CN201440662U - Information security equipment based on SD Memory/SDIO interface - Google Patents
Information security equipment based on SD Memory/SDIO interface Download PDFInfo
- Publication number
- CN201440662U CN201440662U CN2009201073269U CN200920107326U CN201440662U CN 201440662 U CN201440662 U CN 201440662U CN 2009201073269 U CN2009201073269 U CN 2009201073269U CN 200920107326 U CN200920107326 U CN 200920107326U CN 201440662 U CN201440662 U CN 201440662U
- Authority
- CN
- China
- Prior art keywords
- memory
- data
- sdio interface
- information security
- security equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
- 230000015654 memory Effects 0.000 title claims abstract description 57
- 230000006854 communication Effects 0.000 claims abstract description 28
- 238000004891 communication Methods 0.000 claims abstract description 26
- 238000003860 storage Methods 0.000 claims description 25
- 239000004575 stone Substances 0.000 claims description 3
- 238000012545 processing Methods 0.000 abstract description 8
- 230000008901 benefit Effects 0.000 abstract description 4
- 230000007246 mechanism Effects 0.000 abstract description 2
- 238000000034 method Methods 0.000 description 15
- 230000008569 process Effects 0.000 description 11
- 230000005540 biological transmission Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 7
- 238000007726 management method Methods 0.000 description 5
- 238000001514 detection method Methods 0.000 description 4
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012550 audit Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000033228 biological regulation Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012536 packaging technology Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The utility model discloses information security equipment based on an SD Memory/SDIO interface, which comprises a controller, wherein the controller is used for running firmware program and user program, storing an operation system and secret information of users, and controlling the communication of a large-capacity flash memory and equipment with a host computer, and the controller comprises a large-capacity memory, an embedded memory, various symmetrical and unsymmetrical cryptographic hard cores and the SD Memory/SDIO interface, wherein the firmware program and the data information of the information security equipment are stored in the memories, a data processing mechanism is stored in the embedded memory, the firmware program is used for identifying the information security equipment, waiting for and receiving the data of the host computer, analyzing and processing data, receiving and sending the data sent back to the host computer by the information security equipment, waiting for a next instruction, and breaking/connecting the information security equipment from/with the host computer. The utility model has the advantages of simple structure, low power consumption, convenient use and high safety.
Description
Technical field
The utility model relates to a kind of high-speed low-power-consumption information security encrypted memory device and communication means, particularly relates to a kind of based on SD Memory/SDIO interface and be applicable to the information safety devices of information security field.
Background technology
At present, use the SD encrypted card very common, use SD encrypted card series products to carry out that data add, decrypt communication then is the technological trend that occurs recently as client certificate equipment.With what used in the past that encryption equipment, encrypted card carry out that data add, the technical solution of decrypt communication is different is that what to use that SD encrypted card series products carries out that data add, decrypt communication is walked is that manufacturings, lower deployment cost are low, and the high technology path of use flexibility.Because present status in China is: data traffic is little, to add, deciphering speed is insensitive, but to the lower deployment cost sensitivity.For this kind present situation, use in the communication network SD encrypted card series products at home when carrying out authentication, carry out that data add, decrypt communication shortcut beyond doubt.
At present, we can do as the next one and classify to make a general survey of all SD encrypted card series products:
External existing similar security product, performance is higher comparatively speaking, support to various Standard Encryption algorithms and related protocol is also relatively good, memory capacity is bigger, but aspect interface, generally also only provide 7816 and USB interface, do not support to become gradually the height communication digit rate SDIO interface of mobile hand-held device main flow.
Domestic existing intelligent chip product, its major part is to adopt the 8-bit microprocessor of poor-performing, memory capacity is less, generally only support 7816 interfaces and USB1.1 interface, traffic rate is lower, and because the factor of technological level and design aspect, its encryption/decryption speed is slow, generally only be used to do public and private key to purposes such as generation, digital signature, certificate and private key storages, and its data encryption generally is to adopt software to finish on PC.Up to now, the domestic secure IC chip that the SDIO interface also do not occur supporting does not more possess SDIO and SD Memory Combo notion.
Flourish along with E-Government, ecommerce, electronic entertainment, extensively utilizing computer and the Internet to carry out politics, economy, entertainment life has become inexorable trend; And along with performance, the function of ambulatory handheld computing terminal equipment are become stronger day by day, arriving along with 3G network, the rise gradually of mobile electron government affairs, mobile e-business, mobile electron amusement is more and more in depth influencing and is changing people's work and life.And the bottleneck of E-Government, commercial affairs, amusement and mobile electron government affairs, commercial affairs, amusement is:
1) local security of ambulatory handheld computing terminal and plug and play problem; Mobile Internet data transmission safety problem;
2) safety management on ambulatory handheld computing terminal needs one safety barrier is realized using and safe and reliable big capacity storage peripheral hardware.
At present, though public key architecture (Public Key Infrastructure, hereinafter represent with PKI) be to adopt rivest, shamir, adelman to generate private key for user, by digital certificate and respective certificate sign and issue, the effective authenticated user identity of index server, realize the network electronic stamped signature by digital signature, can effectively satisfy confidentiality, authenticity, integrality, non repudiation four big internet data transmission security requirements.Simultaneously, Virtual Private Network (Virtual Private Network hereinafter represents with VPN) technology can be constructed safe and reliable virtual private data channel on public open network (mobile Internet); Also can with embeddedly increase income, trusted operating system combines and realizes moving credible calculating; More can built-in embedded personal fire wall, intrusion detection, antivirus software, the degree of depth solves the safety problem of the local security problem of ambulatory handheld computing terminal and mobile Internet data transmission and management.But because above-mentioned these security solutions, must be based on hard-wired safety product, and the safety product that pure software is realized congenitally has easy leakage, easily cracks, the speed of service is far below the weak tendency of ad eundem hardware product, has been difficult to adapt to more and more open, more and more huger, the network of danger more and more.
In addition, novel hand-held mobile computing terminal (mobile phone, smart mobile phone, PDA etc.) mostly is to adopt the interface that meets the SD agreement at present, and support SDIO, the SD card external form of main flow is MicroSD/MiniSD (such as the sizable mobile phone of occupation rate of market, smart mobile phone and high-end handheld computers such as Nokia, Motorola, Samsung, Dopod); And the encrypted memory device with SD interface is very deficient, causes inconvenience greatly and potential safety hazard on the mobile device management.
Along with the Internet/mobile Internet develop rapidly, the network bandwidth improves constantly, and next generation mobile Internet is approaching, and network application also improves constantly the requirement of speed, memory capacity, especially on hand-held mobile computing terminal.The SDIO/SD Memory agreement of SD tissue issue just in time can be used for satisfying the double requirements of ambulatory handheld computing terminal safety and storage.Wherein, SD Memory agreement is used for controlling mass storage, and the SDIO agreement is used for realizing (3G/4G, 20~100Mbps) Secure Application communication interfaces at a high speed.
The utility model content
The problem that exists in view of prior art and the plurality of advantages of SD Memory/SDIO interface, main order of the present utility model are to provide a kind of low-power consumption, simple in structure and easy to use and based on the information safety devices of SD Memory/SDIO interface.
In order to achieve the above object, the information safety devices based on SD Memory/SDIO interface described in the utility model has adopted following technical proposals:
Described information safety devices based on SD Memory/SDIO interface mainly comprises controller, this described controller is used to move firmware program and user program, storage operating system and user's private information, control high-capacity flash memory and equipment and main frame and carries out communication, include mass storage, in-line memory, multiple symmetry and asymmetric encryption stone and SDMemory/SDIO interface therein, and described memory is for being used for storage device firmware program and data message.
Information safety devices and data communications method based on SD Memory/SDIO interface described in the utility model answered the market application demand and developed, it has adopted the 0.18um process data signcode chip of domestic independent intellectual property right, adopt on the structure and pile up technology, have very big advantage at everyways such as performances with COB.Compare with domestic and international similar password product, notion novelty, and completely technology has certain advantage technically all based on domestic independent intellectual property right, low-power consumption, simple in structure, can satisfy the specification requirement of authentication and data encryption in the home communications field.
Description of drawings
Fig. 1 is the frame diagram of the information safety devices based on SD Memory/SDIO interface described in the utility model;
Fig. 2 is the firmware program of the information safety devices based on the SD Memory/SDIO interface described in the utility model schematic diagram of partly working;
Fig. 3 is the data communication flow process figure of the information safety devices based on SD Memory/SDIO interface described in the utility model;
Fig. 4 is an authentication process flow diagram in the data communication of the information safety devices based on SD Memory/SDIO interface described in the utility model;
Fig. 5 is instruction data streams journey figure in the data communication of the information safety devices based on SD Memory/SDIO interface described in the utility model;
Fig. 6 is information safety devices data communication one specific embodiment application of IC cards and the VPN accelerator applicating flow chart based on SD Memory/SDIO interface described in the utility model;
Fig. 7 is the information safety devices data communication one specific embodiment data encryption storage applicating flow chart based on SD Memory/SDIO interface described in the utility model.
Embodiment
Come the information safety devices based on SD Memory/SDIO interface described in the utility model is further described below in conjunction with accompanying drawing and specific embodiment.
The big capacity storage information safety devices of low-power consumption based on SD Memory/SDIO interface, this information safety devices is an intelligent card chip, its functional framework as shown in fig. 1, the physical appearance of this information safety devices can show as the SD card, MiniSD card and MicroSD card, in the practical application, it adopts COB technology, be bare chip encapsulation technology (Chip On Board, abbreviate COB as), and mass storage, master controller multi-chip stacking packaging technology (Multi Chip Package, be called for short MCP), be difficult to the hardware security structure that physics is peeled off thereby on physical form, form, further improve the anti-probe attacking ability of chip and card.
See Fig. 1, described information safety devices mainly comprises controller 1, this described controller 1 is used to move firmware program and user program, storage operating system and user's private information, control high-capacity flash memory and equipment and main frame carry out communication, include mass storage 10 therein, in-line memory 11, multiple symmetry and asymmetric encryption stone 12 and SDMemory/SDIO interface 13, and described SD Memory/SDIO interface 13 can be so that described big capacity storage information safety devices based on SD Memory/SDIO interface be for showing as the SD card on physical support, MiniSD card and MicroSD card, described memory 10 comprises the firmware program part 100 of stored information safety means firmware program and the data message part of storing data information, and stores data processing mechanism in described in-line memory 11.
Described firmware program part 100 mainly comprise to information safety devices carry out identification division, in order to waiting for and to receive from the host data part, resolve and the deal with data part, send back to host data and wait for next bar operation part, and in order to disconnect and the same host machine part of link information safety means.
Shown in Fig. 2, during practical application, after information safety devices 2 is had main frame 3 identifications of SD Memory/SDIO interface, described firmware program 100 is by its built-in register information, foundation is connected with main frame and information safety devices, and statement for the communication type of the SD Memory/SDIO that determines being used for carrying out follow-up communication, and communications portion is observed the communication protocol of SD Memory/SDIO fully.
In the practical application, the utility model can adopt international mainstream commercial code algorithm coprocessor, national universal code algorithm coprocessor, support strong commercial code algorithm of international mainstream and China national commercial code algorithm, adopt big capacity embedded non-volatile memory cell, and have digital encryption and decryption, digital authenticating, digital signature and secure information storage management, digital copyright management, genuine cyber identification authentication function.
Shown in Fig. 3, it is the data communication process of the information safety devices based on SD Memory/SDIO interface described in the utility model, this process may further comprise the steps: at first, main frame recognizes information safety devices, and then this information safety devices carried out authentication, and after the operating right to information safety devices satisfies, the data exchange mode of this information safety devices is specified (step 30); Secondly, main frame sends instruction to information safety devices, and by SD Memory/SDIO interface and according to the requirement of interface protocol director data is sent to information safety devices (step 31); (step 32) resolved and handled in the instruction that information safety devices sends over main frame; At last, treat that information safety devices is to after the instruction parsing and disposing, to main frame return results (step 33).
Wherein, information safety devices described in the step 32 specifically comprises the steps: the parsing and the processing of instruction
Step 320: information safety devices receives the director data from SD Memory/SDIO interface, and this director data is handled;
Step 321: information safety devices is carried out corresponding operating according to the director data that receives.
Described processing comprises deciphering, instruction parsing, authority audit, fill order and the return results to director data.
Described operation comprises the processing procedure to the storage of data or safe storage, access control, data, and in the described data handling procedure, calculation process to data comprises non-encrypted storage and encrypts storing process, encrypts storing process and comprises 2048 RSA, DES, 3DES, SHA-1, AES, SM1.
In addition, after the big capacity storage information safety devices of described low-power consumption based on SD Memory/SDIO interface inserts main frame, the at first authentication of carrying out, its verification process is as shown in Figure 4.
After operating right is met, use the correct read/write/use data of file data designated switch mode ability.Exchanges data between terminal and the information safety devices has four kinds of patterns: expressly, expressly adding check, ciphertext and ciphertext adds verification.The purpose of secure data exchange is the reliability that guarantees data, integrality and to the authentication of transmit leg.Data integrity and the authentication of transmit leg realized that by using check code the reliability of data then guarantees by the encryption to data field.
In the utility model, the safe packet transformat meets the regulation of ISO 7816-4, when the back nibble of CLA byte equals " 4 ", then shows and will adopt the safe packet transmission to the transmit leg order data.And whether message transmissions safe in utilization depends on file type to the command message data of constituent instruments operations, if file type B6 position is 1, then expression needs message safe in utilization to transmit, and 0 expression does not need.
In whole authentication process, it is a core process that director data is handled, and below in conjunction with Fig. 5 this process is described.
The following description of step rule:
1) deciphering, integrity detection: if message encryption or have the integrality authentication data heading also will be arranged illustrate the type of encryption and the type of integrity detection;
2) command analysis: the order rule parsing order according to definition draws order necessary operations element;
3) authority audit: exchange current safe state for, draw security attribute according to the command operation type then, relatively draw the legitimacy of operation;
4) fill order: need call the power function of file system, obtain returning situation according to operating result;
5) return results:, fill in the relevant field of returned packet according to returning situation.If encrypt message or need carry out integrity detection then also need in the end encrypt and the integrality calculating operation.
Thereby storage operation be stored or be encrypted to described information safety devices can to data according to resolve command.
Shown in Fig. 6 and Fig. 7, use with application of IC cards, VPN accelerator respectively and method described in the utility model is described in detail according to storage/encryption storage application.
(1) application of IC cards
Cpu instruction reads and carries out from Flash or ROM; Order is imported into from the SDIO interface with data, after CPU is read into internal memory, resolve, call RSA as requested, SHA, functional modules such as SM1, and may read/write inner Flash, finish order institute definition task after, result data is placed in the internal memory, and,, and further obtain result data by sending order by Host end inquiry interruption source to interrupting information of Host end transmission.
Under this kind applied environment, the more SDIO that uses, RSA, SHA, internal data Flash, RNG, access frequency is medium.
Application of IC cards is medium, specific as follows to each module rate request:
SD/SDIO communication module 10Mb/s;
The RSA module
2048 keys are to generation time:<5s
2048 key signature time:<200ms
2048 key authentication time:<40ms
1024 keys are to generation time:<2s
1024 key signature time:<50ms
1024 key authentication time:<10ms
SM1 encryption/decryption speed:>10Mb/s
SHA1/SHA256 data processing speed:>10Mb/s
Randomizer (RNG) random number produces speed:>2Mb/s
Inner Flash access speed:>50Mb/s
(2) the VPN accelerator is used
Cpu instruction reads and carries out from Flash or ROM; Order is imported into from the SDIO interface with data, after CPU is read into internal memory, resolve, call RSA as requested, SHA, functional modules such as SM1, and may read/write inner Flash, finish order institute definition task after, result data is placed in the internal memory, and,, and further obtain result data by sending order by Host end inquiry interruption source to interrupting information of Host end transmission.
Under this kind applied environment, the more SDIO that uses, SM1, RSA, SHA1/SHA256, access frequency is higher, and is not high to access frequency and the rate request of internal data Flash.
This application is very high, specific as follows to each module rate request:
SD/SDIO communication module 60Mb/s
The RSA module
2048 keys are to generation time:<5s
2048 key signature time:<200ms
2048 key authentication time:<40ms
1024 keys are to generation time:<2s
1024 key signature time:<50ms
1024 key authentication time:<10ms
SM1 encryption/decryption speed:>40Mb/s
SHA1/SHA256 data processing speed:>20Mb/s
Randomizer (RNG) random number produces speed:>2Mb/s
Inner Flash access speed:>50Mb/s
(3) storage/encryption storage is used
Cpu instruction reads and carries out from Flash or ROM.
Order is imported into from the SDIO/SD interface with data, after CPU is read into internal memory, resolve, call functional modules such as designated packet cryptographic algorithm as requested and encrypt importing data into, write NAND Flash controller then, perhaps do not encrypt and directly data are write NAND Flash; Perhaps earlier from NAND Flash reading of data in internal memory, call functional module such as designated packet cryptographic algorithm again data be decrypted, finally spread out of by the SDIO interface.
Under this kind applied environment, the more SM1 cryptographic algorithm that uses, outside NAND Flash controller, access frequency is higher, and is not high to access frequency and the rate request of internal data Flash.
This application is very high, specific as follows to each module rate request:
A) SD/SDIO communication module 60Mb/s
B) SM1 algorithm encryption/decryption speed:>60Mb/s
C) randomizer (RNG) random number produces speed:>2Mb/s
D) outside NAND Flash access speed:>60Mb/s.
More than detailed introduction for a kind of data communication process based on the information safety devices of SDMemory/SDIO interface of realizing hardware, software copyright and information security provided by the utility model is carried out.Having used individual example herein sets forth principle of the present utility model and execution mode thereof.The explanation of above embodiment just is used for helping to understand information safety devices described in the utility model and realizing thought; Simultaneously, for one of ordinary skill in the art, according to thought of the present utility model, part in specific embodiments and applications all can change.In sum, this description should not be construed as restriction of the present utility model.
Claims (1)
1. information safety devices based on SD Memory/SDIO interface, it is characterized in that, mainly comprise being used to move the controller that firmware program and user program, storage operating system and user's private information, control high-capacity flash memory and equipment and main frame carry out communication, include mass storage, in-line memory, multiple symmetry and asymmetric encryption stone and SD Memory/SDIO interface in this described controller.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009201073269U CN201440662U (en) | 2009-04-14 | 2009-04-14 | Information security equipment based on SD Memory/SDIO interface |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009201073269U CN201440662U (en) | 2009-04-14 | 2009-04-14 | Information security equipment based on SD Memory/SDIO interface |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201440662U true CN201440662U (en) | 2010-04-21 |
Family
ID=42545320
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009201073269U Expired - Lifetime CN201440662U (en) | 2009-04-14 | 2009-04-14 | Information security equipment based on SD Memory/SDIO interface |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN201440662U (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102254207A (en) * | 2011-06-16 | 2011-11-23 | 恒宝股份有限公司 | Intelligent security data (SD)-KEY card and access method thereof |
| CN102693385A (en) * | 2012-05-28 | 2012-09-26 | 山东神思电子技术股份有限公司 | Embedded terminal based on SD (secure digital) trusted computing module and implementation method thereof |
-
2009
- 2009-04-14 CN CN2009201073269U patent/CN201440662U/en not_active Expired - Lifetime
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102254207A (en) * | 2011-06-16 | 2011-11-23 | 恒宝股份有限公司 | Intelligent security data (SD)-KEY card and access method thereof |
| CN102693385A (en) * | 2012-05-28 | 2012-09-26 | 山东神思电子技术股份有限公司 | Embedded terminal based on SD (secure digital) trusted computing module and implementation method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101534299A (en) | Information security device based on SD Memory/SDIO interfaces and data communication method therefor | |
| CN102571702B (en) | Key generation method, system and equipment in Internet of things | |
| CN106301774B (en) | Safety chip, its encryption key generation method and encryption method | |
| CN101551784B (en) | Method and device for encrypting data in ATA memory device with USB interface | |
| CN101506815B (en) | Bi-processor architecture for secure systems | |
| CN101470783B (en) | Identity recognition method and device based on trusted platform module | |
| CN100454321C (en) | USB device with data memory and intelligent secret key and control method thereof | |
| CN106022080A (en) | Cipher card based on PCIe (peripheral component interface express) interface and data encryption method of cipher card | |
| CN102456193A (en) | Mobile storage equipment and data processing system and method based on same | |
| CN101894235B (en) | Smart card security session system | |
| CN110378097A (en) | Ensure sensing data safety | |
| CN102693385A (en) | Embedded terminal based on SD (secure digital) trusted computing module and implementation method thereof | |
| CN102710611A (en) | Network security authentication method and system | |
| CN101540675B (en) | Smart key equipment and communication method and system of application software | |
| CN201716734U (en) | Usb safe storage encryption device | |
| WO2023133862A1 (en) | Data processing method and system | |
| CN201440662U (en) | Information security equipment based on SD Memory/SDIO interface | |
| CN111539040B (en) | Safety intelligent card system and its cipher service method | |
| CN201150068Y (en) | Multifunctional information safety equipment | |
| CN210578594U (en) | Power device security key fob and system | |
| CN202600714U (en) | Embedded terminal based on SD (Secure Digital) trusted computing module | |
| CN105138891A (en) | USBKey based drive-free encryption and decryption certification communication circuit and method | |
| CN103699853A (en) | Smart SD (secure digital memory card) and control system and control method thereof | |
| CN203038378U (en) | Encryption type DTU module capable of performing external programming | |
| KR101440585B1 (en) | Memory card with encryption functions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term | ||
| CX01 | Expiry of patent term |
Granted publication date: 20100421 |