprehensive control module 1 acquires a destruction control mode through the mode control module 2 and transmits the destruction control mode to the target end read-write control module 9;
the destruction control module 11 obtains the destruction control mode through the target read-write control module 9, generates 512-byte random data or sequence data and fixed data 8' h5A/8 ' hA5/8 ' h00 according to different destruction modes to form data required by write operation, and writes the data to the target USB interface storage device through the USB Phy module 13 under the control of the target read-write control module 9.
(III) advantageous effects
The invention relates to a data encryption conversion device of USB interface equipment, which is based on a USB Phy interface module of an OTG mode and provides a source end USB interface and a target end USB interface, by designing a read-write control module, an encryption control module, a key exchange module, a bitmap management module, a file system analysis module, a destruction control module and the like of an integrated ULPI interface, the USB interface at the source end is not connected with the host or the universal USB interface storage equipment, the USB interface at the target end is connected with the universal USB interface storage equipment, functions of data encryption, secret key safety exchange, file system analysis, bitmap management, work mode configuration, destruction control and the like are supported, and application requirements of encryption storage between the host and the universal USB interface storage equipment, encryption transfer and data machine backup between the universal USB interface storage equipment, data safety destruction of the universal USB interface storage equipment and the like are met.
Drawings
FIG. 1 is a block diagram of the apparatus of the present invention.
Detailed Description
In order to make the objects, contents, and advantages of the present invention clearer, the following detailed description of the embodiments of the present invention will be made in conjunction with the accompanying drawings and examples.
The invention designs a special encryption transfer device aiming at the universal USB interface storage equipment, adopts the technologies of hardware encryption, USB interface function control, destruction control, secret key safety exchange and the like, can meet the requirements of data encryption storage between a host and the universal USB interface storage equipment and data encryption transfer between the universal USB interface storage equipment, also provides data backup between the universal USB interface storage equipment and a data safety destruction function of the universal USB interface storage equipment, and has wider applicability and safety protection capability.
The invention provides a USB interface equipment data encryption and decryption control conversion device which can support a source end and a target end USB interface based on an OTG access mode and provide functions of data encryption storage, decryption and reduction, data destruction control and the like. The device supports the host to encrypt and store data to external USB storage equipment through the USB source port or read and restore the encrypted external USB equipment data by configuring the source port as an equipment port and configuring the target port as a host port; the source port and the target port are both configured into a host interface mode, and data encryption and decryption conversion control or data backup between two USB device interfaces is supported.
As shown in fig. 1, the data encryption conversion apparatus for USB interface devices provided by the present invention mainly includes an integrated control module 1, a mode control module 2, a key exchange module 3, a file system analysis module 4, a source read-write control module 5, a source data buffer 6, an encryption control module 7, a target data buffer 8, a target read-write control module 9, a bitmap management module 10, a destruction control module 11, a source USB PHY interface module 12, a target USB PHY interface module 13, and a power supply module 14.
The comprehensive control module 1 is used for coordinating and controlling each function module in the data encryption conversion device of the USB interface equipment, and comprises the steps of coordinating and forwarding an access command and non-encrypted data of the source read-write control module 5 to the target read-write control module 9, acquiring a working key from the key exchange module 3, synthesizing the working key and an identification code of the device into a key for encryption and decryption required by the encryption control module 7, acquiring configuration information of the mode control module 2, performing system control according to the configuration information and the like.
The mode control module 2 is used for monitoring the function switch setting, and determining the type of the source end USB interface external device, the data encryption and decryption access flow direction between the host and the external universal USB interface storage device, the encryption transfer or backup control mode between the external USB interface devices, the data destruction mode of the target end USB interface storage device and the like.
And the key exchange module 3 is used for connecting an external key injection device through the key injection interface and completing identity authentication between the USB interface device data encryption conversion device and the key injection device and encryption transmission and transfer of a working key by adopting an asymmetric encryption algorithm.
The file system analysis module 4 is configured to, when the source USB interface is connected to the storage device, analyze partition table parameters, file system types, and a data cluster chain structure read from the storage device by the source read-write control module 5, and determine a data operation address that needs to be encrypted for unloading or backup, where the specific implementation is described as follows:
determining the type of a file system and the address of a partition table, a file allocation table, a file index table or a directory area according to the read disk parameter information, a main partition table, a boot sector and the like of the source USB interface storage device;
and establishing a file cluster chain structure according to a file allocation table, a file index table or a directory area and the like, and determining the storage address and the data block size of the file to be transferred or backed up.
A source read-write control module 5, which is used for realizing the control function of the USB interface protocol based on the ULPI interface protocol, adopts the configurable design of the working mode of a host/equipment, controls and generates or analyzes the USB data packet for interaction of the source USB PHY interface module 12 through the design of the transmission modes such as control transmission, interrupt transmission, batch transmission and the like, and separates the access control parameter and the user data in the data packet, wherein the access control parameter and the non-encrypted data are transmitted to the comprehensive control module 1, the data to be encrypted is transmitted to the source data buffer 6, and the data of the read source USB interface storage equipment is transmitted to the file system analysis module 4.
The source end data buffer area 6 is used for receiving data to be encrypted from the source end read-write control module 5 in an FIFO working mode during encryption so as to provide the data to the encryption control module 7 for data encryption; when decrypting, the decryption data output from the encryption control module 7 is received and provided to the source read-write control module 5 to respond to the read data operation of the host.
And the encryption control module 7 is used for realizing data encryption and decryption control by adopting key expansion, linear shift transformation, nonlinear replacement, round iteration and other designs based on a symmetric cryptographic algorithm. The encryption key required by the encryption control module 7 is provided by the integrated control module 1.
The target end data buffer area 8 is used for receiving the encrypted data output by the encryption control module 7 and providing the encrypted data to the target end read-write control module 9 during encryption by adopting an FIFO working mode so as to control the writing into the target end USB interface storage equipment; and receiving data to be decrypted from the target read-write control module 9 during decryption so as to provide the data to the encryption control module 7 for data decryption and respond to the read data operation of the host.
The target end read-write control module 9 is used for realizing the control function of the USB host interface protocol based on the ULPI interface protocol, controlling and generating and receiving a USB data packet for interaction of the target end USB PHY interface module 13 through the design of transmission modes such as control transmission, interrupt transmission, batch transmission and the like, separating access control parameters in the data packet from user data, transmitting the access control parameters and non-encrypted data to the comprehensive control module 1, and transmitting data to be decrypted to the target end data buffer area 8. When the target read-write control module 9 performs data read-write operation on the target USB interface storage device, the data read-write address is provided to the bitmap management module 10, and the bitmap management module 10 determines the access address data encryption state. Meanwhile, when destruction is triggered, an overwriting packet generated by the destruction control module 11 is received.
The bitmap management module 10, aiming at the target USB interface storage device, establishes a storage device access address data encryption identification bitmap in units of sectors or clusters, and performs management such as bitmap initialization, update, maintenance and the like according to the USB interface device data encryption conversion device working mode and the target read-write control module 9 access address, and the specific implementation description is as follows:
reading a bitmap data block and a bitmap validity identifier of the target USB interface storage device after power-on, if the bitmap validity identifier is invalid, triggering the target storage device to overwrite data 8' h00 in a full disk mode and rebuilding and initializing bitmap data reading (all data bits are initialized to 0);
when encrypted data are written into the target storage device, according to the access address of the target read-write control module 9, inquiring the relevant data position in the corresponding bitmap and setting 1, wherein the current access address data represent the encrypted data; when data backup is carried out on target end storage equipment, the access address corresponds to a relevant data bit in a bitmap and is clear 0, and the data representing the access address is not subjected to encryption operation;
when data is read from the target end USB interface storage device, according to the access address of the target end read-write control module 9, inquiring the identification information in the corresponding bitmap and providing the identification information to the target end read-write control module 9, and determining whether the data needs to be decrypted and restored or not;
when the data of the target USB interface storage device is destroyed, the target USB interface storage device is triggered to overwrite data 8' h00 in a full disk mode.
And the destruction control module 11 is configured to construct a USB protocol write operation data packet and provide the USB protocol write operation data packet to the target read-write control module 9 to control the full-disk data overwrite destruction operation performed on the target USB interface storage device for 1, 3, 7 times and the like, according to different destruction control modes, by using 512-byte block data composed of random numbers, sequence numbers (8 ' h 00-8 ' hff), fixed numbers (8 ' h5A/8 ' hA5/8 ' h00) and the like.
The source end USB PHY interface module 12 is configured to provide a USB protocol physical layer interface, support an OTG working mode, and determine that the source end interface is externally connected to a USB host or a USB interface storage device according to a "host/device" working mode selected by the mode control module 2. When the working mode is set as 'host', the USB Phy interface module 12 is set as USB device end interface, one end is connected with host USB interface, and the other end is connected with the source end read-write control module 5 through ULPI interface, responding to host access; when the working mode is set as 'equipment', the USB Phy interface module 12 is configured as a USB host interface, one end of the USB host interface is connected with external USB interface storage equipment, and the other end of the USB host interface is connected with the source end read-write control module 5 through the ULPI interface to control access to the USB interface storage equipment.
And the target end USB PHY interface module 13 is used for providing a USB protocol physical layer interface, one end of the target end USB PHY interface module is connected with an external USB interface storage device, and the other end of the target end USB PHY interface module is connected with the target end read-write control module 9 through an ULPI interface to control access to the USB interface storage device.
The power module 14 supports the power supply of the external power adapter and the power supply of the USB interface of the host (when the operating mode is configured as "host"), and provides the required operating power for each functional module of the data encryption and conversion device of the USB interface device by adopting the modes of voltage stabilization, current limiting, power conversion, etc.
When the USB interface equipment data encryption conversion device provided by the invention is used, the source end USB interface is directly connected with the host USB interface or the universal USB interface storage equipment (source equipment), the target end USB interface is externally connected with the universal USB storage equipment (target), the key injection interface is interconnected with the external key injection equipment, and the power supply interface is connected with an external power supply.
Before power-on, the working modes of the USB interface equipment data encryption conversion device are set, wherein the working modes comprise a source end USB interface equipment connection type, an encryption/backup working mode, a destruction triggering mode and the like.
After power-on, under the coordination control of the comprehensive control module 1, system self-checking is completed, the working mode configuration of the mode control module 2 is obtained, the source end read-write control module 5 configures the source end USBPhy interface module 12 into a device mode (external host) or a host mode (external device), and the target end read-write control module 9 configures the target end USB Phy interface module 13 into a host mode. Meanwhile, the key exchange module 3 completes the security authentication and key encryption transmission with the external key injection equipment, and combines the identification information of the device to synthesize the encryption key required by the encryption control module 7.
And then, according to the configuration mode, the classification control is carried out, and the functions of host encryption storage, universal USB interface storage equipment encryption transfer, universal USB interface storage equipment data backup, target end USB interface storage equipment data destruction and the like of the USB interface equipment data encryption conversion device are realized.
The host encrypts the storage. For the host write operation command, the command is transmitted to the source read-write control module 5 through the USB Phy module 12, the module 5 realizes the control of the USB interface protocol layer, analyzes the host access parameter, the host encryption write storage device is operated, user data is separated from transmission data packets and is stored to the source data buffer 6, after being encrypted by the encryption control module 7, the data is provided to the target read-write control module 9 from the target data buffer 8, the write command control parameters are transmitted to the target end read-write control module 9 through the integrated control module 1, the target end read-write control module 9 recombines the USB host end protocol control data packet, the data is sent to the USN interface storage equipment of the target end through the USB Phy module 13 of the target end to control the data encryption and writing, meanwhile, the bitmap management module 10 writes the corresponding position 1 in the bitmap data block according to the written data address and the data length; for host reading operation, when the USB interface storage device receives command feedback data, the bitmap management module 10 judges whether the corresponding data block is encrypted data according to a reading operation access address, if so, the corresponding data block is decrypted by the encryption control module 7 and then fed back to the host, otherwise, the corresponding data block is forwarded by the comprehensive control module 1 and then fed back to the host; for other operations, data interaction is transparently forwarded on a transmission channel formed by the source end USB Phy interface module 12, the source end read-write control module 5, the integrated control module 1, the target end read-write control module 9 and the target end USB Phy module 13.
And the USB storage equipment carries out encryption and unloading. The source end read-write control module 5 acquires the basic information and partition information of the source end USB interface storage device, and in combination with the file system analysis module 4, acquires the file system type, file allocation table, directory area and the like of the source end storage device to construct a write operation data cluster chain structure, and for the file system type which cannot be identified, constructs a data chain structure according to the sector sequence number, and then, the encryption control module 7 controls the sectors with data not being all 8' h00 to encrypt the data. Meanwhile, the target end read-write control module 9 obtains the basic information of the target end USB interface storage device, and overwrites the full disk data to 8' h00, and the bitmap management module 10 initializes the bitmap data block according to the storage space of the target end USB interface storage device; then the target end read-write control module 9 receives the write operation generated by the source end read-write control module 5 through the integrated control module 1, reconstructs a write operation data packet for the encrypted data, writes the write operation data packet to an external USB interface storage device through the target end USB Phy module 13, and updates a bitmap data block through the bitmap management module 10.
And backing up data of the USB storage device. The source end read-write control module 5 acquires the basic information and partition information of the source end USB interface storage device, and in combination with the file system analysis module 4, acquires the file system type, file allocation table, directory area and the like of the source end storage device to construct a write operation data cluster chain structure, and for the file system type which cannot be identified, constructs a data chain structure according to the sector sequence number, and then forwards the sector with data not being all 8' h00 to the target end read-write control module through the integrated control module 1. Meanwhile, the target read-write control module 9 obtains the basic information of the target USB interface storage device, overwrites the full disk data to 8' h00, then forms a batch transmission data packet of the USB interface protocol according to the write operation control parameters received from the integrated control module 1, and backs up the data to the external USB interface storage device through the target USB Phy module 13.
And destroying the full disk data of the target end USB interface storage equipment. After the target end read-write control module 9 acquires the basic information of the target end USB interface storage device, if the mode control module 2 selects the USB storage device encryption transfer or backup working mode, the data destruction control module 11 defaults to select the data destruction mode in which the full disk is overwritten by the data 8'h00 for 1 time, and the target end read-write control module 9 controls the full disk overwriting 8' h00 on the target end USB interface storage device through the target end USB Phy module 13; otherwise, according to the data destruction mode selected by the mode control module 2, the destruction control module 11 generates a data block based on 512 bytes size by using random data, sequential data or fixed data 8' h5A/8 ' hA5/8 ' h00, and the like, and the target read-write control module 9 controls the data overwriting operation of the target USB interface storage device for 1 time, 3 times, 7 times, and the like, through the target USB Phy module 13, thereby reliably destroying the data stored in the target disk.
The invention designs a USB interface equipment data encryption conversion device, which aims at the general USB interface storage equipment, gives consideration to the application requirements of data encryption, backup and destruction, provides functional modules of USB interface host/equipment interface protocol access control, USB storage equipment encryption transfer and backup control, data destruction control, file system identification and bitmap control, key safety exchange and the like, can realize the encryption storage and decryption reduction between host data and the general USB interface storage equipment, can also realize the encryption transfer and data backup between the general USB interface storage equipment and the safe destruction of the full disk storage data of the USB interface storage equipment, and provides necessary technical means and equipment for the data encryption, backup, destruction and safe carrying of the general USB interface storage equipment.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.

Claims (9)

1. A USB interface device data encryption conversion device is characterized by comprising a comprehensive control module (1), a mode control module (2), a key exchange module (3), a file system analysis module (4), a source end read-write control module (5), a source end data buffer area (6), an encryption control module (7), a target end data buffer area (8), a target end read-write control module (9), a bitmap management module (10), a destruction control module (11), a source end USB PHY interface module (12) and a target end USB PHY interface module (13);
the comprehensive control module (1) is used for taking charge of coordination control of each function module in the USB interface equipment data encryption conversion device, and comprises the steps of coordinating and forwarding an access command and non-encrypted data of a source end read-write control module (5) to a target end read-write control module (9), acquiring a working key from a key exchange module (3), synthesizing the working key and an identification code of the device into a key for encryption and decryption required by an encryption control module (7), acquiring configuration information of a mode control module (2) and performing system control according to the configuration information;
the mode control module (2) is used for monitoring the function switch setting, and determining the type of the external equipment of the source end USB interface, the data encryption and decryption access flow direction between the host and the external universal USB interface storage equipment, the encryption transfer or backup control mode between the external USB interface equipment and the data destruction mode of the target end USB interface storage equipment;
the key exchange module (3) is used for connecting an external key injection device through a key injection interface and completing identity authentication between the USB interface device data encryption conversion device and the key injection device and encryption transmission and transfer of a working key by adopting an asymmetric encryption algorithm;
a file system analysis module (4) for analyzing the partition table parameter, the file system type and the data cluster chain structure read from the storage device by the source read-write control module (5) when the source USB interface is connected with the storage device, determining the data operation address needing to be encrypted for transferring or backing up,
a source end read-write control module (5) for realizing the control function of the USB interface protocol based on the ULPI interface protocol, adopting the configurable design of the working mode of a host or equipment, controlling and generating or analyzing a USB data packet for interaction of a source end USB PHY interface module (12) through controlling the design of three transmission modes of transmission, interrupt transmission and batch transmission, and separating access control parameters and user data in the data packet, wherein the access control parameters and non-encrypted data are transmitted to the comprehensive control module (1), the data to be encrypted is transmitted to a source end data buffer area (6), and the data of a read source end USB interface storage device is transmitted to a file system analysis module (4);
the source end data buffer area (6) is used for receiving data to be encrypted from the source end read-write control module (5) in an FIFO working mode during encryption so as to provide the data to the encryption control module (7) for data encryption; during decryption, the decryption data output from the encryption control module (7) is received and provided to the source read-write control module (5) so as to respond to the read data operation of the host;
the encryption control module (7) is used for realizing data encryption and decryption control by adopting key expansion, linear shift transformation, nonlinear replacement and round iteration design based on a symmetric cryptographic algorithm, and an encryption key required by the encryption control module (7) is provided by the comprehensive control module (1);
the target end data buffer area (8) is used for receiving the encrypted data output by the encryption control module (7) and providing the encrypted data to the target end read-write control module (9) during encryption by adopting an FIFO working mode so as to control the writing into the target end USB interface storage equipment; during decryption, receiving data to be decrypted from the target end read-write control module (9) so as to provide the data to the encryption control module (7) for data decryption and respond to the data reading operation of the host;
a target end read-write control module (9) for realizing the control function of the USB host interface protocol based on the ULPI interface protocol, controlling and generating and receiving a USB data packet for interaction of a target end USB PHY interface module (13) through a transmission mode design, and separating access control parameters in the data packet from user data, wherein the access control parameters and non-encrypted data are transmitted to a comprehensive control module (1), the data to be decrypted is transmitted to a target end data buffer area (8), when the target end read-write control module (9) performs data read-write operation on target end USB interface storage equipment, the data read-write address is provided for a bitmap management module (10), the bitmap management module (10) determines the encryption state of the access address data, and simultaneously, when triggering and destroying, the target end read-write control module (11) receives the data packet generated by overwriting;
the bitmap management module (10) is used for establishing a storage equipment access address data encryption identification bitmap in a sector or cluster unit aiming at the target end USB interface storage equipment, and carrying out bitmap initialization, updating and maintenance according to the USB interface equipment data encryption conversion device working mode and the target end read-write control module (9) access address;
the destruction control module (11) is used for forming 512-byte block data by random numbers, sequence numbers and fixed numbers according to different destruction control modes, constructing a USB protocol write operation data packet, providing the USB protocol write operation data packet to the target end read-write control module (9), and controlling the target end USB interface storage equipment to execute the full-disk data overwriting destruction operation for times of 1, 3 and 7;
the USB PHY interface module (12) of the source end is used for providing a USB protocol physical layer interface, supporting an OTG working mode and determining that the source end interface is externally connected with a USB host or a universal USB interface storage device according to a host or device working mode selected by the mode control module (2), wherein when the working mode is set as the host, the USB PHY interface module (12) of the source end is configured as a USB device end interface, one end of the USB PHY interface module is connected with the USB interface of the host, and the other end of the USB PHY interface module is connected with the read-write control module (5) of the source end through an ULPI interface and responds to the host access; when the working mode is set as the device, the source end USB PHY interface module (12) is configured as a USB host end interface, one end of the USB host end interface is connected with the external USB interface storage device, and the other end of the USB host end interface is connected with the source end read-write control module (5) through the ULPI interface to control the access to the USB interface storage device;
and the target end USB PHY interface module (13) is used for providing a USB protocol physical layer interface, one end of the target end USB PHY interface module is connected with an external USB interface storage device, and the other end of the target end USB PHY interface module is connected with the target end read-write control module (9) through an ULPI interface to control the access to the USB interface storage device.
2. The apparatus according to claim 1, further comprising a power supply module (14) for supporting the external power adapter to supply power and the host USB interface to supply power when the operation mode setting is configured as the host, and for providing required operation power for each function module of the USB interface device data encryption and conversion apparatus.
3. The apparatus according to claim 1, wherein the file system parsing module (4) is specifically configured to:
determining the type of a file system and the address of a partition table, a file allocation table, a file index table or a directory area according to the read magnetic disk parameter information, a main partition table and a boot sector of the source USB interface storage device;
and establishing a file cluster chain structure according to the file allocation table, the file index table or the directory area, and determining the storage address and the data block size of the file to be transferred or backed up.
4. The apparatus according to claim 1, wherein the bitmap management module (10) is specifically configured to:
reading a bitmap data block and a bitmap validity identifier of the target USB interface storage device after electrifying, and if the bitmap validity identifier is invalid, triggering the target storage device to overwrite data 8' h00 in a full disk manner and reestablishing and initializing bitmap data reading;
when encrypted data are written into the target storage device, according to the access address of the target read-write control module (9), inquiring the relevant data position in the corresponding bitmap and setting 1, wherein the current access address data represent encrypted data; when data backup is carried out on target end storage equipment, the access address corresponds to a relevant data bit in a bitmap and is clear 0, and the data representing the access address is not subjected to encryption operation;
when data is read from the target end USB interface storage device, according to the access address of the target end read-write control module (9), the identification information in the corresponding bitmap is inquired and provided for the target end read-write control module (9), and whether the data needs to be decrypted and restored or not is determined by the identification information;
when the data of the target USB interface storage device is destroyed, the target USB interface storage device is triggered to overwrite data 8' h00 in a full disk mode.
5. A method of operating the apparatus of any one of claims 2 to 4, comprising the steps of:
after the power supply module (14) supplies power to the host through an external power supply or a source end USB interface, the self-check of the power-on system is completed, the current working mode is obtained through the mode control module (2), and then the working key required by the encryption control module (7) is safely obtained from the outside through the key exchange module (3);
the comprehensive control module (1) acquires a current working mode according to the mode control module (2), configures a source end USB PHY interface module (12) into an equipment mode or a host mode through the source end read-write control module (5), and configures a target end USB PHY interface module (13) into the host mode through the target end read-write control module (9);
and according to the current configuration mode, one of an encryption mode, a decryption mode, a backup mode and a data destruction mode is selected to operate.
6. The method of claim 5, wherein the host data is encrypted and stored in an external USB storage device mode, namely the source USB interface is externally connected with the host, and the encryption mode is selected as follows:
the host machine writes the operation command, after the source end USB PHY interface module (12) realizes the USB interface physical layer protocol control, the source end read-write control module (5) realizes the USB interface protocol layer control;
the source end read-write control module (5) caches data to be written into the USB storage device, which is received from the host, to a source end data buffer area (6) according to the data transmission type and the command, and transmits the write operation command to the target end read-write control module (9) through the comprehensive control module (1);
the encryption control module (7) encrypts data stored in the source end data buffer area (6) and stores the encrypted data in the target end data buffer area (8);
the target end read-write control module (9) reads the data of the target end data buffer area (8), and accesses the control mode according to the USB host end interface protocol to form a USB protocol write operation data packet, the USB protocol write operation data packet is sent to the target end USB PHY interface module (13) through the ULPI interface, the target end USB PHY interface module (13) writes the encrypted data into the target end universal USB interface storage equipment, and meanwhile, the bitmap management module (10) is updated according to the address and the data block size of the data write storage equipment.
7. The method of claim 5, wherein for the host to read the encrypted data mode from the external USB storage device, the source USB interface is externally connected to the host, and to select the decryption mode:
the host machine writes the operation command, after the source end USB PHY interface module (12) realizes the USB interface physical layer protocol control, the source end read-write control module (5) realizes the USB interface protocol layer control;
the source end read-write control module (5) transmits a read operation command received from the host to the target end read-write control module (9) through the comprehensive control module (1) according to the data transmission type and the command;
the target end read-write control module (9) accesses the control mode according to the USB host end interface protocol to form a USB protocol read operation data packet, and the USB protocol read operation data packet is sent to the target end USB PHY interface module (13) through the ULPI interface;
the target end USB PHY interface module (13) waits for receiving the data of the target end universal USB interface storage equipment and sends the data to the target end read-write control module (9);
the target end read-write control module (9) queries the bitmap management module (10) according to the access address and the size of the data block, and directly transmits the data with bitmap identification in a non-encrypted state to the source end read-write control module (5) through the comprehensive control module (1); the data marked as the encrypted state is sent to a target end data buffer area (8), decrypted by an encryption control module (7), sent to a source end data buffer area (6) and read by a source end read-write control module (5);
the source end read-write control module (5) feeds back the received read operation data to the source end USB PHY interface module (12), and finally the source end USB PHY interface module (12) provides the read operation data to the host;
for an external USB storage device encryption unloading mode, namely a source end USB interface is externally connected with the USB storage device, and a decryption mode is selected:
the source end read-write control module (5) acquires source end USB storage equipment information and file system information in a USB host mode through a source end USB PHY interface module (12) and provides the source end USB storage equipment information and the file system information to the comprehensive control module (1); the target end read-write control module (9) acquires target end USB storage equipment information in a USB host mode through a target end USB PHY interface module (13) and provides the target end USB storage equipment information to the comprehensive control module (1), the target end USB storage equipment is filled with data 8' h00 in a full disk mode under the control of the destruction control module (11), and meanwhile, the bitmap management module (10) initializes bitmap files;
the comprehensive control module (1) respectively reads a main partition table, a FAT table, a directory area and a data area of the source-end USB interface storage device according to the file system type of the source-end USB interface storage device, and after sector data filled with non-data 8' h00 is encrypted by the encryption control module, the sector data is controlled to be written into the target-end USB interface storage device by the target-end read-write control module (9); if the comprehensive control module (1) can not obtain the file system type of the source-end USB interface storage device, reading full disk data from the read source-end USB interface storage device one by one, encrypting sector data filled with non-data 8' h00, and controlling the write to the target-end USB interface storage device by the target-end read-write control module (9);
the bitmap management module (10) updates the sector encryption bitmap flag information bit corresponding to the corresponding sector address aiming at the sector filled with the non-data 8' h 00.
8. The method of claim 5, wherein for the external USB storage device data backup mode, namely the source USB interface external USB storage device, the backup mode is selected:
the source end read-write control module (5) acquires source end USB storage equipment information and file system information in a USB host mode through a source end USB PHY interface module (12) and provides the source end USB storage equipment information and the file system information to the comprehensive control module (1); the target end read-write control module (9) acquires target end USB storage equipment information in a USB host mode through a target end USB PHY interface module (13) and provides the target end USB storage equipment information to the comprehensive control module (1), the target end USB storage equipment is filled with data 8' h00 in a full disk mode under the control of the destruction control module (11), and meanwhile, the bitmap management module (10) initializes bitmap files;
the comprehensive control module (1) respectively reads a main partition table, a FAT table, a directory area and a data area of the source-end USB interface storage device according to the file system type of the source-end USB interface storage device, and controls the target-end read-write control module (9) to write sector data filled with non-data 8' h00 to the target-end USB interface storage device; if the comprehensive control module (1) can not obtain the file system type of the source-end USB interface storage device, reading full disk data from the read source-end USB interface storage device one by one, and controlling the writing to the target-end USB interface storage device by the target-end read-write control module (9) for the sector data filled with the non-data 8' h 00.
9. The method of claim 5, wherein for a data destruction mode:
a target end read-write control module (9) obtains target end USB storage equipment information and the total number of sectors in a USB host mode through a target end USB PHY interface module (13);
the comprehensive control module (1) acquires a destruction control mode through the mode control module (2) and transmits the destruction control mode to the target end read-write control module (9);
the destruction control module (11) acquires the destruction control mode through the target end read-write control module (9), generates 512-byte random data or sequence data and fixed data 8' h5A/8 ' hA5/8 ' h00 according to different destruction modes to form data required by write operation, and writes the data to the target end USB interface storage equipment through the target end USB PHY interface module (13) under the control of the target end read-write control module (9).
CN201811376885.XA 2018-11-19 2018-11-19 USB interface equipment data encryption conversion device and working method thereof Active CN109711208B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811376885.XA CN109711208B (en) 2018-11-19 2018-11-19 USB interface equipment data encryption conversion device and working method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811376885.XA CN109711208B (en) 2018-11-19 2018-11-19 USB interface equipment data encryption conversion device and working method thereof

Publications (2)

Publication Number Publication Date
CN109711208A CN109711208A (en) 2019-05-03
CN109711208B true CN109711208B (en) 2020-08-25

Family

ID=66254942

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811376885.XA Active CN109711208B (en) 2018-11-19 2018-11-19 USB interface equipment data encryption conversion device and working method thereof

Country Status (1)

Country Link
CN (1) CN109711208B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112685351B (en) * 2020-12-31 2022-05-24 深圳安捷丽新技术有限公司 PCIE-to-USB protocol bridging chip and operation method thereof

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN2847380Y (en) * 2005-08-05 2006-12-13 吴传诚 Suspending type enciphering/de-ciphering device
CN101551784A (en) * 2008-04-02 2009-10-07 西北工业大学 Method and device for encrypting data in ATA memory device with USB interface
CN102023937A (en) * 2010-11-19 2011-04-20 苏州国芯科技有限公司 Dataflow encryption method for USB (Universal Serial Bus) storage equipment
CN104615941A (en) * 2015-01-29 2015-05-13 华为技术有限公司 Fast encryption method and device for Android user partition and terminal equipment
KR101558914B1 (en) * 2014-09-30 2015-10-13 (주) 이모텔리 How multimedia source files generated by the usb otg memory not applied anti-piracy system and to play

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170091254A1 (en) * 2015-09-24 2017-03-30 Kshitij A. Doshi Making volatile isolation transactions failure-atomic in non-volatile memory
CN107704205A (en) * 2017-09-30 2018-02-16 深圳市华德安科技有限公司 RAID management methods, device and computer-readable recording medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN2847380Y (en) * 2005-08-05 2006-12-13 吴传诚 Suspending type enciphering/de-ciphering device
CN101551784A (en) * 2008-04-02 2009-10-07 西北工业大学 Method and device for encrypting data in ATA memory device with USB interface
CN102023937A (en) * 2010-11-19 2011-04-20 苏州国芯科技有限公司 Dataflow encryption method for USB (Universal Serial Bus) storage equipment
KR101558914B1 (en) * 2014-09-30 2015-10-13 (주) 이모텔리 How multimedia source files generated by the usb otg memory not applied anti-piracy system and to play
CN104615941A (en) * 2015-01-29 2015-05-13 华为技术有限公司 Fast encryption method and device for Android user partition and terminal equipment

Also Published As

Publication number Publication date
CN109711208A (en) 2019-05-03

Similar Documents

Publication Publication Date Title
CN100487715C (en) Date safety storing system, device and method
US8165301B1 (en) Input-output device and storage controller handshake protocol using key exchange for data security
US10073988B2 (en) Chipset and host controller with capability of disk encryption
CN1734475B (en) Semiconductor integrated circuit and information processing apparatus
US20040172538A1 (en) Information processing with data storage
WO2000057290A1 (en) Information processor
CN109067523A (en) A kind of data ciphering method of encrypted card
NO331504B1 (en) Method and device for encryption / decryption of data on mass storage device.
CN108898033A (en) A kind of data encrypting and deciphering system based on FPGA
JP2016012335A (en) Storage device, storage device system, and information terminal
CN104217180A (en) Encrypted storage disc
CN109104275A (en) A kind of HSM equipment
CN103986582A (en) Data encryption transmission method, device and system based on dynamic encryption technology
CN109325356A (en) A kind of encryption card architecture
US20140109242A1 (en) Data protecting method, mobile communication device, and memory storage device
CN111881490A (en) Shared data protection method for NVME storage equipment fused with external encryption chip
CN102201044A (en) Universal serial bus (USB) security key
CN104182674A (en) Protective device for solid-state disk
CN109711208B (en) USB interface equipment data encryption conversion device and working method thereof
CN104346586B (en) The method of the storage device and type self-destroyed protection data of type self-destroyed protection data
US20230289428A1 (en) Method for implementing dongle, and dongle
CN102662874A (en) Double-interface encryption memory card and management method and system of data in double-interface encryption memory card
CN101154195B (en) Code conversion apparatus, code conversion method, and computer product
US20210367780A1 (en) Adapter apparatus and processing method
US9324123B2 (en) Storage of keyID in customer data area

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant