CN201122439Y - Enciphering flash memory disk - Google Patents
Enciphering flash memory disk Download PDFInfo
- Publication number
- CN201122439Y CN201122439Y CNU2007201703387U CN200720170338U CN201122439Y CN 201122439 Y CN201122439 Y CN 201122439Y CN U2007201703387 U CNU2007201703387 U CN U2007201703387U CN 200720170338 U CN200720170338 U CN 200720170338U CN 201122439 Y CN201122439 Y CN 201122439Y
- Authority
- CN
- China
- Prior art keywords
- control module
- module
- interface
- links
- safety control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The utility model relates to an encryption flash disk, which comprises a safety control module, a storage module, and also comprises a peripheral control module, wherein the safety control module and the storage module are respectively connected with the peripheral control module. The peripheral control module comprises a first CPU, a high speed USB interface, a first in and first out storage unit and a universal programmable interface. The safety control module comprises a second CPU, an encryption module, and an interface module. By using the encryption flash disk, the encryption of the data can be realized, simultaneously, the data transmission speed can be improved.
Description
Technical field
The utility model relates to network and computer safety field, particularly relates to a kind of information security control movable storage device that can improve data rate.
Background technology
In recent years, information security is more and more paid attention to for people, especially some special mechanisms, for example government department, army and some large enterprises.It is calculated that machine release mechanism (Computer SecurityInstitute; hereinafter to be referred as: CSI) 484 company's investigation results are shown; security threat above 85% is from enterprises; and wherein 16% come from inner undelegated access; therefore; enterprise except utilize fire wall, intrusion prevention system (Intrusion Prevention System, hereinafter to be referred as: IPS), outside the anti-virus product defence outside threat, data encryption then is the existing main tool that is worth data of protection enterprise.Utilize data encryption technology can protect All Files on the hard disk; the safety that comprises operating system file; even hard disk is stolen; data can not browsed by unauthorized people or be obtained yet; protect digital asset by data encryption; it is the Last Resort that prevents to reveal without permission important electronic information; the mobile device of preserving confidential data is very easy to lose or is stolen; data by company's network or internet transmission then might be intercepted; these all can bring great risk to sensitive data; therefore, unique means that can form obstruction are exactly data encryption.
At present, the hardware-based cryptographic of comparative maturity has two kinds: a kind of is the encrypting fingerprint technology that many manufacturers are all using, this technology utilizes human natural unique identification organ-fingerprint as the encryption device identification code, have very high security, current main encryption flash disk (being commonly called as USB flash disk) product is the fingerprint encrypted U disk; Another kind is the chip encryption technology, this technology is to adopt a block encryption chip that encryption technology is applied on the encrypted U disk, by encryption chip data are encrypted, deposit in the memory module then, from the encryption of physical layer realization to data stream, data encryption and data transmission are carried out synchronously, and not only enciphering rate is fast, and safer.
Adopt in the movable storage device of encryption chip design, mostly be USB2.0 interface at full speed with the interface of extraneous computing machine on the encryption chip, the inner hardware encryption module that adopts is as 3DES/RSA etc., this design, bottleneck is that on the transmission speed of USB, actual data transfer speed is no more than 1MB/s, and this is to the encrypted U disk of low capacity, speed can also be stood, but along with USB flash disk memory capacity (as 8G and more than) increase, when transfer files, transmission speed is very big problem.
The utility model content
The purpose of this utility model provides a kind of encryption flash disk, encrypts the slow problem of flash disk data rate in order to solve prior art, improves data rate when realizing data encryption.
The utility model provides following technical scheme by some embodiment: a kind of encryption flash disk, comprise the safety control module, the memory module that contain USB interface, also comprise being used for carrying out with external unit the peripheral hardware control module of high speed data transfer, described safety control module all is connected with described peripheral hardware control module with memory module.
Described peripheral hardware control module comprises a CPU, the hi-speed USB interface that links to each other with external unit, first in first out storage unit (the FIFO memory that links to each other with safety control module, below be abbreviated as FIFO), the general programmable interface (GPIF) that links to each other with memory module, a described CPU links to each other with general programmable interface with described first in first out storage unit, and described first in first out storage unit links to each other with general programmable interface with described hi-speed USB interface.
Described safety control module comprises the 2nd CPU, encrypting module, interface module, and described the 2nd CPU connects described encrypting module and interface module, and described interface module links to each other with the peripheral hardware control module.
Described encryption flash disk also comprises finger print acquisition module.
Peripheral hardware control module of the new adding of the utility model embodiment, the GPIF that high speed USB 2.0 interfaces is arranged in this peripheral hardware control module and memory module is controlled has improved data rate effectively; The encrypting module that 32 bit CPUs and integrated DES and RSA cryptographic algorithms are arranged in the safe handling module of the present utility model, CPU can be as required memory allocated space arbitrarily, and can encrypt and the setting of not encrypting the storage space that is distributed, because the adding of high-performance CPU has improved enciphering rate effectively in the safety control module.
Below by drawings and Examples, the technical solution of the utility model is described in further detail.
Description of drawings
Fig. 1 is the utility model embodiment one structural representation;
Fig. 2 is the utility model embodiment two structural representations;
Fig. 3 is the utility model embodiment three structural representations;
Fig. 4 is peripheral hardware control module one an example structure synoptic diagram of the present utility model;
Fig. 5 is safety control module one an example structure synoptic diagram of the present utility model.
Embodiment
Fig. 1 is the utility model embodiment one structural representation.As shown in Figure 1, present embodiment comprises safety control module, memory module and peripheral hardware control module, and safety control module all links to each other with the peripheral hardware control module with memory module, and the peripheral hardware control module links to each other with external unit, is used to realize the data high-speed transmission.In order to realize the encrypting fingerprint function, can also comprise finger print acquisition module (shown in the frame of broken lines) in the present embodiment, be used to finish the encrypting fingerprint function.
Fig. 2 is the utility model embodiment two structural representations.As shown in Figure 2, present embodiment comprises safety control module, memory module, peripheral hardware control module; The peripheral hardware control module comprises a CPU, hi-speed USB interface, FIFO and GPIF; Safety control module comprises the 2nd CPU, encrypting module and interface module.
The FIFO of peripheral hardware control module is connected by parallel bus with the interface module of safety control module, the peripheral hardware control module is connected with external unit by its hi-speed USB interface, the transmission of realization data high-speed, the peripheral hardware control module is connected with memory module by the GPIF that it can be configured to near-field communication (NFC) interface, realizes the data transmission between peripheral hardware control module and the memory module.
To data encrypt just to encrypt flash disk to write process as follows: the data that the peripheral hardware control module is come by the transmission of hi-speed USB interface receiving computer, the data that receive deposit among the FIFO of peripheral hardware control module, then, the peripheral hardware control module discharges the memory module space, and handle the data that receive by control line notice safety control module, after safety control module is notified, taking-up is stored in the data among the FIFO, and it is encrypted, encrypt the back and ciphered data is returned to FIFO by parallel bus, and by control line notice peripheral control unit, after peripheral control unit receives the notice that data have encrypted and returned, ciphered data is stored in the memory module by the NFC interface.
Just as follows to the read procedure of encrypting flash disk to the data deciphering: the peripheral hardware control module is taken out data from memory module, and be stored among its FIFO, handle by control line notice secure storage module then, after secure storage module is notified the taking-up of enciphered data among the FIFO is decrypted it, and the data after will deciphering return to FIFO, then by control line notice peripheral hardware control module, after the peripheral hardware control module was notified, the data transmission after will deciphering by its hi-speed USB interface was given computing machine.
The finger print acquisition module that Fig. 2 frame of broken lines links to each other with interface module in the safety control module is optionally, has made full use of existing two kinds of technology, makes the encryption flash disk of present embodiment not only can realize chip encryption, can also realize the encrypting fingerprint function.
Fig. 3 is the utility model embodiment three structural representations.As shown in Figure 3, present embodiment comprises safety control module, memory module, peripheral hardware control module; The peripheral hardware control module comprises a CPU, hi-speed USB interface, FIFO and GPIF, and described FIFO comprises a FIFO (main FIFO) and the 2nd FIFO (from FIFO); Safety control module comprises the 2nd CPU, encrypting module and interface module; The peripheral hardware control module links to each other with memory module by GPIF; Link to each other with interface module from FIFO, realization peripheral hardware control module is connected with safety control module.
In order further to improve the transmission speed performance, can adopt the double buffering method in the encryption and decryption process of two pairs of data of the foregoing description, the read-write program that is encryption and decryption data and flash disk carries out synchronously: the CPU in the peripheral hardware control module is by total line traffic control NFC interface with from FIFO, it is carried out synchronously, finish double buffering.
Fig. 4 is peripheral hardware control module one an example structure synoptic diagram of the present utility model, and in the present embodiment, peripheral hardware control module structural representation as shown in Figure 4.The peripheral hardware control module is a fully integrated outside the pale of civilization controller of establishing, and comprises RAM and FIFO and GPIF on one 8051 microprocessor, serial interface engine, high speed USB 2.0 transceiver, the sheet.USB interface engine one end links to each other with hi-speed USB interface, RAM and FIFO on the other end brace, and the USB interface engine has strengthened the performance of hi-speed USB interface; The RAM other end connects from fifo interface on the sheet; The FIFO other end is connected with GPIF, connects an error correcting and detecting (ECC) module on the GPIF simultaneously.Its unique architecture can be handled all basic USB functions, thereby makes the microprocessor of host computer system can concentrate on the processing of special function, and guarantees continual and steady high-performance data transfer rate.Relying on message transmission rate is that 480Mbps, capacity are RAM and from fifo interface on the sheet of 16Kbyte, and the peripheral hardware control module can realize design flexibility widely.By GPIF, the user can realize the NFC interface of hardware, realizes the function to control and the ECC verification of memory module NAND FLASH.
The peripheral hardware control module provides the solution of flash disk, have the firmware part simultaneously, what but it adopted is the mode of direct memory access (DMA) (DMA), 51CPU does not participate in the process of data carrying in the process of mass data transmission, but from USB interface by FIFO directly with data storage to NANDFLASH.Software flow comprises initialization, command block bag (CBW) processing and Interrupt Process, the operation under EZ-USB control of this three part.In the present embodiment, initialization not only comprises the initialization to GPIF, USB interface and engine, memory module NAND FLASH, also comprises the initialization to FIFO, NFC interface, control line; Insert an interrupt task in Interrupt Process (data transmission is given NAND FLASH) process, this task is used to handle enciphered data, that is to say by parallel bus and finishes by safety control module.
Fig. 5 is safety control module one an example structure synoptic diagram of the present utility model, and in the present embodiment, the safety control module structural representation as shown in Figure 5.Safety control module is a 32 high-performance low-power-consumption information security chips, its CPU is an inner integrated microprocessing unit (MPU), can be according to demand memory allocated space arbitrarily, and the setting that can encrypt and not encrypt the storage space that is distributed; The encrypting module that has comprised in the safety control module hardware RSA and DES algorithm integrated, the hardware arithmetic speed of RSA is very fast, and support the encryption and decryption computing of 2048 high security, 5 times/Miao of arithmetic speed deciphering @80MHz, 1024 deciphering speed is 40 times/Miao @80MHz, DES is the traffic encryption algorithm, its arithmetic speed is 60Mbps@80MHz, in the evaluation process of chip, the arithmetic speed that adds the DES of software is about 3MB/s, have at home in the safety chip of DES algorithm, this speed can be described as the fastest; Safety control module has USB2.0 interface, 7816 interfaces and low pin count order (LPC) interface at full speed, and the USB interface transmission speed is 12Mbps, and 7816 interfaces are the communication interfaces that are used for smart card, and the LPC interface is that the exploitation of creditable calculation modules lays the foundation; Safety control module comprises the flash cell (FLASH) of the vast capacity of 256K, is memory capacity maximum in the present internal security chip, can satisfy different clients' demand.
The safety control module chip can be realized the password authentication function: be partitioned into sub-fraction space password stored authentication procedure in FLASH, as user during at host side input password, the password authentication program is carried out verification with the password of storing among the password of user input and the FLASH, if consistent, the user can operate USB flash disk; If inconsistent, can there be several times chance re-enter, if input error password number of times surpasses the number of times that the password authentication program is provided with, just the user can not operate the wrong self-destruction of i.e. password input accumulative total again.
It should be noted that at last: above embodiment only in order to the explanation the technical solution of the utility model, is not intended to limit; Although the utility model is had been described in detail with reference to previous embodiment, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of each embodiment technical scheme of the utility model.
Claims (8)
1, a kind of encryption flash disk, comprise safety control module, memory module, described safety control module comprises USB interface, it is characterized in that: also comprise the peripheral hardware control module of carrying out high speed data transfer with external unit, described safety control module all links to each other with described peripheral hardware control module with memory module.
2, encryption flash disk according to claim 1, it is characterized in that: described peripheral hardware control module comprises a CPU, the hi-speed USB interface that links to each other with external unit, the first in first out storage unit that links to each other with safety control module, the general programmable interface that links to each other with memory module, a described CPU links to each other with general programmable interface with described first in first out storage unit, and described first in first out storage unit links to each other with general programmable interface with described hi-speed USB interface.
3, encryption flash disk according to claim 2, it is characterized in that: described first in first out storage unit comprises the interconnective first first in first out storage unit and the second first in first out storage unit, and the described second first in first out storage unit links to each other with safety control module.
4, according to the described arbitrary encryption flash disk of claim 1-3, it is characterized in that: described safety control module comprises the 2nd CPU, encrypting module, interface module, described the 2nd CPU connects described encrypting module and interface module, and described interface module links to each other with the peripheral hardware control module.
5, encryption flash disk according to claim 4, it is characterized in that: described interface module comprises the interface that is used for the smart card communication.
6, encryption flash disk according to claim 4, it is characterized in that: described interface module comprises the interface that is used to connect creditable calculation modules.
7, according to the described arbitrary encryption flash disk of claim 1-3,5-6, it is characterized in that: also comprise finger print acquisition module, described finger print acquisition module links to each other with safety control module.
8, encryption flash disk according to claim 4 is characterized in that: also comprise finger print acquisition module, described finger print acquisition module links to each other with safety control module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNU2007201703387U CN201122439Y (en) | 2007-08-22 | 2007-08-22 | Enciphering flash memory disk |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNU2007201703387U CN201122439Y (en) | 2007-08-22 | 2007-08-22 | Enciphering flash memory disk |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201122439Y true CN201122439Y (en) | 2008-09-24 |
Family
ID=40009675
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNU2007201703387U Expired - Fee Related CN201122439Y (en) | 2007-08-22 | 2007-08-22 | Enciphering flash memory disk |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN201122439Y (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102571340A (en) * | 2010-12-23 | 2012-07-11 | 普天信息技术研究院有限公司 | Certificate authentication device as well as access method and certificate update method thereof |
-
2007
- 2007-08-22 CN CNU2007201703387U patent/CN201122439Y/en not_active Expired - Fee Related
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102571340A (en) * | 2010-12-23 | 2012-07-11 | 普天信息技术研究院有限公司 | Certificate authentication device as well as access method and certificate update method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101551784B (en) | Method and device for encrypting data in ATA memory device with USB interface | |
| EP3274850B1 (en) | Protecting a memory | |
| CN110618947A (en) | Techniques for secure I/O with memory encryption engine | |
| CN1878055B (en) | Separation type mass data encryption/decryption device and implementing method therefor | |
| US10810138B2 (en) | Enhanced storage encryption with total memory encryption (TME) and multi-key total memory encryption (MKTME) | |
| CN201054140Y (en) | Information security control chip | |
| CN102073808B (en) | Method for encrypting and storing information through SATA interface and encryption card | |
| CN105320895B (en) | High-performance autonomic hardware engine for on-line encryption processing | |
| WO2013095473A1 (en) | Systems and methods for protecting symmetric encryption keys | |
| CN104160407A (en) | Using storage controller bus interfaces to secure data transfer between storage devices and hosts | |
| CN107256363A (en) | A kind of high-speed encryption and decryption device being made up of encryption/decryption module array | |
| WO2010052722A1 (en) | Secure storage device | |
| CN101510245B (en) | High speed encryption and decryption USB bridging chip and chip high speed encryption and decryption method | |
| CN101561751A (en) | USB encryption and decryption bridging chip | |
| CN102024115B (en) | Computer with user security subsystem | |
| CN101740111A (en) | Semiconductor memory device and method thereof for realizing safe memory of data | |
| CN105740733A (en) | Encrypted mobile hard disk and realization method thereof | |
| CN103617127A (en) | Memory device with subareas and memorizer area dividing method | |
| CN101101624A (en) | Encryption control system and method | |
| CN103984901A (en) | Trusted computer system and application method thereof | |
| CN101127013A (en) | Enciphered mobile storage apparatus and its data access method | |
| CN201122439Y (en) | Enciphering flash memory disk | |
| CN102768646A (en) | Serial port hard disk encryption and decryption device | |
| CN201408417Y (en) | Dactylogram encryption hard disk | |
| CN201845340U (en) | Safety computer provided with user safety subsystem |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080924 Termination date: 20130822 |