CN1286434A - Encrypting card for secrete file -IDE data channel - Google Patents
Encrypting card for secrete file -IDE data channel Download PDFInfo
- Publication number
- CN1286434A CN1286434A CN 00124500 CN00124500A CN1286434A CN 1286434 A CN1286434 A CN 1286434A CN 00124500 CN00124500 CN 00124500 CN 00124500 A CN00124500 A CN 00124500A CN 1286434 A CN1286434 A CN 1286434A
- Authority
- CN
- China
- Prior art keywords
- data
- hard disk
- main frame
- card
- ide
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000009977 dual effect Effects 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 claims description 4
- 230000002093 peripheral effect Effects 0.000 claims description 4
- 238000012545 processing Methods 0.000 description 6
- 101000640836 Homo sapiens Sodium-coupled neutral amino acid transporter 4 Proteins 0.000 description 3
- 102100033869 Sodium-coupled neutral amino acid transporter 4 Human genes 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000007418 data mining Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000002224 dissection Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000000034 method Methods 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- BBEAQIROQSPTKN-UHFFFAOYSA-N pyrene Chemical compound C1=CC=C2C=CC3=CC=CC4=CC=C1C2=C43 BBEAQIROQSPTKN-UHFFFAOYSA-N 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- GVEPBJHOBDJJJI-UHFFFAOYSA-N fluoranthrene Natural products C1=CC(C2=CC=CC=C22)=C3C2=CC=CC3=C1 GVEPBJHOBDJJJI-UHFFFAOYSA-N 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000003825 pressing Methods 0.000 description 1
- 238000004886 process control Methods 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000007306 turnover Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
An encrypting card for IDE data channel features that a data encrypting card is added to IDE channel between computer and hard disk. The data from computer to hard disk is encrypted and the data from hard disk to computer is decrypted. Said encrypting card plays the role of the second hard disk. It is suitable for any computer, operating system and network environment.
Description
The present invention relates to a kind of computer data enciphering device, particularly ciphertext volume-IDE data channel encrypted card.
Existing computer encipher deciphering product can reduce following several: communication channel is encrypted, and as encrypted fax, encrypts MODEM etc.; The Network Transmission encrypt/decrypt; The file encryption deciphering; Authentication and file (catalogue) empowerment management and firewall security technology.From listed content, the product of computer encipher/deciphering mainly concentrates on the encrypt/decrypt of the control of safe turnover system, secure access control, safe transmission control and data file.All do not solve the ENCRYPTION FOR DATA BASE problem at present both at home and abroad, be that data will be encrypted, database just can not be used, and the application software relevant with database also just can not be used, as on-line analysis (OLAP), data warehouse (warehouse), data mining and artificial intelligence or the like.If will use these softwares, database just can not be encrypted, otherwise just can't use, and therefore limits the application of related software.
The object of the present invention is to provide a kind of data encryption technology that database uses that can be used for, ciphertext volume-IDE data channel encrypted card, it has nothing to do with computer hardware and software, can be under any hardware system and software environment plug and play, as long as hardware connects line, do not need software to install, start just can be used.
Among the present invention, between the IDE of main frame and hard disk passage, add a data encrypted card, when main frame is just encrypted during to the hard disk write data, just deciphering of read data from hard disk, ciphertext is rolled up as the encrypted encrypt data of second hard disk storing of computing machine.The protection target of IDE data channel encrypted card is exactly second hard disk of computing machine; it does the as a whole processing of being protected with second hard disk; be implemented under the complete transparent situation of operating system; the data that are stored in second hard disk are write fashionable encryption; decipher when reading, guarantee the safe storage of the data in second hard disk.Realize " card " of this function, just be called IDE data channel encrypted card, and protected second hard disk just is referred to as the ciphertext volume.
Because IDE data channel encrypted card has been finished the Whole Process Control from the IDE command interpretation to hard disk management, therefore from the angle of main frame, this card itself is exactly an IDE peripheral hardware of system.Because relevant signal Processing meets the standard of ATA3 fully, main frame is just treated as a tangible IDE hard disk to this card.In other words, from main frame, it is the same with there not being this card fully that this card is arranged, so main frame will be to manage and to use IDE data channel encrypted card to the way to manage of hard disk.
Owing to have the function of emulation IDE hard disk, therefore just must possess a complete set of complete ATA3 communication protocol interpretability and complete hard disk management ability for encrypted card.For this reason, the present invention is divided into following several main parts: interface protocol part, data channel management, hard disk management, data enciphering/deciphering, IC-card control.Interface protocol partly is made up of a slice FPGA or PLD device and respective peripheral circuit, be responsible for and the communicating by letter of main frame, receive all IDE instructions that main frame is sent here, managing chip on the card is passed in instruction, after managing chip is handled, return corresponding status signal, this signal is combined into the IDE return message by interface chip again and uses for main frame: data channel is managed mainly by interface device, compositions such as dual port RAM and managing chip CPU, the two ends of dual port RAM connect respectively to ide interface and hard-disk interface, ide interface connects main frame, accepts data that main frame sends here and then is the interface channel of card and hard disk to main frame return data hard-disk interface.The particular content of data, transmission direction etc. are then controlled by managing chip CPU in the dual port RAM, and this is one 16 a passage; Hard disk management: the core objective of encrypted card is the control to hard disk, therefore, the complete management system of pair hard disk will be arranged on the card.Comprise read-write operation to hard disk, special operational, Authorized operation etc. in this individual system; Data enciphering/deciphering:, under the control of managing chip CPU, carry out enciphering/deciphering by the dedicated encrypted dsp chip and handle by all data of hard disk encryption card; The IC-card controller: the IC-card controller is the unique information exchange channel between hard disk encryption card and the user.After security information such as user's identification information and authority are read in by the IC-card controller, give managing chip CPU on the card to analyze and use.Aforementioned each several part according to actual coordination, the integration of carrying out hardware and software, is just formed complete ciphertext volume-IDE data channel encrypted card.
Below in conjunction with drawings and Examples invention is further described.
Fig. 1 is a structural representation of the present invention;
Fig. 2 and Fig. 3 are hardware logic block diagram of the present invention;
Fig. 4 is a software block diagram of the present invention.
Referring to Fig. 1,2,3, the present invention is connected with main frame by ide interface, is connected with second hard disk by hard-disk interface.Data buffer is made of the 74LS245 bidirectional drive, the break-make of control data signal and the flow direction, logic controller is made up of the ISP1032 and the auxiliary element of a slice Lattice company, including compositions such as ide interface signal processing unit, data buffer control module, hard disk control signal unit, host interface logical block, internal register, is the core logic device of this card; Primary processor is made up of a slice 80186 and auxiliary element, finishes data processing, interface protocol parsing, IC-card control, access control and key management, rights management, authentication etc.; Data buffer area is made of dual port RAM, is data buffer area, also is the passage that carries out exchanges data with encryption chip; Program storage is the Flash storer; The IC-card seat connects the IC-card card reader, is used to read the user profile on user's IC-card; Ide interface is that 40PIN standard IDE interface links to each other with main frame; Hard-disk interface is that 40PIN standard IDE interface links to each other with hard disk; Encrypt regulation that device does according to national password, user to encrypting the class requirement and the different environment for use of ciphertext, do to specify by national password and use different special encryption chip (the general pyrene of ciphertext grade is close, Pu Mi and merchant close) into it.This encrypted card can need be selected for use by the user and different encryption chips are installed are finished the adding of data, decryption processing.
Referring to Fig. 4, after main frame powered up start, encrypted card entered initialization automatically, provided conventional IDE initializing signal.Initialization enters waiting status after finishing, and waits for the read write command of main frame to this hard disk.If what main frame was sent is not the reading and writing data order, i.e. bypass (pressing the IDEATA3 agreement) is carried out, and CPU does not carry out any processing to command parameter on the card.If what main frame sent is the reading and writing data order, at first the complete acceptance of the order of main frame is got off, and then dissection process progressively.After all were handled, this command execution of notice main frame was intact.Dissection process to the read write command of main frame comprises following step: (1) writes down address of reading (writing) and sector number; (2) determine validated user.To illegal user, keep a diary and return, send main frame " hard disk is not ready for " information; (3) be validated user, form working key; (4) differentiation is read or write order, presses IDE agreement regulation respectively, carries out read-write operation and encryption and decryption and handles; (5) keep a diary.Enter the follow-up disk read-write order of circular wait main frame, till electricity shuts down down.
The technical requirement that should reach among the present invention is: (1) IDE hard disk encryption and decryption card can carry out real-time encrypted or deciphering to hard disc data, thus the safety of protection hard disc data.IDE hard disk encryption and decryption is stuck on the standard IDE interface to be handled data, the IDE Peripheral Interface of complete compatible ordinary PC and other types computing machine on hardware, do not rely on any operating system or software platform, can directly move mainstream operation systems such as DOS, Windows9x, Linux and Unix, also can move real-time osses such as pSOS, the VxWorks application data bases such as SYBASE, ORACLE of unifying.(2) complete compatible True ide interface, compatible ATA3 interface protocol.(3) the encryption and decryption treatment scheme is to user and application program " transparent ", and real-time encryption and decryption is handled the transfer rate that does not influence hard disc data substantially.(4) modularization is convenient to revise and expand.(5) with user program complete " transparent ".
Utilize commercially available universal elements, manufacture and design wiring board, card reader and wiring board are assembled into the big or small box of about 146 * a 42 * 170mm (five and half height), be installed in the front panel of main frame, throw away the second hard disk socket and second hard disk that two pigtail lines are connected on the main frame negative respectively, and power by host power supply.After hardware installs, any software need be installed, power up start, main frame just is familiar with this dish.Under DOS6.22, Windows 95/98, WindowsNT, operating systems such as UNIX, Linux, normally use.Various softwares comprise system software and application software, all can normally move, as WORD, EXECL, ACCESS, POWERPONIT, SQL, FOXBASE, INFORMAX etc.Can both normally use at TCP/IP net and NOVELL net.Hard disk after the encryption, when by encrypted card hard disk directly not being inserted into the second hard disk socket of host backplane, host B IOS can be familiar with disk parameter, but the data in the disk (ciphertext) can not read.Realized ciphering user data, and encryption function is to the transparent target call of hardware and software.
Because IDE is the standard hard drive interface protocol of computing machine, encrypted card of the present invention just carries out encryption and decryption to be handled at reading and writing data, other defer to IDE agreement regulation fully, so IDE encrypted card and ciphertext volume are applicable to the computing machine of any model, applicable to any operating system and network environment.Solved a great problem of this IT industry of data base encryption.Concerning not only requiring data encryption but also requiring to use the user of systems such as database, OLAP (on-line analysis), data warehouse, data mining, manual decision, has very important using value.
Claims (3)
1, a kind of ciphertext volume-IDE data channel encrypted card that is used for computer data enciphering device, it is characterized in that: on the IDE passage that main frame is connected with hard disk, add a data encrypted card, when main frame is just encrypted during to the hard disk write data, just deciphering of read data from hard disk, ciphertext is rolled up as the second hard disk storing enciphered data.
2, encrypted card as claimed in claim 1 is characterized in that: above-mentioned encrypted card comprises:
Interface protocol part: form by a slice FPGA or PLD device and respective peripheral circuit, be responsible for and the communicating by letter of main frame, receive all IDE instructions that main frame is sent here, managing chip CPU on the card is passed in instruction, after managing chip is handled, return corresponding status signal, this signal is combined into the IDE return message by interface chip again and uses for main frame;
Data channel management: mainly form by interface device, dual port RAM and managing chip CPU etc., the two ends of dual port RAM connect respectively to ide interface and hard-disk interface, ide interface connects main frame, accept data that main frame sends here and to the main frame return data, hard-disk interface then is the interface channel of card and hard disk, the particular content of data, transmission direction etc. are then controlled by managing chip CPU in the dual port RAM;
Hard disk management: the core of encrypted card, have complete management system to hard disk, comprise read-write operation to hard disk, special operational, Authorized operation etc.;
Data enciphering/deciphering: under the control of managing chip CPU, carry out enciphering/deciphering by the dedicated encrypted dsp chip and handle;
IC-card control: be used for access and key management.
3, encrypted card as claimed in claim 1 is characterized in that: encrypted card and hard disk groups are contained in the box of about 146 * a 42 * 170mm (five and half height) size, can plug from the main frame front panel.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 00124500 CN1286434A (en) | 2000-09-13 | 2000-09-13 | Encrypting card for secrete file -IDE data channel |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 00124500 CN1286434A (en) | 2000-09-13 | 2000-09-13 | Encrypting card for secrete file -IDE data channel |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1286434A true CN1286434A (en) | 2001-03-07 |
Family
ID=4590463
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 00124500 Pending CN1286434A (en) | 2000-09-13 | 2000-09-13 | Encrypting card for secrete file -IDE data channel |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1286434A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1304915C (en) * | 2004-01-16 | 2007-03-14 | 西北工业大学 | Computer hard disk data encrypting method and device |
| CN100419719C (en) * | 2006-07-05 | 2008-09-17 | 北京飞天诚信科技有限公司 | Method for automatic protection of U disc by using filtering driver and intelligent key device |
| CN103823692A (en) * | 2013-12-31 | 2014-05-28 | 北京华虹集成电路设计有限责任公司 | Computer operating system starting method |
| CN105279107A (en) * | 2015-11-13 | 2016-01-27 | 北京华虹集成电路设计有限责任公司 | Disk start-up prevention method and system |
| CN115079960A (en) * | 2022-08-18 | 2022-09-20 | 赛芯半导体技术(北京)有限公司 | Data processing method, accelerator card and data processing system |
-
2000
- 2000-09-13 CN CN 00124500 patent/CN1286434A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1304915C (en) * | 2004-01-16 | 2007-03-14 | 西北工业大学 | Computer hard disk data encrypting method and device |
| CN100419719C (en) * | 2006-07-05 | 2008-09-17 | 北京飞天诚信科技有限公司 | Method for automatic protection of U disc by using filtering driver and intelligent key device |
| CN103823692A (en) * | 2013-12-31 | 2014-05-28 | 北京华虹集成电路设计有限责任公司 | Computer operating system starting method |
| CN103823692B (en) * | 2013-12-31 | 2019-05-10 | 北京华虹集成电路设计有限责任公司 | A kind of computer operating system starting method |
| CN105279107A (en) * | 2015-11-13 | 2016-01-27 | 北京华虹集成电路设计有限责任公司 | Disk start-up prevention method and system |
| CN115079960A (en) * | 2022-08-18 | 2022-09-20 | 赛芯半导体技术(北京)有限公司 | Data processing method, accelerator card and data processing system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100437618C (en) | Portable information safety device | |
| CN100552690C (en) | Data managing method | |
| CN101196855B (en) | Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method | |
| CN100378689C (en) | Enciphered protection and read write control method for computer data | |
| CN104573441A (en) | Computer with data privacy function and data encryption and hiding method thereof | |
| CN103020493A (en) | Anti-copy software protecting and operating device and anti-copy software protecting and operating method | |
| CN101894242B (en) | System and method for protecting information safety of mobile electronic equipment | |
| WO1996025700A1 (en) | Personal access management system | |
| EP1580663A1 (en) | A method for realizing security data storage and algorithm storage by means of semiconductor memory device | |
| CN101877246A (en) | U disk encryption method | |
| CN101593252A (en) | Control method and system that a kind of computing machine conducts interviews to USB device | |
| CN101840476B (en) | OTP-SD electronic publication encryption method | |
| CN102945339A (en) | Data protection system for computer | |
| CN105279453A (en) | Separate storage management-supporting file partition hiding system and method thereof | |
| US8086873B2 (en) | Method for controlling file access on computer systems | |
| CN1286434A (en) | Encrypting card for secrete file -IDE data channel | |
| CN103049705A (en) | Virtualization based method, terminal and system for secure storage | |
| CN202486808U (en) | Health card reader-writer system | |
| CN107194269A (en) | A kind of cipher machine and access control method based on RBAC | |
| CN104123371A (en) | Transparent Windows kernel file filtering method based on hierarchical file system | |
| CN106952659B (en) | CD multistage imprinting encryption method based on XTS encryption mode | |
| CN101944164A (en) | Intelligent mobile storage equipment | |
| JPH04181282A (en) | Cryptographic system for file | |
| CN2636326Y (en) | Safety ciphering and storing device based on USB interface | |
| CN101727557B (en) | Secrecy isolation hard disk and secrecy method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| ASS | Succession or assignment of patent right |
Owner name: ZHANG JUHONG; PARK CHAK HIN; CUI JUN; JIANG HAITA Free format text: FORMER OWNER: ZHANG JUHONG Effective date: 20010628 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20010628 Applicant after: Zhang Juhong Applicant after: Pu Xianze Applicant after: Cui Jun Applicant after: Jiang Haitao Applicant before: Zhang Juhong |
|
| AD01 | Patent right deemed abandoned | ||
| C20 | Patent right or utility model deemed to be abandoned or is abandoned |