CN113420339B - Encrypted USB flash disk and authorization method - Google Patents
Encrypted USB flash disk and authorization method Download PDFInfo
- Publication number
- CN113420339B CN113420339B CN202110752368.3A CN202110752368A CN113420339B CN 113420339 B CN113420339 B CN 113420339B CN 202110752368 A CN202110752368 A CN 202110752368A CN 113420339 B CN113420339 B CN 113420339B
- Authority
- CN
- China
- Prior art keywords
- data
- encrypted
- address list
- address
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The invention relates to an encrypted USB flash disk and an authorization method, wherein the encrypted USB flash disk comprises a USB interface and is used for receiving data to be encrypted transmitted by a host; a detection unit for detecting a data amount of data to be encrypted; the buffer area comprises a first address list, a second address list, a third address list and a fourth address list which are sequentially arranged, and the data storage area is used for storing encrypted data; and the central control unit is respectively connected with the detection unit, the buffer area and the data storage area and is used for selecting a corresponding encryption rule from the buffer area according to the detection result of the detection unit and then encrypting the data to be encrypted and storing the encrypted data in the data storage area. By partitioning the addresses in the cache region, the encryption rules in different address partitions are selected according to different actual data volumes to encrypt the data to be encrypted, so that the encryption of the data is more intelligent, and the storage speed and the storage safety of the data during storage are guaranteed doubly.
Description
Technical Field
The invention relates to the technical field of storage, in particular to an encrypted USB flash disk and an authorization method.
Background
Today, with the rapid development of electronic information technology, information storage and information storage security become concerns, and a usb disk, as an independent data storage device, is favored by people due to its small size and portability, so that the usb disk is widely used.
However, the space occupied by the storage of the encryption algorithm in the existing usb disk is large, so that the space for storing actual data is limited, the storage space of the usb disk is greatly compressed, and generally, if the storage space is increased, the capacity of the usb disk is improved, thereby increasing the cost.
Disclosure of Invention
Therefore, the invention provides an encrypted USB flash disk and an authorization method, which can solve the problem of changing the data storage space of the USB flash disk on the premise of not increasing the capacity of the USB flash disk.
In order to achieve the above object, an aspect of the present invention provides an encrypted usb disk and an authorization method, including:
the USB interface is used for connecting with a host and receiving data to be encrypted transmitted by the host;
a detection unit for detecting a data amount of data to be encrypted;
the buffer area comprises a first address list, a second address list, a third address list and a fourth address list which are sequentially arranged, a plurality of buffer data areas are arranged in each address list, each buffer data area is used for storing encryption rules, the complexity of the encryption rules stored in different buffer data areas is different, and each buffer data area corresponds to one storage address;
the data storage area is used for storing the encrypted data;
the central control unit is respectively connected with the detection unit, the buffer area and the data storage area and used for selecting a corresponding encryption rule from the buffer area according to the detection result of the detection unit and storing the encrypted data to the data storage area after encrypting the data to be encrypted;
a first data volume N1, a second data volume N2 and a third data volume N3 are arranged in the central control unit, wherein the first data volume N1< the second data volume N2< the third data volume N3, the actual data volume Ni detected by the detection unit is detected, and if the actual data volume Ni is less than or equal to the first data volume N1, an encryption rule is selected from the first address list;
if the first data volume N1< the actual data volume Ni is less than or equal to the second data volume N2, selecting an encryption rule from the second address list;
if the second data volume N2< the actual data volume Ni is less than or equal to the third data volume N3, selecting an encryption rule from the third address list;
if the actual data amount Ni > the third data amount N3, an encryption rule is selected from the fourth address list.
Further, the first address list is provided with a1 storage addresses, the second address list is provided with a2 storage addresses, the third address list is provided with a2 storage addresses, the fourth address list is provided with a4 storage addresses, a statistical period is preset, and if m times of data storage are performed in the statistical period, the number m1 of encryption algorithm selection from the first address list, the number m2 of encryption algorithm selection from the second address list, the number m3 of encryption algorithm selection from the third address list and the number m4 of encryption algorithm selection from the fourth address list are determined in m times of data storage;
if m1/m is more than or equal to 2/3, increasing the number of storage addresses in the first address list;
if m2/m is more than or equal to 2/3, increasing the number of storage addresses in the second address list;
if m3/m is more than or equal to 2/3, increasing the number of storage addresses in the third address list;
if m4/m ≧ 2/3, the number of storage addresses in the fourth address list is increased.
Further, the number of storage addresses in the first address list is increased to a 1' ═ m1+ (m2+ m3+ m 4)/3;
increasing the number of storage addresses in the second address list to be A2' ═ m2+ (m1+ m3+ m 4)/3;
increasing the number of the storage addresses in the third address list to be A3' ═ m3+ (m1+ m2+ m 4)/3;
the number of memory addresses in the fourth address list is increased to a 4' ═ m4+ (m1+ m2+ m 3)/3.
Furthermore, a key field is preset in the central control unit, whether the data to be encrypted contains the key field or not is determined, and the complexity of the encryption algorithm is corrected according to the determination result;
if the content to be encrypted contains a preset key field, the importance of the data to be encrypted is high, if the data volume of the data to be encrypted is large and the data volume of the data to be encrypted contains the key field, when the algorithm of the data to be encrypted is selected, if the data to be encrypted is selected as an address b, c1 addresses are advanced on the basis of b, and the encryption algorithm corresponding to the address is used as the actual encryption algorithm of the data to be encrypted;
if the data volume of the data to be encrypted is large and the data volume does not contain the key fields, when the algorithm of the data to be encrypted is selected, if the address of the data to be encrypted is b, the encryption algorithm corresponding to the address b is adopted as the actual encryption algorithm of the data to be encrypted;
if the data volume of the data to be encrypted is small and comprises key fields, when the algorithm of the data to be encrypted is selected, if the address of the data to be encrypted is d, delaying c1 addresses on the basis of d, and taking the encryption algorithm corresponding to the address as the actual encryption algorithm of the data to be encrypted;
if the data volume of the data to be encrypted is small and the data to be encrypted does not contain the key fields, when the algorithm of the data to be encrypted is selected, if the address of the data to be encrypted is d, the encryption algorithm corresponding to the address d is adopted as the actual encryption algorithm of the data to be encrypted.
Further, if the data to be encrypted is selected as the address b, the data to be encrypted exceeds the range of the address list after c1 addresses are advanced on the basis of b, the encryption algorithm corresponding to the first address in the address list is used for encryption, and if the data to be encrypted is selected as the address d, the data to be encrypted exceeds the range of the address list after c1 addresses are delayed on the basis of d, the encryption algorithm corresponding to the last first address in the address list is used for encryption.
Another aspect of the present invention provides a method for encryption authorization, including:
receiving data to be encrypted transmitted by a host;
detecting the data volume of data to be encrypted;
setting a buffer area, wherein the buffer area comprises a first address list, a second address list, a third address list and a fourth address list which are sequentially arranged, a plurality of buffer data areas are arranged in each address list, each buffer data area is used for storing encryption rules, the complexity of the encryption rules stored in different buffer data areas is different, and each buffer data area corresponds to one storage address;
selecting a corresponding encryption rule from the buffer area according to the detection result of the detection unit, encrypting the data to be encrypted and storing the data to be encrypted in a data storage area;
a first data volume N1, a second data volume N2 and a third data volume N3 are arranged in the central control unit, wherein the first data volume N1< the second data volume N2< the third data volume N3, the actual data volume Ni detected by the detection unit is detected, and if the actual data volume Ni is less than or equal to the first data volume N1, an encryption rule is selected from the first address list;
if the first data volume N1< the actual data volume Ni is less than or equal to the second data volume N2, selecting an encryption rule from the second address list;
if the second data volume N2< the actual data volume Ni is less than or equal to the third data volume N3, selecting an encryption rule from the third address list;
if the actual data amount Ni > the third data amount N3, an encryption rule is selected from the fourth address list.
Further, in the process of setting the buffer, the first address list is provided with a1 storage addresses, the second address list is provided with a2 storage addresses, the third address list is provided with a2 storage addresses, the fourth address list is provided with a4 storage addresses, a statistical period is preset, and if m times of data storage are performed in the statistical period, the statistical unit is configured to determine, in the m times of data storage, the number m1 of selecting an encryption algorithm from the first address list, the number m2 of selecting an encryption algorithm from the second address list, the number m3 of selecting an encryption algorithm from the third address list, and the number m4 of selecting an encryption algorithm from the fourth address list;
if m1/m is more than or equal to 2/3, increasing the number of storage addresses in the first address list;
if m2/m is more than or equal to 2/3, increasing the number of storage addresses in the second address list;
if m3/m is more than or equal to 2/3, increasing the number of storage addresses in the third address list;
if m4/m ≧ 2/3, the number of storage addresses in the fourth address list is increased.
Further, the number of storage addresses in the first address list is increased to a 1' ═ m1+ (m2+ m3+ m 4)/3;
increasing the number of storage addresses in the second address list to be A2' ═ m2+ (m1+ m3+ m 4)/3;
increasing the number of the storage addresses in the third address list to be A3' ═ m3+ (m1+ m2+ m 4)/3;
the number of memory addresses in the fourth address list is increased to a 4' ═ m4+ (m1+ m2+ m 3)/3.
Further, whether the key field is contained in the data to be encrypted is determined, the key field is preset, and the complexity of an encryption algorithm is corrected according to a determination result;
if the content to be encrypted contains a preset key field, the importance of the data to be encrypted is high, if the data volume of the data to be encrypted is large and the data volume of the data to be encrypted contains the key field, when the algorithm of the data to be encrypted is selected, if the data to be encrypted is selected as an address b, c1 addresses are advanced on the basis of b, and the encryption algorithm corresponding to the address is used as the actual encryption algorithm of the data to be encrypted;
if the data volume of the data to be encrypted is large and the data volume does not contain the key fields, when the algorithm of the data to be encrypted is selected, if the address of the data to be encrypted is b, the encryption algorithm corresponding to the address b is adopted as the actual encryption algorithm of the data to be encrypted;
if the data volume of the data to be encrypted is small and comprises key fields, when the algorithm of the data to be encrypted is selected, if the address of the data to be encrypted is d, delaying c1 addresses on the basis of d, and taking the encryption algorithm corresponding to the address as the actual encryption algorithm of the data to be encrypted;
if the data volume of the data to be encrypted is small and the data to be encrypted does not contain the key fields, when the algorithm of the data to be encrypted is selected, if the address of the data to be encrypted is d, the encryption algorithm corresponding to the address d is adopted as the actual encryption algorithm of the data to be encrypted.
Further, if the data to be encrypted is selected as the address b, the data to be encrypted exceeds the range of the address list after c1 addresses are advanced on the basis of b, the encryption algorithm corresponding to the first address in the address list is used for encryption, if the data to be encrypted is selected as the address d, the data to be encrypted exceeds the range of the address list after c1 addresses are delayed on the basis of d, and the encryption algorithm corresponding to the last first address in the address list is used for encryption.
Compared with the prior art, the method has the advantages that the addresses in the cache area are partitioned, so that the encryption rules in different address partitions are selected to encrypt the data to be encrypted according to different actual data volumes, the encryption of the data is more intelligent, the complexity of the encryption rules adopted according to the data volumes is different, if the data volumes are large, the complexity of the encryption rules is higher, the encrypted data is prevented from being cracked to expose a large amount of data, if the data volumes are small, the complexity of the encryption rules is not higher, the method for encrypting the data is adaptively adjusted, and the storage speed and the storage safety of the data during storage are doubly guaranteed.
Particularly, the actual times of the encryption algorithm used by the data to be encrypted are counted in the preset period, and the number of the storage addresses in the corresponding address list in the next preset period is determined to be increased according to the corresponding times, so that the number of the storage addresses in the corresponding address list in the next preset period is adjusted according to the frequency of occurrence of the data volume of the data to be encrypted in the preset period, the encryption algorithm is abundant when the data are stored in the next pre-examination period, and the encryption algorithm pre-stored in the data volume with low occurrence frequency can be properly reduced, so that more storage space is released, and the storage efficiency of the USB flash disk for data storage is improved.
Particularly, the number of the storage addresses in the address list is increased, so that the utilization rate of the encryption rule in the next preset period is greatly improved, the number of the encryption algorithm with small probability in the encryption process is reduced, the effective utilization of the encryption algorithm in the preset period is further ensured, and the safety of data storage is improved.
Particularly, by judging the content in the data to be encrypted, in the actual use process, if the data to be encrypted is selected as the address b, the data to be encrypted exceeds the range of the address list after c1 addresses are advanced on the basis of b, the encryption algorithm corresponding to the first address in the address list is used for encryption, if the data to be encrypted is selected as the address d, the data to be encrypted exceeds the range of the address list after c1 addresses are delayed on the basis of d, the encryption algorithm corresponding to the last first address in the address list is used for encrypting the data to be encrypted, the data stored in the USB flash disk is effectively encrypted, and the safety of the data to be encrypted is improved.
Drawings
Fig. 1 is a schematic structural diagram of an encrypted usb disk according to an embodiment of the present invention;
fig. 2 is a flowchart of an encryption authorization method according to an embodiment of the present invention.
Detailed Description
In order that the objects and advantages of the invention will be more clearly understood, the invention is further described below with reference to examples; it should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Preferred embodiments of the present invention are described below with reference to the accompanying drawings. It should be understood by those skilled in the art that these embodiments are only for explaining the technical principle of the present invention, and do not limit the scope of the present invention.
It should be noted that in the description of the present invention, the terms of direction or positional relationship indicated by the terms "upper", "lower", "left", "right", "inner", "outer", etc. are based on the directions or positional relationships shown in the drawings, which are only for convenience of description, and do not indicate or imply that the device or element must have a specific orientation, be constructed in a specific orientation, and be operated, and thus, should not be construed as limiting the present invention.
Furthermore, it should be noted that, in the description of the present invention, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
Referring to fig. 1, an encrypted usb disk according to an embodiment of the present invention includes:
the USB interface 10 is used for connecting with a host and receiving data to be encrypted transmitted by the host;
a detection unit 20 for detecting a data amount of data to be encrypted;
the buffer area 30 comprises a first address list, a second address list, a third address list and a fourth address list which are sequentially arranged, wherein a plurality of buffer data areas are arranged in each address list, each buffer data area is used for storing encryption rules, the complexity of the encryption rules stored in different buffer data areas is different, and each buffer data area corresponds to one storage address;
a data storage area 40 for storing encrypted data;
the central control unit 50 is respectively connected with the detection unit, the buffer area and the data storage area, and is used for selecting a corresponding encryption rule from the buffer area according to the detection result of the detection unit to encrypt the data to be encrypted and then storing the encrypted data in the data storage area;
a first data volume N1, a second data volume N2 and a third data volume N3 are arranged in the central control unit, wherein the first data volume N1< the second data volume N2< the third data volume N3, the actual data volume Ni detected by the detection unit is detected, and if the actual data volume Ni is less than or equal to the first data volume N1, an encryption rule is selected from the first address list;
if the first data volume N1< the actual data volume Ni is less than or equal to the second data volume N2, selecting an encryption rule from the second address list;
if the second data volume N2< the actual data volume Ni is less than or equal to the third data volume N3, selecting an encryption rule from the third address list;
if the actual data amount Ni > the third data amount N3, an encryption rule is selected from the fourth address list.
Specifically, the addresses in the cache area are partitioned, so that the encryption rules in different address partitions are selected according to different actual data volumes to encrypt the data to be encrypted, the encryption of the data is more intelligent, the complexity of the encryption rules adopted according to the data volumes is different, if the data volumes are large, the complexity of the encryption rules is high, the encrypted data is prevented from being cracked to expose a large amount of data, if the data volumes are small, the complexity of the encryption rules is not high, the data encryption method is adaptively adjusted, and the storage speed and the storage safety of the data during storage are doubly guaranteed.
Specifically, the device further comprises a statistical unit 60, the statistical unit is connected with the central control unit, the first address list is provided with a1 storage addresses, the second address list is provided with a2 storage addresses, the third address list is provided with a2 storage addresses, the fourth address list is provided with a4 storage addresses, a statistical period is preset, and if m times of data storage are performed in the statistical period, the statistical unit is used for determining the number m1 of encryption algorithm selections from the first address list, the number m2 of encryption algorithm selections from the second address list, the number m3 of encryption algorithm selections from the third address list and the number m4 of encryption algorithm selections from the fourth address list in the m times of data storage;
if m1/m is more than or equal to 2/3, increasing the number of storage addresses in the first address list;
if m2/m is more than or equal to 2/3, increasing the number of storage addresses in the second address list;
if m3/m is more than or equal to 2/3, increasing the number of storage addresses in the third address list;
if m4/m ≧ 2/3, the number of storage addresses in the fourth address list is increased.
Specifically, the actual times of the encryption algorithm used by the data to be encrypted are counted in the preset period, and the number of the storage addresses in the corresponding address list in the next preset period is determined to be increased according to the corresponding times, so that the number of the storage addresses in the corresponding address list in the next preset period is adjusted according to the frequency of the data volume of the data to be encrypted appearing in the preset period, and when the data is stored in the next pre-examination period, the encryption algorithm is abundant, and the encryption algorithm pre-stored in the data volume with low frequency can be properly reduced, so that more storage spaces are released, and the storage efficiency of the U disk on the data storage is improved.
Specifically, the number of storage addresses in the first address list is increased to a 1' ═ m1+ (m2+ m3+ m 4)/3;
increasing the number of storage addresses in the second address list to be A2' ═ m2+ (m1+ m3+ m 4)/3;
increasing the number of the storage addresses in the third address list to be A3' ═ m3+ (m1+ m2+ m 4)/3;
the number of memory addresses in the fourth address list is increased to a 4' ═ m4+ (m1+ m2+ m 3)/3.
Specifically, the number of the storage addresses in the address list is increased, so that the utilization rate of the encryption rule in the next preset period is greatly improved, the number of the encryption algorithm with small probability in the encryption process is reduced, the effective utilization of the encryption algorithm in the preset period is further ensured, and the safety of data storage is improved.
Specifically, a key field is preset in the central control unit, whether the data to be encrypted contains the key field or not is determined, and the complexity of an encryption algorithm is corrected according to a determination result;
if the content to be encrypted contains a preset key field, the importance of the data to be encrypted is high, if the data volume of the data to be encrypted is large and the data volume of the data to be encrypted contains the key field, when the algorithm of the data to be encrypted is selected, if the data to be encrypted is selected as an address b, c1 addresses are advanced on the basis of b, and the encryption algorithm corresponding to the address is used as the actual encryption algorithm of the data to be encrypted;
if the data volume of the data to be encrypted is large and the data volume does not contain the key fields, when the algorithm of the data to be encrypted is selected, if the address of the data to be encrypted is b, the encryption algorithm corresponding to the address b is adopted as the actual encryption algorithm of the data to be encrypted;
if the data volume of the data to be encrypted is small and comprises key fields, when the algorithm of the data to be encrypted is selected, if the address of the data to be encrypted is d, delaying c1 addresses on the basis of d, and taking the encryption algorithm corresponding to the address as the actual encryption algorithm of the data to be encrypted;
if the data volume of the data to be encrypted is small and the data to be encrypted does not contain the key fields, when the algorithm of the data to be encrypted is selected, if the address of the data to be encrypted is d, the encryption algorithm corresponding to the address d is adopted as the actual encryption algorithm of the data to be encrypted.
Specifically, in the embodiment of the present invention, by determining the content in the data to be encrypted, in the actual use process, if the data to be encrypted is selected as the address b, the data to be encrypted exceeds the range of the address list after c1 addresses are advanced on the basis of b, the encryption algorithm corresponding to the first address in the address list is used for encryption, and if the data to be encrypted is selected as the address d, the data to be encrypted exceeds the range of the address list after c1 addresses are delayed on the basis of d, the encryption algorithm corresponding to the last first address in the address list is used for encryption, so that effective encryption is implemented on the data stored in the usb disk, and the security of the data to be encrypted is improved.
Specifically, as shown in fig. 2, an embodiment of the present invention further provides an encryption authorization method applied to the encrypted usb disk, where the method includes:
s100, receiving data to be encrypted transmitted by a host;
s200, detecting the data volume of the data to be encrypted;
step S300, a buffer area is set, the buffer area comprises a first address list, a second address list, a third address list and a fourth address list which are sequentially set, a plurality of buffer data areas are arranged in each address list, each buffer data area is used for storing encryption rules, the complexity of the encryption rules stored in different buffer data areas is different, and each buffer data area corresponds to one storage address;
s400, selecting a corresponding encryption rule from the buffer area according to the detection result of the detection unit, encrypting the data to be encrypted and storing the encrypted data in a data storage area;
in step S400, a first data amount N1, a second data amount N2 and a third data amount N3 are provided in the central control unit, wherein the first data amount N1< the second data amount N2< the third data amount N3, the detection unit detects an actual data amount Ni, and if the actual data amount Ni is less than or equal to the first data amount N1, an encryption rule is selected from the first address list;
if the first data volume N1< the actual data volume Ni is less than or equal to the second data volume N2, selecting an encryption rule from the second address list;
if the second data volume N2< the actual data volume Ni is less than or equal to the third data volume N3, selecting an encryption rule from the third address list;
if the actual data amount Ni > the third data amount N3, an encryption rule is selected from the fourth address list.
Specifically, according to the encryption authorization method provided by the embodiment of the present invention, the addresses in the cache area are partitioned, so that the encryption rules in different address partitions are selected according to different actual data volumes to encrypt the data to be encrypted, so that the encryption of the data is more intelligent, the complexity of the encryption rules adopted according to the data volumes is different, if the data volumes are large, the complexity of the encryption rules needs to be large, the encrypted data is prevented from being decrypted to expose a large amount of data, if the data volumes are small, the complexity of the encryption rules needs not to be large, the method for encrypting the data is adaptively adjusted, and the storage speed and the storage security of the data during storage are doubly guaranteed.
Specifically, in step S300, in the process of setting the buffer, the first address list is provided with a1 storage addresses, the second address list is provided with a2 storage addresses, the third address list is provided with a2 storage addresses, the fourth address list is provided with a4 storage addresses, a statistical period is set in advance, and if m times of data storage are performed in the statistical period, the statistical unit is configured to determine the number m1 of encryption algorithm selections from the first address list, the number m2 of encryption algorithm selections from the second address list, the number m3 of encryption algorithm selections from the third address list, and the number m4 of encryption algorithm selections from the fourth address list in the m times of data storage;
if m1/m is more than or equal to 2/3, increasing the number of storage addresses in the first address list;
if m2/m is more than or equal to 2/3, increasing the number of storage addresses in the second address list;
if m3/m is more than or equal to 2/3, increasing the number of storage addresses in the third address list;
if m4/m ≧ 2/3, the number of storage addresses in the fourth address list is increased.
Specifically, the encryption authorization method provided in the embodiment of the present invention counts the actual times of an encryption algorithm used by data to be encrypted in a preset period, and determines to increase the number of storage addresses in a corresponding address list in a next preset period according to the corresponding times, so that the number of storage addresses in a corresponding address list in the next preset period is adjusted according to the frequency of occurrence of the data volume of the data to be encrypted in the preset period, so that when data storage is performed in the next pre-examination period, the encryption algorithm is abundant, and the encryption algorithm pre-stored in the data volume with a low occurrence frequency can be appropriately reduced, so as to release more storage spaces and improve the storage efficiency of the usb disk on data storage.
Specifically, the number of storage addresses in the first address list is increased to a 1' ═ m1+ (m2+ m3+ m 4)/3;
increasing the number of storage addresses in the second address list to be A2' ═ m2+ (m1+ m3+ m 4)/3;
increasing the number of the storage addresses in the third address list to be A3' ═ m3+ (m1+ m2+ m 4)/3;
the number of memory addresses in the fourth address list is increased to a 4' ═ m4+ (m1+ m2+ m 3)/3.
Specifically, the encryption authorization method provided in the embodiment of the present invention increases the number of storage addresses in the address list, so that the utilization rate of the encryption rule in the next preset period is greatly increased, and the number of encryption algorithms with small probability used in the encryption process is reduced, thereby ensuring effective utilization of the encryption algorithm in the preset period and improving the security of data storage.
Specifically, in step S400, it is determined whether the data to be encrypted includes the key field, where the key field is preset, and the complexity of the encryption algorithm is modified according to the determination result;
if the content to be encrypted contains a preset key field, the importance of the data to be encrypted is high, if the data volume of the data to be encrypted is large and the data volume of the data to be encrypted contains the key field, when the algorithm of the data to be encrypted is selected, if the data to be encrypted is selected as an address b, c1 addresses are advanced on the basis of b, and the encryption algorithm corresponding to the address is used as the actual encryption algorithm of the data to be encrypted;
if the data volume of the data to be encrypted is large and the data volume does not contain the key fields, when the algorithm of the data to be encrypted is selected, if the address of the data to be encrypted is b, the encryption algorithm corresponding to the address b is adopted as the actual encryption algorithm of the data to be encrypted;
if the data volume of the data to be encrypted is small and comprises key fields, when the algorithm of the data to be encrypted is selected, if the address of the data to be encrypted is d, delaying c1 addresses on the basis of d, and taking the encryption algorithm corresponding to the address as the actual encryption algorithm of the data to be encrypted;
if the data volume of the data to be encrypted is small and the data to be encrypted does not contain the key fields, when the algorithm of the data to be encrypted is selected, if the address of the data to be encrypted is d, the encryption algorithm corresponding to the address d is adopted as the actual encryption algorithm of the data to be encrypted.
Specifically, if the data to be encrypted is selected as the address b, the data to be encrypted exceeds the range of the address list after c1 addresses are advanced on the basis of b, the data to be encrypted is encrypted by adopting an encryption algorithm corresponding to the first address in the address list, if the data to be encrypted is selected as the address d, the data to be encrypted exceeds the range of the address list after c1 addresses are delayed on the basis of d, and the data to be encrypted is encrypted by adopting an encryption algorithm corresponding to the last first address in the address list.
Specifically, after the encryption algorithm corresponding to the encryption address of the data to be encrypted is modified, the data stored in the U disk is effectively encrypted, and the security of the data to be encrypted is improved.
So far, the technical solutions of the present invention have been described in connection with the preferred embodiments shown in the drawings, but it is easily understood by those skilled in the art that the scope of the present invention is obviously not limited to these specific embodiments. Equivalent changes or substitutions of related technical features can be made by those skilled in the art without departing from the principle of the invention, and the technical scheme after the changes or substitutions can fall into the protection scope of the invention.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention; various modifications and alterations to this invention will become apparent to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. An encrypted U disk, comprising:
the USB interface is used for connecting with a host and receiving data to be encrypted transmitted by the host;
a detection unit for detecting a data amount of data to be encrypted;
the buffer area comprises a first address list, a second address list, a third address list and a fourth address list which are sequentially arranged, a plurality of buffer data areas are arranged in each address list, each buffer data area is used for storing encryption rules, the complexity of the encryption rules stored in different buffer data areas is different, and each buffer data area corresponds to one storage address;
the data storage area is used for storing the encrypted data;
the central control unit is respectively connected with the detection unit, the buffer area and the data storage area and used for selecting a corresponding encryption rule from the buffer area according to the detection result of the detection unit and storing the encrypted data to the data storage area after encrypting the data to be encrypted;
a first data volume N1, a second data volume N2 and a third data volume N3 are arranged in the central control unit, wherein the first data volume N1< the second data volume N2< the third data volume N3, the actual data volume Ni detected by the detection unit is detected, and if the actual data volume Ni is less than or equal to the first data volume N1, an encryption rule is selected from the first address list;
if the first data volume N1< the actual data volume Ni is less than or equal to the second data volume N2, selecting an encryption rule from the second address list;
if the second data volume N2< the actual data volume Ni is less than or equal to the third data volume N3, selecting an encryption rule from the third address list;
if the actual data amount Ni > the third data amount N3, an encryption rule is selected from the fourth address list.
2. The encrypted USB flash disk according to claim 1,
the first address list is provided with A1 storage addresses, the second address list is provided with A2 storage addresses, the third address list is provided with A2 storage addresses, the fourth address list is provided with A4 storage addresses, a statistical period is preset, and if m times of data storage are performed in the statistical period, the number m1 of encryption algorithm selection from the first address list, the number m2 of encryption algorithm selection from the second address list, the number m3 of encryption algorithm selection from the third address list and the number m4 of encryption algorithm selection from the fourth address list are determined in the m times of data storage;
if m1/m is more than or equal to 2/3, increasing the number of storage addresses in the first address list;
if m2/m is more than or equal to 2/3, increasing the number of storage addresses in the second address list;
if m3/m is more than or equal to 2/3, increasing the number of storage addresses in the third address list;
if m4/m ≧ 2/3, the number of storage addresses in the fourth address list is increased.
3. The encrypted USB flash disk according to claim 2,
increasing the number of storage addresses in the first address list to be A1' ═ m1+ (m2+ m3+ m 4)/3;
increasing the number of storage addresses in the second address list to be A2' ═ m2+ (m1+ m3+ m 4)/3;
increasing the number of the storage addresses in the third address list to be A3' ═ m3+ (m1+ m2+ m 4)/3;
the number of memory addresses in the fourth address list is increased to a 4' ═ m4+ (m1+ m2+ m 3)/3.
4. The encrypted USB flash disk according to claim 3,
key fields are preset in the central control unit, whether the data to be encrypted contains the key fields or not is determined, and the complexity of an encryption algorithm is corrected according to the determination result;
if the content to be encrypted contains a preset key field, the importance of the data to be encrypted is high, if the data volume of the data to be encrypted is large and the data volume of the data to be encrypted contains the key field, when the algorithm of the data to be encrypted is selected, if the data to be encrypted is selected as an address b, c1 addresses are advanced on the basis of b, and the encryption algorithm corresponding to the address is used as the actual encryption algorithm of the data to be encrypted;
if the data volume of the data to be encrypted is large and the data volume does not contain the key fields, when the algorithm of the data to be encrypted is selected, if the address of the data to be encrypted is b, the encryption algorithm corresponding to the address b is adopted as the actual encryption algorithm of the data to be encrypted;
if the data volume of the data to be encrypted is small and comprises key fields, when the algorithm of the data to be encrypted is selected, if the address of the data to be encrypted is d, delaying c1 addresses on the basis of d, and taking the encryption algorithm corresponding to the address as the actual encryption algorithm of the data to be encrypted;
if the data volume of the data to be encrypted is small and the data to be encrypted does not contain the key fields, when the algorithm of the data to be encrypted is selected, if the address of the data to be encrypted is d, the encryption algorithm corresponding to the address d is adopted as the actual encryption algorithm of the data to be encrypted.
5. The encrypted USB flash disk according to claim 4,
if the data to be encrypted is selected as the address b, the data to be encrypted exceeds the range of the address list after c1 addresses are advanced on the basis of b, the encryption algorithm corresponding to the first address in the address list is adopted for encryption, if the data to be encrypted is selected as the address d, the data to be encrypted exceeds the range of the address list after c1 addresses are delayed on the basis of d, and the encryption algorithm corresponding to the last first address in the address list is adopted for encryption of the data to be encrypted.
6. An encryption authorization method applied to the encryption U disk according to any one of claims 1-5,
receiving data to be encrypted transmitted by a host;
detecting the data volume of data to be encrypted;
setting a buffer area, wherein the buffer area comprises a first address list, a second address list, a third address list and a fourth address list which are sequentially arranged, a plurality of buffer data areas are arranged in each address list, each buffer data area is used for storing encryption rules, the complexity of the encryption rules stored in different buffer data areas is different, and each buffer data area corresponds to one storage address;
selecting a corresponding encryption rule from the buffer area according to the detection result of the detection unit, encrypting the data to be encrypted and storing the data to be encrypted in a data storage area;
a first data volume N1, a second data volume N2 and a third data volume N3 are arranged in the central control unit, wherein the first data volume N1< the second data volume N2< the third data volume N3, the actual data volume Ni detected by the detection unit is detected, and if the actual data volume Ni is less than or equal to the first data volume N1, an encryption rule is selected from the first address list;
if the first data volume N1< the actual data volume Ni is less than or equal to the second data volume N2, selecting an encryption rule from the second address list;
if the second data volume N2< the actual data volume Ni is less than or equal to the third data volume N3, selecting an encryption rule from the third address list;
if the actual data amount Ni > the third data amount N3, an encryption rule is selected from the fourth address list.
7. The cryptographic authorization method of claim 6,
in the process of setting the buffer area, the first address list is provided with A1 storage addresses, the second address list is provided with A2 storage addresses, the third address list is provided with A2 storage addresses, the fourth address list is provided with A4 storage addresses, a statistical period is preset, and if m times of data storage are performed in the statistical period, the statistical unit is used for determining the number m1 of encryption algorithm selections from the first address list, the number m2 of encryption algorithm selections from the second address list, the number m3 of encryption algorithm selections from the third address list and the number m4 of encryption algorithm selections from the fourth address list in the m times of data storage;
if m1/m is more than or equal to 2/3, increasing the number of storage addresses in the first address list;
if m2/m is more than or equal to 2/3, increasing the number of storage addresses in the second address list;
if m3/m is more than or equal to 2/3, increasing the number of storage addresses in the third address list;
if m4/m ≧ 2/3, the number of storage addresses in the fourth address list is increased.
8. The cryptographic authorization method of claim 7,
increasing the number of storage addresses in the first address list to be A1' ═ m1+ (m2+ m3+ m 4)/3;
increasing the number of storage addresses in the second address list to be A2' ═ m2+ (m1+ m3+ m 4)/3;
increasing the number of the storage addresses in the third address list to be A3' ═ m3+ (m1+ m2+ m 4)/3;
the number of memory addresses in the fourth address list is increased to a 4' ═ m4+ (m1+ m2+ m 3)/3.
9. The cryptographic authorization method of claim 8,
determining whether the data to be encrypted contains a key field, wherein the key field is preset, and correcting the complexity of an encryption algorithm according to a determination result;
if the content to be encrypted contains a preset key field, the importance of the data to be encrypted is high, if the data volume of the data to be encrypted is large and the data volume of the data to be encrypted contains the key field, when the algorithm of the data to be encrypted is selected, if the data to be encrypted is selected as an address b, c1 addresses are advanced on the basis of b, and the encryption algorithm corresponding to the address is used as the actual encryption algorithm of the data to be encrypted;
if the data volume of the data to be encrypted is large and the data volume does not contain the key fields, when the algorithm of the data to be encrypted is selected, if the address of the data to be encrypted is b, the encryption algorithm corresponding to the address b is adopted as the actual encryption algorithm of the data to be encrypted;
if the data volume of the data to be encrypted is small and comprises key fields, when the algorithm of the data to be encrypted is selected, if the address of the data to be encrypted is d, delaying c1 addresses on the basis of d, and taking the encryption algorithm corresponding to the address as the actual encryption algorithm of the data to be encrypted;
if the data volume of the data to be encrypted is small and the data to be encrypted does not contain the key fields, when the algorithm of the data to be encrypted is selected, if the address of the data to be encrypted is d, the encryption algorithm corresponding to the address d is adopted as the actual encryption algorithm of the data to be encrypted.
10. The cryptographic authorization method of claim 9,
if the data to be encrypted is selected as the address b, the data to be encrypted exceeds the range of the address list after c1 addresses are advanced on the basis of b, the encryption algorithm corresponding to the first address in the address list is adopted for encryption, if the data to be encrypted is selected as the address d, the data to be encrypted exceeds the range of the address list after c1 addresses are delayed on the basis of d, and the encryption algorithm corresponding to the last first address in the address list is adopted for encryption of the data to be encrypted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110752368.3A CN113420339B (en) | 2021-07-02 | 2021-07-02 | Encrypted USB flash disk and authorization method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110752368.3A CN113420339B (en) | 2021-07-02 | 2021-07-02 | Encrypted USB flash disk and authorization method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113420339A CN113420339A (en) | 2021-09-21 |
| CN113420339B true CN113420339B (en) | 2022-03-11 |
Family
ID=77720251
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110752368.3A Active CN113420339B (en) | 2021-07-02 | 2021-07-02 | Encrypted USB flash disk and authorization method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113420339B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116094815B (en) * | 2023-02-03 | 2023-12-22 | 广州万协通信息技术有限公司 | Data encryption processing method and device based on flow self-adaptive control adjustment |
Family Cites Families (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101238848B1 (en) * | 2004-12-21 | 2013-03-04 | 샌디스크 코포레이션 | Versatile Content Control With Partitioning |
| CN101540191B (en) * | 2009-04-21 | 2010-10-13 | 苏州国芯科技有限公司 | Real-time encrypted U disk and high speed encryption-decryption method |
| CN103413098B (en) * | 2013-08-01 | 2016-05-18 | 广州杰赛科技股份有限公司 | Hardware encipher method and system and device thereof |
| CN103716166A (en) * | 2013-12-27 | 2014-04-09 | 哈尔滨工业大学深圳研究生院 | Self-adaptation hybrid encryption method and device and encryption communication system |
| AT515097B1 (en) * | 2014-03-31 | 2015-06-15 | Hödl Josef | Encryption method and pseudo-random number generator |
| CN104090853A (en) * | 2014-07-03 | 2014-10-08 | 武汉迅存科技有限公司 | Solid-state disc encryption method and system |
| CN105376051A (en) * | 2014-08-29 | 2016-03-02 | 宇龙计算机通信科技(深圳)有限公司 | Encryption method and apparatus, and terminal |
| CN104573535B (en) * | 2015-01-04 | 2019-08-16 | 努比亚技术有限公司 | A kind of mobile terminal and its method and apparatus for improving encryption efficiency |
| US10608813B1 (en) * | 2017-01-09 | 2020-03-31 | Amazon Technologies, Inc. | Layered encryption for long-lived data |
| CN108924099B (en) * | 2018-06-15 | 2020-11-13 | 清华大学深圳研究生院 | Encryption method and device, encryption performance analysis method and device, electronic equipment and readable storage medium |
| CN110765501A (en) * | 2018-07-28 | 2020-02-07 | 虞加考 | Encrypted USB flash disk |
| CN109040090B (en) * | 2018-08-17 | 2019-08-09 | 北京海泰方圆科技股份有限公司 | A kind of data ciphering method and device |
| US20200287880A1 (en) * | 2019-03-08 | 2020-09-10 | Alltana, Inc. | Data encryption |
| CN109977038B (en) * | 2019-03-19 | 2021-02-05 | 湖南麒麟信安科技股份有限公司 | Access control method, system and medium for encrypted USB flash disk |
| CN112287415B (en) * | 2020-09-30 | 2022-11-29 | 西安电子科技大学 | USB storage device access control method, system, medium, device and application |
-
2021
- 2021-07-02 CN CN202110752368.3A patent/CN113420339B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN113420339A (en) | 2021-09-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11461017B2 (en) | Systems and methods for improving efficiencies of a memory system | |
| US11709635B2 (en) | Controller for quality of service based arbitrations | |
| US20160162354A1 (en) | Systems and methods for multi-zone data tiering for endurance extension in solid state drives | |
| US20110185435A1 (en) | Flash memory storage system, and controller and anti-falsifying method thereof | |
| US11392320B2 (en) | Quality of service based arbitrations optimized for enterprise solid state drives | |
| US20100030945A1 (en) | Flash memory allocating method | |
| CN113420339B (en) | Encrypted USB flash disk and authorization method | |
| TWI737088B (en) | Host-based flash memory maintenance techniques | |
| CN106201340B (en) | Data storage method, storage device and electronic device | |
| US11526494B2 (en) | Blockchain-based computing system and method for managing transaction thereof | |
| US10514848B2 (en) | Data storage method for selectively storing data in a buffer preset in a memory of an electronic device or an inherent buffer in an SSD | |
| WO2017092596A1 (en) | Write request processing methodand mobile terminal | |
| WO2019168878A1 (en) | Method and apparatus for data encryption using standardized data storage and retrieval protocol | |
| KR20210134054A (en) | Local Ledger Blockchain for Secure Electronic Control Unit Updates | |
| US20200004971A1 (en) | Collection of uncorrelated entropy during a power down sequence | |
| US20170187692A1 (en) | Method for transmitting data, method for receiving data, corresponding devices and programs | |
| CN113826071A (en) | Over-the-air update acknowledgement | |
| US20170147838A1 (en) | Systems and methods for cache memory authentication | |
| CN113647050A (en) | Memory command validation based on block chains | |
| CN113632413A (en) | Using memory as a block in a block chain | |
| CN111386513B (en) | Data processing method, device and system chip | |
| CN111400717B (en) | Data reading method and related device | |
| CN112468299B (en) | Key storage system and key storage method | |
| EP4124982A2 (en) | Storage device, storage system operating method, and computing system | |
| CN107665175A (en) | The method, apparatus and electronic equipment of memory partition isolation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |