WO2004017210A1 - Procede et dispositif de securite informatique a isolement physique et a memoires multiples - Google Patents

Procede et dispositif de securite informatique a isolement physique et a memoires multiples Download PDF

Info

Publication number
WO2004017210A1
WO2004017210A1 PCT/CN2002/000572 CN0200572W WO2004017210A1 WO 2004017210 A1 WO2004017210 A1 WO 2004017210A1 CN 0200572 W CN0200572 W CN 0200572W WO 2004017210 A1 WO2004017210 A1 WO 2004017210A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
data
protection
storage
encrypted
Prior art date
Application number
PCT/CN2002/000572
Other languages
English (en)
Chinese (zh)
Inventor
Jun Cui
Haitao Jiang
Original Assignee
Beijing Well-Star Computer Security Protection Technology Co., Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Well-Star Computer Security Protection Technology Co., Ltd filed Critical Beijing Well-Star Computer Security Protection Technology Co., Ltd
Priority to AU2002325472A priority Critical patent/AU2002325472A1/en
Publication of WO2004017210A1 publication Critical patent/WO2004017210A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect

Definitions

  • the invention relates to a single computer data security protection method and device in a network environment, and particularly relates to a data encryption security protection method and device that need to be encrypted and physically and systematically isolated from ordinary data, hardware processing type, small delay, and high confidentiality.
  • Parallel data processing requires a relatively large bandwidth. If a processor such as a DSP is used, it is almost impossible to achieve it at a large-scale commercial price under current technical conditions. In addition, due to the common software processing method, a large delay will be introduced, which will also greatly affect the interface bandwidth and affect the normal use of users. Its versatility and practicability cannot meet the requirements.
  • the system based on the above architecture has a relatively limited processing bandwidth, and is generally only suitable for low-speed real-time communication or high-speed store-and-forward communication.
  • applications such as IDE interfaces that require high-speed and real-time performance, current general-purpose algorithm chips are incapable.
  • the present invention proposes a multi-memory physical isolation type computer data security protection method and device.
  • the network isolation system is adopted to protect information. Physically isolated from the network, making it impossible for illegal users to successfully attack confidential information from the network. Internal protection cards are used to protect confidential files when the illegal user uses the machine or the hard disk is lost. The possibility of cracking is reduced to lowest.
  • the information in the protected hard disk is effectively protected, and illegal users cannot read the files or the structure of the protected hard disk.
  • the main hard disk system is physically isolated from the protected hard disk system, and is controlled by the network isolation system switch.
  • the protected system cannot log in to the local area network (automatic control).
  • the network isolation system monitors all storage media and prevents the switch under abnormal conditions.
  • the invention also adopts multiple authentication methods, and adopts anti-tracking and anti-attack design, is transparent to the operating system and hardware platform, plug and play, and is suitable for any kind and version of computer data or files, protected hard disks, card readers,
  • the IC card, SAM card, and protection card have a one-to-one correspondence.
  • the encryption and decryption algorithms or algorithm chips of the user's choice can be embedded. Illegal users cannot enter the local system or log in to the designated system.
  • the transmission speed is greater than 24Mbit / s.
  • the object of the present invention can be achieved as follows:
  • the invention provides a multi-memory physical isolation type computer data security protection method, which includes control of general computer hardware by an operating system, and encryption and decryption methods for data access.
  • the data to be stored in the encrypted external memory is transformed as follows:
  • the first set of data P1 and the initial value function N (c, h, s) are modulo 2 added, that is, PI ⁇ "N", and the result is input as the data of the forward function.
  • N ( Cj h, s) c ® cp + h @ hp + s ® sp.
  • F is an address conversion
  • N is a deformed storage.
  • the invention also provides a multi-memory physical isolation type computer data security protection device, which comprises a main board, a first external memory connected via an IDE bus, and a first operating system provided therein. There is also an IDE isolation switch connected to the motherboard. The first external memory is located at a switch position of the isolation switch.
  • the encrypted external memory is located at another switch bit of the isolation switch.
  • the encrypted external memory A second operating system is provided, the addressing mode of the encrypted external memory space is set to indirect addressing, and a reversible address conversion mapping function F (c, h, s) is adopted, and according to F (c, h, s) two c®cp + h®hp + s®s arranges the data storage physical address.
  • F (c, h, s) two c®cp + h®hp + s®s arranges the data storage physical address.
  • c is the cylinder number
  • h is the head number
  • s is the sector number
  • is the modulo 2 addition operation
  • C p, hp, and sp are three sets of random numbers.
  • the data to be stored in the encrypted external storage is modified as follows:
  • the first set of data P1 and the initial value function N (c, h, s) are modulo 2 added, that is PI ® "N", and the result is entered as the data of the forward function;
  • N ( c, h, s) c®cp
  • the single computer data security protection technology in the network environment involved in the present invention wherein the encrypted data is physically and systematically separated from the ordinary data, has a hardware processing type, has a small time delay, prevents illegal access and copying of encrypted data files, and the strength of confidentiality High characteristics, different algorithms can be set and different key lengths can be set according to user needs, and the data encryption security protection system will not become a bottleneck and obstacle to data file transmission speed.
  • FIG. 1 is a schematic diagram of the overall structure of the computer data security protection device of the present invention
  • FIG. 2 is a schematic view of the connection state of the isolation switch of the security protection device of the present invention
  • FIG. 1 is a schematic diagram of the overall structure of the computer data security protection device of the present invention
  • FIG. 2 is a schematic view of the connection state of the isolation switch of the security protection device of the present invention
  • FIG. 1 is a schematic diagram of the overall structure of the computer data security protection device of the present invention
  • FIG. 2 is a schematic view of the connection state of the isolation switch of the security protection device of the present invention
  • the encrypted external storage can be in the same storage medium as the original external storage of the system.
  • another memory can be added; the encrypted external memory can be a hard disk structure with a traditional drive, or it can be an electronic external memory.
  • an isolation system switch is set up to control the encrypted external storage and the original external storage of the system to take power from the network isolation system respectively, and prevent the protected system from logging into the local area network.
  • the network isolation system monitors all storage media to prevent the switching operation under abnormal conditions.
  • Different operating systems are set on the two memories.
  • the two operating systems are started separately and controlled by the isolation system switch; one of the operating systems is used to connect to the local area network or the Internet.
  • the isolation system switch When switching to another operating system, the computer is physically isolated from the network.
  • a hardware encryption system is set up in the computer, including a protection card, an IC card, and an IC card reader, and the hardware encryption system is used for identity authentication.
  • the protection card and IC card have undergone a one-to-one corresponding binding operation; the binding is irreversible, and a protection card can only be bound once; the protection card detects the ID number of the protection card and detects the binding memory in the board Data format and mark; confirm that the ID number is correct and the content of the on-board binding memory is in the original state, perform the prescribed operation on the IC card, and store the binding information on the protection card in an encrypted format.
  • the protection card is used for deforming storing and transposing storing the confidential data.
  • the protection card has a management system for operations such as reading, writing, and authorizing encrypted memory, and special operations.
  • the device in the IC card reader enables the signal connected between the motherboard and the network cable to be disconnected when the IC card is inserted to achieve the card disconnection function.
  • a password keyboard is provided for auxiliary identity authentication; the password keyboard is connected to the protection card through the serial port of the protection card, and is the only information exchange channel between the protection card and the user. After the user inputs the necessary information, the CPU on the card will make the judgment and action.
  • the invention also provides a multi-memory physical isolation type computer data security protection device, which comprises a main board, a first external memory connected via an IDE bus, and a first operating system provided therein. There is also an IDE isolation switch connected to the motherboard, and the first external memory is located at a switching position of the isolation switch. The encrypted external memory is located at another switching position of the isolation switch, and the encrypted external memory is provided with a second operating system.
  • the addressing mode of the encrypted external memory space is set to indirect addressing, and a reversible address conversion mapping function F is used.
  • a hardware encryption system is set up in the security protection device of the present invention, which includes a protection card, an IC card, and an IC card reader.
  • the protection card is connected to the computer motherboard through the IDE interface, and is connected to the encrypted external memory through the hard disk interface.
  • the protection card completes the entire process from IDE command interpretation to memory management, and has a full set of complete ATA communication protocol interpretation capabilities.
  • the protection card and the IC card have passed the corresponding binding operation, the binding is irreversible, and one protection card can only be bound once.
  • the protection card is used for deforming storing and transposing storing the confidential data.
  • the device in the IC card reader enables the signal connected between the main board and the network cable to be disconnected when the IC card is inserted to achieve the card disconnection function.
  • the security protection device further includes a password keyboard for auxiliary identity authentication; the password keyboard is connected to the protection card through the serial port of the protection card, and is the only information exchange channel between the protection card and the user. After the user enters the necessary information, the CPU on the card makes the judgment and responds.
  • the system connection method is shown in Figure 1-3.
  • the system uses two memories or hard disks, IDE1 is the main hard disk, which is used to install the operating system I and applications and place general information.
  • IDE2 is an encrypted external memory or a protected hard disk. It is used to install the operating system ⁇ and store sensitive data. It connects the computer data file protection card with the motherboard.
  • the identity authentication uses a dual method of a user IC card and a password keyboard; the user IC card is referred to as an IC card, and its reader / writer has a card disconnection function. Both hard drives draw power from an isolated switching device. The switch on the isolation switching device controls the two hard disks to start separately.
  • the protected hard disk When the protected hard disk is to be activated, the user inserts the IC card reader, sets the switch to the stand-alone state, and enters the password.
  • the system can start the protected hard disk, and at the same time, disconnect the machine from the local area network, so that the machine is in the stand-alone security. status.
  • the protected hard disk is completely transparent to the computer platform and operating system. Because the protected hard disk has an independent operating system installed and is disconnected from the local area network, IDE1 does not work, and there is no possibility of being attacked from the network. In addition, because of the use of network switching devices, criminals have adopted Performance is zero. When the authentication fails, the computer cannot find the protected hard disk.
  • the file storage of the protected hard disk uses address translation and deformed storage, when the protected hard disk is installed on another computer, it will be considered as an uninitialized hard disk, thereby ensuring information security.
  • IDE1 starts normally, and the machine is reconnected to the local area network, and you can browse.
  • IDE2 does not work, hackers cannot threaten the data on the protected hard disk, and it also guarantees information security.
  • IDE2 has no direct relationship with the motherboard. It is connected in series with the IDE data file protection card.
  • An important security measure of the present invention is binding, that is, one-to-one correspondence between related hardware identification information.
  • a basic protection card system includes a protection card, an IC card and an IC card reader.
  • an IC card is uniquely associated with a protection card.
  • the IC card manufacturer has ensured that each IC card is different, but the protection card is generally produced in batches and is the same when it is made from the production line. Therefore, the corresponding binding of the protection card and the IC card must be performed.
  • the protection card detects the ID number of the card and detects the bound memory in the card, which is usually the data storage format and mark of the non-volatile memory. If the ID number is correct, and the content of the binding memory in the board is in the original state, operate the IC card, and then store the binding information on the protection card in an encrypted format.
  • the binding is irreversible, and a protection card can only be bound once.
  • the addressing of the encrypted memory space adopts indirect addressing, which is generally implemented by accessing a cylinder register (its value is denoted as c :), a head register (h), and a sector register (s), respectively.
  • c cylinder register
  • h head register
  • s sector register
  • the reversible address transformation map F (c, h, s) disrupts the normal storage physical address, so that the hidden dangers of data comparison attacks by attackers are avoided.
  • c is a cylinder number
  • h is a head number
  • s is a sector number
  • e is a modulo 2 addition operation
  • cp, hp, and sp are random numbers related to the binding information of the protection card.
  • the bottom layer of the IDE protocol is a set of register groups. Assuming the base address of this register group is Base, then:
  • the register whose address is Base + 7 is the IDE command register
  • the register whose address is Base + 6 is the magnetic head register
  • the register whose address is Base + 5 is one of the cylinder registers
  • the register whose address is Base + 4 is the second cylinder register
  • the register whose address is Base + 3 is the sector register
  • the register whose address is Base + 2 is the sector number register
  • the register whose address is Base + 1 is the status register
  • the register whose address is Base + 0 is the data register.
  • IDE commands can be roughly divided into three categories: 1. Data state settings, such as commands to read disk parameters, set special performance indicators, etc .; 2. Data state settings, such as reset, set idle, and other commands; 3. Disk Data operations, such as disk read and write commands.
  • the first and third types involve data operations, and the data of the first type cannot be changed, otherwise the normal operation of the hard disk will be affected, and this type of data has nothing to do with the user and does not need to be added.
  • Decryption processing The user is concerned about the need to ensure the safety and integrity of the disk data when responding to Type 3 commands.
  • pure hardware is used to analyze the IDE timing and commands, do related processing according to the type of command, and use a pipe FIFO to store data.
  • the hardware state machine automatically sets the "bypass encryption and decryption pipeline", and data can be directly written to or read from the disk.
  • the hardware state machine can do nothing;
  • the third type of command is also the most frequent operation.
  • the hardware state machine feeds data into the read operation pipeline FIFO or write operation pipeline FIFO according to the read or write flag, so as to intercept the IDE data and provide it to the next-level hardware state machine for deformation storage. deal with.
  • the protection card implements data protection at the physical layer (IDE interface), and is completely transparent to the application layer (operating system and application software).
  • the capacity is 100%.
  • the method and device according to the present invention also have high resistance to attack.
  • the first set of data P1 and the initial value are all “0” modulo 2 plus, P1 ® "0", and the result is input as the data of the forward function.
  • you can also perform address-related processing on this initial value that is, at the first moment, the first set of data P1 and the initial value function N (c, h, s) are modulo 2 added, PI ® " N ", the result is entered as data for the forward function.
  • the N (c, h, s) function is the same as the address conversion function F (c, h, s).
  • the protection card also has strong self-protection.
  • the core microcode on the board is processed using an encryption algorithm, compressed and stored in EPROM or FLASH. After the protection card is activated, it performs self-decryption and decompression operations, and then copies it to SRAM for execution.
  • Use multiple timeout counters to set software traps to avoid single-step tracking and static analysis of code flow Monitor the status of the board in real time. If it is determined that there is artificial illegal operation, the contents of the SRAM memory and the bound memory of the board are destroyed first, and then the format of the information area of the IC card is disturbed, and the relevant hardware channels on the protection card are closed.
  • the protected hard disk is directly connected to the IDE interface of the PC, and no partition and data information can be read, and the protected hard disk is not initialized.
  • Advanced attackers can try to use the sector data comparison method.
  • this kind of data comparison is meaningless; the attacker must perform an additional traversal of the initial data value of each sector Calculation and verification, the workload will be extremely large.
  • the difficulty of deciphering is that the decipherer must have exactly 2K information in the user's IC card, obtain the user's password and IC card ID number, and the information of these three parameters is different for each system. It is almost impossible for illegal users to intercept such information.
  • the user IC card is a CPU smart card and cannot be copied.
  • the random number used for each authentication of the user IC card is different. Without the protection card and the corresponding user IC card and user password, the authentication cannot pass. .
  • the IC card has a self-locking function, if the illegal card is inserted into the reader 3 times, the system will automatically lock the protection card to make it inoperable, ensuring the security of the information to a certain extent.
  • the computer motherboard considers it as a hard disk, and the hard disk regards it as a motherboard, which is completely transparent to third-party software and hardware.
  • This product is fully compatible with the standard IDE interface protocol. It is fully compatible with the standard IDE interface of ordinary PCs and other types of computers on the hardware. It does not need to install drivers, does not rely on any operating system and is compatible with almost all mainstream hardware platforms.
  • Embedded system with high-speed 80C186EB as core code is stored in external memory EPROM / FLASH, data memory is 16K SRAM; large-scale CPLD is used to construct hardware state machine, manage interface timing of IDE host interface, read and write data buffer Timing to ensure real-time processing capabilities; High-speed dual-port RAM is used as a data buffer between the host and the CPU.
  • the on-board EEPROM is used as an IC card and protection card binding information memory.
  • the advantage of this system is that while it has strong security, it achieves a high level of compatibility and speed. Due to the use of channel encryption, the cracker steals the hard disk. Only by using the exhaustive method to calculate the key, its workload cannot be estimated. The flexibility of the system can also be achieved by using other encryption algorithms to achieve different needs of different customers.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un dispositif de sécurité pour PC à isolement physique et à mémoires multiples qui comprend un système d'isolement du réseau prévu pour isoler physiquement du réseau, les données protégées et pour empêcher des utilisateurs non autorisés à attaquer en ligne des données confidentielles. La carte de protection est utilisée pour réduire au maximum la possibilité de décoder lesdites données confidentielles lorsqu'un utilisateur utilise le PC ou lorsque le disque dur est perdu, ceci l'empêchant de lire les fichiers ou la structure logique se trouvant dans le disque dur protégé. L'isolement physique du système de disque dur principal par rapport au système de disque dur protégé est commandé par le commutateur du système d'isolement du réseau. Le système ainsi protégé ne peut se connecter au LAN et, au moment de la commutation du système, le système d'isolement du réseau surveille tous les supports de stockage et coupe le commutateur dans des conditions anormales. Cette invention concerne le traitement matériel, le retard de courte durée, la sécurité élevée résultant de la prévention de l'accès illégal ou de la prévention de la copie de fichiers de données cryptés et la flexibilité accordée aux utilisateurs pour configurer différentes instructions arithmétiques et longueurs de clé en fonction de leurs besoins. Ce système ne devrait pas limiter la vitesse de transmission des fichiers de données.
PCT/CN2002/000572 2002-08-14 2002-08-19 Procede et dispositif de securite informatique a isolement physique et a memoires multiples WO2004017210A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2002325472A AU2002325472A1 (en) 2002-08-14 2002-08-19 A method and device of multi-memory physically isolated computer security

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN02125727.2 2002-08-14
CN 02125727 CN1293483C (zh) 2002-08-14 2002-08-14 多存储器式物理隔离型计算机数据安全防护方法及装置

Publications (1)

Publication Number Publication Date
WO2004017210A1 true WO2004017210A1 (fr) 2004-02-26

Family

ID=31193787

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2002/000572 WO2004017210A1 (fr) 2002-08-14 2002-08-19 Procede et dispositif de securite informatique a isolement physique et a memoires multiples

Country Status (3)

Country Link
CN (1) CN1293483C (fr)
AU (1) AU2002325472A1 (fr)
WO (1) WO2004017210A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100428671C (zh) * 2004-03-26 2008-10-22 联想(北京)有限公司 网络隔离装置及方法
CN109491346A (zh) * 2018-12-14 2019-03-19 常州讯顺通讯科技有限公司 一种数据采集盒及面向智能制造的工业大数据采集方法
CN112231239A (zh) * 2020-10-19 2021-01-15 海光信息技术股份有限公司 一种页交换方法、装置、cpu、可信硬件及计算机设备

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100395729C (zh) * 2004-05-18 2008-06-18 华为技术有限公司 一种使用外部程序存储器的方法
CN101452512B (zh) * 2007-12-03 2011-03-30 联想(北京)有限公司 实现文件安全存储的方法、装置和文件读取装置
CN101556561B (zh) * 2008-04-09 2011-04-06 盛群半导体股份有限公司 随机数改变地址及数据存储器保密方法
CN103186479A (zh) * 2011-12-31 2013-07-03 中国长城计算机深圳股份有限公司 基于单操作系统的双硬盘隔离加密装置、方法及计算机
CN103294944A (zh) * 2012-10-17 2013-09-11 西安晨安电子科技有限公司 一种认证和使用分开的提高数据安全性的方法
WO2015014016A1 (fr) * 2013-07-30 2015-02-05 宇龙计算机通信科技(深圳)有限公司 Procédé et appareil de traitement de données
CN103402199A (zh) * 2013-07-30 2013-11-20 东莞宇龙通信科技有限公司 终端和安全的数据处理方法
CN103927493B (zh) * 2014-03-04 2016-08-31 中天安泰(北京)信息技术有限公司 数据黑洞处理方法
CN106570374A (zh) * 2016-10-31 2017-04-19 余必亚 一种具有网络监测功能的计算机存储系统
CN110008744B (zh) * 2019-03-28 2022-04-01 平安科技(深圳)有限公司 数据脱敏方法和相关装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000045243A1 (fr) * 1999-01-29 2000-08-03 Telia Ab (Publ) Systeme de protection contre le vol d'assistants numeriques personnels
JP2001060173A (ja) * 1999-06-18 2001-03-06 Fiinikkusu Technologies Ltd メモリ機密保護システム
CN1295286A (zh) * 1999-11-04 2001-05-16 苏毅 在多个物理隔离网络之间进行切换的方法和装置
CN2454798Y (zh) * 2000-01-21 2001-10-17 陈宏宪 用于内外网物理分离的网络同步切换装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000045243A1 (fr) * 1999-01-29 2000-08-03 Telia Ab (Publ) Systeme de protection contre le vol d'assistants numeriques personnels
JP2001060173A (ja) * 1999-06-18 2001-03-06 Fiinikkusu Technologies Ltd メモリ機密保護システム
CN1295286A (zh) * 1999-11-04 2001-05-16 苏毅 在多个物理隔离网络之间进行切换的方法和装置
CN2454798Y (zh) * 2000-01-21 2001-10-17 陈宏宪 用于内外网物理分离的网络同步切换装置

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100428671C (zh) * 2004-03-26 2008-10-22 联想(北京)有限公司 网络隔离装置及方法
CN109491346A (zh) * 2018-12-14 2019-03-19 常州讯顺通讯科技有限公司 一种数据采集盒及面向智能制造的工业大数据采集方法
CN109491346B (zh) * 2018-12-14 2021-09-21 常州讯顺通讯科技有限公司 一种数据采集盒及面向智能制造的工业大数据采集方法
CN112231239A (zh) * 2020-10-19 2021-01-15 海光信息技术股份有限公司 一种页交换方法、装置、cpu、可信硬件及计算机设备
CN112231239B (zh) * 2020-10-19 2022-05-17 海光信息技术股份有限公司 一种页交换方法、装置、cpu、可信硬件及计算机设备

Also Published As

Publication number Publication date
CN1293483C (zh) 2007-01-03
AU2002325472A1 (en) 2004-03-03
CN1475918A (zh) 2004-02-18

Similar Documents

Publication Publication Date Title
US8307131B2 (en) System and method for drive resizing and partition size exchange between a flash memory controller and a smart card
US8464073B2 (en) Method and system for secure data storage
CN100449560C (zh) 一种计算机数据安全防护方法
EP3360047B1 (fr) Sous-système sécurisé
US8528096B2 (en) Secure universal serial bus (USB) storage device and method
US8127150B2 (en) Data security
WO2004017210A1 (fr) Procede et dispositif de securite informatique a isolement physique et a memoires multiples
CN100378689C (zh) 一种计算机数据的加密保护及读写控制方法
US20100023650A1 (en) System and method for using a smart card in conjunction with a flash memory controller to detect logon authentication
US20090086965A1 (en) Secure, two-stage storage system
US20090125645A1 (en) System and method for supporting multiple tokens having a smart card to control parameters of a flash memory device
KR20220140046A (ko) 액세스 보호 기법을 안전화하기 위한 장치 및 방법
KR100831441B1 (ko) 신뢰 주변 장치 메커니즘
CN103226679B (zh) 安全且可扩充的固态磁盘系统
CN105354479A (zh) 一种基于u盘鉴权的固态硬盘及数据隐藏方法
WO2004044751A1 (fr) Procede de realisation d'un stockage securise et stockage d'algorithme au moyen d'un dispositif de memoire a semi-conducteur
CN112083879B (zh) 一种固态硬盘存储空间物理分区隔离与隐藏方法
US20060112267A1 (en) Trusted platform storage controller
US11354048B2 (en) Storage device and data disposal method thereof
JP2009526472A (ja) 実時間鍵生成を含むデータ・セキュリティ
CN2569235Y (zh) 多存储器式物理隔离型计算机数据安全防护装置
WO2022086602A1 (fr) Chiffrement de dispositif de stockage de données
TW490611B (en) Encryption and decryption memory and access control method
CN101311939A (zh) 操作系统的自引导、安全访问控制存储技术实现方法
TWI745784B (zh) 磁碟資安系統

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP