CN112270013B - PCIE-based pluggable encryption storage device - Google Patents

Abstract

The invention discloses a pluggable encryption storage device based on PCIE, which relates to the technical field of information security and comprises a PCIE interface circuit, a PCIE bus data processing unit and an encryption storage device; the user sends the file and the storage information to the data transmission module through the intelligent terminal, the data transmission module analyzes the file according to the storage information to obtain a transmission priority list of the file, and the cloud server transmits the file according to the fed-back sequence position, so that the file transmission is layered and orderly, and the file transmission efficiency is improved; the data encryption module encrypts the file after receiving the file to obtain an encrypted ciphertext, so that the security of file storage is improved; the linkage analysis module is used for carrying out linkage analysis on the storage disks to obtain linkage values of the storage disks, and the intelligent distribution module distributes corresponding target storage disks for storage in combination with the linkage values of the storage disks after receiving the encrypted ciphertext to reduce storage pressure.

Description

PCIE-based pluggable encryption storage device

Technical Field

The invention relates to the technical field of information security, in particular to a pluggable encryption storage device based on PCIE.

Background

At present, applications based on the field of secure and trusted authentication are mainly divided into two aspects, and the first aspect is to perform security-based protection on data or a system from the perspective of information security. And the second is authentication and protection based on authorization and copyright. From the current product form and the current practical application situation, most of the current safety certification products are completed through the connection mode between the external USB device and the host device.

The document of the publication number CN206505415U discloses a PCIE-based encryption authentication apparatus, including: the PCIE interface circuit is used for physically connecting the encryption authentication device with a PCIE port of the PC mainboard and realizing impedance matching of signals; the PCIE bus data processing unit is used for mounting the encryption authentication device on the PCIE bus and realizing data transmission between the encryption authentication device and the PC on the PCIE bus; an external program storage unit, configured to store an execution program of the PCIE bus data processing unit; the asymmetric operation processing unit is used for realizing encryption and decryption or credible authentication of data in cooperation with the PC end; and the power management unit is used for receiving the power voltage acquired by the PCIE interface circuit and converting the power voltage into working voltage required by each unit in the encryption authentication device. Utilize this utility model the encryption authentication device can realize the isolation with the USB port of PC extension, and then guaranteed the stability and the real-time of encrypting the authentication process.

However, the encryption authentication device has the problems that the file cannot be encrypted to obtain the encrypted ciphertext, the file storage safety is improved, and the storage disks are reasonably distributed.

Disclosure of Invention

Aiming at the defects in the prior art, the invention aims to provide a pluggable encryption storage device based on PCIE. The invention can encrypt the file to obtain the encrypted ciphertext, improve the security of file storage, reasonably distribute the storage disk for storage and reduce the storage pressure.

The purpose of the invention can be realized by the following technical scheme:

a pluggable encryption storage device based on PCIE comprises a PCIE interface circuit, a PCIE bus data processing unit and an encryption storage device;

the PCIE interface circuit is used for physically connecting the encryption storage device with a PCIE port of a PC mainboard and realizing impedance matching of signals;

the PCIE bus data processing unit is used for loading the encryption storage device on the PCIE bus and realizing data transmission with the PC on the PCIE bus;

the encryption storage device comprises a data transmission module, a data encryption module, an intelligent distribution module, a storage module and a linkage analysis module; the encryption storage device is in communication connection with the cloud server;

the method comprises the steps that a user sends files and storage information to a data transmission module through an intelligent terminal, the data transmission module analyzes the files according to the storage information, a transmission priority table of the files is obtained, and sequence positions of the files in the transmission priority table are fed back to a cloud server; the cloud server transmits the file according to the fed sequence position; the cloud server is used for transmitting the file to the data encryption module; the file comprises text, video and pictures;

the data encryption module encrypts the file after receiving the file to obtain an encrypted ciphertext and sends the encrypted ciphertext to the intelligent distribution module; the linkage analysis module is used for carrying out linkage analysis on the storage disk, acquiring a linkage value of the storage disk and sending the linkage value of the storage disk to the intelligent distribution module;

the intelligent distribution module distributes a corresponding target storage disk for storage by combining the linkage value of the storage disk after receiving the encrypted ciphertext, and the data encryption module is in communication connection with the target storage disk and sends the encrypted ciphertext to the target storage disk for storage; and meanwhile, the total storage times of the target storage disk are increased once, and the storage module consists of a plurality of storage disks and is used for storing the encrypted ciphertext.

Further, the specific working steps of the data transmission module are as follows:

s1: acquiring storage information of a file, wherein the storage information comprises storage starting time, storage grade, file size, access times, access starting time and access ending time in each access;

s2: calculating the time difference between the storage starting time and the current time of the system to obtain the storage duration of the file, and marking the storage duration as C1;

setting all storage levels to correspond to a grade value, matching the storage levels of the files with all the storage levels to obtain corresponding grade values, and marking the grade values as R1; marking the file size as D1;

s3: acquiring the access frequency of files within forty-five days before the current time of the system, marking the access frequency as the access frequency, and marking the access frequency as P1;

calculating the time difference between the access starting time and the access ending time of each access to obtain the single access duration of the file; summing the single access time length to obtain the total access time length, and marking the total access time length as P2;

sequencing the access starting time of the files according to time, acquiring the access starting time of the last access of the files and marking as Z1;

calculating the time difference between the access starting time of the last access of the file and the current time of the system to obtain a buffer time length and marking the buffer time length as Z2;

obtaining an access attraction value FW of the obtained file by using a formula FW = P1 × A1+ P2 × A2+1/Z2 × A3, wherein A1, A2 and A3 are all preset coefficients;

s4: carrying out normalization processing on the storage time length, the grade value, the file size and the access attraction value and taking the numerical values of the storage time length, the grade value, the file size and the access attraction value; obtaining a transmission value FS of the obtained file by using a formula CS = C1 × A4+ R1 × A5+ D1 × A6+ FW × A7, wherein A4, A5, A6 and A7 are all preset coefficients;

s5: and arranging the files in a descending order according to the size of the transmission value FS to generate a transmission priority list of the files.

Further, the specific working steps of encrypting the file to obtain the encrypted ciphertext by the data encryption module are as follows:

the method comprises the following steps: intercepting a timestamp of a received file, acquiring the timestamp according to a month-day time division format, and correspondingly marking the number of each digit of the month-day time division as X1-X8; obtaining a time-digital group Xi, i = 1.., 8;

s11: acquiring a time digital group Xi; processing the time digital group according to a formula to obtain a transfer value Tx; the specific calculation formula is as follows: tx = X1+ X2+ X3+ X4+ X5+ X6+ X7+ X8;

s12: performing numerical analysis on Tx;

when Tx mod 5=0, mark the selected value as Zx = 5; otherwise, let Zx = Tx mod 5; where Zx = Tx mod 5 denotes "integer Tx divided by integer 5, resulting in remainder Zx";

step two: the data encryption module sends an acquisition instruction to an intelligent terminal of a user, and the user sends a character standard book to the data encryption module through the intelligent terminal; the character standard book consists of characters and numerical values, and each character corresponds to a unique numerical value;

step three: when the file is a text, identifying characters in the text, matching the identified characters with a character standard book to obtain numerical values corresponding to the characters, and converting the characters in the text into the numerical values according to a sequence to obtain a converted numerical book; the conversion method comprises the following steps:

s31: labeling the value of the converted number as Qi, wherein i represents the ith value in the converted number;

s32: obtaining a conversion value QZi by using a formula QZi = Qi + Zx, wherein Qi corresponds to QZi one to one;

s33: matching the converted numerical value QZi with a character standard book to obtain a character corresponding to the converted numerical value, sequentially converting the converted numerical value QZi of the converted numerical book into the character and fusing the time stamp of the previously received file to obtain an encrypted ciphertext;

step four: when the file is a video, dividing the video into a plurality of frame pictures according to the sequence; when the file is a picture, obtaining a picture group; numbering each frame picture in sequence, wherein the numbering is marked as m, m =1, …, n; converting the serial numbers;

s41: obtaining a conversion number g by enabling g = n-m-Zx; wherein m takes the value of 1, …, n-Zx-1; exchanging the picture corresponding to the number m with the picture corresponding to the corresponding conversion number g to obtain a new picture group;

s42: amplifying the picture by a plurality of times to form a pixel grid picture, establishing a planar rectangular coordinate system for the pixel grid picture, and acquiring coordinates of each pixel grid in the pixel grid picture, wherein the coordinates comprise horizontal coordinates and vertical coordinates; converting the coordinates;

s43: marking the coordinates of the pixel grid as (Xc, Yc), wherein Xc is more than or equal to 0 and less than or equal to j, and Yc is more than or equal to 0 and less than or equal to k;

obtaining a conversion coordinate (Xb, Yb) by using a formula Xb = j-Xc-Zx and Yb = k-Yc-Zx, wherein the value of Xc is 1, …, j-Zx-1; yc takes the value of 1, …, k-Zx-1;

and (3) interchanging the pixel grids corresponding to the conversion coordinates (Xb, Yb) corresponding to the pixel grids corresponding to the coordinates (Xc, Yc), fusing the timestamps of the received files to obtain an encrypted pixel grid picture, and forming an encrypted ciphertext by all the encrypted pixel grid pictures converted by the picture group.

Further, the specific allocation steps of the intelligent allocation module are as follows:

v1: acquiring the positions of all storage disks, calculating the distance difference between the positions of the storage disks and the position of a data encryption module to obtain a transmission distance, and marking the storage disks with the transmission distance smaller than a set distance threshold as primary selection disks;

v2: the intelligent distribution module sends a memory acquisition instruction to the primary selection disk, acquires the residual memory of the primary selection disk, and marks the primary selection disk with the residual memory larger than a set residual threshold value as a preferred disk;

v3: acquiring the total storage times of the optimal disks and marking the times as ZCs; acquiring a linkage value of a preferred disk and marking the linkage value as LC;

v4: acquiring retrieval records of encrypted ciphertexts stored in an optimal disk thirty days before the current time of the system; the retrieval record comprises a storage disk, an encrypted ciphertext and retrieval time;

marking the number of times of the same preferred disk as the disk frequency CW1 according to the storage disk;

marking the read time of the same preferred disk as the total disk time CW2 according to the storage disks;

obtaining a recall value WE of a preferred disk by using a formula WE = CW1 × a1+ CW2 × a 2;

v5: marking the transmission distance of the preferred disk as L1, and marking the residual memory of the preferred disk as L2;

obtaining a distribution value FD of a preferred disk by using a formula FD =1/L1 × a3+ L2 × a4+ ZC × a5+ LC × a6+ WE × a7, wherein a3, a4, a5, a6 and a7 are all preset coefficients;

v6: the preferred disk with the largest allocation value FD is marked as the target storage disk.

Further, the specific analysis steps of the linkage analysis module are as follows:

VV 1: marking the storage disk as Pm, and sending a linkage request signal to the storage disk Pm by a linkage analysis module; marking the time when the linkage request signal is sent as T1m, and marking the time when the storage disk receives the linkage request signal as T2 m; obtaining the response time length T3m of the storage disk by using a formula T3m = T2m-T1 m;

VV 2: after receiving the linkage request signal, the storage disk sends the linkage request signal to the cloud server, the time when the storage disk sends the linkage request signal is marked as T4m, and the time when the cloud server receives the linkage request signal is marked as T5 m; obtaining the buffer duration T6m of the storage disk by using a formula T6m = T4m-T2 m; obtaining linkage duration T7m of the storage disk by using a formula T7m = T5m-T4 m;

VV 3: when the cloud server receives the linkage request signal, acquiring the real-time network access speed at the moment and marking the real-time network access speed as FG;

VV 4: acquiring an linkage value LC of the storage disk by using a formula LC =1/T3m × b1+1/T6m × b2+1/T7m × b3+ FG × b4, wherein b1, b2, b3 and b4 are all preset coefficients;

VV 5: and the linkage analysis module is used for sending the linkage value LC of the storage disk to the cloud server for storage.

The invention has the beneficial effects that:

1. the data transmission module analyzes the file according to the storage information, acquires a transmission value FS of the file by combining the storage time, the grade value, the file size and the access attraction value, performs descending order arrangement on the file according to the size of the transmission value FS to generate a transmission priority table of the file, and feeds back the sequence position of the file in the transmission priority table to the cloud server; the cloud server transmits the file according to the fed-back sequence position, so that the file transmission is more hierarchical and orderly, and the file transmission efficiency is improved;

2. in the invention, a data encryption module encrypts a file after receiving the file to obtain an encrypted ciphertext; intercepting a timestamp of a received file to obtain a time digital group Xi; obtaining a selected median value Zx through correlation processing; when the file is a text, identifying characters in the text, and matching the identified characters with a character standard book to obtain numerical values corresponding to the characters to form a conversion number book; converting the converted digital book and fusing the timestamp of the received file to obtain an encrypted ciphertext; when the file is a video, dividing the video into a plurality of frame pictures according to the sequence; when the file is a picture, obtaining a picture group; numbering each frame of picture in sequence, marking the number as m, and converting the number; exchanging the picture corresponding to the number m with the picture corresponding to the corresponding conversion number g to obtain a new picture group; amplifying the picture by a plurality of times to form a pixel grid picture, establishing a planar rectangular coordinate system for the pixel grid picture, acquiring the coordinate of each pixel grid in the pixel grid picture, and converting the coordinate; the pixel grids corresponding to the coordinates (Xc, Yc) are exchanged, the time stamps of the received files are fused to obtain encrypted pixel grid pictures, and all the encrypted pixel grid pictures converted by the picture group form an encrypted ciphertext, so that the safety of file storage is improved;

3. according to the invention, the intelligent distribution module distributes the corresponding target storage disk for the encrypted ciphertext after receiving the encrypted ciphertext, obtains the optimized disk by combining the transmission distance of the storage disk and the residual memory, obtains the distribution value of the optimized disk by combining the total storage times, the linkage value and the retrieval value of the optimized disk, marks the optimized disk with the maximum distribution value as the target storage disk, and can reasonably distribute the corresponding target storage disk according to the distribution value for storage, thereby reducing the storage pressure.

Drawings

In order to facilitate understanding for those skilled in the art, the present invention will be further described with reference to the accompanying drawings.

FIG. 1 is a schematic structural diagram of the present invention.

FIG. 2 is a system block diagram of an encrypted storage device according to the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

As shown in fig. 1-2, a PCIE-based pluggable encryption storage apparatus includes a PCIE interface circuit, a PCIE bus data processing unit, and an encryption storage apparatus;

the PCIE interface circuit is used for physically connecting the encryption storage device with a PCIE port of the PC mainboard and realizing impedance matching of signals;

the PCIE bus data processing unit is used for loading the encryption storage device on the PCIE bus and realizing data transmission between the encryption storage device and the PC on the PCIE bus;

the encryption storage device comprises a data transmission module, a data encryption module, an intelligent distribution module, a storage module and a linkage analysis module; the encryption storage device is in communication connection with the cloud server;

the method comprises the steps that a user sends files and storage information to a data transmission module through an intelligent terminal, the data transmission module analyzes the files according to the storage information, a transmission priority table of the files is obtained, and sequence positions of the files in the transmission priority table are fed back to a cloud server; the cloud server transmits the file according to the fed sequence position; the cloud server is used for transmitting the file to the data encryption module; the file comprises text, video and pictures;

the data transmission module comprises the following specific working steps:

s1: acquiring storage information of a file, wherein the storage information comprises storage starting time, storage grade, file size, access times, access starting time and access ending time in each access;

s2: calculating the time difference between the storage starting time and the current time of the system to obtain the storage duration of the file, and marking the storage duration as C1;

setting all storage levels to correspond to a grade value, matching the storage levels of the files with all the storage levels to obtain corresponding grade values, and marking the grade values as R1;

marking the file size as D1;

s3: acquiring the access frequency of files within forty-five days before the current time of the system, marking the access frequency as the access frequency, and marking the access frequency as P1;

calculating the time difference between the access starting time and the access ending time of each access to obtain the single access duration of the file; summing the single access time length to obtain the total access time length, and marking the total access time length as P2;

sequencing the access starting time of the files according to time, acquiring the access starting time of the last access of the files and marking as Z1;

calculating the time difference between the access starting time of the last access of the file and the current time of the system to obtain a buffer time length and marking the buffer time length as Z2;

obtaining an access attraction value FW of the obtained file by using a formula FW = P1 × A1+ P2 × A2+1/Z2 × A3, wherein A1, A2 and A3 are all preset coefficients; for example, a1 takes a value of 0.25, a2 takes a value of 0.56, and A3 takes a value of 0.48;

s4: carrying out normalization processing on the storage time length, the grade value, the file size and the access attraction value and taking the numerical values of the storage time length, the grade value, the file size and the access attraction value;

obtaining a transmission value FS of the obtained file by using a formula CS = C1 × A4+ R1 × A5+ D1 × A6+ FW × A7, wherein A4, A5, A6 and A7 are all preset coefficients; for example, a4 takes a value of 0.19, a5 takes a value of 0.26, a6 takes a value of 0.44, and a7 takes a value of 0.38;

s5: the files are arranged in a descending order according to the size of a transmission value FS to generate a transmission priority list of the files;

the data encryption module encrypts the file after receiving the file to obtain an encrypted ciphertext and sends the encrypted ciphertext to the intelligent distribution module; the intelligent distribution module distributes a corresponding target storage disk for the encrypted ciphertext after receiving the encrypted ciphertext, and the data encryption module is in communication connection with the target storage disk and sends the encrypted ciphertext to the target storage disk for storage; meanwhile, the total storage times of the target storage disk are increased once, and the storage module consists of a plurality of storage disks and is used for storing the encrypted ciphertext;

the specific working steps of encrypting the file by the data encryption module to obtain the encrypted ciphertext are as follows:

the method comprises the following steps: intercepting a timestamp of a received file, acquiring the timestamp according to a month-day time division format, and correspondingly marking the number of each digit of the month-day time division as X1-X8; obtaining a time-digital group Xi, i = 1.., 8;

s11: acquiring a time digital group Xi; processing the time digital group according to a formula to obtain a transfer value Tx; the specific calculation formula is as follows: tx = X1+ X2+ X3+ X4+ X5+ X6+ X7+ X8;

s12: performing numerical analysis on Tx;

when Tx mod 5=0, mark the selected value as Zx = 5; otherwise, let Zx = Tx mod 5; where Zx = Tx mod 5 denotes "integer Tx divided by integer 5, resulting in remainder Zx";

step two: the data encryption module sends an acquisition instruction to an intelligent terminal of a user, and the user sends a character standard book to the data encryption module through the intelligent terminal; the character standard book consists of characters and numerical values, and each character corresponds to a unique numerical value;

step three: when the file is a text, identifying characters in the text, matching the identified characters with a character standard book to obtain numerical values corresponding to the characters, and converting the characters in the text into the numerical values according to a sequence to obtain a converted numerical book; the conversion method comprises the following steps:

s31: labeling the value of the converted number as Qi, wherein i represents the ith value in the converted number;

s32: obtaining a conversion value QZi by using a formula QZi = Qi + Zx, wherein Qi corresponds to QZi one to one;

s33: matching the converted numerical value QZi with a character standard book to obtain a character corresponding to the converted numerical value, sequentially converting the converted numerical value QZi of the converted numerical book into the character and fusing the time stamp of the previously received file to obtain an encrypted ciphertext;

step four: when the file is a video, dividing the video into a plurality of frame pictures according to the sequence; when the file is a picture, obtaining a picture group; numbering each frame picture in sequence, wherein the numbering is marked as m, m =1, …, n; converting the serial numbers;

s41: obtaining a conversion number g by enabling g = n-m-Zx; wherein m takes the value of 1, …, n-Zx-1; exchanging the picture corresponding to the number m with the picture corresponding to the corresponding conversion number g to obtain a new picture group;

s42: amplifying the picture by a plurality of times to form a pixel grid picture, establishing a planar rectangular coordinate system for the pixel grid picture, and acquiring coordinates of each pixel grid in the pixel grid picture, wherein the coordinates comprise horizontal coordinates and vertical coordinates; converting the coordinates;

s43: marking the coordinates of the pixel grid as (Xc, Yc), wherein Xc is more than or equal to 0 and less than or equal to j, and Yc is more than or equal to 0 and less than or equal to k;

obtaining a conversion coordinate (Xb, Yb) by using a formula Xb = j-Xc-Zx and Yb = k-Yc-Zx, wherein the value of Xc is 1, …, j-Zx-1; yc takes the value of 1, …, k-Zx-1;

interchanging pixel grids corresponding to the conversion coordinates (Xb, Yb) corresponding to the pixel grids corresponding to the coordinates (Xc, Yc), fusing a timestamp of a received file to obtain an encrypted pixel grid picture, and forming an encrypted ciphertext by all encrypted pixel grid pictures converted by the picture group;

the specific distribution steps of the intelligent distribution module are as follows:

v1: acquiring the positions of all storage disks, calculating the distance difference between the positions of the storage disks and the position of a data encryption module to obtain a transmission distance, and marking the storage disks with the transmission distance smaller than a set distance threshold as primary selection disks;

v2: the intelligent distribution module sends a memory acquisition instruction to the primary selection disk, acquires the residual memory of the primary selection disk, and marks the primary selection disk with the residual memory larger than a set residual threshold value as a preferred disk;

v3: acquiring the total storage times of the optimal disks and marking the times as ZCs; acquiring a linkage value of a preferred disk and marking the linkage value as LC;

v4: acquiring retrieval records of encrypted ciphertexts stored in an optimal disk thirty days before the current time of the system; the retrieval record comprises a storage disk, an encrypted ciphertext and retrieval time;

marking the number of times of the same preferred disk as the disk frequency CW1 according to the storage disk;

marking the read time of the same preferred disk as the total disk time CW2 according to the storage disks;

obtaining a tuning value WE of the preferred disk by using a formula WE = CW1 × a1+ CW2 × a2, wherein a1 and a2 are preset coefficients, for example, a1 takes a value of 0.59, and a1 takes a value of 0.61;

v5: marking the transmission distance of the preferred disk as L1, and marking the residual memory of the preferred disk as L2;

obtaining a distribution value FD of a preferable disk by using a formula FD =1/L1 × a3+ L2 × a4+ ZC × a5+ LC × a6+ WE × a7, wherein a3, a4, a5, a6 and a7 are all preset coefficients, for example, a3 takes 0.14, a4 takes 0.56, a5 takes 0.34, a6 takes 0.26, and a7 takes 0.58;

v6: marking the preferred disk with the maximum allocation value FD as a target storage disk;

the linkage analysis module is used for carrying out linkage analysis on the storage disk to obtain a linkage value of the storage disk, and the specific analysis steps are as follows:

VV 1: marking the storage disk as Pm, and sending a linkage request signal to the storage disk Pm by a linkage analysis module; marking the time when the linkage request signal is sent as T1m, and marking the time when the storage disk receives the linkage request signal as T2 m; obtaining the response time length T3m of the storage disk by using a formula T3m = T2m-T1 m;

VV 2: after receiving the linkage request signal, the storage disk sends the linkage request signal to the cloud server, the time when the storage disk sends the linkage request signal is marked as T4m, and the time when the cloud server receives the linkage request signal is marked as T5 m; obtaining the buffer duration T6m of the storage disk by using a formula T6m = T4m-T2 m; obtaining linkage duration T7m of the storage disk by using a formula T7m = T5m-T4 m;

VV 3: when the cloud server receives the linkage request signal, acquiring the real-time network access speed at the moment and marking the real-time network access speed as FG;

VV 4: obtaining an linkage value LC of the storage disk by using a formula LC =1/T3m × b1+1/T6m × b2+1/T7m × b3+ FG × b4, wherein b1, b2, b3 and b4 are all preset coefficients, for example, b1 takes a value of 0.11, b2 takes a value of 0.21, b3 takes a value of 0.84, and b4 takes a value of 0.65;

VV 5: and the linkage analysis module is used for sending the linkage value LC of the storage disk to the cloud server for storage.

The above formulas are all obtained by collecting a large amount of data to perform software simulation and performing parameter setting processing by corresponding experts, and the formulas are in accordance with real results.

The working principle of the invention is as follows:

when the pluggable encryption storage device based on the PCIE works, the PCIE interface circuit is used for physically connecting the encryption storage device with a PCIE port of a PC mainboard and realizing impedance matching of signals; the PCIE bus data processing unit loads the encryption storage device on the PCIE bus and realizes data transmission with the PC on the PCIE bus; a user sends a file and storage information to a data transmission module through an intelligent terminal, the data transmission module analyzes the file according to the storage information, obtains a transmission value FS of the file by combining a storage time length, a grade value, a file size and an access attraction value, performs descending arrangement on the file according to the size of the transmission value FS to generate a transmission priority table of the file, and feeds back the sequence position of the file in the transmission priority table to a cloud server; the cloud server transmits the file according to the fed-back sequence position, so that the file transmission is more hierarchical and orderly, and the file transmission efficiency is improved;

the data encryption module encrypts the file after receiving the file to obtain an encrypted ciphertext; intercepting a timestamp of a received file to obtain a time digital group Xi; processing the time digital group according to a formula to obtain a transfer value Tx and performing numerical analysis on the Tx; obtaining a selected median value Zx; when the file is a text, identifying characters in the text, matching the identified characters with a character standard book to obtain numerical values corresponding to the characters, and converting the characters in the text into the numerical values according to a sequence to obtain a converted numerical book; converting the converted numerical notebook, marking the numerical value of the converted numerical notebook as Qi, obtaining a converted numerical value QZi by using a formula QZi = Qi + Zx, matching the converted numerical value QZi with a character standard notebook to obtain a character corresponding to the converted numerical value, converting the converted numerical value QZi of the converted numerical notebook into the character according to a sequence and fusing a timestamp of a received file before to obtain an encrypted ciphertext; when the file is a video, dividing the video into a plurality of frame pictures according to the sequence; when the file is a picture, obtaining a picture group; numbering each frame of picture in sequence, marking the number as m, and converting the number; obtaining a conversion number g by enabling g = n-m-Zx; exchanging the picture corresponding to the number m with the picture corresponding to the corresponding conversion number g to obtain a new picture group; amplifying the picture by a plurality of times to form a pixel grid picture, establishing a planar rectangular coordinate system for the pixel grid picture, acquiring the coordinate of each pixel grid in the pixel grid picture, and converting the coordinate; the pixel grids corresponding to the coordinates (Xc, Yc) are exchanged, the time stamps of the received files are fused to obtain encrypted pixel grid pictures, and all the encrypted pixel grid pictures converted by the picture group form an encrypted ciphertext, so that the safety of file storage is improved;

the intelligent distribution module distributes the corresponding target storage disk for the encrypted ciphertext after receiving the encrypted ciphertext, obtains the optimized disk by combining the transmission distance of the storage disk and the residual memory, obtains the distribution value of the optimized disk by combining the total storage times, the linkage value and the retrieval value of the optimized disk, marks the optimized disk with the maximum distribution value as the target storage disk, and can reasonably distribute the corresponding target storage disk according to the distribution value to store and reduce the storage pressure.

The preferred embodiments of the invention disclosed above are intended to be illustrative only. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise forms disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best utilize the invention. The invention is limited only by the claims and their full scope and equivalents.

Claims (1)

1. A pluggable encryption storage device based on PCIE is characterized by comprising a PCIE interface circuit, a PCIE bus data processing unit and an encryption storage device;

the PCIE interface circuit is used for physically connecting the encryption storage device with a PCIE port of a PC mainboard and realizing impedance matching of signals;

the PCIE bus data processing unit is used for loading the encryption storage device on the PCIE bus and realizing data transmission with the PC on the PCIE bus;

the encryption storage device comprises a data transmission module, a data encryption module, an intelligent distribution module, a storage module and a linkage analysis module; the encryption storage device is in communication connection with the cloud server;

the method comprises the steps that a user sends files and storage information to a data transmission module through an intelligent terminal, the data transmission module analyzes the files according to the storage information, a transmission priority table of the files is obtained, and sequence positions of the files in the transmission priority table are fed back to a cloud server; the cloud server transmits the file according to the fed sequence position; the cloud server is used for transmitting the file to the data encryption module; the file comprises text, video and pictures;

the data encryption module encrypts the file after receiving the file to obtain an encrypted ciphertext and sends the encrypted ciphertext to the intelligent distribution module; the linkage analysis module is used for carrying out linkage analysis on the storage disk, acquiring a linkage value of the storage disk and sending the linkage value of the storage disk to the intelligent distribution module;

the intelligent distribution module distributes a corresponding target storage disk for storage by combining the linkage value of the storage disk after receiving the encrypted ciphertext, and the data encryption module is in communication connection with the target storage disk and sends the encrypted ciphertext to the target storage disk for storage; meanwhile, the total storage times of the target storage disk are increased once, and the storage module consists of a plurality of storage disks and is used for storing the encrypted ciphertext;

the data transmission module comprises the following specific working steps:

s1: acquiring storage information of a file, wherein the storage information comprises storage starting time, storage grade, file size, access times, access starting time and access ending time in each access;

s2: calculating the time difference between the storage starting time and the current time of the system to obtain the storage duration of the file, and marking the storage duration as C1;

setting all storage levels to correspond to a grade value, matching the storage levels of the files with all the storage levels to obtain corresponding grade values, and marking the grade values as R1; marking the file size as D1;

s3: acquiring the access frequency of files within forty-five days before the current time of the system, marking the access frequency as the access frequency, and marking the access frequency as P1;

calculating the time difference between the access starting time and the access ending time of each access to obtain the single access duration of the file; summing the single access time length to obtain the total access time length, and marking the total access time length as P2;

sequencing the access starting time of the files according to time, acquiring the access starting time of the last access of the files and marking as Z1;

calculating the time difference between the access starting time of the last access of the file and the current time of the system to obtain a buffer time length and marking the buffer time length as Z2;

obtaining an access attraction value FW of the obtained file by using a formula FW = P1 × A1+ P2 × A2+1/Z2 × A3, wherein A1, A2 and A3 are all preset coefficients;

s4: carrying out normalization processing on the storage time length, the grade value, the file size and the access attraction value and taking the numerical values of the storage time length, the grade value, the file size and the access attraction value; obtaining a transmission value FS of the obtained file by using a formula CS = C1 × A4+ R1 × A5+ D1 × A6+ FW × A7, wherein A4, A5, A6 and A7 are all preset coefficients;

s5: the files are arranged in a descending order according to the size of a transmission value FS to generate a transmission priority list of the files;

the specific working steps of encrypting the file by the data encryption module to obtain the encrypted ciphertext are as follows:

the method comprises the following steps: intercepting a timestamp of a received file, acquiring the timestamp according to a month-day time division format, and correspondingly marking the number of each digit of the month-day time division as X1-X8; obtaining a time-digital group Xi, i = 1.., 8;

s11: acquiring a time digital group Xi; processing the time digital group according to a formula to obtain a transfer value Tx; the specific calculation formula is as follows: tx = X1+ X2+ X3+ X4+ X5+ X6+ X7+ X8;

s12: performing numerical analysis on Tx;

when Tx mod 5=0, mark the selected value as Zx = 5; otherwise, let Zx = Tx mod 5;

step two: the data encryption module sends an acquisition instruction to an intelligent terminal of a user, and the user sends a character standard book to the data encryption module through the intelligent terminal; the character standard book consists of characters and numerical values, and each character corresponds to a unique numerical value;

step three: when the file is a text, identifying characters in the text, matching the identified characters with a character standard book to obtain numerical values corresponding to the characters, and converting the characters in the text into the numerical values according to a sequence to obtain a converted numerical book; the conversion method comprises the following steps:

s31: labeling the value of the converted number as Qi, wherein i represents the ith value in the converted number;

s32: obtaining a conversion value QZi by using a formula QZi = Qi + Zx, wherein Qi corresponds to QZi one to one;

s33: matching the converted numerical value QZi with a character standard book to obtain a character corresponding to the converted numerical value, sequentially converting the converted numerical value QZi of the converted numerical book into the character and fusing the time stamp of the previously received file to obtain an encrypted ciphertext;

step four: when the file is a video, dividing the video into a plurality of frame pictures according to the sequence; when the file is a picture, obtaining a picture group; numbering each frame picture in sequence, wherein the numbering is marked as m, m =1, …, n; converting the serial numbers;

s41: obtaining a conversion number g by enabling g = n-m-Zx; wherein m takes the value of 1, …, n-Zx-1; exchanging the picture corresponding to the number m with the picture corresponding to the corresponding conversion number g to obtain a new picture group;

s42: amplifying the picture by a plurality of times to form a pixel grid picture, establishing a planar rectangular coordinate system for the pixel grid picture, and acquiring coordinates of each pixel grid in the pixel grid picture, wherein the coordinates comprise horizontal coordinates and vertical coordinates; converting the coordinates;

s43: marking the coordinates of the pixel grid as (Xc, Yc), wherein Xc is more than or equal to 0 and less than or equal to j, and Yc is more than or equal to 0 and less than or equal to k;

obtaining a conversion coordinate (Xb, Yb) by using a formula Xb = j-Xc-Zx and Yb = k-Yc-Zx, wherein the value of Xc is 1, …, j-Zx-1; yc takes the value of 1, …, k-Zx-1;

interchanging pixel grids corresponding to the conversion coordinates (Xb, Yb) corresponding to the pixel grids corresponding to the coordinates (Xc, Yc), fusing a timestamp of a received file to obtain an encrypted pixel grid picture, and forming an encrypted ciphertext by all encrypted pixel grid pictures converted by the picture group;

the specific distribution steps of the intelligent distribution module are as follows:

v1: acquiring the positions of all storage disks, calculating the distance difference between the positions of the storage disks and the position of a data encryption module to obtain a transmission distance, and marking the storage disks with the transmission distance smaller than a set distance threshold as primary selection disks;

v2: the intelligent distribution module sends a memory acquisition instruction to the primary selection disk, acquires the residual memory of the primary selection disk, and marks the primary selection disk with the residual memory larger than a set residual threshold value as a preferred disk;

v3: acquiring the total storage times of the optimal disks and marking the times as ZCs; acquiring a linkage value of a preferred disk and marking the linkage value as LC;

v4: acquiring retrieval records of encrypted ciphertexts stored in an optimal disk thirty days before the current time of the system; the retrieval record comprises a storage disk, an encrypted ciphertext and retrieval time;

marking the number of times of the same preferred disk as the disk frequency CW1 according to the storage disk;

marking the read time of the same preferred disk as the total disk time CW2 according to the storage disks;

obtaining a recall value WE of a preferred disk by using a formula WE = CW1 × a1+ CW2 × a 2;

v5: marking the transmission distance of the preferred disk as L1, and marking the residual memory of the preferred disk as L2;

obtaining a distribution value FD of a preferred disk by using a formula FD =1/L1 × a3+ L2 × a4+ ZC × a5+ LC × a6+ WE × a7, wherein a3, a4, a5, a6 and a7 are all preset coefficients;

v6: marking the preferred disk with the maximum allocation value FD as a target storage disk;

the specific analysis steps of the linkage analysis module are as follows:

VV 1: marking the storage disk as Pm, and sending a linkage request signal to the storage disk Pm by a linkage analysis module; marking the time when the linkage request signal is sent as T1m, and marking the time when the storage disk receives the linkage request signal as T2 m; obtaining the response time length T3m of the storage disk by using a formula T3m = T2m-T1 m;

VV 2: after receiving the linkage request signal, the storage disk sends the linkage request signal to the cloud server, the time when the storage disk sends the linkage request signal is marked as T4m, and the time when the cloud server receives the linkage request signal is marked as T5 m; obtaining the buffer duration T6m of the storage disk by using a formula T6m = T4m-T2 m; obtaining linkage duration T7m of the storage disk by using a formula T7m = T5m-T4 m;

VV 3: when the cloud server receives the linkage request signal, acquiring the real-time network access speed at the moment and marking the real-time network access speed as FG;

VV 4: acquiring an linkage value LC of the storage disk by using a formula LC =1/T3m × b1+1/T6m × b2+1/T7m × b3+ FG × b4, wherein b1, b2, b3 and b4 are all preset coefficients;

VV 5: and the linkage analysis module is used for sending the linkage value LC of the storage disk to the cloud server for storage.

Images