CN202018657U - Encrypting system for mobile storage equipment - Google Patents
Encrypting system for mobile storage equipment Download PDFInfo
- Publication number
- CN202018657U CN202018657U CN 201120113538 CN201120113538U CN202018657U CN 202018657 U CN202018657 U CN 202018657U CN 201120113538 CN201120113538 CN 201120113538 CN 201120113538 U CN201120113538 U CN 201120113538U CN 202018657 U CN202018657 U CN 202018657U
- Authority
- CN
- China
- Prior art keywords
- circuit
- encrypting
- interface circuit
- storage equipment
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The utility model discloses an encrypting system for mobile storage equipment. The encrypting system comprises a host and the mobile storage equipment, wherein the host is connected with the mobile storage equipment through an encrypting adapter; and the encrypting adapter comprises a control chip with a peripheral circuit, a universal serial bus (USB) 2.0 interface circuit connected with the input/output end of the control chip, an integrated development environment (IDE) interface circuit, a compact flash (CF) card interface circuit and a debugging interface circuit for embedding a firmware program. The encrypting system for the mobile storage equipment has the advantages of supporting plug and play, along with high speed, low cost, simplicity in use, easy expansion and the like, and is convenient for secondary development; and similar information encryption products are not popularized, particularly products aiming at industries do not exist. The encrypting system also provides an idea for the relevant industries.
Description
Technical field
The utility model relates to a kind of encryption system, what be specifically related to is a kind of movable storage device encryption system.
Background technology
Communication society in today; none is not closely bound up with information for the research and development of science and technology and business activity etc.; the particularly continuous rise of some new business; as ecommerce, digital cash, the Internet bank etc. information security is proposed higher requirement, the safety of protection information is pressing for of information age.In informationalized today, at special industry, the encryption system that research and development have autonomous property right has very important realistic meaning.It is the product that the USB interface technology combines with encryption technology that Embedded USB is encrypted, and the effect that USB encrypts is to provide authentication of user's rights of using or operation permission for the software developer.
Existing encryption technology is: one, utilize USB softdog sequence number to realize encrypting, because the softdog sequence number is globally unique, utilize this characteristic, at first the sequence number with program tests out with test procedure, then with known sequences writing system software, if the sequence of the softdog that is inserted is consistent with the sequence that is write, but working procedure then.This method is mainly utilized the sequence number uniqueness of softdog, and its shortcoming is: its confidentiality is closely related with the producer that produces softdog, if the sequence number of this softdog is leaked in producer, the confidentiality of system just will be subjected to serious destruction so.
Two, important code of the part in the implant system or data are encrypted in USB, this way is called " code transplanting ", be that important code of the part of software or data migration have been arrived encryption hardware inside, each transplanted code section can and be encrypted intrinsic function in softdog inside becomes one independently " executable file ".Part transplanted in the system program replaces with function, when program run judges whether encrypt inner return results meets correct result (whether consistent when not having softdog) during to this function, if meet then continue operational system, otherwise system can not normally move.This way has guaranteed that others can't not crack when knowing source code, its encryption has surmounted the restriction of producer.Shortcoming is: " code transplanting " is to realize at concrete software, do not have universality and versatility.
The utility model content
At the deficiency that exists on the prior art, the utility model purpose is to be to provide a kind of movable storage device encryption system that is not subjected to producer's restriction, has universality and versatility.
To achieve these goals, the utility model is to realize by the following technical solutions:
The utility model comprises main frame and movable storage device, main frame is connected with movable storage device by encrypting adapter, and the encryption adapter comprises the control chip that is provided with peripheral circuit and the USB2.0 interface circuit that is connected with the control chip input/output terminal, ide interface circuit, CF card interface circuit and is used to embed the debug i/f circuit of firmware program.Make the utility model not be subjected to producer's restriction, have universality and versatility.
Above-mentioned peripheral circuit comprises clock circuit, power circuit and the reset circuit that is connected with control chip the corresponding interface.
Above-mentioned power circuit is to be the circuit of core with the TPS7333 chip.
Above-mentioned control chip is the CY7C68013 chip.
The speed that the utlity model has is fast, low-cost, it is simple to use, support plug and play, be easy to advantage such as expansion, is convenient to secondary development, and similarly the information privacy product is also universal, does not especially more see at the product of industry; The utility model also provides thinking for relevant industries.
Description of drawings
Describe the utility model in detail below in conjunction with the drawings and specific embodiments;
Fig. 1 is the theory diagram of utility model;
Fig. 2 encrypts the structured flowchart of adapter for the utility model;
Fig. 3 encrypts the power circuit of adapter for the utility model;
Fig. 4 encrypts the USB2.0 interface circuit of adapter for the utility model;
Fig. 5 encrypts the ide interface circuit of adapter for the utility model;
Fig. 6 encrypts the CF card interface circuit of adapter for the utility model;
Fig. 7 is a deciphering process flow diagram of the present utility model;
Fig. 8 is encryption flow figure of the present utility model.
Embodiment
For technological means, creation characteristic that the utility model is realized, reach purpose and effect is easy to understand, below in conjunction with embodiment, further set forth the utility model.
Referring to Fig. 1, the utility model carries out writing in the movable storage device after the hardware encryption to data by encrypting adapter, and movable storage device leaves the encryption adapter just becomes the equipment that can read for a short time, thereby plays privacy functions.Encrypt adapter between main frame and movable storage device, major function is: before data write movable storage device, the firmware program that utilization embeds was encrypted it, changed data content, and during sense data, firmware program is carried out decrypting process, restoring data.Handle by hardware encipher, break away from the movable storage device internal data structure of encrypting adapter and no longer met usual standard, can not normally read use, so just reach the purpose of information privacy.
Referring to Fig. 2, in the present embodiment, that control chip adopts is the USB2.0 interface chip CY7C68013 of Cypress company, and its input/output terminal is connected with the debug i/f circuit of USB2.0 interface circuit, ide interface circuit, CF card interface circuit and RS232 serial ports (DB9) mode; It also is connected with peripheral circuit, and peripheral circuit comprises clock circuit, power circuit and the reset circuit that is connected with CY7C68013 chip the corresponding interface.The CY7C68013 chip is 100 pin chips in the present embodiment.
Referring to Fig. 3, because the CY7C68013 chip is+the 3.3V power supply that usb bus voltage is+5V, so also will be through a voltage transformation, what present embodiment adopted is the conversion that the TPS7333 chip carries out voltage, the TPS7333 chip can+the 5V input voltage is transformed to+3.3V exports.The RESET signal is provided by reset circuit, and power supply can be provided by VBUS and two kinds of approach of external power supply, and CFVCC is used to provide the power supply of movable storage device.Clock circuit and reset circuit are available circuit, and this place repeats no more.
The VID of equipment and PID are stored among the EEPROM of I2C interface, send to main frame in device enumeration.In addition, main firmware program of the present utility model finally is burnt among the EEPROM.Therefore, the I2C interface can be used.EEPROM is connected with CY7C68013's, A0, A1, A2 is 3 address wires, can be used for indicating the different EEPROM that is connected on the same I2CC bus, and SCL is the clock signal of I2C, SDA is the data line of I2C, and these two lines all need the pull-up resistor through 1 kilohm to be connected to the 3.3V power supply.
Referring to Fig. 4, it is passable with regard to sill that the USB2.0 interface circuit only need connect 4 lines of USB interface.The left side is the USB joint of a standard, and what use on the general device is the Type B head.Two signal wires of D+ and D-are connected respectively to the DPLUS and the DMINUS pin of CY7C68013 chip.
Referring to Fig. 5 and Fig. 6, central circuit of the present utility model can be selected different interface circuits according to the difference of using storage medium, and the utility model has provided ide interface circuit and CF card interface circuit.Four signal wires of ide interface are connected respectively to DIOW, DIOR, CS1 and the DA2 pin of CY7C68013 chip.The P1.4 of CF card, P1.5, P1.6 and four signal wires of P1.4 are connected respectively to CY7C68013 chip-CE, RDT/BUST, WR and OE pin.When making circuit, reserves two kinds of interfaces, but two kinds of interfaces can not use simultaneously, can select use.
At present, the mode of data encryption has two kinds, both can finish by software, also can finish with special hardware cryptographic engine.The encryption and decryption process of data needs the calculating process of large amount of complex, adopts software mode, carries out relevant software processes code by CPU and finishes.And the employing hardware mode, then CPU need not to participate in the encryption and decryption process of data, and as long as CPU gives CPU needing ciphered data to send to hardware cryptographic engine after the encryption, just finish ciphering process; Deciphering also is same principle, simply gives hardware cryptographic engine the needs decrypted data, and CPU is given in crypto engine deciphering back loopback, has just simply finished the process of data decryption.The encryption of data, deciphering, CPU need not to participate in.Compare with traditional software cryptography, the principal feature of hardware encipher is: anti-deciphering intensity height, stability and better compatible.
What the utility model adopted is the hardware encryption mode, and according to the system works pattern, encryption can not change data length.Therefore the plaintext length of cryptographic algorithm should equal ciphertext length, and native system is selected the cryptographic algorithm of DES algorithm as system.
The DES password is actually further developing of Lucifer password.It is a kind of block cipher that adopts the conventional cryptography method.Its algorithm is symmetrical, not only can be used for encrypting but also can be used for deciphering.The suction parameter of DES algorithm has three: Key, and Data, Mode, wherein Key is totally 64 of 8 bytes, is the working key of DES algorithm; Data also is 64 of 8 bytes, is to want encrypted or decrypted data; Mode is the working method of DES, has two kinds: encrypt or deciphering.
The DES algorithm is work like this: for encrypting, then go a data Data to encrypt with Key as Mode, generate the output result of the password form (64) of Data as DES; Be deciphering as Mode, then go deciphering, be reduced to the output result of the plain code form (64) of Data as DES the data Data of password form with Key.At the two ends of communication network, both sides arrange consistent Key, with Key core data are carried out des encryption at source point, deposit or be transferred to terminal point with the password form then, data are decrypted code data with same Key after arriving the destination, have just reproduced the core data of plain code form.Guaranteed that like this, just core data is in security and reliability.
Firmware program is a more complicated, need use a large amount of functions, but its basic structure is simple relatively, and comprise following 3 processes: initialization comprises the initialization of processor and peripheral circuit; Principal function comprises and finishes the code that meets the equipment particular requirement; Interrupt Process comprises the program code of handling various interruptions.A part is mainly finished by the firmware frame program, and a part is handled by specific program, will introduce process in detail below:
The firmware frame program:
EZ_USB firmware frame program is all internal state variable of initialization at first, invoke user initialization function T D InitQ () then, and initialization usb bus equipment interface is non-configuration status then, and opens interruption simultaneously.After the task when finishing, EZ_USB receives that the solid state of SETUP bag program structure framework just begins to carry out Task Distribution.Task Distribution is exactly repeatedly to carry out following processes successively: invoke user function T D_POLL () at first; Detect whether the device request of standard is arranged then, if having, then execution command is made corresponding operation; Whether detect USB nuclear at last has USB to hang up incident.If there is USB to hang up incident, invoke user program PD_Suspend then, when TD_Supend () is returned as true time, USB nuclear detects whether the incident of restarting is arranged.If do not have USB to hang up incident, then make processor be in suspended state.When having detected the incident of restarting, USB examines invoke user program TD_Resume (), and continues execution in step (3).When TD_Supend () is returned as fictitious time, then continue to detect USB and examine whether USB hang-up incident is arranged.
The encrypt and decrypt specific program:
Referring to Fig. 7 and Fig. 8, the specific program purpose is: realize the data ciphering and deciphering function.Concrete way is that use encipheror (encrypt_code ()) and decrypted program (decrypt_codeU) change the data among the corresponding FIFOBUF, and then deliver to main frame or deposit hard disk in when computing machine is carried out operation such as read-write to movable storage device.
Behind system initialization, ((TD_Poll ()) finishes following work: at first whether send buffer EP2FIFOBUF has data to the USB interface oracle listener; Check then whether data are CBW command header (checkCBW ()); Carry out the CBW command block and handle (ProcessCBW ()).
The following function of CBW command block handling procedure ProcessCBW () wherein:
Handle CBW command header (proceaaCBWHeader ());
The soil of configuration ID E interface is made sequential
Order into ide interface read-write to handle (generaZIDEInCommand (), generalIDEOutCommand ()) according to CBW.In function generalIDEInCommand (), mainly handle according to the parameter of IDE read command by ideReadCommand (cmd); In function generalIDEOutCommand (), mainly handle according to the parameter of IDE write order by ideWriteCommand (cmd).
To computing machine return data or state (aendUSBS).Comprised key component of the present utility model in the IDE reading and writing program circuit, i.e. deciphering, encrypted code (referring to Fig. 7 and Fig. 8).
Wherein,, in the writePI016Q function, start GPIF respectively, realize data write automatically at readPI016Q.This is a key in the middle of the Code Design, also is that distinguishing feature one GPIF of this chip is able to programme.Realize the ide interface data write by hardware, can improve data throughput rate greatly, reduce taking the CPU sequential.
More than show and described ultimate principle of the present utility model and principal character and advantage of the present utility model.The technician of the industry should understand; the utility model is not restricted to the described embodiments; that describes in the foregoing description and the instructions just illustrates principle of the present utility model; under the prerequisite that does not break away from the utility model spirit and scope; the utility model also has various changes and modifications, and these changes and improvements all fall in claimed the utility model scope.The claimed scope of the utility model is defined by appending claims and equivalent thereof.
Claims (4)
1. movable storage device encryption system, comprise main frame and movable storage device, it is characterized in that, described main frame is connected with movable storage device by encrypting adapter, and described encryption adapter comprises the control chip that is provided with peripheral circuit and the USB2.0 interface circuit that is connected with the control chip input/output terminal, ide interface circuit, CF card interface circuit and is used to embed the debug i/f circuit of firmware program.
2. movable storage device encryption system according to claim 1 is characterized in that, described peripheral circuit comprises clock circuit, power circuit and the reset circuit that is connected with control chip the corresponding interface.
3. movable storage device encryption system according to claim 2 is characterized in that, described power circuit is to be the circuit of core with the TPS7333 chip.
4. movable storage device encryption system according to claim 1 and 2 is characterized in that, described control chip is the CY7C68013 chip.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201120113538 CN202018657U (en) | 2011-04-17 | 2011-04-17 | Encrypting system for mobile storage equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201120113538 CN202018657U (en) | 2011-04-17 | 2011-04-17 | Encrypting system for mobile storage equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN202018657U true CN202018657U (en) | 2011-10-26 |
Family
ID=44812326
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201120113538 Expired - Fee Related CN202018657U (en) | 2011-04-17 | 2011-04-17 | Encrypting system for mobile storage equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN202018657U (en) |
-
2011
- 2011-04-17 CN CN 201120113538 patent/CN202018657U/en not_active Expired - Fee Related
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108345806B (en) | Hardware encryption card and encryption method | |
| KR102013841B1 (en) | Method of managing key for secure storage of data, and and apparatus there-of | |
| CN101196855B (en) | Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method | |
| CN100437618C (en) | Portable information safety device | |
| CN100557617C (en) | SD storage card by hardware to identifying identification | |
| TWI703469B (en) | Secure input/output device management apparatus, method and system | |
| CN104160407A (en) | Using storage controller bus interfaces to secure data transfer between storage devices and hosts | |
| CN112865969A (en) | Encryption method and device for data encryption card | |
| CN101561751A (en) | USB encryption and decryption bridging chip | |
| CN104732159A (en) | File processing method and file processing device | |
| CN106991061A (en) | A kind of SATA hard disc crypto module and its method of work | |
| CN105095945A (en) | SD card capable of securely storing data | |
| CN105740733B (en) | A kind of encryption mobile hard disk and its implementation | |
| CN103198247A (en) | Computer safety protection method and computer safety protection system | |
| CN102184143A (en) | Data protection method, device and system for storage device | |
| CN105303093A (en) | Token verification method for cryptographic smart token | |
| CN103257938A (en) | Data protection method, memory controller and memory storage device | |
| CN103617127A (en) | Memory device with subareas and memorizer area dividing method | |
| CN101447009A (en) | Method, device and system for installing software | |
| CN104077243A (en) | SATA hard disc device encryption method and system | |
| CN109902453A (en) | A kind of software enciphering method | |
| CN101127013A (en) | Enciphered mobile storage apparatus and its data access method | |
| CN108197457A (en) | Hard disk secure control method and device | |
| CN202018657U (en) | Encrypting system for mobile storage equipment | |
| KR101043255B1 (en) | Usb hub device for providing datasecurity and method for providing datasecurity using the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20111026 Termination date: 20130417 |