CN111539034B - Solid state disk dual-protocol encryption method and device and solid state disk encryption chip - Google Patents
Solid state disk dual-protocol encryption method and device and solid state disk encryption chip Download PDFInfo
- Publication number
- CN111539034B CN111539034B CN202010570016.1A CN202010570016A CN111539034B CN 111539034 B CN111539034 B CN 111539034B CN 202010570016 A CN202010570016 A CN 202010570016A CN 111539034 B CN111539034 B CN 111539034B
- Authority
- CN
- China
- Prior art keywords
- encryption
- protocol
- verification
- encrypted
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of solid state disk data encryption processing, in particular to a solid state disk dual-protocol encryption method and device and a solid state disk encryption chip. According to the invention, the solid state disk is respectively provided with the USB protocol interface and the SATA protocol interface, then the encrypted file area and the non-encrypted file area are respectively configured based on the USB protocol interface and the SATA protocol interface, and then the encrypted file area and the non-encrypted file area are encrypted and isolated according to the pre-configured encryption strategy, so that the file data of the solid state disk can be encrypted and protected in a partition mode.
Description
Technical Field
The invention relates to the technical field of solid state disk data encryption processing, in particular to a solid state disk dual-protocol encryption method and device and a solid state disk encryption chip.
Background
Most of the SSD solid state disks on the market are based on a protocol, such as common protocols of USB/IDE/SATA/NVMe, and a bidirectional protocol is rarely available. For this reason, most of the encryption effects are usually to encrypt the entire hard disk, and it is not possible to implement differentiated encryption, for example, when one solid state disk is connected to two computer devices at the same time, the two computer devices perform differentiated data encryption when accessing one solid state disk at the same time. For example, normal reading cannot be performed when one computer device accesses daily data of one solid state disk, some encrypted file data needs to be kept secret, and another computer device accesses files in an encrypted area independently when the same solid state disk is accessed, so that the use scene is limited greatly.
Disclosure of Invention
In order to overcome at least the above-mentioned deficiencies in the prior art, the present invention provides a method and an apparatus for dual-protocol encryption of a solid state disk, and a solid state disk encryption chip, wherein a USB protocol interface and an SATA protocol interface are respectively configured for the solid state disk, an encrypted file area and an unencrypted file area are respectively configured based on the USB protocol interface and the SATA protocol interface, and the encrypted file area and the unencrypted file area are encrypted and isolated according to a pre-configured encryption policy, so that file data of the solid state disk can be encrypted in a partitioned manner, when one solid state disk is connected to two computer devices at the same time, the two computer devices can encrypt data in a partitioned manner when accessing one solid state disk at the same time, so that one computer device can normally read the daily data of one solid state disk, and the other computer device can independently access the files in the encrypted area when accessing the same solid state disk, the application scene is expanded.
In a first aspect, the present invention provides a solid state disk dual-protocol encryption method, which is applied to a solid state disk encryption chip, where the solid state disk encryption chip is in communication connection with a plurality of solid state disks, and the method includes:
aiming at each solid state disk, respectively configuring a USB protocol interface and an SATA protocol interface for the solid state disk, so as to perform data interaction with first computer equipment through the USB protocol interface and perform data interaction with second computer equipment through the SATA protocol interface;
configuring a first data interaction channel between the first computer equipment and the USB protocol interface, and configuring a second data interaction channel between the second computer equipment and the SATA protocol interface;
configuring the interactive area of the first data interaction channel as an encrypted file area, and configuring the interactive area of the second data interaction channel as a non-encrypted file area;
cryptographically isolating the encrypted file region and the non-encrypted file region according to a preconfigured encryption policy such that only the first computer device can access encrypted files in the encrypted file region, while the second computer device cannot access encrypted files in the encrypted file region.
In a possible implementation manner of the first aspect, the step of performing encryption isolation on the encrypted file area and the non-encrypted file area according to a preconfigured encryption policy includes:
carrying out corresponding encryption node isolation operation on the encrypted file area and the non-encrypted file area through a pre-configured encryption strategy, and acquiring an encryption permission object set from isolated encryption node data, wherein the encryption permission object set comprises a first encryption permission object and a second encryption permission object, and the first encryption permission object and the second encryption permission object are respectively encryption permission objects corresponding to the encrypted file area and the non-encrypted file area;
sequentially analyzing access key features of all encryption rights objects in the encryption rights object set to obtain corresponding access key verification protocol components, determining an access key verification area in the first encryption rights object based on the access key verification protocol components corresponding to the first encryption rights object, extracting a target verification protocol component from the access key verification protocol components corresponding to the first encryption rights object according to a target access key verification area corresponding to the access key verification area, and extracting a first candidate verification protocol component from the access key verification protocol components corresponding to the second encryption rights object, wherein the encryption area corresponding to the first candidate verification protocol component covers the encryption area corresponding to the target verification protocol component;
searching a verification protocol component object matched with the target verification protocol component from the first candidate verification protocol component, and determining a key encryption area corresponding to the access key verification area in the second encryption right object according to the searched verification protocol component object;
and carrying out encryption isolation on the encrypted file area and the non-encrypted file area according to an access key verification area in the first encrypted authority object and a key encryption area corresponding to the access key verification area in the second encrypted authority object.
In a possible implementation manner of the first aspect, the step of performing encryption isolation on the encrypted file area and the non-encrypted file area according to an access key verification area in the first encrypted rights object and a key encryption area corresponding to the access key verification area in the second encrypted rights object includes:
acquiring a target encryption area formed by a common encryption area between an access key verification area in the first encryption right object and a key encryption area corresponding to the access key verification area in the second encryption right object;
establishing an encryption associated bitmap according to an encryption association relation between encryption object nodes in the target encryption region, and determining a bitmap marking bit of each encryption object node in the encryption associated bitmap;
determining an encryption protocol in which each encrypted object node is located according to the bitmap mark bit of each encrypted object node, determining a set formed by the encryption protocols in which each encrypted object node is located as a summary reference fusion encryption protocol, comparing the bitmap mark bits of any two encrypted object nodes in the summary reference fusion encryption protocol, and obtaining a mutual encryption dominant relationship of the encryption protocols in which any two encrypted object nodes are located based on a comparison result;
dividing the summary reference fusion encryption protocol into at least one reference fusion encryption protocol sequence based on the mutual encryption dominant relationship of the encryption protocols in which any two encryption object nodes are positioned, wherein each reference fusion encryption protocol sequence has different fusion number levels;
when a shared encrypted object node exists in the target encrypted region, determining a target bitmap marking bit of the shared encrypted object node in the encryption associated bitmap, comparing the target bitmap marking bit with a bitmap marking bit of an encrypted object node in the at least one reference fusion encrypted protocol sequence, and determining a target reference fusion encrypted protocol sequence corresponding to an encrypted protocol in which the shared encrypted object node is located based on a comparison result;
and encrypting the encrypted file region according to an encryption range included in a target reference fusion encryption protocol sequence corresponding to an encryption protocol in which the shared encrypted object node is positioned so as to encrypt and isolate the encrypted file region and the non-encrypted file region.
In a possible implementation manner of the first aspect, the step of establishing an encryption association bitmap according to an encryption association relationship between encryption object nodes in the target encryption region includes:
acquiring a reference set formed by encrypted object nodes in the target encryption area;
determining the fusion number level of the encryption protocol of each encryption object node according to the occurrence number of each encryption object node in the reference set;
sorting encryption protocols in which encryption object nodes on different nodes appear in a descending order according to the fusion quantity level;
determining a pointer object of an encryption protocol from an encryption protocol where an encryption object node which is sequenced last to an encryption protocol where an encryption object node which is sequenced first on a first preset appearing node as a first pointer object pointed by a first dimension of the encryption association bitmap;
and determining a pointer object which is crossed with the first pointer object pointed by the first dimension in the forward direction as a second dimension point of the encryption associated bitmap, wherein the first pointer object pointed by the second dimension is a pointer object from an encryption protocol in which an encryption object node which is arranged at the last in sequence on a second preset node is located to an encryption protocol in which an encryption object node which is arranged at the top in sequence is located.
In a possible implementation manner of the first aspect, before the comparing the target bitmap flag bit with the bitmap flag bit of the encryption object node in the at least one reference fusion encryption protocol sequence, and determining, based on a comparison result, a target reference fusion encryption protocol sequence corresponding to an encryption protocol in which the shared encryption object node is located, the method further includes:
judging whether at least one encrypted object node with the same first pointer object magnitude or the same second pointer object magnitude exists in the summary reference fusion encryption protocol;
if at least one encrypted object node with the same first pointer object magnitude or the same second pointer object magnitude exists, taking the at least one encrypted object node with the same first pointer object magnitude or the same second pointer object magnitude as a candidate encrypted object node;
executing a first strategy or a second strategy on the candidate encryption object node to obtain an adjusted bitmap mark bit, wherein the first strategy is to increase a first pointer object magnitude or a second pointer object magnitude of the candidate encryption object node by a preset value corresponding to the candidate encryption object node, and the second strategy is to subtract the preset value corresponding to the candidate encryption object node from the first pointer object magnitude or the second pointer object magnitude of the candidate encryption object node;
correspondingly, the comparing the target bitmap flag bit with the bitmap flag bit of the encryption object node in the at least one reference fusion encryption protocol sequence, and determining the target reference fusion encryption protocol sequence corresponding to the encryption protocol in which the shared encryption object node is located based on the comparison result includes:
and determining the encryption protocol sequence corresponding to the bitmap mark bit matched with the target bitmap mark bit in the adjusted bitmap mark bit as a target reference fusion encryption protocol sequence corresponding to the encryption protocol of the shared encryption object node.
In a possible implementation manner of the first aspect, the step of performing corresponding encrypted node isolation operation on the encrypted file region and the unencrypted file region through a preconfigured encryption policy includes:
after access verification information corresponding to candidate encryption nodes needing to carry out encryption node isolation on the encrypted file area and the non-encrypted file area is obtained from an encryption simulation thread, key verification rule information matched with the access verification information is determined;
generating corresponding encryption node isolation node information according to the key verification rule information and verification protocol information corresponding to the key verification rule information;
and associating the encrypted node isolation node information to an encryption strategy of a data uploading path of a data crawling flow of the access verification information through an encrypted node isolation control, configuring the encryption strategy according to the encrypted node isolation node information, and performing corresponding encrypted node isolation operation on the encrypted file area and the non-encrypted file area through the encryption strategy.
In a possible implementation manner of the first aspect, the generating, according to the key verification rule information and verification protocol information corresponding to the key verification rule information, corresponding encrypted node isolated node information includes:
determining target verification protocol information in which the sequence of each key verification rule in the key verification rule information is greater than a set sequence according to verification protocol information corresponding to the key verification rule information, and a first verification protocol target and a second verification protocol target which take the target verification protocol information as reference verification protocol information, wherein the simulation data isolation process of the first verification protocol target is not overlapped with the simulation data isolation process of the second verification protocol target, and logical association exists between the simulation data isolation processes;
determining a verification protocol field meeting the first target requirement in the first verification protocol target, and determining first isolated object information corresponding to the first verification protocol target according to a field access element of a multi-stage verification matching field between source data table field information of the verification protocol field meeting the first target requirement and associated preset field verification information; the verification protocol field meeting the first target requirement is a verification protocol field of which the source data table field information is matched with the associated preset field verification information;
determining a verification protocol field meeting the requirement of a second target in the second verification protocol target, and determining second isolated object information corresponding to the second verification protocol target according to a field access element of a multi-stage verification matching field between source data table field information of the verification protocol field meeting the requirement of the second target and associated preset field verification information; the verification protocol field meeting the second target requirement is a verification protocol field of which the source data table field information is matched with the associated preset field verification information;
obtaining a callback isolation simulation parameter of the verification protocol field in each first analog data isolation process according to first isolation object information corresponding to the first verification protocol target, and obtaining a callback isolation simulation parameter of the verification protocol field in each second analog data isolation process according to second isolation object information in the second verification protocol target;
according to callback isolation simulation parameters of each first simulation data isolation process and each second simulation data isolation process, respectively performing simulation isolation indexing on the verification protocol field in each simulation data isolation process to obtain first simulation isolation index information of each first simulation data isolation process and second simulation isolation index information of each second simulation data isolation process;
obtaining corresponding analog isolation index information according to the first analog isolation index information of each first analog data isolation process and the second analog isolation index information of each second analog data isolation process;
and generating corresponding encrypted node isolation node information according to the simulation isolation index information.
In a second aspect, an embodiment of the present invention further provides a solid state disk dual-protocol encryption apparatus, which is applied to a solid state disk encryption chip, where the solid state disk encryption chip is in communication connection with a plurality of solid state disks, and the apparatus includes:
the first configuration module is used for respectively configuring a USB protocol interface and an SATA protocol interface for each solid state disk, so as to perform data interaction with first computer equipment through the USB protocol interface and perform data interaction with second computer equipment through the SATA protocol interface;
the second configuration module is used for configuring a first data interaction channel between the first computer equipment and the USB protocol interface and configuring a second data interaction channel between the second computer equipment and the SATA protocol interface;
the third configuration module is used for configuring the interaction area of the first data interaction channel into an encrypted file area and configuring the interaction area of the second data interaction channel into a non-encrypted file area;
and the encryption isolation module is used for carrying out encryption isolation on the encrypted file area and the non-encrypted file area according to a preset encryption strategy, so that only the first computer equipment can access the encrypted files in the encrypted file area, and the second computer equipment cannot access the encrypted files in the encrypted file area.
In a third aspect, an embodiment of the present invention further provides a solid state disk encryption chip, where the solid state disk encryption chip includes a processor, a machine-readable storage medium, and a network interface, where the machine-readable storage medium, the network interface, and the processor are connected through a bus system, the network interface is used for being communicatively connected with at least one solid state disk, the machine-readable storage medium is used for storing a program, an instruction, or a code, and the processor is used for executing the program, the instruction, or the code in the machine-readable storage medium to perform the solid state disk dual-protocol encryption method in any one of the first aspect and the possible design of the first aspect.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where instructions are stored, and when executed, cause a computer to perform the solid state disk dual protocol encryption method in the first aspect or any one of the possible designs of the first aspect.
Based on any one of the above aspects, the invention configures the USB protocol interface and the SATA protocol interface for the solid state disk, and then configures the encrypted file region and the unencrypted file region based on the USB protocol interface and the SATA protocol interface, then, the encrypted file area and the non-encrypted file area are encrypted and isolated according to a preset encryption strategy, so that the file data of the solid state disk can be protected by partition encryption, when one solid state disk is connected with two computer devices at the same time, the two computer devices can carry out distinguishing data encryption when accessing one solid state disk at the same time, so that one computer device can normally read when accessing daily data of one solid state disk, and another computer device independently accesses the files in the encrypted area when accessing the same solid state disk, so that the application scene is expanded.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a schematic view of an application scenario of a solid state disk dual-protocol encryption system according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a dual-protocol encryption method for a solid state disk according to an embodiment of the present invention;
fig. 3 is a schematic functional block diagram of a solid state disk dual-protocol encryption apparatus according to an embodiment of the present invention;
fig. 4 is a block diagram schematically illustrating a structure of a solid state disk encryption chip for implementing the above-mentioned solid state disk dual-protocol encryption method according to an embodiment of the present invention.
Detailed Description
The present invention is described in detail below with reference to the drawings, and the specific operation methods in the method embodiments can also be applied to the apparatus embodiments or the system embodiments.
Fig. 1 is an interaction diagram of a dual-protocol encryption system 10 for a solid state disk according to an embodiment of the present invention. The solid state disk dual protocol encryption system 10 may include a solid state disk encryption chip 100 and a solid state disk 200 communicatively connected to the solid state disk encryption chip 100. The solid state disk dual protocol encryption system 10 shown in fig. 1 is only one possible example, and in other possible embodiments, the solid state disk dual protocol encryption system 10 may include only one of the components shown in fig. 1 or may also include other components.
In this embodiment, the solid state disk encryption chip 100 and the solid state disk 200 in the solid state disk dual-protocol encryption system 10 may execute the solid state disk dual-protocol encryption method described in the following method embodiment in a matching manner, and the specific steps of executing the solid state disk encryption chip 100 and the solid state disk 200 may refer to the detailed description of the following method embodiment.
To solve the technical problem in the foregoing background, fig. 2 is a schematic flow chart of a solid state disk dual-protocol encryption method according to an embodiment of the present invention, where the solid state disk dual-protocol encryption method according to the embodiment of the present invention may be executed by the solid state disk encryption chip 100 shown in fig. 1, and the solid state disk dual-protocol encryption method is described in detail below.
Step S110, configuring a USB protocol interface and a SATA protocol interface for each solid state disk, so as to perform data interaction with the first computer device through the USB protocol interface and perform data interaction with the second computer device through the SATA protocol interface.
Step S120, configure a first data interaction channel between the first computer device and the USB protocol interface, and configure a second data interaction channel between the second computer device and the SATA protocol interface.
In this embodiment, the first access driving information between the first computer device and the USB protocol interface may be configured, so that the first data interaction channel between the first computer device and the USB protocol interface may be configured through the first access driving information. Correspondingly, second access driving information between the second computer device and the USB protocol interface may be configured, so that a second data interaction channel between the second computer device and the SATA protocol interface may be configured through the second access driving information.
Step S130, configuring the interactive area of the first data interaction channel as an encrypted file area, and configuring the interactive area of the second data interaction channel as a non-encrypted file area.
In this embodiment, a partition of a path where the encrypted file is located may be set, the partition of the path where the encrypted file is located is used as an interaction area of the first data interaction channel, that is, an encrypted file area, and then the remaining partitions are determined as an interaction area of the second data interaction channel, that is, a non-encrypted file area.
In step S140, the encrypted file area and the non-encrypted file area are encrypted and isolated according to a pre-configured encryption policy, so that only the first computer device can access the encrypted file in the encrypted file area, and the second computer device cannot access the encrypted file in the encrypted file area.
Based on the design, the solid state disk is respectively provided with the USB protocol interface and the SATA protocol interface, then the encrypted file area and the unencrypted file area are respectively configured based on the USB protocol interface and the SATA protocol interface, and then the encrypted file area and the unencrypted file area are encrypted and isolated according to the pre-configured encryption strategy, so that the file data of the solid state disk can be encrypted and protected in a partitioned mode.
In one possible implementation, an exemplary implementation of step S140 can be implemented by the following sub-steps, which are described in detail below.
And a substep S141, performing corresponding encryption node isolation operation on the solid state disk 200 through a pre-configured encryption policy, and acquiring an encryption rights object set from the isolated encryption node data.
And the substep S142, performing access key feature analysis on each encryption permission object in the encryption permission object set in sequence to obtain a corresponding access key verification protocol component, determining an access key verification area in the first encryption permission object based on the access key verification protocol component corresponding to the first encryption permission object, extracting a target verification protocol component from the access key verification protocol component corresponding to the first encryption permission object according to a target access key verification area corresponding to the access key verification area, extracting a first candidate verification protocol component from the access key verification protocol component corresponding to the second encryption permission object, and covering an encryption area corresponding to the first candidate verification protocol component in an encryption area corresponding to the target verification protocol component.
And the substep S143 is to search the verification protocol component object matched with the target verification protocol component from the first candidate verification protocol component, and determine a key encryption region corresponding to the access key verification region in the second encryption right object according to the searched verification protocol component object.
In the substep S144, the portrait label information of the solid-state hard disk 200 is generated according to the access key verification area in the first encrypted rights object and the key encryption area corresponding to the access key verification area in the second encrypted rights object.
In this embodiment, the encryption right object set includes a first encryption right object and a second encryption right object, where the first encryption right object and the second encryption right object are encryption right objects corresponding to an encryption file area and a non-encryption file area, respectively.
In this embodiment, an access key verification area in the first encryption rights object is determined based on an access key verification protocol component corresponding to the first encryption rights object, a target verification protocol component is extracted from the access key verification protocol component corresponding to the first encryption rights object according to the target access key verification area corresponding to the access key verification area, and a first candidate verification protocol component is extracted from the access key verification protocol component corresponding to the second encryption rights object, which may specifically be:
and matching the access key verification protocol components corresponding to the first encryption authority object from the first encryption authority object, and taking the set of unit areas where the matching nodes are located as an access key verification area in the first encryption authority object. The target access key authentication zone corresponding to the access key authentication zone may refer to a target access key authentication zone associated with an access key authentication zone presence service. On this basis, a target authentication protocol component corresponding to the target access key authentication zone may be extracted from the access key authentication protocol components corresponding to the first encryption rights object, and a first candidate authentication protocol component corresponding to the target access key authentication zone may be extracted from the access key authentication protocol components corresponding to the second encryption rights object.
In this embodiment, searching for an authentication protocol component object matched with a target authentication protocol component from the first candidate authentication protocol component, and determining, according to the searched authentication protocol component object, a key encryption region corresponding to the access key authentication region in the second encryption rights object may specifically be:
and searching the verification protocol component object matched with each verification protocol component value in the target verification protocol component from the first candidate verification protocol component, and then acquiring an encryption area matched with the searched verification protocol component object from the second encryption right object as a key encryption area corresponding to the access key verification area.
Based on the above design, in this embodiment, a pre-configured encryption policy is used to perform corresponding encryption node isolation operations on an encrypted file region and a non-encrypted file region, obtain an encrypted rights object set from isolated encrypted node data, and then extract a corresponding access key authentication protocol component from the encrypted rights object set, where the access key authentication protocol component may be used as a shared access key authentication protocol component, and extract an access key authentication area in a first encrypted rights object and a key encryption area corresponding to the access key authentication area in a second encrypted rights object on the basis of the shared access key authentication protocol component, so as to perform encryption isolation on the encrypted file region and the non-encrypted file region, and can significantly improve the accuracy of encryption isolation.
In a possible implementation manner, for step S144, in order to further consider the encryption association relationship between different encryption areas in the tag generation process, so as to improve the accuracy of encryption isolation, the following sub-steps may be specifically implemented in an exemplary manner, and are described in detail below.
In sub-step S1441, a target encryption region is obtained, which is formed by a common encryption region between the access key verification region in the first encryption rights object and the key encryption region corresponding to the access key verification region in the second encryption rights object.
And a substep S1442 of establishing an encryption associated bitmap according to the encryption association relationship between the encryption object nodes in the target encryption region, and determining bitmap marking bits of each encryption object node in the encryption associated bitmap.
And a substep S1443 of determining the encryption protocol in which each encryption object node is located according to the bitmap mark bit of each encryption object node, determining a set formed by the encryption protocols in which each encryption object node is located as a summary reference fusion encryption protocol, comparing the bitmap mark bits of any two encryption object nodes in the summary reference fusion encryption protocol, and obtaining the mutual encryption dominant relationship of the encryption protocols in which any two encryption object nodes are located based on the comparison result.
And a substep S1444, dividing the summary reference fusion encryption protocol into at least one reference fusion encryption protocol sequence based on the mutual encryption leading relationship of the encryption protocols in which any two encryption object nodes are positioned, wherein each reference fusion encryption protocol sequence has different fusion number levels.
And a substep S1445, when the shared encryption object node exists in the target encryption region, determining a target bitmap marking bit of the shared encryption object node in the encryption associated bitmap, comparing the target bitmap marking bit with a bitmap marking bit of at least one encryption object node in the reference fusion encryption protocol sequence, and determining a target reference fusion encryption protocol sequence corresponding to the encryption protocol in which the shared encryption object node exists based on the comparison result.
And a substep S1446 of merging the target reference corresponding to the encryption protocol in which the shared encryption object node is located with the encryption range included in the encryption protocol sequence, and encrypting the encrypted file region to encrypt and isolate the encrypted file region and the non-encrypted file region.
In a possible implementation manner, the sub-step S1442 can be specifically implemented by the following implementation manner.
(1) And acquiring a reference set formed by the encrypted object nodes in the target encryption area.
(2) And determining the fusion number level of the encryption protocol in which each encryption object node is positioned according to the occurrence number of each encryption object node in the reference set.
(3) And sequencing the encryption protocols of the encryption object nodes on different appearing nodes in a descending order according to the fusion quantity level.
(4) And determining a pointer object of an encryption protocol from the encryption protocol where the encryption object node which is sequenced last to the encryption protocol where the encryption object node which is sequenced first to be a first pointer object pointed by the first dimension of the encryption association bitmap on the first preset appearing node.
(5) And determining the pointer object which is crossed with the first pointer object pointed by the first dimension in the forward direction as a second dimension point of the encryption association bitmap, wherein the first pointer object pointed by the second dimension is a pointer object from the encryption protocol in which the encryption object node which is arranged at the last in the sequence on the second preset appearance node is located to the encryption protocol in which the encryption object node which is arranged at the top in the sequence is located.
In one possible implementation, before sub-step S1445, it may be further determined whether at least one encrypted object node with the same magnitude of the first pointer object or the same magnitude of the second pointer object exists in the aggregate reference fusion encryption protocol. And if at least one encrypted object node with the same first pointer object magnitude or the same second pointer object magnitude exists, taking the at least one encrypted object node with the same first pointer object magnitude or the same second pointer object magnitude as a candidate encrypted object node. And then, executing the first strategy or the second strategy on the candidate encryption object node to obtain the adjusted bitmap marking bit.
It should be noted that the first policy is to increase the first pointer object magnitude or the second pointer object magnitude of the candidate encryption object node by a preset value corresponding to the candidate encryption object node, and the second policy is to subtract the preset value corresponding to the candidate encryption object node from the first pointer object magnitude or the second pointer object magnitude of the candidate encryption object node.
Accordingly, in sub-step S1445, the encryption protocol sequence corresponding to the bitmap flag bit matching the target bitmap flag bit and the adjusted bitmap flag bit may be determined as the target reference fusion encryption protocol sequence corresponding to the encryption protocol in which the shared encryption object node is located.
On the basis of the above description, in one possible implementation manner, for the sub-step S141, in order to improve isolation pertinence and accuracy in the encryption node isolation process, noise introduction of isolated data, which may be caused by a noise problem of the encryption node isolation node, in the encryption node isolation process is avoided to a certain extent, and the sub-step S141 may be specifically implemented by the sub-step exemplarily, and is described in detail as follows.
In the substep S1411, after obtaining access verification information corresponding to a candidate encryption node that needs to perform encryption node isolation on an encrypted file region and a non-encrypted file region from the encryption simulation thread, key verification rule information matching the access verification information is determined.
And a substep S1412, generating corresponding encrypted node isolation node information according to the key verification rule information and the verification protocol information corresponding to the key verification rule information.
And a substep S1413 of associating the encrypted node isolation node information to an encryption strategy of a data uploading path of the data crawling flow accessing the verification information through the encrypted node isolation control, and executing encrypted node isolation after configuring the encryption strategy according to the encrypted node isolation node information.
In sub-step S14144, in the process of isolating the encrypted node, the corresponding encrypted node isolation operation is performed on the solid state disk 200 through the encryption policy.
In this embodiment, the candidate encryption node may refer to an accessible page related to the current page in the current page access process.
In this embodiment, the key verification rule information may refer to verification protocol information that may be associated based on the access verification information of the candidate encryption node, and the verification protocol information may refer to a verification type of a protocol. Correspondingly, the authentication protocol information may refer to field data information in the encryption authentication process corresponding to the authentication protocol information determined above. The encryption node isolation node information may refer to configuration information used to generate data isolation in an access isolation process.
In this embodiment, the access verification information may be, but is not limited to, serial code verification information, port verification information, and the like, and is not limited in detail herein.
Based on the above steps, the present embodiment determines key verification rule information matching the access verification information after obtaining the access verification information corresponding to the candidate encryption node requiring encryption node isolation for the encrypted file area and the non-encrypted file area, and generates corresponding encrypted node isolated node information according to the key verification rule information and the verification protocol information corresponding to the key verification rule information, then, after the encryption strategy is configured according to the encryption node isolation node information, encryption node isolation is executed, so that the corresponding encryption node isolation operation can be performed on the solid state disk 200 through the encryption strategy in the encryption node isolation process, and further, the isolation pertinence and the isolation accuracy in the isolation process of the encryption node are improved, and the noise introduction of isolation data possibly caused by the noise problem of the isolation node of the encryption node in the isolation process of the encryption node is avoided to a certain extent.
In one possible implementation, the sub-step S1412 can be specifically implemented by the sub-step exemplary method, which is described in detail as follows.
(1) And determining target verification protocol information in which the sequence of each key verification rule in the key verification rule information is greater than the set sequence according to the verification protocol information corresponding to the key verification rule information, and a first verification protocol target and a second verification protocol target which take the target verification protocol information as reference verification protocol information, wherein the simulation data isolation process of the first verification protocol target is not overlapped with the simulation data isolation process of the second verification protocol target, and logical association exists between the simulation data isolation processes.
(2) Determining a verification protocol field meeting the first target requirement in a first verification protocol target, and determining first isolated object information corresponding to the first verification protocol target according to a field access element of a multi-stage verification matching field between source data table field information of the verification protocol field meeting the first target requirement and associated preset field verification information.
For example, the authentication protocol field meeting the first target requirement may be an authentication protocol field in which the source data table field information matches the associated preset field authentication information.
(3) And determining a verification protocol field meeting the second target requirement in the second verification protocol target, and determining second isolated object information corresponding to the second verification protocol target according to a field access element of a multi-stage verification matching field between the source data table field information of the verification protocol field meeting the second target requirement and the associated preset field verification information.
For example, the authentication protocol field meeting the second target requirement may be an authentication protocol field in which the source data table field information matches the associated preset field authentication information.
(4) And obtaining callback isolation simulation parameters of the verification protocol field in each first simulation data isolation process according to the first isolation object information corresponding to the first verification protocol target, and obtaining the callback isolation simulation parameters of the verification protocol field in each second simulation data isolation process according to the second isolation object information in the second verification protocol target.
(5) And respectively carrying out simulation isolation indexing on the verification protocol field in each simulation data isolation process according to callback isolation simulation parameters of each first simulation data isolation process and each second simulation data isolation process to obtain first simulation isolation index information of each first simulation data isolation process and second simulation isolation index information of each second simulation data isolation process.
(6) And obtaining corresponding analog isolation index information according to the first analog isolation index information of each first analog data isolation process and the second analog isolation index information of each second analog data isolation process.
(7) And generating corresponding encrypted node isolation node information according to the simulation isolation index information.
Fig. 3 is a schematic diagram of functional modules of a solid state disk dual-protocol encryption device 300 according to an embodiment of the present invention, and in this embodiment, the functional modules of the solid state disk dual-protocol encryption device 300 may be divided according to the method embodiment executed by the solid state disk encryption chip 100, that is, the following functional modules corresponding to the solid state disk dual-protocol encryption device 300 may be used to execute the method embodiments executed by the solid state disk encryption chip 100. The dual-protocol encryption apparatus 300 may include a first configuration module 310, a second configuration module 320, a third configuration module 330, and an encryption isolation module 340, and the functions of the functional modules of the dual-protocol encryption apparatus 300 are described in detail below.
The first configuration module 310 is configured to configure, for each solid state disk, a USB protocol interface and an SATA protocol interface for data interaction with a first computer device through the USB protocol interface and with a second computer device through the SATA protocol interface. The first configuration module 310 may be configured to perform the step S110, and the detailed implementation of the first configuration module 310 may refer to the detailed description of the step S110.
A second configuration module 320, configured to configure a first data interaction channel between the first computer device and the USB protocol interface, and configure a second data interaction channel between the second computer device and the SATA protocol interface. The second configuration module 320 may be configured to perform the step S120, and the detailed implementation of the second configuration module 320 may refer to the detailed description of the step S120.
A third configuring module 330, configured to configure the interactive area of the first data interaction channel as an encrypted file area, and configure the interactive area of the second data interaction channel as an unencrypted file area. The third configuration module 330 may be configured to perform the step S130, and the detailed implementation of the third configuration module 330 may refer to the detailed description of the step S130.
An encryption isolation module 340, configured to perform encryption isolation on the encrypted file area and the non-encrypted file area according to a pre-configured encryption policy, so that only the first computer device can access the encrypted file in the encrypted file area, and the second computer device cannot access the encrypted file in the encrypted file area. The encryption isolation module 340 may be configured to perform the step S140, and the detailed implementation manner of the encryption isolation module 340 may refer to the detailed description of the step S140.
It should be noted that the division of the modules of the above apparatus is only a logical division, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated. And these modules can be realized in the form of software called by processing element; or may be implemented entirely in hardware; and part of the modules can be realized in the form of calling software by the processing element, and part of the modules can be realized in the form of hardware. For example, the first configuration module 310 may be a separate processing element, or may be integrated into a chip of the apparatus, or may be stored in a memory of the apparatus in the form of program code, and a processing element of the apparatus calls and executes the functions of the first configuration module 310. Other modules are implemented similarly. In addition, all or part of the modules can be integrated together or can be independently realized. The processing element described herein may be an integrated circuit having signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.
For example, the above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), among others. For another example, when some of the above modules are implemented in the form of a processing element scheduler code, the processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor that can call program code. As another example, these modules may be integrated together, implemented in the form of a system-on-a-chip (SOC).
Fig. 4 is a schematic diagram illustrating a hardware structure of the solid state disk encryption chip 100 for implementing the control device, according to an embodiment of the present invention, as shown in fig. 4, the solid state disk encryption chip 100 may include a processor 110, a machine-readable storage medium 120, a bus 130, and a transceiver 140.
In a specific implementation process, at least one processor 110 executes computer-executable instructions stored in the machine-readable storage medium 120 (for example, the solid state disk dual-protocol encryption apparatus 300 shown in fig. 3 includes a first configuration module 310, a second configuration module 320, a third configuration module 330, and an encryption isolation module 340), so that the processor 110 may execute the solid state disk dual-protocol encryption method according to the above method embodiment, where the processor 110, the machine-readable storage medium 120, and the transceiver 140 are connected through the bus 130, and the processor 110 may be configured to control transceiving actions of the transceiver 140, so as to transceive data with the foregoing solid state disk 200.
For a specific implementation process of the processor 110, reference may be made to the above-mentioned method embodiments executed by the solid state disk encryption chip 100, which implement principles and technical effects are similar, and details of this embodiment are not described herein again.
In the embodiment shown in fig. 4, it should be understood that the Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.
The machine-readable storage medium 120 may comprise high-speed RAA memory and may also include non-volatile storage NVA, such as at least one disk memory.
The bus 130 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (Extended Industry Standard Architecture) bus, or the like. The bus 130 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, the buses in the figures of the present application are not limited to only one bus or one type of bus.
In addition, the embodiment of the present invention further provides a readable storage medium, where the readable storage medium stores computer execution instructions, and when a processor executes the computer execution instructions, the above solid state disk dual protocol encryption method is implemented.
The readable storage medium described above may be implemented by any type of volatile or non-volatile storage device or combination thereof, such as static random access memory (SRAA), electrically erasable programmable read only memory (EEPROA), erasable programmable read only memory (EPROA), programmable read only memory (PROA), read only memory (ROA), magnetic storage, flash memory, magnetic or optical disk. Readable storage media can be any available media that can be accessed by a general purpose or special purpose computer.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (8)
1. A solid state disk dual-protocol encryption method is applied to a solid state disk encryption chip, the solid state disk encryption chip is in communication connection with a plurality of solid state disks, and the method comprises the following steps:
aiming at each solid state disk, respectively configuring a USB protocol interface and an SATA protocol interface for the solid state disk, so as to perform data interaction with first computer equipment through the USB protocol interface and perform data interaction with second computer equipment through the SATA protocol interface;
configuring a first data interaction channel between the first computer equipment and the USB protocol interface, and configuring a second data interaction channel between the second computer equipment and the SATA protocol interface;
configuring the interactive area of the first data interaction channel as an encrypted file area, and configuring the interactive area of the second data interaction channel as a non-encrypted file area;
cryptographically isolating the encrypted file region and the non-encrypted file region according to a preconfigured encryption policy such that only the first computer device can access encrypted files in the encrypted file region, while the second computer device cannot access encrypted files in the encrypted file region;
the step of carrying out encryption isolation on the encrypted file area and the non-encrypted file area according to a pre-configured encryption strategy comprises the following steps:
carrying out corresponding encryption node isolation operation on the encrypted file area and the non-encrypted file area through a pre-configured encryption strategy, and acquiring an encryption permission object set from isolated encryption node data, wherein the encryption permission object set comprises a first encryption permission object and a second encryption permission object, and the first encryption permission object and the second encryption permission object are respectively encryption permission objects corresponding to the encrypted file area and the non-encrypted file area;
sequentially analyzing access key features of all encryption rights objects in the encryption rights object set to obtain corresponding access key verification protocol components, determining an access key verification area in the first encryption rights object based on the access key verification protocol components corresponding to the first encryption rights object, extracting a target verification protocol component from the access key verification protocol components corresponding to the first encryption rights object according to a target access key verification area corresponding to the access key verification area, and extracting a first candidate verification protocol component from the access key verification protocol components corresponding to the second encryption rights object, wherein the encryption area corresponding to the first candidate verification protocol component covers the encryption area corresponding to the target verification protocol component;
searching a verification protocol component object matched with the target verification protocol component from the first candidate verification protocol component, and determining a key encryption area corresponding to the access key verification area in the second encryption right object according to the searched verification protocol component object;
and carrying out encryption isolation on the encrypted file area and the non-encrypted file area according to an access key verification area in the first encrypted authority object and a key encryption area corresponding to the access key verification area in the second encrypted authority object.
2. The dual-protocol encryption method for the solid state disk according to claim 1, wherein the step of performing encryption isolation on the encrypted file area and the non-encrypted file area according to the access key verification area in the first encrypted rights object and the key encryption area corresponding to the access key verification area in the second encrypted rights object comprises:
acquiring a target encryption area formed by a common encryption area between an access key verification area in the first encryption right object and a key encryption area corresponding to the access key verification area in the second encryption right object;
establishing an encryption associated bitmap according to an encryption association relation between encryption object nodes in the target encryption region, and determining a bitmap marking bit of each encryption object node in the encryption associated bitmap;
determining an encryption protocol in which each encrypted object node is located according to the bitmap mark bit of each encrypted object node, determining a set formed by the encryption protocols in which each encrypted object node is located as a summary reference fusion encryption protocol, comparing the bitmap mark bits of any two encrypted object nodes in the summary reference fusion encryption protocol, and obtaining a mutual encryption dominant relationship of the encryption protocols in which any two encrypted object nodes are located based on a comparison result;
dividing the summary reference fusion encryption protocol into at least one reference fusion encryption protocol sequence based on the mutual encryption dominant relationship of the encryption protocols in which any two encryption object nodes are positioned, wherein each reference fusion encryption protocol sequence has different fusion number levels;
when a shared encrypted object node exists in the target encrypted region, determining a target bitmap marking bit of the shared encrypted object node in the encryption associated bitmap, comparing the target bitmap marking bit with a bitmap marking bit of an encrypted object node in the at least one reference fusion encrypted protocol sequence, and determining a target reference fusion encrypted protocol sequence corresponding to an encrypted protocol in which the shared encrypted object node is located based on a comparison result;
and encrypting the encrypted file region according to an encryption range included in a target reference fusion encryption protocol sequence corresponding to an encryption protocol in which the shared encrypted object node is positioned so as to encrypt and isolate the encrypted file region and the non-encrypted file region.
3. The dual-protocol encryption method for the solid state disk according to claim 2, wherein the step of establishing the encryption association bitmap according to the encryption association relationship between the encryption object nodes in the target encryption region comprises:
acquiring a reference set formed by encrypted object nodes in the target encryption area;
determining the fusion number level of the encryption protocol of each encryption object node according to the occurrence number of each encryption object node in the reference set;
sorting encryption protocols in which encryption object nodes on different nodes appear in a descending order according to the fusion quantity level;
determining a pointer object of an encryption protocol from an encryption protocol where an encryption object node which is sequenced last to an encryption protocol where an encryption object node which is sequenced first on a first preset appearing node as a first pointer object pointed by a first dimension of the encryption association bitmap;
and determining a pointer object which is crossed with the first pointer object pointed by the first dimension in the forward direction as a second dimension point of the encryption associated bitmap, wherein the first pointer object pointed by the second dimension is a pointer object from an encryption protocol in which an encryption object node which is arranged at the last in sequence on a second preset node is located to an encryption protocol in which an encryption object node which is arranged at the top in sequence is located.
4. The dual-protocol encryption method for the solid state disk according to claim 2, wherein before the comparing the target bitmap flag bit with the bitmap flag bit of the encryption object node in the at least one reference fusion encryption protocol sequence and determining the target reference fusion encryption protocol sequence corresponding to the encryption protocol of the shared encryption object node based on the comparison result, the method further comprises:
judging whether at least one encrypted object node with the same first pointer object magnitude or the same second pointer object magnitude exists in the summary reference fusion encryption protocol;
if at least one encrypted object node with the same first pointer object magnitude or the same second pointer object magnitude exists, taking the at least one encrypted object node with the same first pointer object magnitude or the same second pointer object magnitude as a candidate encrypted object node;
executing a first strategy or a second strategy on the candidate encryption object node to obtain an adjusted bitmap mark bit, wherein the first strategy is to increase a first pointer object magnitude or a second pointer object magnitude of the candidate encryption object node by a preset value corresponding to the candidate encryption object node, and the second strategy is to subtract the preset value corresponding to the candidate encryption object node from the first pointer object magnitude or the second pointer object magnitude of the candidate encryption object node;
correspondingly, the comparing the target bitmap flag bit with the bitmap flag bit of the encryption object node in the at least one reference fusion encryption protocol sequence, and determining the target reference fusion encryption protocol sequence corresponding to the encryption protocol in which the shared encryption object node is located based on the comparison result includes:
and determining the encryption protocol sequence corresponding to the bitmap mark bit matched with the target bitmap mark bit in the adjusted bitmap mark bit as a target reference fusion encryption protocol sequence corresponding to the encryption protocol of the shared encryption object node.
5. The dual-protocol encryption method for the solid state disk according to any one of claims 2 to 4, wherein the step of performing corresponding encryption node isolation operations on the encrypted file region and the unencrypted file region according to the pre-configured encryption policy comprises:
after access verification information corresponding to candidate encryption nodes needing to carry out encryption node isolation on the encrypted file area and the non-encrypted file area is obtained from an encryption simulation thread, key verification rule information matched with the access verification information is determined;
generating corresponding encryption node isolation node information according to the key verification rule information and verification protocol information corresponding to the key verification rule information;
and associating the encrypted node isolation node information to an encryption strategy of a data uploading path of a data crawling flow of the access verification information through an encrypted node isolation control, configuring the encryption strategy according to the encrypted node isolation node information, and performing corresponding encrypted node isolation operation on the encrypted file area and the non-encrypted file area through the encryption strategy.
6. The dual-protocol encryption method for the solid state disk according to claim 5, wherein the step of generating corresponding encrypted node isolation node information according to the key verification rule information and the verification protocol information corresponding to the key verification rule information includes:
determining target verification protocol information in which the sequence of each key verification rule in the key verification rule information is greater than a set sequence according to verification protocol information corresponding to the key verification rule information, and a first verification protocol target and a second verification protocol target which take the target verification protocol information as reference verification protocol information, wherein the simulation data isolation process of the first verification protocol target is not overlapped with the simulation data isolation process of the second verification protocol target, and logical association exists between the simulation data isolation processes;
determining a verification protocol field meeting the first target requirement in the first verification protocol target, and determining first isolated object information corresponding to the first verification protocol target according to a field access element of a multi-stage verification matching field between source data table field information of the verification protocol field meeting the first target requirement and associated preset field verification information; the verification protocol field meeting the first target requirement is a verification protocol field of which the source data table field information is matched with the associated preset field verification information;
determining a verification protocol field meeting the requirement of a second target in the second verification protocol target, and determining second isolated object information corresponding to the second verification protocol target according to a field access element of a multi-stage verification matching field between source data table field information of the verification protocol field meeting the requirement of the second target and associated preset field verification information; the verification protocol field meeting the second target requirement is a verification protocol field of which the source data table field information is matched with the associated preset field verification information;
obtaining a callback isolation simulation parameter of the verification protocol field in each first analog data isolation process according to first isolation object information corresponding to the first verification protocol target, and obtaining a callback isolation simulation parameter of the verification protocol field in each second analog data isolation process according to second isolation object information in the second verification protocol target;
according to callback isolation simulation parameters of each first simulation data isolation process and each second simulation data isolation process, respectively performing simulation isolation indexing on the verification protocol field in each simulation data isolation process to obtain first simulation isolation index information of each first simulation data isolation process and second simulation isolation index information of each second simulation data isolation process;
obtaining corresponding analog isolation index information according to the first analog isolation index information of each first analog data isolation process and the second analog isolation index information of each second analog data isolation process;
and generating corresponding encrypted node isolation node information according to the simulation isolation index information.
7. The utility model provides a solid state hard drives two agreement encryption device which characterized in that is applied to solid state hard drives encryption chip, solid state hard drives encryption chip and a plurality of solid state hard drives communication connection, the device includes:
the first configuration module is used for respectively configuring a USB protocol interface and an SATA protocol interface for each solid state disk, so as to perform data interaction with first computer equipment through the USB protocol interface and perform data interaction with second computer equipment through the SATA protocol interface;
the second configuration module is used for configuring a first data interaction channel between the first computer equipment and the USB protocol interface and configuring a second data interaction channel between the second computer equipment and the SATA protocol interface;
the third configuration module is used for configuring the interaction area of the first data interaction channel into an encrypted file area and configuring the interaction area of the second data interaction channel into a non-encrypted file area;
an encryption isolation module for performing encryption isolation on the encrypted file area and the non-encrypted file area according to a pre-configured encryption policy, so that only the first computer device can access the encrypted file in the encrypted file area, and the second computer device cannot access the encrypted file in the encrypted file area;
the method for carrying out encryption isolation on the encrypted file area and the non-encrypted file area according to a pre-configured encryption strategy comprises the following steps:
carrying out corresponding encryption node isolation operation on the encrypted file area and the non-encrypted file area through a pre-configured encryption strategy, and acquiring an encryption permission object set from isolated encryption node data, wherein the encryption permission object set comprises a first encryption permission object and a second encryption permission object, and the first encryption permission object and the second encryption permission object are respectively encryption permission objects corresponding to the encrypted file area and the non-encrypted file area;
sequentially analyzing access key features of all encryption rights objects in the encryption rights object set to obtain corresponding access key verification protocol components, determining an access key verification area in the first encryption rights object based on the access key verification protocol components corresponding to the first encryption rights object, extracting a target verification protocol component from the access key verification protocol components corresponding to the first encryption rights object according to a target access key verification area corresponding to the access key verification area, and extracting a first candidate verification protocol component from the access key verification protocol components corresponding to the second encryption rights object, wherein the encryption area corresponding to the first candidate verification protocol component covers the encryption area corresponding to the target verification protocol component;
searching a verification protocol component object matched with the target verification protocol component from the first candidate verification protocol component, and determining a key encryption area corresponding to the access key verification area in the second encryption right object according to the searched verification protocol component object;
and carrying out encryption isolation on the encrypted file area and the non-encrypted file area according to an access key verification area in the first encrypted authority object and a key encryption area corresponding to the access key verification area in the second encrypted authority object.
8. A solid state disk encryption chip, characterized in that the solid state disk encryption chip includes a processor, a machine-readable storage medium, and a network interface, the machine-readable storage medium, the network interface, and the processor are connected by a bus system, the network interface is used for being communicatively connected with at least one solid state disk, the machine-readable storage medium is used for storing a program, and the processor is used for executing the program in the machine-readable storage medium to execute the solid state disk dual protocol encryption method according to any one of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010570016.1A CN111539034B (en) | 2020-06-21 | 2020-06-21 | Solid state disk dual-protocol encryption method and device and solid state disk encryption chip |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010570016.1A CN111539034B (en) | 2020-06-21 | 2020-06-21 | Solid state disk dual-protocol encryption method and device and solid state disk encryption chip |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111539034A CN111539034A (en) | 2020-08-14 |
CN111539034B true CN111539034B (en) | 2020-10-23 |
Family
ID=71974573
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010570016.1A Active CN111539034B (en) | 2020-06-21 | 2020-06-21 | Solid state disk dual-protocol encryption method and device and solid state disk encryption chip |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111539034B (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103558994A (en) * | 2013-09-29 | 2014-02-05 | 记忆科技(深圳)有限公司 | Method for encrypting solid state disk partitions and solid state disk |
CN210606634U (en) * | 2019-11-18 | 2020-05-22 | 苏州市英酷莱德信息科技有限公司 | Solid state hard drives of double interface |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1131478C (en) * | 2000-05-13 | 2003-12-17 | 苏毅 | Equipment and method for inventing one hard disk being several independent and isolated subdisks |
US8789146B2 (en) * | 2011-04-14 | 2014-07-22 | Yubico Inc. | Dual interface device for access control and a method therefor |
CN106681945A (en) * | 2016-11-24 | 2017-05-17 | 天津津航计算技术研究所 | Solid state hard disk with multiple protocol interfaces |
CN106843747A (en) * | 2016-11-24 | 2017-06-13 | 天津津航计算技术研究所 | Double nip real-time data sharing solid state hard disc |
CN207164738U (en) * | 2017-09-14 | 2018-03-30 | 苏州恒成芯兴电子技术有限公司 | A kind of solid state hard disc of double nip |
CN109947376B (en) * | 2019-04-04 | 2024-02-09 | 上海威固信息技术股份有限公司 | Multi-protocol interface solid-state storage system based on FPGA |
CN111079170B (en) * | 2019-11-04 | 2021-11-23 | 湖南源科创新科技有限公司 | Control method and control device of solid state disk |
-
2020
- 2020-06-21 CN CN202010570016.1A patent/CN111539034B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103558994A (en) * | 2013-09-29 | 2014-02-05 | 记忆科技(深圳)有限公司 | Method for encrypting solid state disk partitions and solid state disk |
CN210606634U (en) * | 2019-11-18 | 2020-05-22 | 苏州市英酷莱德信息科技有限公司 | Solid state hard drives of double interface |
Also Published As
Publication number | Publication date |
---|---|
CN111539034A (en) | 2020-08-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11170128B2 (en) | Information security using blockchains | |
US11693962B2 (en) | Malware clustering based on function call graph similarity | |
US20190114428A1 (en) | Secure system on chip | |
CN108628743B (en) | Application program testing method, device, equipment and storage medium | |
US10261854B2 (en) | Memory integrity violation analysis method and apparatus | |
US10235234B2 (en) | Method and apparatus for determining failure similarity in computing device | |
US11658978B2 (en) | Authentication using blockchains | |
US11586735B2 (en) | Malware clustering based on analysis of execution-behavior reports | |
US20210089684A1 (en) | Controlled access to data stored in a secure partition | |
CN112165455A (en) | Data access control method and device, computer equipment and storage medium | |
US20230297725A1 (en) | Technologies for filtering memory access transactions received from one or more i/o devices | |
US20200234794A1 (en) | Improved computing device | |
US20130283059A1 (en) | Data masking | |
US20220188422A1 (en) | Method and secure boot control circuit for controlling secure boot of electronic device and method for controlling enrollment of electronic device | |
WO2022256128A1 (en) | Firmware policy enforcement via a security processor | |
CN114638005A (en) | Data processing method, device and system based on block chain and storage medium | |
CN111708920B (en) | Internet big data processing method based on artificial intelligence and intelligent cloud service platform | |
CN111539034B (en) | Solid state disk dual-protocol encryption method and device and solid state disk encryption chip | |
CN111221690B (en) | Model determination method and device for integrated circuit design and terminal | |
CN115510486A (en) | File processing method, system, electronic device, storage medium and chip | |
CN113094696A (en) | Password cracking effect evaluation method and device, electronic equipment and storage medium | |
CN114579337A (en) | Method and system for generating core dump in user equipment | |
CN112866396A (en) | Data processing method, system and platform based on cloud computing and block chain service | |
KR102618922B1 (en) | Apparatus and method for Preventing SW reverse engineering of embedded system | |
CN114095236B (en) | Key searching method, device, computing equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |