CN1641522A - Computer hard disk data encrypting method and device - Google Patents
Computer hard disk data encrypting method and device Download PDFInfo
- Publication number
- CN1641522A CN1641522A CN 200410025825 CN200410025825A CN1641522A CN 1641522 A CN1641522 A CN 1641522A CN 200410025825 CN200410025825 CN 200410025825 CN 200410025825 A CN200410025825 A CN 200410025825A CN 1641522 A CN1641522 A CN 1641522A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- hard disk
- decryption
- signal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
This invention relates to a kind of data encrypting method for the computer harddisk and its device, which is a computer harddisk data encrypting device supporting several kinds of symmetrical encrypting arithmetic and based on the IDE interface. On the basis of the conventional computer, encrypt the data transferred between the harddisk and host, through the harddisk encrypting device composed of the controlling chip, the encrypting and interpreting chip, and their peripheral circuit, to achieve the goal of forcibly encrypting the harddisk data. Because the encrypting and interpreting chip adopts the encrypting arithmetic authenticated by the NIST or the strong encrypting arithmetic exploited independently by our country, even if the harddisk is obtained illegally, the original visible data in the harddisk can be gained without the cipher key. The operating system of the harddisk is also encrypted, so the uncoiling people consider the gained harddisk as a vacancy disk without being formatted, and the information concealing distinction is higher. The secrecy of the computer has been improved. The encrypting computers reconstructed from the conventional ones can be widely applied in the computer encrypting system of the units related to secret.
Description
Affiliated technical field: the present invention relates to a kind of computer hard disk data encryption method and device thereof, belong to the information security encryption technology.
Background technology: obtain certain achievement in the research aspect the encrypting computer hard disc chip, also had corresponding product to emerge, but in these products,
IBM Corporation Chinese patents (notification number: 1294457), " data that store being carried out encrypt/decrypt " with unique key of inaccessible.Proposition by be embedded in the computing machine undetachable hardware or produce from the identification number of this computer system undetachable hardware, be that unique not reproducible key is realized the encryption and decryption to data for computer system.
Number of patent application is in 99224818 the document, to disclose " a kind of encrypting computer hard disc device ", has proposed a kind of hard disc data to be carried out method of encrypting.It has carried out selective encryption to the data in the hard disk, and the method for its realization is undertaken by a relay, and speed is slow.
Number of patent application is 92102980.2 " screen protective system for computer hard disc data "; with number of patent application be in two patent documentations of " read-write controller for hard disk of microcomputer "; a kind of guard method of hard disc data all is provided; this guard method is not encrypted storage to the data on the hard disk, but prevents what unauthorized user from conducting interviews to hard disc data by the mode of access control.In case hard disk is stolen in this case, access control has just lost effect, and the significant data in the hard disk will be stolen easily.
" from then on sleeping without any anxiety-actual measurement of D-LOCK built-in hard disk encryption lock " is one piece of closely related document that retrieves from Internet (http://hard.zol.com.cn/labs/2003/0220/55310.shtml).The document has been introduced the D-LOCK internal connecting type hard disk encryption card that Taiwan company produces, and this product can select DES and two kinds of cryptographic algorithm of 3DES to come data are encrypted.
Summary of the invention: for avoiding the defective of prior art, the present invention proposes a kind of computer hard disk data encryption method and device thereof, support the computer hard disk data encryption device based on ide interface of multiple symmetric encipherment algorithm, on the basis of conventional computing machine, fixed disk data enciphering device by control chip and deciphering chip and peripheral circuit composition thereof, the data of transmitting between the hard disk of computing machine and the main frame are encrypted, thereby reach the target of hard disc data hardware encryption.Because deciphering chip adopts the cryptographic algorithm of NIST authentication or the strong cipher algorithms of China's independent development that the total data of hard disc of computer is encrypted, even so illegally obtain hard disk, if there is not key, also can't obtain clear data original in the hard disk; Also because the operating system on the hard disk is also encrypted, and the cracker thinks that the hard disk that obtains is one and does not have formatted blank panel by mistake, Information hiding rank height has strengthened the confidentiality of computing machine more.The present invention can be widely used in repacking conventional computing machine into secure computer in the computer security system of concerning security matters units such as national defence, Party and government offices, enterprise and company, financial management department.
Technical scheme of the present invention is, encryption system is placed between hard disk and the main frame, the data of transmitting between the hard disk of computing machine and the main frame are encrypted, it is characterized in that: control module is taken over all control signals and answer signal between main frame and the hard disk, thereby control is the nerve center of total system to the encryption and decryption process and the encryption and decryption operation of hard disk actual data stream.Control module is intercepted and captured original control signal between main frame and the hard disk, and the encryption and decryption module is intercepted and captured the data stream between main frame and the hard disk, and key management module is used for storing the required key of encryption and decryption module; When main frame during to the hard disk write data, data stream is intercepted and captured by the encryption and decryption module, control module is sent control signal control encryption and decryption module, needed key from reading encrypted process from key management module, data stream is carried out encryption, ciphering process sends write signal by control module after finishing, and ciphered data is written in the hard disk; When main frame during from the hard disk read data, data stream is intercepted and captured by the encryption and decryption module, control module is sent control signal control encryption and decryption module, needed key from reading encrypted process from key management module, data stream is carried out decryption processing, decrypting process sends write signal by control module after finishing, and decrypted data is delivered in the hard disk.
Described encryption and decryption module is carried out encryption and decryption to the actual data stream between main frame and the hard disk with hardware mode under the coordination of control module.The encryption and decryption module is made of encryption and decryption device and two dual-port impact dampers, is the core component of realizing fixed disk data enciphering.After data stream enters the encryption and decryption module, to organize the length that 16 hard disc data is converted to enciphering and deciphering algorithm in the suitable encryption and decryption devices such as a group 64 or 128 by dual-port impact damper 1 more, then by after the encryption and decryption process of encryption and decryption device realization to data, through dual-port impact damper 2, the data that the suitable hard disks that 64 or 128 encryption and decryption device output datas are converted into 16 of many groups read.
A kind of device of realizing aforementioned calculation machine fixed disk data enciphering method is a kind of direct plugging-in hard disk encryption card, can directly insert in the PCI slot of ordinary desktop computer, but not define the PCI electrical specification.It is characterized in that: this device comprises control module, encryption/decryption element, peripheral circuit;
Control module: intercept and capture the original control signal of sending by main frame or hard disk, the control signals such as reading and writing between main control system and the hard disk; When the write signal Be Controlled unit that main frame sends to hard disk is intercepted and captured, start the ciphering process of encryption/decryption element, and after encryption is finished, produce new write signal and send to hard disk, that finishes data adds the secret writing process; When the read signal Be Controlled unit that main frame sends to hard disk is intercepted and captured, start the decrypting process of encryption/decryption element, and after deciphering is finished, produce new read signal and send to main frame, finish the secret writing process of separating of data.
Encryption/decryption element: intercept and capture the valid data that transmit between main frame and the hard disk, accept the enabling signal that control module sends, the valid data that flow on the data bus are carried out the encryption and decryption operation, after encryption and decryption is finished, the notice control module is also read data by control module from encryption/decryption element, finish the encryption and decryption process one time.
Peripheral circuit: this part comprises: driving circuit 1, driving circuit 2, configuration circuit, power supply clock, synchronization module, key management, the signal of realizing control, data-signal strengthens, power up configuration information, Generation of Clock Signal, control module and encryption/decryption element synchronously, the management of key with corresponding function such as read.
Described control module comprises steering logic device, Compare Logic device, signal generator and external drive circuit controller;
The steering logic device: storage and control and treatment are counted in order to the IDE of read/write hard disk register, and produce enciphering/deciphering select signal, encryption and decryption enable signal and with the interactive signal of deciphering chip.The steering logic device is the core of hard disk control module, and its effect is dual: from the main frame angle, but the ide interface signal that steering logic device analog hard disk driver produces, this makes hard disk control module seem similarly is a virtual hard disk; From the hard disk angle, but the ide interface signal that steering logic device simulation framework produces, and this makes hard disk control module seem similarly is a virtual main frame.
The Compare Logic device: ide interface will go to read by the hard disk manufacturing merchant and just solidify the parameter of going into hard disk inside when the hard disk manufacturing by corresponding IDE order, and these parameters are filtered.Hard disk itself has some parameters just to be solidified when the hard disk manufacturing by the hard disk manufacturing merchant to go into hard disk inside, and ide interface will go to read these parameters by corresponding IDE order.If hard disk is when reading these parameters, we carry out encryption to these orders, and then main frame just can not correctly start hard disk and discern, and therefore must filter for this class order.
Signal generator: utilize counter circuit, simulation produce main frame read-write and hard disk response signal and with the interactive signal of deciphering chip, thereby guarantee the sequential integrality of hard disk control signal.
External drive circuit controller: produce enabling and direction signal of control external drive circuit and buffering circuit, to strengthening through the IDE signal that on intensity, has very big decay behind the encrypted card.
Described encryption/decryption element comprises data buffer 1, data buffer 2,16 * data shift register group, data * 16 shift register group, encryption and decryption device, key reads and controller and interactive signal generator, and wherein data is the figure place of the each deal with data of encryption and decryption device.
After data buffer 1:16 bit data enters FPGA, carry out buffer memory, make 16 * data bit shift register group leave time enough and finish 16 conversions to the enciphering and deciphering algorithm Len req through data buffer 1;
Data buffer 2: with the transformation result buffer memory output of data * 16 shift registers,, the integrality of maintenance sequential logic;
16 * data shift register group: 16 hard disc data length are converted into the data length that is fit to specific symmetrical enciphering and deciphering algorithm;
16 * data shift register group: the encryption and decryption result of specific symmetrical enciphering and deciphering algorithm is converted into the 16 bit data length that suitable hard disk reads;
Encryption and decryption device: as required, choose deciphering chip and realize enciphering and deciphering algorithm;
Key reads and controller: 64 key input bus port is provided, utilizes two interactive signal Krdy and Key_Rd, communicate with " key generation administration module ";
Interactive signal generator: generation is mainly used to and " control chip " communicates signal busy and ready.
Described interactive signal Krdy is that " key generation administration module " sends to the signal of " key reads and control module ", and the expression key generates, and can read; Key Rd is that " data encrypting and deciphering module " sends to the signal of " key generation administration module ", and expression data encrypting and deciphering module is ready to, can read in key.
The rule that is used in combination of described busy and two signals of ready is:
Busy=0 and ready=0 represents that enciphering/deciphering carries out,
Busy=0 and ready=1 represents that enciphering/deciphering finishes, but data result also is not removed,
Busy=1 and ready=0 represents the present encryption and decryption module free time,
Busy=1 and ready=1 is definition not.
The designed hard disc enciphering system of the present invention in use can be encrypted all data that comprise fdisk information, operating system, and enciphering rate is fast.
The designed hard disc enciphering system of the present invention is all encrypted all data that are stored in the hard disk, even hard disk is stolen like this, if the thief can not get encrypting secret key, can guarantee that so still confidential data is not stolen.
Invent designed hard disc enciphering system except two kinds of cryptographic algorithm of DES and 3DES can be provided, can also support present state-of-the-art block encryption algorithm-aes algorithm, and the various symmetric encipherment algorithms of user's independent development.
Description of drawings:
Fig. 1: Data Encrypt System of Hard Disk schematic diagram
Fig. 2: direct plugging-in hard disk encryption card structured flowchart
Fig. 3: control module schematic internal view
Fig. 4: encryption/decryption element embodiment schematic internal view
Fig. 5: encryption/decryption element embodiment schematic internal view
Fig. 6: a: validated user visit IDE hard disk
B: the disabled user visits the IDE hard disk
Embodiment:
Now in conjunction with the accompanying drawings the present invention is further described:
Present embodiment is a kind of direct plugging-in hard disk encryption card, and its structural drawing as shown in Figure 2." direct plugging-in " is relatively " peripheral apparatus interconnection (Peripheral Component Interconnection, PCI) type ", and this encrypted card can directly insert in the PCI slot of ordinary desktop computer, but does not define the PCI electrical specification.
40 signals of IDE hard disk can be divided into four big classes: hard disk control signal, address signal, data bus and other signal (all signals that above-mentioned three kinds of signals are outer).
The hard disk control signal has determined the mobile sequential of data in encrypted card.Because will carry out encryption and decryption, so we need intercept and capture the original control signal of being sent by main frame or hard disk to the data stream between main frame and the hard disk.With the ciphering process is example: when main frame sends write signal to hard disk, this signal is intercepted and captured by control module, control signal starts ciphering process, the data that will write hard disk are encrypted, after encryption is finished, produce new write signal by control module and send to hard disk, that finishes data adds the secret writing process.
Address signal has determined the content of the current register of visiting of main frame.For encrypted card, the not all data of transmitting between main frame and hard disk all need encrypted.For some intrinsic informations of hard disk, as: magnetic head number, cylinder number, disk size etc., these information all were solidificated in hard disk inside by manufacturer before hard disk dispatches from the factory.If these data are also carried out encryption and decryption, then can cause the hard disk identification error, therefore in control module, judge whether according to the content of address signal and operate carrying out encryption and decryption when the data of front transfer between main frame and the hard disk.
The width of data bus is 16, transmits application data on the bus sometimes, then transmits " hard disk control information " as hard-disk capacity and so on sometimes.Therefore we must handle respectively this with control chip: when transmit in the data line be control signal the time then straight-through letting slip, when transmit in the data line be application data the time then they are incorporated in the deciphering chip and encrypt, this just can realize fixed disk data enciphering.
The generation of other signal can not exert an influence to the encryption and decryption process of hard disk with transmission, directly transmits between main frame and hard disk after therefore it being driven by driving circuit.
Fig. 3 is the schematic internal view of control module of the present invention.Control module is made up of 4 parts such as steering logic device, Compare Logic device, signal generator and external drive circuit controller.These 4 parts all are at hardware description language (HardwareDescription Language, HDL) adopt schematic diagram to import the mode editor of (.gdf) in the composing software, be combined into a big type schematic diagram then, then compile, preceding emulation, logic synthesis, download at last and realize in the EP20K200EFC-484-2x of altera corp and the configuring chip thereof.
Encryption/decryption element by data buffer, 16 * data shift register group, data * 16 shift register group, encryption and decryption device, key reads and 6 unit such as controller and interactive signal generator constitute.Wherein, data is the figure place of the each deal with data of encryption and decryption device.The encryption and decryption device can be realized by the encryption chip that obtains authentication.The design of these 6 unit all is to write hypervelocity integrated circuit hardware description language (Very High Speed Integrated Circuits HDL in the HDL composing software, VHDL) the mode editor of program in machine code (.vhd), comprehensively become a program file then, then compile, preceding emulation, logic synthesis, download at last and realize in the EP20K200EFC-484-2x of altera corp and the configuring chip thereof.
Encryption and decryption device in the encryption/decryption element is replaced with the Ai-DES-1 chip, can be obtained the schematic internal view of encryption/decryption element as shown in Figure 4.
Data buffer is very simple with the VHDL Code Design: only need to describe two 74F245 (eight bus transceivers at a high speed) chip and get final product, the enable signal of bus transceiver and direction control signal are produced by control module.
When described encryption and decryption device adopted the Ai-DES-1 chip, shift register group (1) adopted 16 * 64 bit shift register groups, and shift register group (2) adopts 64 * 16 bit shift register groups.
The input of DES algorithm for encryption plaintext or decrypting ciphertext all is 64, and the PC hdd data bus once transmits 16 bit data (another short pattern is transmission 8 bit data) at present, therefore be necessary to design one 16 * 64 bit shift register group, the data of recently continuous 4 transmission of hard disk are carried out shift LD, thereby realize of the conversion of 16 bit data to 64 bit data.
64 * 16 bit shift register groups are the action compensating of same 16 * 64 bit shift register groups just in time, because the output result after DES algorithm for encryption or the deciphering is 64 bit data, therefore the effect of 64 * 16 bit shift register groups is to convert this 64 bit data to 16 bit data, and delivers to and carry out buffer memory in the data buffer storage unit.Whenever read signal IOW once, just read 16 bit data in the data buffer storage unit one time then, divide the drive circuit unit that 4 times these 64 output results is sent to encrypted card.
When the encryption and decryption device adopted the CAST-AES chip, 16 * data shift register group adopted 16 * 128 bit shift register groups, and data * 16 shift register group adopt 128 * 16 bit shift register groups.
Key reads and provides 64 key input bus port with the function one of controller, and the 2nd, utilize two interactive signal Krdy and Key_Rd, communicate with " key generation administration module ".Krdy is that " key generation administration module " (belonging to peripheral circuit) sends to the signal of " key reads and control module ", and the expression key generates, and can read; Key_Rd is that " data encrypting and deciphering module " sends to the signal of " key generation administration module ", and expression data encrypting and deciphering module is ready to, can read in key.The reciprocation of two signals has guaranteed the synchronous of " key generation administration module " and " data encrypting and deciphering module ".
" interactive signal generator " and " key reads and controller " has many similar places, but the signal of its generation is mainly used to communicate with " control chip ", this unit has produced busy and ready signal, the use that will combine of these two signals:
1. busy=0 and ready=0 represents that enciphering/deciphering carries out;
2. busy=0 and ready=1 represents that enciphering/deciphering finishes, but data result also is not removed;
3. busy=1 and ready=0 represents the present encryption and decryption module free time;
4. busy=1 and ready=1 also not definition at present;
Communicating by letter between control chip and the deciphering chip finished in height combination by these two signals.
The fpga chip that we select this solution for use and have programmable logic functions, make the present invention have versatility: we only need to revise or increase the VHDL code of algorithm in " encryption and decryption module ", change the size of shift register group simultaneously, just can support various enciphering and deciphering algorithms through authentication.For example: the encryption and decryption device is replaced with the CAST-AES chip, can be obtained the schematic internal view of encryption/decryption element as shown in Figure 5.Its structure is similar substantially to structure shown in Figure 4.
Other parts among Fig. 2 comprise: driving circuit 1, driving circuit 2, configuration circuit, power supply clock, synchronization module, key management etc. all are collectively referred to as peripheral circuit.These 6 Module Design all adopt the design of .sch schematic diagram input mode to realize under Protel circuit design software, with the Candence instrument they and two fpga chips are routed on the printing board PCB then, to form final hard disk encryption card.
The present invention is applied to carries out fixed disk data enciphering between hard disc of computer and the main frame:
● after inserting good encrypted card on the PCI of the mainboard slot, at first we carry out subregion and format (use between hard disk and the CPU and encrypt plate) to hard disk, then hard disk are carried out data read-write operation, and test result is shown in figure a, reading and writing data is entirely true, no error code situation.
● not inserting smart card or removing, start computing machine under the situation that hard disk is direct and main frame connects encrypting plate.Test result as shown in Figure 6, can't find on the hard disk operating system and partition information---hard disc data is encrypted.
● once more encrypted card is inserted between hard disk and the main frame, and smart card is correctly inserted, main frame can normally start and can see the data of the hard disk that writes again, and test result and Fig. 6 are identical.
Experimental result shows that the encryption rate to the des encryption algorithm of this encrypted card (handling capacity) is 200Mb/s, meets the requirement that computer hard disk data is encrypted.
Good effect of the present invention is:
(1) owing to adopt the HD encryption solution figure of fpga chip and Fig. 1, we develop to go out a kind of direct plugging-in hard The dish encrypted card, together encrypted to the operating system on the hard disk and user data, AES have DES, 3DES, AES and The symmetric encipherment algorithm of user's independent development. Wherein, the key of DES algorithm is 56, and the key of 3DES algorithm is 112, The key of aes algorithm is 128, and the key length of the symmetric encipherment algorithm of user's independent development is pressed customer requirements and set. This adds Close system is 200Mb/s to the encryption rate (handling capacity) of des encryption algorithm, meets the requirement that computer hard disk data is encrypted.
(2) the present invention has namely increased a hard disk encryption card at the hardware system layer between mainboard and the hard disk, and this card can be realized DES, 3DES, AES AES, the perhaps symmetric encipherment algorithm of user's independent development is to advance hard disk File and data The row encipherment protection. This hardware encipher method is to process at hardware layer, occupying system resources not, to the entire system impact little its Little; On the other hand, the operating system on the hard disk and user data are together encrypted, the cracker think by mistake be one not by form The blank panel of changing, Information hiding rank height. Simultaneously, because operating system is encrypted, so encrypted card is transparent to operating system , support the IDE fixed disk data enciphering under the several operation systems.
(3) at encrypted card an IC-card access hole is arranged, the user who only holds legal IC-card inserts this access hole with IC-card, Key on the IC-card could correctly be deciphered the data on the hard disc of computer, and this key management method both can accomplish that the user did not need Take great energy the private key of memory oneself input, can guarantee key safety again.
This data flow hardware encryption architecture is with good expansibility, and it can upgrade and be applied to different data securities Transmission field. Can be widely used in concerning security matters units such as national defence, military affairs, Party and government offices, enterprise or company, financial management department pair Among the demanding department of hard disc of computer information privacy.
Claims (9)
1, a kind of computer hard disk data encryption method, encryption system is placed between hard disk and the main frame, the data of transmitting between the hard disk of computing machine and the main frame are encrypted, it is characterized in that: control module is intercepted and captured original control signal between main frame and the hard disk, the encryption and decryption module is intercepted and captured the data stream between main frame and the hard disk, and key management module is used for storing the required key of encryption and decryption module; When main frame during to the hard disk write data, data stream is intercepted and captured by the encryption and decryption module, control module is sent control signal control encryption and decryption module, needed key in the reading encrypted process from key management module, data stream is carried out encryption, ciphering process sends write signal by control module after finishing, and ciphered data is written in the hard disk; When main frame during from the hard disk read data, data stream is intercepted and captured by the encryption and decryption module, control module is sent control signal control encryption and decryption module, from key management module, read needed key in the decrypting process, data stream is carried out decryption processing, decrypting process sends write signal by control module after finishing, and decrypted data is delivered in the hard disk.
2, computer hard disk data encryption method according to claim 1 is characterized in that: described encryption and decryption module comprises encryption and decryption device and two dual-port impact dampers; After data stream enters the encryption and decryption module, to organize the length that 16 hard disc data is converted to enciphering and deciphering algorithm in the suitable encryption and decryption devices such as a group 64 or 128 by dual-port impact damper (1) more, then by after the encryption and decryption process of encryption and decryption device realization to data, through dual-port impact damper (2), the data that the suitable hard disks that 64 or 128 encryption and decryption device output datas are converted into 16 of many groups read.
3, a kind of device of realizing aforementioned calculation machine hard disc data encipher-decipher method, it is characterized in that: this device comprises control module, encryption/decryption element, peripheral circuit;
Control module: intercept and capture the original control signal of sending by main frame or hard disk, the control signals such as reading and writing between main control system and the hard disk; When the write signal Be Controlled unit that main frame sends to hard disk is intercepted and captured, start the ciphering process of encryption/decryption element, and after encryption is finished, produce new write signal and send to hard disk, that finishes data adds the secret writing process; When the read signal Be Controlled unit that main frame sends to hard disk is intercepted and captured, start the decrypting process of encryption/decryption element, and after deciphering is finished, produce new read signal and send to main frame, finish the secret writing process of separating of data.
Encryption/decryption element: intercept and capture the valid data that transmit between main frame and the hard disk, accept the enabling signal that control module sends, the valid data that flow on the data bus are carried out the encryption and decryption operation, after encryption and decryption is finished, the notice control module is also read data by control module from encryption/decryption element, finish the encryption and decryption process one time.
Peripheral circuit: this part comprises: driving circuit 1, driving circuit 2, configuration circuit, power supply clock, synchronization module, key management, the signal of realizing control, data-signal respectively strengthens, power up configuration information, Generation of Clock Signal, control module and encryption/decryption element synchronously, the management of key with corresponding function such as read.
4, device according to claim 3 is characterized in that: described control module comprises steering logic device, Compare Logic device, signal generator and external drive circuit controller;
The steering logic device: storage and control and treatment are counted in order to the IDE of read/write hard disk register, and produce enciphering/deciphering select signal, encryption and decryption enable signal and with the interactive signal of deciphering chip;
The Compare Logic device: ide interface will go to read by the hard disk manufacturing merchant and just solidify the parameter of going into hard disk inside when the hard disk manufacturing by corresponding IDE order, and these parameters are filtered;
Signal generator: utilize counter circuit, simulation produce main frame read-write and hard disk response signal and with the interactive signal of deciphering chip, thereby guarantee the sequential integrality of hard disk control signal;
External drive circuit controller: produce enabling and direction signal of control external drive circuit and buffering circuit, to strengthening through the IDE signal that on intensity, has very big decay behind the encrypted card.
5, device according to claim 3, it is characterized in that: described encryption/decryption element comprises data buffer (1), data buffer (2), 16 * data shift register group, data * 16 shift register group, encryption and decryption device, key reads and controller and interactive signal generator, and wherein data is the figure place of the each deal with data of encryption and decryption device;
Data buffer (1): after 16 bit data enter FPGA, carry out buffer memory, make 16 * data shift register group leave time enough and finish 16 conversions to the enciphering and deciphering algorithm Len req through data buffer (1);
Data buffer (2):, keep the integrality of sequential logic with the transformation result buffer memory output of data * 16 shift registers; 16 * data shift register group: 16 hard disc data length are converted into the data length that is fit to specific symmetrical enciphering and deciphering algorithm;
Data * 16 shift register group: the encryption and decryption result of specific symmetrical enciphering and deciphering algorithm is converted into the 16 bit data length that suitable hard disk reads;
Encryption and decryption device: as required, choose deciphering chip and realize enciphering and deciphering algorithm;
Key reads and controller: 64 key input bus port is provided, utilizes two interactive signal Krdy and Key_Rd, communicate with " key generation administration module "; Interactive signal generator: main generation is used for and " control chip " communicates signal busy and ready.
6, device according to claim 5, it is characterized in that: when described encryption and decryption device adopts the Ai-DES-1 chip, 16 * data shift register group adopts 16 * 64 bit shift register groups, and data * 16 shift register group adopt 64 * 16 bit shift register groups.
7, device according to claim 5, it is characterized in that: when described encryption and decryption device adopts the CAST-AES chip, 16 * data shift register group adopts 16 * 128 bit shift register groups, and data * 16 shift register group adopt 128 * 16 bit shift register groups.
8, device according to claim 5 is characterized in that: described interactive signal Krdy is that " key generation administration module " sends to the signal of " key reads and control module ", and the expression key generates, and can read; Key_Rd is that " data encrypting and deciphering module " sends to the signal of " key generation administration module ", and expression data encrypting and deciphering module is ready to, can read in key.
9, device according to claim 5 is characterized in that: the rule that is used in combination of described busy and two signals of ready is:
Busy=0 and ready=0 represents that enciphering/deciphering carries out,
Busy=0 and ready=1 represents that enciphering/deciphering finishes, but data result also is not removed,
Busy=1 and ready=0 represents the present encryption and decryption module free time,
Busy=1 and ready=1 is definition not.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100258255A CN1304915C (en) | 2004-01-16 | 2004-01-16 | Computer hard disk data encrypting method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100258255A CN1304915C (en) | 2004-01-16 | 2004-01-16 | Computer hard disk data encrypting method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1641522A true CN1641522A (en) | 2005-07-20 |
| CN1304915C CN1304915C (en) | 2007-03-14 |
Family
ID=34868464
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100258255A Expired - Fee Related CN1304915C (en) | 2004-01-16 | 2004-01-16 | Computer hard disk data encrypting method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1304915C (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100403281C (en) * | 2006-09-01 | 2008-07-16 | 西安交通大学 | Dynamic key based hardware data enciphering method and device thereof |
| CN100587677C (en) * | 2006-02-24 | 2010-02-03 | 佳能株式会社 | Data processing device and data processing method |
| CN101114256B (en) * | 2006-07-24 | 2010-05-12 | 神盾股份有限公司 | Real-time data security method |
| CN101206703B (en) * | 2006-12-22 | 2010-05-19 | 中国科学院计算技术研究所 | Chip with program contents and external security function, and program download method |
| CN103823692A (en) * | 2013-12-31 | 2014-05-28 | 北京华虹集成电路设计有限责任公司 | Computer operating system starting method |
| CN105279107A (en) * | 2015-11-13 | 2016-01-27 | 北京华虹集成电路设计有限责任公司 | Disk start-up prevention method and system |
| CN105468983A (en) * | 2015-11-17 | 2016-04-06 | 北京华虹集成电路设计有限责任公司 | Data transmission method and device based on SATA (Serial Advanced Technology Attachment) interface |
| CN105550605A (en) * | 2015-12-16 | 2016-05-04 | 北京华虹集成电路设计有限责任公司 | Encryption/decryption engine and implementation method thereof |
| CN108470129A (en) * | 2018-03-13 | 2018-08-31 | 杭州电子科技大学 | A kind of data protection special chip |
| CN109829316A (en) * | 2017-11-23 | 2019-05-31 | 三星电子株式会社 | Encrypt equipment, system on chip and electronic equipment including the encryption equipment |
| CN110245526A (en) * | 2019-05-07 | 2019-09-17 | 杭州电子科技大学 | A kind of encryption device and method based on PCIe interface |
| CN112446057A (en) * | 2020-12-03 | 2021-03-05 | 广州数智网络科技有限公司 | Method for breaking certain software encryption type encryption product at low cost |
| CN112699356A (en) * | 2020-12-28 | 2021-04-23 | 北京工商大学 | Encryption system for computer mechanical hard disk |
| WO2021190218A1 (en) * | 2020-03-27 | 2021-09-30 | 华为技术有限公司 | Data encryption method and control device |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1101024C (en) * | 1999-08-13 | 2003-02-05 | 王本中 | Method and device for encrypting computer hard disc |
| CN1286434A (en) * | 2000-09-13 | 2001-03-07 | 张巨洪 | Encrypting card for secrete file -IDE data channel |
| EP1231537A1 (en) * | 2001-02-09 | 2002-08-14 | Siemens Aktiengesellschaft | Automatic turn-on of a computer cluster after a curable failure |
| CN1157648C (en) * | 2001-02-26 | 2004-07-14 | 张巨洪 | Encryption device for computer data |
| CN1186732C (en) * | 2001-04-20 | 2005-01-26 | 宏碁股份有限公司 | Method and system for protecting hard disk of computer |
-
2004
- 2004-01-16 CN CNB2004100258255A patent/CN1304915C/en not_active Expired - Fee Related
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100587677C (en) * | 2006-02-24 | 2010-02-03 | 佳能株式会社 | Data processing device and data processing method |
| US8539605B2 (en) | 2006-02-24 | 2013-09-17 | Canon Kabushiki Kaisha | Data processing device and data processing method |
| CN101114256B (en) * | 2006-07-24 | 2010-05-12 | 神盾股份有限公司 | Real-time data security method |
| CN100403281C (en) * | 2006-09-01 | 2008-07-16 | 西安交通大学 | Dynamic key based hardware data enciphering method and device thereof |
| CN101206703B (en) * | 2006-12-22 | 2010-05-19 | 中国科学院计算技术研究所 | Chip with program contents and external security function, and program download method |
| CN103823692B (en) * | 2013-12-31 | 2019-05-10 | 北京华虹集成电路设计有限责任公司 | A kind of computer operating system starting method |
| CN103823692A (en) * | 2013-12-31 | 2014-05-28 | 北京华虹集成电路设计有限责任公司 | Computer operating system starting method |
| CN105279107A (en) * | 2015-11-13 | 2016-01-27 | 北京华虹集成电路设计有限责任公司 | Disk start-up prevention method and system |
| CN105468983A (en) * | 2015-11-17 | 2016-04-06 | 北京华虹集成电路设计有限责任公司 | Data transmission method and device based on SATA (Serial Advanced Technology Attachment) interface |
| CN105468983B (en) * | 2015-11-17 | 2020-01-03 | 北京华大智宝电子系统有限公司 | Data transmission method and device based on SATA interface |
| CN105550605A (en) * | 2015-12-16 | 2016-05-04 | 北京华虹集成电路设计有限责任公司 | Encryption/decryption engine and implementation method thereof |
| CN109829316A (en) * | 2017-11-23 | 2019-05-31 | 三星电子株式会社 | Encrypt equipment, system on chip and electronic equipment including the encryption equipment |
| CN108470129A (en) * | 2018-03-13 | 2018-08-31 | 杭州电子科技大学 | A kind of data protection special chip |
| CN110245526A (en) * | 2019-05-07 | 2019-09-17 | 杭州电子科技大学 | A kind of encryption device and method based on PCIe interface |
| CN110245526B (en) * | 2019-05-07 | 2021-04-23 | 杭州电子科技大学 | Encryption method based on PCIe interface |
| WO2021190218A1 (en) * | 2020-03-27 | 2021-09-30 | 华为技术有限公司 | Data encryption method and control device |
| CN112446057A (en) * | 2020-12-03 | 2021-03-05 | 广州数智网络科技有限公司 | Method for breaking certain software encryption type encryption product at low cost |
| CN112699356A (en) * | 2020-12-28 | 2021-04-23 | 北京工商大学 | Encryption system for computer mechanical hard disk |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1304915C (en) | 2007-03-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1304915C (en) | Computer hard disk data encrypting method and device | |
| US9954826B2 (en) | Scalable and secure key management for cryptographic data processing | |
| US8107621B2 (en) | Encrypted file system mechanisms | |
| CN1312876C (en) | Encrypted/deencrypted stored data by utilizing disaccessible only secret key | |
| US8683232B2 (en) | Secure user/host authentication | |
| US8826037B2 (en) | Method for decrypting an encrypted instruction and system thereof | |
| CN1592877A (en) | Method and device for encryption/decryption of data on mass storage device | |
| TWI567557B (en) | A tweakable encrypion mode for memory encryption with protection against replay attacks | |
| CN101551784B (en) | Method and device for encrypting data in ATA memory device with USB interface | |
| US8539250B2 (en) | Secure, two-stage storage system | |
| CN1889426A (en) | Method and system for realizing network safety storaging and accessing | |
| CN1647046A (en) | Control function based on requesting master id and a data address within an integrated system | |
| US20130166922A1 (en) | Method and system for frame buffer protection | |
| CN1928881A (en) | Computer data security protective method | |
| CN102073808B (en) | Method for encrypting and storing information through SATA interface and encryption card | |
| CN107256363A (en) | A kind of high-speed encryption and decryption device being made up of encryption/decryption module array | |
| CN108090366B (en) | Data protection method and device, computer device and readable storage medium | |
| CN1791111A (en) | Method and apparatus for security over multiple interfaces | |
| CN103020537A (en) | Data encrypting method, data encrypting device, data deciphering method and data deciphering device | |
| CN1961301A (en) | Apparatus and method for operating plural applications between portable storage device and digital device | |
| CN1776563A (en) | File encrypting device based on USB interface | |
| CN102831346A (en) | Method and system for file protection | |
| CN110990851B (en) | Static data encryption protection method and system | |
| CN103294969A (en) | File system mounting method and file system mounting device | |
| CN107092835A (en) | The computer data enciphering device and method of a kind of virtual memory disk |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070314 Termination date: 20120116 |