CN117195324A - Method for calling encryption and decryption module in storage device, storage device and electronic equipment - Google Patents
Method for calling encryption and decryption module in storage device, storage device and electronic equipment Download PDFInfo
- Publication number
- CN117195324A CN117195324A CN202311112459.6A CN202311112459A CN117195324A CN 117195324 A CN117195324 A CN 117195324A CN 202311112459 A CN202311112459 A CN 202311112459A CN 117195324 A CN117195324 A CN 117195324A
- Authority
- CN
- China
- Prior art keywords
- encryption
- original data
- storage device
- decryption
- processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000012545 processing Methods 0.000 claims abstract description 124
- 238000012795 verification Methods 0.000 claims abstract description 60
- 230000008569 process Effects 0.000 claims abstract description 19
- 239000000872 buffer Substances 0.000 claims description 30
- 239000012634 fragment Substances 0.000 claims description 25
- 230000008901 benefit Effects 0.000 abstract description 3
- 239000007787 solid Substances 0.000 description 8
- 238000012986 modification Methods 0.000 description 6
- 230000004048 modification Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 230000006872 improvement Effects 0.000 description 3
- 238000013473 artificial intelligence Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000000712 assembly Effects 0.000 description 1
- 238000000429 assembly Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Abstract
The invention provides a method for calling an encryption and decryption module in a storage device, the storage device and electronic equipment, and relates to the field of data processing, wherein the method for calling the encryption and decryption module in the storage device comprises the following steps: obtaining access control information sent by a host end, and obtaining first verification information by an encryption and decryption module in a storage device based on the access control information; if the first verification information is consistent with the second verification information pre-stored in the storage device, receiving the original data and the encryption and decryption instruction from the host; analyzing the encryption and decryption instruction, and determining the processing type of the encryption and decryption module to the original data, wherein the processing type is encryption processing or decryption processing; the encryption and decryption module processes the original data into target data according to the processing type; the target data is fed back to the host end, so that the host end has the advantage of making up the lack of encryption and decryption capabilities.
Description
Technical Field
The present invention relates to the field of data processing, and in particular, to a method for calling an encryption and decryption module in a storage device, and an electronic device.
Background
Solid State Disk (Solid State Disk or Solid State Drive, SSD for short), also called Solid State drive, is a hard Disk made of Solid State electronic memory chip array. The solid state disk has the characteristics of rapid reading and writing, light weight, low energy consumption, small volume and the like which are not possessed by the traditional mechanical hard disk. Compared with the traditional mechanical Hard Disk (HDD), the Hard Disk Drive has the advantages of higher read-write speed, lower power consumption, smaller volume, higher reliability and the like. At present, the solid state disk has wide application in consumer markets and enterprise markets, especially in the fields of cloud computing, big data, artificial intelligence and the like, and the solid state disk can provide higher performance and efficiency.
In the prior art, an encryption and decryption module in a storage device (for example, SSD) only serves data to be stored and data taken out from a flash memory array, namely, after a host transmits data to be written to the storage device, a control module in the storage device transmits the data to the encryption and decryption module, and the encryption and decryption module encrypts the data and then stores the data into the flash memory module through the control module; when the host end lacks the encryption and decryption functions, the host end cannot encrypt and decrypt the data which is not stored in the storage device.
Therefore, it is necessary to provide a method for calling the encryption and decryption module in the storage device, which is used for compensating the encryption and decryption capability lacking at the host end.
Disclosure of Invention
One embodiment of the present disclosure provides a method for invoking an encryption/decryption module in a storage device, where access control information sent by a host is obtained, and first verification information is obtained by the encryption/decryption module in the storage device based on the access control information; if the first verification information is consistent with the second verification information pre-stored in the storage device, receiving the original data and encryption and decryption instructions from a host side; analyzing the encryption and decryption instruction, and determining the processing type of the encryption and decryption module to the original data, wherein the processing type is encryption processing or decryption processing; the encryption and decryption module processes the original data into target data according to the processing type; and feeding the target data back to the host side.
In some embodiments, the encrypting and decrypting module processes the original data into target data according to the processing type, including: when the size of the original data is smaller than or equal to the residual capacity of a buffer of a storage device, caching the original data in the buffer of the storage device; and reading the original data from a buffer of the storage device, and processing the original data into target data according to the processing type.
In some embodiments, the encrypting and decrypting module processes the original data into target data according to the processing type, including: when the size of the original data is larger than the residual capacity of a buffer of a storage device, slicing the original data to generate a plurality of original data fragments corresponding to the original data; storing the plurality of raw data fragments to a flash memory unit of the storage device; and sequentially caching a plurality of original data fragments stored in the flash memory unit into the buffer, reading the original data fragments from the buffer after each original data fragment is cached, clearing the read original data fragments, and processing the original data according to the processing type until each original data fragment is processed, so as to generate the target data.
In some embodiments, slicing the raw data comprises: slicing the raw data based on the capacity of a buffer of the storage device.
In some embodiments, when the processing type is encryption processing, the encryption and decryption module processes the original data into target data according to the processing type, including: encrypting the original data through an encryption algorithm corresponding to the original data based on an encryption and decryption key to generate the target data, wherein the encryption and decryption key is generated based on an equipment identification code of the storage device.
In some embodiments, when the processing type is decryption processing, the encrypting and decrypting module processes the original data into target data according to the processing type, including: and decrypting the original data based on an encryption and decryption key through a decryption algorithm corresponding to the original data to generate the target data, wherein the encryption and decryption key is generated based on the equipment identification code of the storage device.
In some embodiments, the encryption and decryption module in the storage device obtains first verification information based on the access control information, including: decrypting the access control information to obtain the first verification information; or encrypting the access control information to obtain the first verification information.
One of the embodiments of the present specification provides a storage device including: the controller is used for acquiring access control information sent by the host side; the encryption and decryption module is used for obtaining first verification information based on the access control information; the controller is also used for receiving the original data and encryption and decryption instructions from the host side when the first verification information is consistent with the second verification information pre-stored in the storage device; the controller is also used for analyzing the encryption and decryption instruction and determining the processing type of the encryption and decryption module to the original data, wherein the processing type is encryption processing or decryption processing; the encryption and decryption module is also used for processing the original data into target data according to the processing type; the controller is also used for feeding back the target data to the host side.
One of the embodiments of the present specification provides an electronic device including: the host end is used for sending access control information, original data and encryption and decryption instructions; a storage device for: the access control information sent by the host side is obtained, and the encryption and decryption module in the storage device obtains first verification information based on the access control information; if the first verification information is consistent with the second verification information pre-stored in the storage device, receiving the original data and encryption and decryption instructions from the host; analyzing the encryption and decryption instruction, and determining the processing type of the encryption and decryption module to the original data, wherein the processing type is encryption processing or decryption processing; the encryption and decryption module processes the original data into target data according to the processing type; and feeding the target data back to the host side.
In some embodiments, the storage device is connected to the host side through a PCIe or SATA interface.
Compared with the prior art, the method for calling the encryption and decryption module in the storage device, the storage device and the electronic equipment provided by the specification have the following beneficial effects:
1. the calling method of the encryption and decryption module in the storage device obtains first verification information from access control information sent by the host end, performs identity verification on the host end based on the first verification information and pre-stored second verification information, ensures the safety of data interaction, analyzes encryption and decryption instructions, determines a processing type, processes original data into target data according to the processing type, and feeds the target data back to the host end, so that when the host end does not have a data encryption and decryption function, the lack of encryption and decryption capability of the host end can be compensated, and data encryption and decryption can be performed;
2. the encryption and decryption key is generated based on the equipment identification code of the storage device, so that the security of the encryption and decryption key can be improved;
3. when the size of the original data is larger than the residual capacity of a buffer of the storage device, slicing the original data, dividing the original data into a plurality of original data fragments, and sequentially carrying out data processing on each original data fragment, wherein when the original data is larger, the storage device still keeps high-efficiency data processing performance;
4. the storage device is connected with the host end through a PCIe or SATA interface, so that data transmission and communication are realized, and the compatibility of the storage device and the host end is ensured.
Drawings
The present specification will be further elucidated by way of example embodiments, which will be described in detail by means of the accompanying drawings. The embodiments are not limiting, in which like numerals represent like structures, wherein:
FIG. 1 is a flow chart of a method for invoking an encryption and decryption module in a storage device according to some embodiments of the present disclosure;
FIG. 2 is a flow diagram illustrating processing of raw data into target data according to processing type according to some embodiments of the present disclosure;
FIG. 3 is a schematic diagram of a memory device according to some embodiments of the present disclosure;
fig. 4 is a schematic structural diagram of an electronic device according to some embodiments of the present description.
Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present specification, the drawings that are required to be used in the description of the embodiments will be briefly described below. It is apparent that the drawings in the following description are only some examples or embodiments of the present specification, and it is possible for those of ordinary skill in the art to apply the present specification to other similar situations according to the drawings without inventive effort. Unless otherwise apparent from the context of the language or otherwise specified, like reference numerals in the figures refer to like structures or operations.
It will be appreciated that "system," "apparatus," "unit" and/or "module" as used herein is one method for distinguishing between different components, elements, parts, portions or assemblies at different levels. However, if other words can achieve the same purpose, the words can be replaced by other expressions.
As used in this specification and the claims, the terms "a," "an," "the," and/or "the" are not specific to a singular, but may include a plurality, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that the steps and elements are explicitly identified, and they do not constitute an exclusive list, as other steps or elements may be included in a method or apparatus.
A flowchart is used in this specification to describe the operations performed by the system according to embodiments of the present specification. It should be appreciated that the preceding or following operations are not necessarily performed in order precisely. Rather, the steps may be processed in reverse order or simultaneously. Also, other operations may be added to or removed from these processes.
Fig. 1 is a schematic flow chart of a method for calling an encryption and decryption module in a storage device according to some embodiments of the present disclosure, and as shown in fig. 1, the method for calling an encryption and decryption module in a storage device may include the following steps.
Step 110, access control information sent by a host is obtained, and an encryption and decryption module in the storage device obtains first verification information based on the access control information.
In some embodiments, the encryption and decryption module in the storage device obtains the first authentication information based on the access control information, including:
decrypting the access control information to obtain first verification information; or alternatively, the first and second heat exchangers may be,
and encrypting the access control information to obtain first verification information.
For example, the host side and the storage device may store a pair of plaintext and ciphertext in advance, and when data encryption and decryption are required, the host side may send access control information to the storage device, where the access control information may include the plaintext or ciphertext. When the access control information comprises a plaintext, the storage device encrypts the plaintext to obtain first verification information; when the access control information includes a ciphertext, the storage device decrypts the ciphertext to obtain the first authentication information.
In some embodiments, the plaintext pre-stored in the host side and the storage device may include the device identifier of the storage device, and the pre-stored ciphertext may be the ciphertext of the device identifier of the storage device encrypted by a specific encryption algorithm.
Step 120, if the first verification information is consistent with the second verification information pre-stored in the storage device, the original data and the encryption and decryption instruction from the host are received.
For example, when the access control information includes plaintext, the storage device encrypts the plaintext to obtain first verification information, the storage device may compare the first verification information with second verification information, where the second verification information may be ciphertext pre-stored in the storage device, and if the first verification information is consistent with the ciphertext pre-stored in the storage device, the storage device receives the original data and the encryption and decryption instruction from the host side; when the access control information comprises a ciphertext, the storage device decrypts the ciphertext to obtain first verification information, the first verification information is compared with second verification information, wherein the second verification information can be plaintext pre-stored in the storage device, and if the first verification information is consistent with the plaintext pre-stored in the storage device, the original data and encryption and decryption instructions from the host end are received.
Specifically, the two modes can be used for selecting the processing type to be performed by calling the encryption and decryption module through the host end, if the host end calls the encryption and decryption module to perform encryption operation, the access control information selected to be input comprises plaintext, the encryption and decryption module encrypts the plaintext through a corresponding encryption algorithm and compares the plaintext with the second verification information stored in the storage device, so that under the condition of ensuring that the identity verification of the host end is successful, whether the encryption and decryption module can successfully perform corresponding encryption on data can be detected, and the adopted encryption algorithm can be consistent with the encryption algorithm selected when the encryption operation is required, and further the encryption algorithm is verified. When the host side calls the encryption and decryption module to perform decryption operation, the access control information selected to be input comprises ciphertext, the encryption and decryption module decrypts the ciphertext through a corresponding decryption algorithm and compares the ciphertext with second verification information stored in the storage device, so that whether the encryption and decryption module can successfully perform corresponding decryption on data can be detected under the condition that the host side is ensured to be successful in identity verification, and the adopted decryption algorithm can be consistent with the decryption algorithm selected when the decryption operation is required, and further verification is performed on the decryption algorithm.
And 130, analyzing the encryption and decryption instruction, and determining the processing type of the encryption and decryption module on the original data, wherein the processing type is encryption processing or decryption processing.
And 140, the encryption and decryption module processes the original data into target data according to the processing type.
It can be understood that when the processing type is encryption processing, the encryption and decryption module can encrypt the original data through an encryption algorithm to generate target data; when the processing type is decryption processing, the encryption and decryption module can decrypt the original data through a decryption algorithm to generate target data.
For more description of processing the original data into the target data according to the processing type, refer to fig. 2 and related description thereof, and will not be repeated here.
Step 150, feeding back the target data to the host.
In some embodiments, the invoking method of the encryption and decryption module in the storage device obtains the first verification information from the access control information sent by the host end, performs identity verification on the host end based on the first verification information and the pre-stored second verification information, ensures the security of data interaction, analyzes the encryption and decryption instruction, determines the processing type, processes the original data into the target data according to the processing type, and feeds back the target data to the host end, so that when the host end does not have the data encryption and decryption function, the lacking encryption and decryption capability of the host end can be compensated, and the data encryption and decryption can be performed.
FIG. 2 is a flow chart illustrating processing of raw data into target data according to a processing type according to some embodiments of the present disclosure, and as shown in FIG. 2, processing of raw data into target data according to a processing type may include the following steps.
Step 210, buffering the original data in the buffer of the storage device when the size of the original data is less than or equal to the remaining capacity of the buffer of the storage device.
In some embodiments, the memory device may include a static random access memory, which may act as a buffer for the memory device to improve data processing efficiency and performance of the memory device.
Step 220, the original data is read from the buffer of the storage device, and the original data is processed into the target data according to the processing type.
In some embodiments, when the processing type is encryption processing, the encryption and decryption module may encrypt the original data based on an encryption and decryption key through an encryption algorithm corresponding to the original data, to generate the target data, where the encryption and decryption key is generated based on a device identification code of the storage device.
For example, at least one encryption and decryption algorithm (such as RSA, AES, etc.) algorithm may be pre-stored in the encryption and decryption module, and when the processing type is encryption processing, the encryption and decryption module may call the corresponding encryption algorithm to encrypt the original data based on the encryption and decryption key, so as to generate the target data.
By way of example only, the encryption/decryption instruction may include an encryption algorithm corresponding to the original data, and the encryption/decryption module may invoke the corresponding encryption algorithm according to the encryption algorithm corresponding to the original data included in the encryption/decryption instruction.
The RSA is an asymmetric encryption algorithm, decryption can be completed under the condition that a secret key is not transmitted, and the risk of being cracked caused by directly transmitting the secret key through symmetric encryption is avoided. RSA encryption/decryption is accomplished by a pair of keys, where the keys include a public key that is public for encryption and a private key that is secret for decryption. The two are related by a certain algorithm, and the most core idea is to ensure the safety by utilizing the difficulty of factoring a large integer. AES is a classical symmetric encryption/decryption algorithm, using encryption functions and keys to accomplish encryption of plaintext, and then using the same keys and corresponding functions to accomplish decryption, which has the advantage of being very efficient.
In some embodiments, when the processing type is decryption processing, the encryption and decryption module may decrypt the original data based on an encryption and decryption key by a decryption algorithm corresponding to the original data, to generate the target data, where the encryption and decryption key is generated based on a device identification code of the storage device.
For example, at least one encryption and decryption algorithm (such as RSA, AES, etc.) algorithm may be pre-stored in the encryption and decryption module, and when the processing type is decryption processing, the encryption and decryption module may call the corresponding decryption algorithm to decrypt the original data based on the encryption and decryption key, so as to generate the target data.
By way of example only, the encryption/decryption instruction may include a decryption algorithm corresponding to the original data, and the encryption/decryption module may invoke the corresponding decryption algorithm according to the decryption algorithm corresponding to the original data included in the encryption/decryption instruction.
In some embodiments, the encryption and decryption key is generated based on the device identification code of the storage device, so that the security of the encryption and decryption key can be improved.
As shown in FIG. 2, in some embodiments, processing the raw data into target data according to the type of processing further includes steps 230-250.
In step 230, when the size of the original data is larger than the remaining capacity of the buffer of the storage device, the original data is sliced, and a plurality of original data fragments corresponding to the original data are generated.
In some embodiments, the encryption and decryption module may slice the original data according to a preset segment size, to generate a plurality of original data segments corresponding to the original data.
In some embodiments, the raw data is sliced based on the capacity of a buffer of the storage device. For example, the buffer of the storage device has a capacity of 8M and the original data has a size of 30M, and then the original data may be sliced into four original data segments, and the sizes of the four original data segments are 8M, and 6M in order.
Step 240, storing the plurality of original data fragments to a flash memory unit of the storage device.
Step 250, sequentially caching the plurality of original data fragments stored in the flash memory unit into a buffer, reading the original data fragments from the buffer after caching each original data fragment, and clearing the read original data fragments, and processing the original data according to the processing type until each original data fragment is processed, so as to generate target data.
Specifically, the controller may read the original data segments stored in the flash memory unit and write the original data segments into the buffer one by one, and when one original data segment is written, the encryption and decryption module obtains the original data segment in the buffer and performs processing of a corresponding processing type, after the encryption and decryption module obtains the corresponding original data segment, the controller clears the original data segment in the buffer, and then buffers the next original data segment into the buffer, and so on until each original data segment is processed, so as to generate the target data.
In some embodiments, when the processing type is encryption processing, the encryption and decryption module may encrypt the original data segment based on an encryption and decryption key through an encryption algorithm corresponding to the original data, and generate an encrypted original data segment, where the encryption and decryption key is generated based on a device identification code of the storage device. After each original data segment is encrypted, combining the plurality of encrypted original data segments according to the processing sequence to generate target data.
In some embodiments, when the processing type is decryption processing, the encryption and decryption module may decrypt the original data segment based on the encryption and decryption key through a decryption algorithm corresponding to the original data, and generate a decrypted original data segment, where the encryption and decryption key is generated based on the device identifier of the storage device. After each original data segment is decrypted, combining the decrypted original data segments according to the processing sequence to generate target data.
In some embodiments, when the size of the original data is larger than the remaining capacity of the buffer of the storage device, by slicing the original data, splitting the original data into a plurality of original data fragments, and sequentially processing each original data fragment, it is achieved that the storage device still maintains efficient data processing performance when the original data is larger.
Fig. 3 is a schematic structural diagram of a storage device according to some embodiments of the present disclosure, where, as shown in fig. 3, the storage device may include a controller and an encryption and decryption module.
The controller may be configured to obtain access control information sent by the host.
The encryption and decryption module may be configured to obtain the first authentication information based on the access control information.
The controller can also be used for receiving the original data and the encryption and decryption instruction from the host side when the first verification information is consistent with the second verification information pre-stored in the storage device.
The controller can also be used for analyzing the encryption and decryption instruction, and determining the processing type of the encryption and decryption module on the original data, wherein the processing type is encryption processing or decryption processing.
The encryption and decryption module is also used for processing the original data into target data according to the processing type.
The controller is also used for feeding back target data to the host side.
The controller may include, but is not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), as well as any suitable processor, controller, microcontroller, etc.
For more description of the encryption and decryption module, refer to fig. 1, fig. 2 and related descriptions thereof, and are not repeated here.
Fig. 4 is a schematic structural diagram of an electronic device according to some embodiments of the present disclosure, where the electronic device may include a host side and a storage device as shown in fig. 4.
The host side can be used for sending access control information, original data and encryption and decryption instructions.
The storage device may be for: obtaining access control information sent by a host end, and obtaining first verification information by an encryption and decryption module in a storage device based on the access control information; if the first verification information is consistent with the second verification information pre-stored in the storage device, receiving the original data and the encryption and decryption instruction from the host; analyzing the encryption and decryption instruction, and determining the processing type of the encryption and decryption module to the original data, wherein the processing type is encryption processing or decryption processing; the encryption and decryption module processes the original data into target data according to the processing type; and feeding back the target data to the host side.
In some embodiments, the storage device is connected to the host end through a PCIe or SATA interface, so as to implement data transmission and communication, and ensure compatibility between the storage device and the host end.
For further description of the storage device, reference may be made to fig. 1-3 and their associated descriptions, which are not repeated here.
While the basic concepts have been described above, it will be apparent to those skilled in the art that the foregoing detailed disclosure is by way of example only and is not intended to be limiting. Although not explicitly described herein, various modifications, improvements, and adaptations to the present disclosure may occur to one skilled in the art. Such modifications, improvements, and modifications are intended to be suggested within this specification, and therefore, such modifications, improvements, and modifications are intended to be included within the spirit and scope of the exemplary embodiments of the present invention.
Meanwhile, the specification uses specific words to describe the embodiments of the specification. Reference to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic is associated with at least one embodiment of the present description. Thus, it should be emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various positions in this specification are not necessarily referring to the same embodiment. Furthermore, certain features, structures, or characteristics of one or more embodiments of the present description may be combined as suitable.
Furthermore, the order in which the elements and sequences are processed, the use of numerical letters, or other designations in the description are not intended to limit the order in which the processes and methods of the description are performed unless explicitly recited in the claims. While certain presently useful inventive embodiments have been discussed in the foregoing disclosure, by way of various examples, it is to be understood that such details are merely illustrative and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements included within the spirit and scope of the embodiments of the present disclosure. For example, while the system components described above may be implemented by hardware devices, they may also be implemented solely by software solutions, such as installing the described system on an existing server or mobile device.
Likewise, it should be noted that in order to simplify the presentation disclosed in this specification and thereby aid in understanding one or more inventive embodiments, various features are sometimes grouped together in a single embodiment, figure, or description thereof. This method of disclosure, however, is not intended to imply that more features than are presented in the claims are required for the present description. Indeed, less than all of the features of a single embodiment disclosed above.
Finally, it should be understood that the embodiments described in this specification are merely illustrative of the principles of the embodiments of this specification. Other variations are possible within the scope of this description. Thus, by way of example, and not limitation, alternative configurations of embodiments of the present specification may be considered as consistent with the teachings of the present specification. Accordingly, the embodiments of the present specification are not limited to only the embodiments explicitly described and depicted in the present specification.
Claims (10)
1. The method for calling the encryption and decryption module in the storage device is characterized by comprising the following steps:
obtaining access control information sent by a host end, and obtaining first verification information by an encryption and decryption module in a storage device based on the access control information;
if the first verification information is consistent with the second verification information pre-stored in the storage device, receiving the original data and encryption and decryption instructions from a host side;
analyzing the encryption and decryption instruction, and determining the processing type of the encryption and decryption module to the original data, wherein the processing type is encryption processing or decryption processing;
the encryption and decryption module processes the original data into target data according to the processing type;
and feeding the target data back to the host side.
2. The method for invoking an encryption/decryption module in a storage device according to claim 1, wherein the encryption/decryption module processes the original data into target data according to the processing type, comprising:
when the size of the original data is smaller than or equal to the residual capacity of a buffer of a storage device, caching the original data in the buffer of the storage device;
and reading the original data from a buffer of the storage device, and processing the original data into target data according to the processing type.
3. The method for invoking an encryption/decryption module in a storage device according to claim 1, wherein the encryption/decryption module processes the original data into target data according to the processing type, comprising:
when the size of the original data is larger than the residual capacity of a buffer of a storage device, slicing the original data to generate a plurality of original data fragments corresponding to the original data;
storing the plurality of raw data fragments to a flash memory unit of the storage device;
and sequentially caching a plurality of original data fragments stored in the flash memory unit into the buffer, reading the original data fragments from the buffer after each original data fragment is cached, clearing the read original data fragments, and processing the original data according to the processing type until each original data fragment is processed, so as to generate the target data.
4. The method for invoking the encryption and decryption module in a storage device according to claim 3, wherein slicing the original data comprises:
slicing the raw data based on the capacity of a buffer of the storage device.
5. The method for invoking an encryption/decryption module in a storage device according to any one of claims 1 to 4, wherein when the processing type is encryption processing, the encryption/decryption module processes the original data into target data according to the processing type, comprising:
encrypting the original data through an encryption algorithm corresponding to the original data based on an encryption and decryption key to generate the target data, wherein the encryption and decryption key is generated based on an equipment identification code of the storage device.
6. The method for invoking an encryption/decryption module in a storage device according to any one of claims 1 to 4, wherein when the processing type is decryption processing, the encryption/decryption module processes the original data into target data according to the processing type, comprising:
and decrypting the original data based on an encryption and decryption key through a decryption algorithm corresponding to the original data to generate the target data, wherein the encryption and decryption key is generated based on the equipment identification code of the storage device.
7. The method for invoking an encryption/decryption module in a storage device according to any one of claims 1-4, wherein the encryption/decryption module in the storage device obtains first authentication information based on the access control information, comprising:
decrypting the access control information to obtain the first verification information; or alternatively, the first and second heat exchangers may be,
encrypting the access control information to obtain the first verification information.
8. A memory device, comprising:
the controller is used for acquiring access control information sent by the host side;
the encryption and decryption module is used for obtaining first verification information based on the access control information;
the controller is also used for receiving the original data and encryption and decryption instructions from the host side when the first verification information is consistent with the second verification information pre-stored in the storage device;
the controller is also used for analyzing the encryption and decryption instruction and determining the processing type of the encryption and decryption module to the original data, wherein the processing type is encryption processing or decryption processing;
the encryption and decryption module is also used for processing the original data into target data according to the processing type;
the controller is also used for feeding back the target data to the host side.
9. An electronic device, comprising:
the host end is used for sending access control information, original data and encryption and decryption instructions;
a storage device for:
the access control information sent by the host side is obtained, and the encryption and decryption module in the storage device obtains first verification information based on the access control information;
if the first verification information is consistent with the second verification information pre-stored in the storage device, receiving the original data and encryption and decryption instructions from the host;
analyzing the encryption and decryption instruction, and determining the processing type of the encryption and decryption module to the original data, wherein the processing type is encryption processing or decryption processing;
the encryption and decryption module processes the original data into target data according to the processing type;
and feeding the target data back to the host side.
10. The electronic device of claim 9, wherein the storage device is connected to the host side via a PCIe or SATA interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311112459.6A CN117195324A (en) | 2023-08-31 | 2023-08-31 | Method for calling encryption and decryption module in storage device, storage device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311112459.6A CN117195324A (en) | 2023-08-31 | 2023-08-31 | Method for calling encryption and decryption module in storage device, storage device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117195324A true CN117195324A (en) | 2023-12-08 |
Family
ID=88991672
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311112459.6A Pending CN117195324A (en) | 2023-08-31 | 2023-08-31 | Method for calling encryption and decryption module in storage device, storage device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117195324A (en) |
-
2023
- 2023-08-31 CN CN202311112459.6A patent/CN117195324A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109040090B (en) | A kind of data ciphering method and device | |
| EP3198458B1 (en) | Technologies for accelerating compute intensive operations using solid state drives | |
| CN103440209B (en) | A kind of solid state hard disc data encryption/decryption method and solid state hard disk system | |
| WO2017041603A1 (en) | Data encryption method and apparatus, mobile terminal, and computer storage medium | |
| CN102073808B (en) | Method for encrypting and storing information through SATA interface and encryption card | |
| CN108880812B (en) | Method and system for data encryption | |
| US8891760B2 (en) | System for checking acceptance of string by automaton | |
| US20100061550A1 (en) | Data processing apparatus | |
| US8478984B2 (en) | Data encryption apparatus, data decryption apparatus, data encryption method, data decryption method, and data relay apparatus | |
| CN104901810A (en) | Data encrypted storage method based on domestic cryptographic algorithm | |
| CN112434326B (en) | Trusted computing method and device based on data flow | |
| CN113836543A (en) | Method, device and system for encrypting or decrypting data | |
| CN107609428A (en) | Date safety storing system and method | |
| US9391771B2 (en) | Server-client secret generation with cached data | |
| CN104717059A (en) | Multiband encryption engine and a self testing method thereof | |
| CN103077359B (en) | Data decryption method and Apparatus and system | |
| KR102418090B1 (en) | Computer program for dividing original file into multiple pieces, encrypting divided files and restoring original file by decrypting encrypted files, and method thereof | |
| WO2020044095A1 (en) | File encryption method and apparatus, device, terminal, server, and computer-readable storage medium | |
| CN113568568A (en) | Hardware encryption method, system and device based on distributed storage | |
| CN109189333B (en) | Hard disk adaptation method, device and system | |
| CN117195324A (en) | Method for calling encryption and decryption module in storage device, storage device and electronic equipment | |
| CN109255225A (en) | Hard disc data security control apparatus based on dual-identity authentication | |
| US8966254B2 (en) | Keyless challenge and response system | |
| US11372984B2 (en) | Key-compressible encryption | |
| CN109150867B (en) | Network information transmission encryption/decryption device and encryption/decryption method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |