WO2018086171A1 - Pcie interface-based solid-state hard disk security system and method - Google Patents
Pcie interface-based solid-state hard disk security system and method Download PDFInfo
- Publication number
- WO2018086171A1 WO2018086171A1 PCT/CN2016/108179 CN2016108179W WO2018086171A1 WO 2018086171 A1 WO2018086171 A1 WO 2018086171A1 CN 2016108179 W CN2016108179 W CN 2016108179W WO 2018086171 A1 WO2018086171 A1 WO 2018086171A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- module
- hard disk
- erase
- signal
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 239000007787 solid Substances 0.000 claims description 20
- 230000008569 process Effects 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 3
- 238000003491 array Methods 0.000 abstract 1
- 230000006870 function Effects 0.000 description 21
- 238000001994 activation Methods 0.000 description 13
- 230000004913 activation Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 9
- 238000013403 standard screening design Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2143—Clearing memory, e.g. to prevent the data from being stolen
Definitions
- the present invention relates to the field of solid state hard disk data security, and in particular, to a solid state hard disk confidentiality system and method based on a PCIE interface.
- SSD Solid state disk
- FLASH chip Solid state storage unit
- a hard disk remote erasing security system and method are disclosed in the prior art, Chinese Patent Application No. 200910 221798.1.
- the system has a customer platform and a control execution platform, and the client terminal platform is composed of a customized USB flash drive and a user mobile phone; the control execution platform is composed of a GSM module and an FPGA module.
- the mobile terminal short message and the client terminal of the computer platform are set to turn on and off the hard disk anti-missing function and various parameters; the client terminal of the computer platform is stored in the customized U disk matched with the hard disk; various parameters are saved in the memory of the FPGA module.
- the system adopts a remote anti-theft design based on GSM network, which is convenient for users to set the system and implement erasure, and has high flexibility.
- the implementation of this invention must be accompanied by a customized USB flash drive to achieve its use.
- the present invention provides a solid state hard disk security system and method based on a PCIE interface.
- a solid state hard disk storing important data is lost, the data stored in the solid state hard disk can be locked, erased, and erased through the GSM network.
- Lock operation ensures the security of confidential data stored by users on SSDs. Prevent important data leakage on the SSD and cause loss to the user.
- the present invention provides a solid state hard disk security system and method based on a PCIE interface.
- the system consists of an antenna 101, a GS M module 102, an MCU module 103, a PCIE/SATA protocol converter 104, a PCIE interface 105, and a power module A106, 8 Eight controllers eight 107, Flash array A 108, power module B 109, SAT A controller B 11 0, and Flash array B 111.
- the function of the antenna 101 module is that the receiving user's mobile phone sends the short message signal through the wireless base station and the transmitting GSM module 102 sends the short message signal.
- the GSM module 102 is responsible for receiving and transmitting short messages. As we all know, CDMA2000 module, TD-CDM
- the A module and the WCDMA module are also applicable to the present invention, and can also perform the function of receiving and transmitting information.
- the MCU module 103 is a core module of the present invention, and is responsible for processing various operation instructions of the user, and transmitting an erasure signal and a lock signal according to the user instruction, so as to implement the locking function, the erasing function, and the erasing function of the present invention. Lock function.
- the MCU module 103 reads the lock command sent by the user from the GSM module 102, and the MCU module 103 sets the lock signal A to the disable state, and simultaneously sets the lock signal B.
- the SATA controller 107 and the flash array 108 powered by the power module A106 are in a power-off state.
- the data stored on the Flash array Ij l08 is invisible, instead, The SATA controller 110 and the flash array 111 powered by the power module A109 are in a power supply state.
- the data pre-stored on the flash array 111 is visible, thus ensuring the security of the confidential data; when the user sends the erasure
- the command ⁇ the MCU module 103 reads from the GSM module 102 to the user.
- the erase command sent the MCU module 103 maintains the lock signal A unchanged in the original enable state, the erase signal A is asserted, triggers the erase function of the SATA controller A 107, and the SATA controller A 107 executes the flash array 108.
- the erase operation cannot be restored to ensure the security of the data. Of course, the erase is unrecoverable. Even if the user retrieves the disk again, the data cannot be recovered.
- the MCU The module 103 reads the erase relock command sent by the user from the GSM module 102, and the MCU module 103 maintains the lock signal A unchanged in the original enable state, and the erase signal A is asserted to trigger the erase function of the SATA controller A107.
- the SATA controller A107 will perform a non-recoverable erase operation on the Flash array Ij l08, and then the MCU module 103 sets the lock signal A to the disable state, and simultaneously sets the lock signal B to the enable state.
- the SATA controller 107 and the Flash array Ij l08 powered by the power module A106 are in a power-off state.
- the data stored on the Flash array Ij l08 is invisible, and instead, the power module A109 is powered.
- Flash SATA controller 110 and array 111 is electrically powered state for the user, the data previously stored in the Flash array 111 is visible, double security can better ensure the operation of the user data.
- the SATA controller of the present invention is the Barefoot ECO controller of INDILINX Corporation.
- the PCIE interface 104 is responsible for connecting the secure solid state hard disk of the present invention to various types of computer motherboards to achieve connection of individual signal lines.
- the PCIE/SATA protocol converter 105 is responsible for converting the motherboard's PCIE signal into a SATA controller A and SAT.
- a controller B can identify and process the SATA signal, and cooperate with the selection of the power module to achieve signal bridging.
- the data stored in the solid state hard disk is locked, erased, and erased, thereby ensuring the security of the confidential data stored by the user on the solid state hard disk.
- FIG. 1 is a block diagram showing the structure of the system of the present invention.
- FIG. 2 is a schematic diagram of an activation process of the present invention
- FIG. 3 is a schematic diagram of the process of erasing and locking according to the present invention.
- FIG. 1 is a block diagram showing the structure of a system of the present invention. It is a solid state hard disk security system and method based on PCIE interface.
- the system consists of an antenna 101, a GSM module 102, an MCU module 103, a PCIE interface 104, a PCIE/SATA protocol converter 105, a power module A1 06, and an eight-eighth eight controller. Eight 107, Flash Array A108, Power Module B 109, SAT A Controller B 110, and F lash Array B111.
- the function of the antenna 101 module is to receive the short message sent by the user's mobile phone through the wireless base station and transmit the short message signal to the transmitting GSM module 102.
- the GSM module 102 is responsible for receiving and transmitting short messages. As we all know, CDMA2000 module, TD-CDM
- the A module and the WCDMA module are also applicable to the present invention, and can also perform the function of receiving and transmitting information.
- the MCU module 103 is a core module of the present invention, and is responsible for processing various operation instructions of the user, and transmitting an erasing signal and a lock signal according to the user instruction, so as to implement the locking function, the erasing function, and the erasing function of the present invention. Lock function.
- the MCU module 103 reads the lock command sent by the user from the GSM module 102, and the MCU module 103 sets the lock signal A to the disable state, and simultaneously sets the lock signal B.
- the SATA controller 107 and the flash array 108 powered by the power module A106 are in a power-off state.
- the data stored on the Flash array Ij l08 is invisible, instead, The SATA controller 110 and the flash array 111 powered by the power module A109 are in a power supply state.
- the data pre-stored on the flash array 111 is visible, thereby ensuring the security of the user data; when the user sends the erasure After the command, the MCU module 103 reads the erase command sent by the user from the GSM module 102, and the MCU module 103 maintains the lock signal A in the original enable state, and the erase signal A is asserted, triggering the wipe of the SATA controller A107.
- the SATA controller A107 will perform an unrecoverable to erase operation on the flash array 108 to ensure data security. When the SATA controller completes the erase operation, it will wipe.
- the MCU detects that the erase completion signal A is valid, indicating that the SATA controller A107 has completed the erase operation.
- the erase is unrecoverable, and even if the user retrieves the disk again, the recovery cannot be resumed.
- the MCU module 103 when the user sends an erase relock command, the MCU module 103 is from G
- the SM module 102 reads the erase relock command sent by the user, and the MCU module 103 maintains the lock signal A unchanged in the original enable state, and the erase signal A is asserted, triggering the erase function of the SATA controller A 107, SA TA
- the controller A107 will perform an unrecoverable to erase operation on the Flash array ij 108, and then the MCU module 103 sets the lock signal A to the disable state, and simultaneously sets the lock signal B to the enable state.
- the SATA controller 107 and the flash array Ij l08 powered by the module A106 are in a power-off state. For the user, the data stored on the flash array Ij l08 is invisible.
- the SAT A control powered by the power module A109 is controlled.
- the device 110 and the flash array 111 are in a power supply state.
- the data pre-stored on the flash array 111 is visible, and the dual operation can better ensure the security of the user data.
- the SATA controller of the present invention is the Barefoot ECO controller of INDILINX Corporation.
- the PCIE interface 104 is responsible for connecting the secure solid state hard disk of the present invention to various types of computer motherboards to achieve connection of individual signal lines.
- the PCIE/SATA protocol converter 105 is responsible for converting the motherboard's PCIE signal into a SATA controller A and SAT.
- a controller B can identify and process the SATA signal, and cooperate with the selection of the power module to achieve signal bridging.
- Step 201 waiting for the user to register or replace the SIM card program execution, proceed to step 202;
- Step 202 detecting whether there is currently a SIM card in place, if not, proceeding to step 203, and if so, proceeding to step 204;
- Step 203 directly execute the lock command without waiting for the user instruction
- Step 204 Read IMSI information of the SIM card.
- IMSI international Mobile Subscriber
- Step 205 The MCU reads the IMSI information of the SIM card and the IM stored in the flash of the MCU.
- Step 206 The MCU reads the IMSI information in the flash. If the part of the information is empty, it determines that the card is inserted for the first time, and proceeds to step 211. If the IMSI information in the flash is not empty, and the IMSI information does not match, it is determined to be changed. card
- Step 207 The MCU sends a wait for card verification information to the user mobile phone stored in the flash, and the same message Knowing that the user's mobile phone will change the card number of the card, so that the user can verify the information, and proceeds to step 208;
- Step 208 the user sends information to the card change number, to verify, if correct, then proceeds to step 210, if not, proceeds to step 209;
- Step 209 the MCU counts the number of verifications to 3 times, and if so, proceeds to step 203, and if not, proceeds to step 207;
- Step 210 The MCU writes the IMSI information of the SIM card to the internal flash, and binds the SIM card.
- Step 211 waiting for the user to send information to verify the binding of the SIM card, proceeds to step 212;
- Step 212 the MCU verifies whether the information sent by the user matches the content of the information stored in the internal flash, and if so, proceeds to step 214, and if no, proceeds to step 213;
- Step 213 the MCU counts the number of verifications to 3 times, and if so, proceeds to step 203, and if not, proceeds to step 211 again;
- Step 214 the MCU writes the IMSI information of the SIM card to the internal flash, and the binding of the SIM card to the system is implemented, and the process proceeds to step 215;
- Step 215 Send the user the SIM card number and the user password of the user waiting for the binding, and proceed to step 2
- Step 216 the user sends the SIM card number of the user and the specific user password to the binding SIM card by means of short message; proceed to step 217;
- Step 217 the MCU determines whether the user user password is consistent with the password stored in the flash, and if so, proceeds to step 218, and if not, proceeds to step 215;
- Step 219 completing the first card insertion or card replacement process.
- FIG. 3 is a schematic diagram of a locking process of the present invention.
- Step 301 the GSM module on the PCIE card receives the lock command sent by the user, and the MCU reads the lock command, and proceeds to step 302;
- Step 302 the MCU compares the user SIM card number that sends the lock command with the card number stored in the internal flash, and proceeds to step 303; [0047] Step 303, the MCU determines whether the user SIM card number has the right to send a lock command, and if so, proceeds to step 305, and if not, proceeds to step 304;
- Step 304 The SIM card bound to the product of the present invention sends an alarm message to the SIM card of the authorized user;
- Step 305 Perform a locking function. That is, the MCU module 103 reads the lock command sent by the user from the GSM module 102, and the MCU module 103 sets the lock signal A to the disable state, and simultaneously sets the lock signal B to the enable state. Thereafter, the power module A106 is powered. The powered SATA controller 107 and the Flash array Ij l08 are in a power-off state. For the user, the data stored on the Flash array 108 is invisible. On the contrary, the SATA controller 110 and the Flash array powered by the power module A109. 111 is in a power supply state, for the user, the data pre-stored on the flash array 111 is visible, proceeds to step 306;
- Step 306 After completing the lock, the MCU sends an acknowledgement message to the user SIM card number to inform the user that the lock function has been completed.
- FIG. 1 is a schematic diagram of an activation process of the present invention.
- Step 401 the GSM module on the product of the present invention receives the activation command sent by the user, and the MCU reads the activation command, and proceeds to step 402;
- Step 402 the MCU compares the user SIM card number that sends the activation command with the card number stored in the internal flash, and proceeds to step 403;
- Step 403 the MCU determines whether the user SIM card number has the right to send an activation command, and if so, proceeds to step 405, and if not, proceeds to step 404;
- Step 404 The SIM card bound to the product of the present invention sends an alarm message to the SIM card of the authorized user.
- Step 405 Perform a locking function. That is, the MCU module 103 reads the activation command sent by the user from the GSM module 102, and the MCU module 103 sets the lock signal A to the enable state, and simultaneously sets the lock signal B to the disable state. Thereafter, the power module A106 is powered.
- the power supply SATA controller 107 and the flash array Ij l08 are in a power supply state, and the SATA controller 110 and the flash array 111 powered by the power module A 109 are in a power-off state.
- the data stored on the flash array 108 is visible. In contrast, the data on the flash array 111 is invisible, proceeds to step 406;
- Step 406 After completing the activation command, the MCU sends an acknowledgement message to the user SIM card number to inform the user that the activation command has been completed.
- Step 501 the GSM module on the product of the present invention receives the user sends an erase command, and the MCU reads the erase command, and proceeds to step 502;
- Step 502 the MCU compares the user SIM card number that sends the activation command with the card number stored in the internal flash, and simultaneously compares the user SIM card to the password and the secret stored in the flash, and proceeds to step 503;
- Step 503 the MCU determines whether the user SIM card number has the right to send an activation command, and if so, proceeds to step 505, and if not, proceeds to step 504;
- Step 504 the SIM card bound to the product of the present invention sends an alarm message to the authorized user SIM card, and proceeds to step 514;
- Step 505 it is determined whether the data disk is in the locked state, and if so, proceeds to step 506, and if not, proceeds to step 509;
- Step 506 The SIM card bound to the product of the present invention sends an alarm message to the user SIM card, and informs the user that the data disk is in a locked state, and the user cannot send an activation command, and the user needs to send an activation command to proceed to step 507.
- Step 507 waiting for the user to send a command to activate the data disk, proceeds to step 508;
- Step 508 Determine whether the data disk is activated within the specified time T1, and if yes, proceed to step 509.
- Step 509 the SIM card bound to the product of the present invention sends a confirmation message to the authorized user SIM card, confirming whether the user determines to erase the data disk data, and proceeds to step 510;
- Step 510 Whether the user SIM card is confirmed in the specified time T2, if not, proceeding to step 513, if yes
- step 511 proceeds to step 511;
- Step 511 executing an erase command, that is, the MCU module 103 reads the erase command sent by the user from the GSM module 102, and the MCU module 103 maintains the lock signal A unchanged in the original enable state, and the erase signal A is set to Effective, triggering the erase function of SATA controller A107, SATA controller A107 will perform non-recoverable to erase operation on Flash array Ij l08, in order to ensure data security, when the SATA controller completes the erase operation, The erase completion signal A is asserted, the MCU detects that the erase completion signal A is valid, indicating that the SATA controller A 107 has completed the erase operation, proceeds to step 512;
- Step 512 After the MCU detects that the SATA controller completes the erasure signal, it sends the message to the user SIM card. Complete the erase command information to inform the user that the erase command has been completed;
- Step 513 completing the erase command.
- FIG. 3 is a schematic diagram of an erase locking process of the present invention.
- Step 601 the GSM module on the product of the present invention receives the erase lock command sent by the user, the MCU reads the erase lock command, and proceeds to step 602;
- Step 602 the MCU compares the user SIM card number that sends the erase command with the card number stored in the internal flash, and proceeds to step 603;
- Step 603 the MCU determines whether the user SIM card number has the right to send an erase lock command, and if so, proceeds to step 605, and if not, proceeds to step 604;
- Step 604 the SIM card bound to the product of the present invention sends an alarm message to the authorized user SIM card;
- Step 605 executing the erase command shown in FIG. 2, proceeds to step 606;
- Step 606 executing the lock command shown in Figure 3, proceeds to step 607;
- Step 607 After completing the erase lock command, the MCU sends an acknowledgement message to the user SIM card number to inform the user that the erase lock command has been completed.
- the present invention provides a solid state hard disk security system and method based on a PCIE interface, and the technical solution of the present invention is further described in detail. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
A PCIE interface-based solid-state hard disk security system and method, the system comprising an antenna (101), a GSM module (102), an MCU module (103), a PCIE/SATA protocol converter (105), a PCIE interface (104), power source modules (106, 109), SATA controllers (107, 110) and flash arrays (108, 111). After a solid-state hard disk storing important data is lost, operations such as erasing and locking can be performed on the data stored within the solid-state hard disk via a GSM network, thereby effectively ensuring the security of the confidential data stored on the solid-state hard disk by a user, and preventing the important data on the solid-state hard disk from being leaked and causing losses to the user.
Description
基于 PCIE接口的固态硬盘保密系统及方法 技术领域 Solid state hard disk security system and method based on PCIE interface
[0001] 本发明涉及固态硬盘数据安全领域, 特别涉及一种基于 PCIE接口的固态硬盘保 密系统及方法。 [0001] The present invention relates to the field of solid state hard disk data security, and in particular, to a solid state hard disk confidentiality system and method based on a PCIE interface.
背景技术 Background technique
[0002] 固态硬盘 (SSD, Solid State Disk) , 是由控制单元和固态存储单元 (FLASH 芯片) 组成的硬盘。 SSD具有读写性能高, 抗震能力强, 电源幵销小等优势。 由 于固态硬盘 SSD的上述特性, 广泛应用于军事、 车载、 工控、 视频监控、 网络监 控、 电力、 医疗、 航空等领域。 在这些特殊领域, 数据安全是一个重要的衡量 指标。 [0002] Solid state disk (SSD) is a hard disk composed of a control unit and a solid state storage unit (FLASH chip). SSD has the advantages of high read/write performance, strong seismic resistance, and small power supply sales. Due to the above characteristics of SSDs, it is widely used in military, automotive, industrial control, video surveillance, network monitoring, power, medical, aviation and other fields. In these special areas, data security is an important measure.
技术问题 technical problem
[0003] 目前, 有效防范固态硬盘内的数据外泄, 在加强电脑硬件防盗措施的同吋, 主 要是通过对数据加密的方式来防止敏感数据的外泄。 但任何一种加密算法都有 其相对性, 在能够完整取得硬盘内所有数据的基础上, 随着破解算法与技术发 展, 始终存在敏感数据泄漏的隐患。 [0003] At present, effective prevention of data leakage in SSDs, while strengthening the anti-theft measures of computer hardware, mainly through the way of encrypting data to prevent the leakage of sensitive data. However, any encryption algorithm has its relative nature. On the basis of being able to completely acquire all the data in the hard disk, with the development of the cracking algorithm and technology, there is always a hidden danger of sensitive data leakage.
[0004] 为提高固态硬盘内存储数据的安全性, 在现有技术中, 中国专利申请号 200910 221798.1公幵了一种硬盘远程擦除防盗系统和方法。 所述系统有客户平台和控制 执行平台组成, 所述客户终端平台由系统配套的定制 U盘与用户手机组成; 控制 执行平台由 GSM模块与 FPGA模块组成。 通过手机短信和计算机平台的客户终端 设置硬盘防失密功能的幵启和关闭以及各种参数; 计算机平台的客户终端保存 在与硬盘配套的定制 U盘里; 各种参数保存到 FPGA模块的存储器里。 系统采用 基于 GSM网络的远程防盗设计, 方便用户设定系统和实施擦除, 灵活性较高。 此发明实施, 必须要有与之配套的定制 U盘才能实现,使其使用受到一定的限制 [0004] In order to improve the security of data stored in a solid state hard disk, a hard disk remote erasing security system and method are disclosed in the prior art, Chinese Patent Application No. 200910 221798.1. The system has a customer platform and a control execution platform, and the client terminal platform is composed of a customized USB flash drive and a user mobile phone; the control execution platform is composed of a GSM module and an FPGA module. The mobile terminal short message and the client terminal of the computer platform are set to turn on and off the hard disk anti-missing function and various parameters; the client terminal of the computer platform is stored in the customized U disk matched with the hard disk; various parameters are saved in the memory of the FPGA module. . The system adopts a remote anti-theft design based on GSM network, which is convenient for users to set the system and implement erasure, and has high flexibility. The implementation of this invention must be accompanied by a customized USB flash drive to achieve its use.
[0005] 上述的现有技术, 只涉及到单盘的数据擦除, 在发生固态硬盘丢失, 只有擦除 数据这一种方式来保证数据安全。 那么即使固态硬盘失而复得, 用户也无法找
回擦除的数据。 本发明将针对用户的选择, 来选择是擦除固态硬盘数据, 还是 打幵硬盘备用部分, 迷惑偷盗者, 或者上述两种方式同吋执行, 确保数据的安 全。 [0005] The above prior art only involves data erasure of a single disc, in the case of a solid state hard disk loss, only a method of erasing data to ensure data security. Then even if the solid state drive is lost, the user can't find it. Back erased data. The present invention will select whether to erase the SSD data, or to use the spare part of the hard disk, confuse the thief, or perform the above two methods to ensure the security of the data.
问题的解决方案 Problem solution
技术解决方案 Technical solution
[0006] 本发明提供一种基于 PCIE接口的固态硬盘保密系统及方法, 当存储有重要数据 的固态硬盘丢失后, 能够通过 GSM网络, 对固态硬盘中存储的数据进行锁定、 擦除、 擦除锁定操作, 有效保证用户存储于固态硬盘上机密数据的安全性。 防 止固态硬盘上的重要数据泄密, 给使用人造成损失。 [0006] The present invention provides a solid state hard disk security system and method based on a PCIE interface. When a solid state hard disk storing important data is lost, the data stored in the solid state hard disk can be locked, erased, and erased through the GSM network. Lock operation ensures the security of confidential data stored by users on SSDs. Prevent important data leakage on the SSD and cause loss to the user.
[0007] 本发明提供基于 PCIE接口的固态硬盘保密系统及方法, 本系统由天线 101、 GS M模块 102、 MCU模块 103、 PCIE/SATA协议转换器 104、 PCIE接口 105、 电源模 块 A106、 8八丁八控制器八107、 Flash阵列 A108、 电源模块 B 109、 SAT A控制器 B 11 0和 Flash阵列 B111。 [0007] The present invention provides a solid state hard disk security system and method based on a PCIE interface. The system consists of an antenna 101, a GS M module 102, an MCU module 103, a PCIE/SATA protocol converter 104, a PCIE interface 105, and a power module A106, 8 Eight controllers eight 107, Flash array A 108, power module B 109, SAT A controller B 11 0, and Flash array B 111.
[0008] 所述的天线 101模块的功能是接收用户手机通过无线基站发送到短信息信号及 发射 GSM模块 102发送到短信息信号。 [0008] The function of the antenna 101 module is that the receiving user's mobile phone sends the short message signal through the wireless base station and the transmitting GSM module 102 sends the short message signal.
[0009] GSM模块 102负责接收和发送短信息。 众所周知, CDMA2000模块、 TD-CDMThe GSM module 102 is responsible for receiving and transmitting short messages. As we all know, CDMA2000 module, TD-CDM
A模块、 WCDMA模块同样适用于本发明, 同样能够完成信息的接收和发送功能 The A module and the WCDMA module are also applicable to the present invention, and can also perform the function of receiving and transmitting information.
[0010] MCU模块 103为本发明的核心模块, 负责处理用户的各种操作指令, 并根据用 户指令发送擦除信号及锁定信号, 以实现本发明的锁定功能、 擦除功能、 先擦 除再锁定功能。 [0010] The MCU module 103 is a core module of the present invention, and is responsible for processing various operation instructions of the user, and transmitting an erasure signal and a lock signal according to the user instruction, so as to implement the locking function, the erasing function, and the erasing function of the present invention. Lock function.
[0011] 具体地, 当用户发送锁定指令吋, MCU模块 103从 GSM模块 102读取到用户发 送的锁定指令, MCU模块 103将锁定信号 A置为去使能状态, 同吋将锁定信号 B 置为使能状态, 此吋, 由电源模块 A106供电的 SATA控制器 107和 Flash阵列 108 处于断电状态, 对于使用者来说, Flash阵歹 Ij l08上存储的数据是不可见的, 相反 , 由电源模块 A109供电的 SATA控制器 110和 Flash阵列 111处于供电状态, 对于 使用者来说, 预先存储于 Flash阵列 111上的数据是可见的, 这样保证了机密数据 的安全性; 当用户发送擦除指令吋, MCU模块 103从 GSM模块 102读取到用户发
送的擦除指令, MCU模块 103将锁定信号 A维持原使能状态不变, 擦除信号 A置 为有效, 触发 SATA控制器 A107的擦除功能, SATA控制器 A107将对 Flash阵列 10 8执行不可恢复到擦除操作, 以此来保证数据的安全性, 当然这种擦除是不可恢 复到, 即使用户再次取回该盘, 也无法恢复数据; 当用户发送擦除再锁定指令 吋, MCU模块 103从 GSM模块 102读取到用户发送的擦除再锁定指令, MCU模块 103将锁定信号 A维持原使能状态不变, 擦除信号 A置为有效, 触发 SATA控制器 A107的擦除功能, SATA控制器 A107将对 Flash阵歹 Ij l08执行不可恢复到擦除操作 , 然后 MCU模块 103将锁定信号 A置为去使能状态, 同吋将锁定信号 B置为使能 状态, 此吋, 由电源模块 A106供电的 SATA控制器 107和 Flash阵歹 Ij l08处于断电 状态, 对于使用者来说, Flash阵歹 Ij l08上存储的数据是不可见的, 相反, 由电源 模块 A109供电的 SATA控制器 110和 Flash阵列 111处于供电状态, 对于使用者来 说, 预先存储于 Flash阵列 111上的数据是可见的, 双重操作可以更好的保证用户 数据的安全性。 优选地, 本发明的 SATA控制器为 INDILINX公司的 Barefoot ECO 控制器。 [0011] Specifically, when the user sends a lock command, the MCU module 103 reads the lock command sent by the user from the GSM module 102, and the MCU module 103 sets the lock signal A to the disable state, and simultaneously sets the lock signal B. In order to enable the state, the SATA controller 107 and the flash array 108 powered by the power module A106 are in a power-off state. For the user, the data stored on the Flash array Ij l08 is invisible, instead, The SATA controller 110 and the flash array 111 powered by the power module A109 are in a power supply state. For the user, the data pre-stored on the flash array 111 is visible, thus ensuring the security of the confidential data; when the user sends the erasure The command 吋, the MCU module 103 reads from the GSM module 102 to the user. The erase command sent, the MCU module 103 maintains the lock signal A unchanged in the original enable state, the erase signal A is asserted, triggers the erase function of the SATA controller A 107, and the SATA controller A 107 executes the flash array 108. The erase operation cannot be restored to ensure the security of the data. Of course, the erase is unrecoverable. Even if the user retrieves the disk again, the data cannot be recovered. When the user sends the erase and relock command, the MCU The module 103 reads the erase relock command sent by the user from the GSM module 102, and the MCU module 103 maintains the lock signal A unchanged in the original enable state, and the erase signal A is asserted to trigger the erase function of the SATA controller A107. The SATA controller A107 will perform a non-recoverable erase operation on the Flash array Ij l08, and then the MCU module 103 sets the lock signal A to the disable state, and simultaneously sets the lock signal B to the enable state. The SATA controller 107 and the Flash array Ij l08 powered by the power module A106 are in a power-off state. For the user, the data stored on the Flash array Ij l08 is invisible, and instead, the power module A109 is powered. Flash SATA controller 110 and array 111 is electrically powered state for the user, the data previously stored in the Flash array 111 is visible, double security can better ensure the operation of the user data. Preferably, the SATA controller of the present invention is the Barefoot ECO controller of INDILINX Corporation.
[0012] PCIE接口 104负责本发明的保密固态硬盘与各种类别的计算机主板连接, 以实 现各个信号线的连接。 [0012] The PCIE interface 104 is responsible for connecting the secure solid state hard disk of the present invention to various types of computer motherboards to achieve connection of individual signal lines.
[0013] PCIE/SATA协议转换器 105负责将主板的 PCIE信号转换成 SATA控制器 A和 SAT [0013] The PCIE/SATA protocol converter 105 is responsible for converting the motherboard's PCIE signal into a SATA controller A and SAT.
A控制器 B能够识别且能够处理的 SATA信号, 同吋配合电源模块的选择, 实现 信号的桥接。 A controller B can identify and process the SATA signal, and cooperate with the selection of the power module to achieve signal bridging.
发明的有益效果 Advantageous effects of the invention
有益效果 Beneficial effect
[0014] 借助于本发明的上述技术方案, 固态硬盘中存储的数据进行锁定、 擦除、 擦除 锁定操作, 有效保证用户存储于固态硬盘上机密数据的安全性。 [0014] With the above technical solution of the present invention, the data stored in the solid state hard disk is locked, erased, and erased, thereby ensuring the security of the confidential data stored by the user on the solid state hard disk.
对附图的简要说明 Brief description of the drawing
附图说明 DRAWINGS
[0015] 图 1是本发明的系统结构框图; 1 is a block diagram showing the structure of the system of the present invention;
[0016] 图 2是本发明激活流程示意图; 2 is a schematic diagram of an activation process of the present invention;
[0017] 图 3是本发明擦除进而锁定流程示意图。
本发明的实施方式 3 is a schematic diagram of the process of erasing and locking according to the present invention. Embodiments of the invention
[0018] 图 1是本发明的系统结构框图。 是一种基于 PCIE接口的固态硬盘保密系统及方 法。 针对现有技术存在的缺陷, 提供一种技术方案: 本系统由天线 101、 GSM模 块 102、 MCU模块 103、 PCIE接口 104、 PCIE/SATA协议转换器 105、 电源模块 A1 06、 8八丁八控制器八107、 Flash阵列 A108、 电源模块 B 109、 SAT A控制器 B 110和 F lash阵列 B111。 1 is a block diagram showing the structure of a system of the present invention. It is a solid state hard disk security system and method based on PCIE interface. A technical solution is provided for the defects of the prior art: The system consists of an antenna 101, a GSM module 102, an MCU module 103, a PCIE interface 104, a PCIE/SATA protocol converter 105, a power module A1 06, and an eight-eighth eight controller. Eight 107, Flash Array A108, Power Module B 109, SAT A Controller B 110, and F lash Array B111.
[0019] 所述的天线 101模块的功能是接收用户手机通过无线基站发送到短信息信号及 发射 GSM模块 102发送到短信息信号。 [0019] The function of the antenna 101 module is to receive the short message sent by the user's mobile phone through the wireless base station and transmit the short message signal to the transmitting GSM module 102.
[0020] GSM模块 102负责接收和发送短信息。 众所周知, CDMA2000模块、 TD-CDM[0020] The GSM module 102 is responsible for receiving and transmitting short messages. As we all know, CDMA2000 module, TD-CDM
A模块、 WCDMA模块同样适用于本发明, 同样能够完成信息的接收和发送功能 The A module and the WCDMA module are also applicable to the present invention, and can also perform the function of receiving and transmitting information.
[0021] MCU模块 103为本发明的核心模块, 负责处理用户的各种操作指令, 并根据用 户指令发送擦除信号及锁定信号, 以实现本发明的锁定功能、 擦除功能、 先擦 除再锁定功能。 [0021] The MCU module 103 is a core module of the present invention, and is responsible for processing various operation instructions of the user, and transmitting an erasing signal and a lock signal according to the user instruction, so as to implement the locking function, the erasing function, and the erasing function of the present invention. Lock function.
[0022] 具体地, 当用户发送锁定指令吋, MCU模块 103从 GSM模块 102读取到用户发 送的锁定指令, MCU模块 103将锁定信号 A置为去使能状态, 同吋将锁定信号 B 置为使能状态, 此吋, 由电源模块 A106供电的 SATA控制器 107和 Flash阵列 108 处于断电状态, 对于使用者来说, Flash阵歹 Ij l08上存储的数据是不可见的, 相反 , 由电源模块 A109供电的 SATA控制器 110和 Flash阵列 111处于供电状态, 对于 使用者来说, 预先存储于 Flash阵列 111上的数据是可见的, 这样保证了用户数据 的安全性; 当用户发送擦除指令吋, MCU模块 103从 GSM模块 102读取到用户发 送的擦除指令, MCU模块 103将锁定信号 A维持原使能状态不变, 擦除信号 A置 为有效, 触发 SATA控制器 A107的擦除功能, SATA控制器 A107将对 Flash阵列 10 8执行不可恢复到擦除操作, 以此来保证数据的安全性, 当 SATA控制器完成擦 除操作后, 将擦除完成信号 A置为有效, MCU检测到擦除完成信号 A有效, 表示 SATA控制器 A107完成了擦除操作, 当然这种擦除是不可恢复的, 即使用户再次 取回该盘, 也无法恢复数据; 当用户发送擦除再锁定指令吋, MCU模块 103从 G
SM模块 102读取到用户发送的擦除再锁定指令, MCU模块 103将锁定信号 A维持 原使能状态不变, 擦除信号 A置为有效, 触发 SATA控制器 A107的擦除功能, SA TA控制器 A107将对 Flash阵歹 ij 108执行不可恢复到擦除操作, 然后 MCU模块 103 将锁定信号 A置为去使能状态, 同吋将锁定信号 B置为使能状态, 此吋, 由电源 模块 A106供电的 SATA控制器 107和 Flash阵歹 Ij l08处于断电状态, 对于使用者来 说, Flash阵歹 Ij l08上存储的数据是不可见的, 相反, 由电源模块 A109供电的 SAT A控制器 110和 Flash阵列 111处于供电状态, 对于使用者来说, 预先存储于 Flash 阵列 111上的数据是可见的, 双重操作可以更好的保证用户数据的安全性。 优选 地, 本发明的 SATA控制器为 INDILINX公司的 Barefoot ECO控制器。 [0022] Specifically, when the user sends a lock command, the MCU module 103 reads the lock command sent by the user from the GSM module 102, and the MCU module 103 sets the lock signal A to the disable state, and simultaneously sets the lock signal B. In order to enable the state, the SATA controller 107 and the flash array 108 powered by the power module A106 are in a power-off state. For the user, the data stored on the Flash array Ij l08 is invisible, instead, The SATA controller 110 and the flash array 111 powered by the power module A109 are in a power supply state. For the user, the data pre-stored on the flash array 111 is visible, thereby ensuring the security of the user data; when the user sends the erasure After the command, the MCU module 103 reads the erase command sent by the user from the GSM module 102, and the MCU module 103 maintains the lock signal A in the original enable state, and the erase signal A is asserted, triggering the wipe of the SATA controller A107. In addition to the function, the SATA controller A107 will perform an unrecoverable to erase operation on the flash array 108 to ensure data security. When the SATA controller completes the erase operation, it will wipe. Except that the completion signal A is asserted, the MCU detects that the erase completion signal A is valid, indicating that the SATA controller A107 has completed the erase operation. Of course, the erase is unrecoverable, and even if the user retrieves the disk again, the recovery cannot be resumed. Data; when the user sends an erase relock command, the MCU module 103 is from G The SM module 102 reads the erase relock command sent by the user, and the MCU module 103 maintains the lock signal A unchanged in the original enable state, and the erase signal A is asserted, triggering the erase function of the SATA controller A 107, SA TA The controller A107 will perform an unrecoverable to erase operation on the Flash array ij 108, and then the MCU module 103 sets the lock signal A to the disable state, and simultaneously sets the lock signal B to the enable state. The SATA controller 107 and the flash array Ij l08 powered by the module A106 are in a power-off state. For the user, the data stored on the flash array Ij l08 is invisible. On the contrary, the SAT A control powered by the power module A109 is controlled. The device 110 and the flash array 111 are in a power supply state. For the user, the data pre-stored on the flash array 111 is visible, and the dual operation can better ensure the security of the user data. Preferably, the SATA controller of the present invention is the Barefoot ECO controller of INDILINX Corporation.
[0023] PCIE接口 104负责本发明的保密固态硬盘与各种类别的计算机主板连接, 以实 现各个信号线的连接。 [0023] The PCIE interface 104 is responsible for connecting the secure solid state hard disk of the present invention to various types of computer motherboards to achieve connection of individual signal lines.
[0024] PCIE/SATA协议转换器 105负责将主板的 PCIE信号转换成 SATA控制器 A和 SAT [0024] The PCIE/SATA protocol converter 105 is responsible for converting the motherboard's PCIE signal into a SATA controller A and SAT.
A控制器 B能够识别且能够处理的 SATA信号, 同吋配合电源模块的选择, 实现 信号的桥接。 A controller B can identify and process the SATA signal, and cooperate with the selection of the power module to achieve signal bridging.
[0025] 图 2是本发明首次注册用户或者更换 SIM卡流程示意图。 步骤 201, 等待用户注 册或者更换 SIM卡程序执行幵始, 进入步骤 202; 2 is a schematic diagram of a process of first registering a user or replacing a SIM card according to the present invention. Step 201, waiting for the user to register or replace the SIM card program execution, proceed to step 202;
[0026] 步骤 202, 检测当前是否有 SIM卡在位, 若否, 进入步骤 203, 若是, 则进入步 骤 204; [0026] Step 202, detecting whether there is currently a SIM card in place, if not, proceeding to step 203, and if so, proceeding to step 204;
[0027] 步骤 203, 无需等待用户指令, 直接执行锁定命令; [0027] Step 203: directly execute the lock command without waiting for the user instruction;
[0028] 步骤 204, 读取 SIM卡的 IMSI信息。 IMSI (international Mobile Subscriber [0028] Step 204: Read IMSI information of the SIM card. IMSI (international Mobile Subscriber
Identity, 国际移动用户识别码) 为国际上为唯一识别一个移动用户所分配的号 码。 即: 每个 SIM卡有着唯一的 IMSI信息, 进入步骤 205; Identity, International Mobile Subscriber Identity) A number assigned internationally to uniquely identify a mobile subscriber. That is: each SIM card has unique IMSI information, proceeds to step 205;
[0029] 步骤 205, MCU将读取到底 SIM卡的 IMSI信息与存储于 MCU自带的 flash中的 IM[0029] Step 205: The MCU reads the IMSI information of the SIM card and the IM stored in the flash of the MCU.
SI信息对比, 进入步骤 206; SI information comparison, proceeds to step 206;
[0030] 步骤 206, MCU读取 flash中 IMSI信息, 如果此部分信息为空, 则判断为首次插 卡, 进入步骤 211, 若 flash中 IMSI信息非空, 且 IMSI信息不匹配, 则判断为换卡[0030] Step 206: The MCU reads the IMSI information in the flash. If the part of the information is empty, it determines that the card is inserted for the first time, and proceeds to step 211. If the IMSI information in the flash is not empty, and the IMSI information does not match, it is determined to be changed. card
, 进入步骤 207; , proceed to step 207;
[0031] 步骤 207, MCU向存储于 flash中的用户手机发送等待换卡验证信息, 并同吋告
知用户手机将要换卡的卡号, 以便用户进行信息验证, 进入步骤 208; [0031] Step 207: The MCU sends a wait for card verification information to the user mobile phone stored in the flash, and the same message Knowing that the user's mobile phone will change the card number of the card, so that the user can verify the information, and proceeds to step 208;
[0032] 步骤 208, 用户向换卡卡号发送信息, 进行验证, 如果正确, 则进入步骤 210, 如果不正确, 进入步骤 209; [0032] Step 208, the user sends information to the card change number, to verify, if correct, then proceeds to step 210, if not, proceeds to step 209;
[0033] 步骤 209, MCU统计验证次数是否达到 3次, 若是, 则进入步骤 203, 若否, 则 进入步骤 207; [0033] Step 209, the MCU counts the number of verifications to 3 times, and if so, proceeds to step 203, and if not, proceeds to step 207;
[0034] 步骤 210, MCU将此 SIM卡的 IMSI信息更新写入内部的 flash中, 绑定此 SIM卡 [0034] Step 210: The MCU writes the IMSI information of the SIM card to the internal flash, and binds the SIM card.
[0035] 步骤 211, 等待用户发送信息验证绑定此 SIM卡, 进入步骤 212; [0035] Step 211, waiting for the user to send information to verify the binding of the SIM card, proceeds to step 212;
[0036] 步骤 212, MCU验证用户发送到信息是否与存储于内部 flash内部的信息内容匹 配, 若是, 进入步骤 214, 若否, 进入步骤 213; [0036] Step 212, the MCU verifies whether the information sent by the user matches the content of the information stored in the internal flash, and if so, proceeds to step 214, and if no, proceeds to step 213;
[0037] 步骤 213, MCU统计验证次数是否达到 3次, 若是, 则进入步骤 203, 若否, 则 重新进入步骤 211 ; [0037] Step 213, the MCU counts the number of verifications to 3 times, and if so, proceeds to step 203, and if not, proceeds to step 211 again;
[0038] 步骤 214, MCU将此 SIM卡的 IMSI信息写入内部 flash中, 实现此 SIM卡与系统 的绑定, 进入步骤 215; [0038] Step 214, the MCU writes the IMSI information of the SIM card to the internal flash, and the binding of the SIM card to the system is implemented, and the process proceeds to step 215;
[0039] 步骤 215, 给用户发送信息等待绑定的用户 SIM卡卡号和用户密码, 进入步骤 2[0039] Step 215: Send the user the SIM card number and the user password of the user waiting for the binding, and proceed to step 2
16; 16;
[0040] 步骤 216, 用户以短信的方式将用户的 SIM卡卡号和特定的用户密码发送至绑 定 SIM卡; 进入步骤 217; [0040] Step 216, the user sends the SIM card number of the user and the specific user password to the binding SIM card by means of short message; proceed to step 217;
[0041] 步骤 217, MCU判断用户用户密码与 flash中保存的密码是否一致, 如果是, 则 进入步骤 218, 如果否, 则重新进入步骤 215; [0041] Step 217, the MCU determines whether the user user password is consistent with the password stored in the flash, and if so, proceeds to step 218, and if not, proceeds to step 215;
[0042] 步骤 218, MCU绑定此用户 SIM卡卡号, 将其 SIM卡卡号写入内部 flash中, 进 入步骤 219; [0042] Step 218, the MCU binds the SIM card number of the user, writes its SIM card number to the internal flash, and proceeds to step 219;
[0043] 步骤 219, 完成首次插卡或者换卡流程。 [0043] Step 219, completing the first card insertion or card replacement process.
[0044] 图 3是本发明锁定流程示意图。 3 is a schematic diagram of a locking process of the present invention.
[0045] 步骤 301, PCIE卡上 GSM模块接收到用户发送的锁定命令, MCU读取锁定命令 , 进入步骤 302; [0045] Step 301, the GSM module on the PCIE card receives the lock command sent by the user, and the MCU reads the lock command, and proceeds to step 302;
[0046] 步骤 302, MCU将发送锁定命令的用户 SIM卡卡号与保存在内部 flash中的卡号 进行对比, 进入步骤 303;
[0047] 步骤 303, MCU判断用户 SIM卡卡号是否有发送锁定命令的权限, 若是, 则进 入步骤 305, 若否, 则进入步骤 304; [0046] Step 302, the MCU compares the user SIM card number that sends the lock command with the card number stored in the internal flash, and proceeds to step 303; [0047] Step 303, the MCU determines whether the user SIM card number has the right to send a lock command, and if so, proceeds to step 305, and if not, proceeds to step 304;
[0048] 步骤 304, 本发明产品绑定的 SIM卡向有权限的用户 SIM卡发送告警信息; [0048] Step 304: The SIM card bound to the product of the present invention sends an alarm message to the SIM card of the authorized user;
[0049] 步骤 305, 执行锁定功能。 即 MCU模块 103从 GSM模块 102读取到用户发送的锁 定指令, MCU模块 103将锁定信号 A置为去使能状态, 同吋将锁定信号 B置为使 能状态, 此吋, 由电源模块 A106供电的 SATA控制器 107和 Flash阵歹 Ij l08处于断 电状态, 对于使用者来说, Flash阵列 108上存储的数据是不可见的, 相反, 由电 源模块 A109供电的 SATA控制器 110和 Flash阵列 111处于供电状态, 对于使用者 来说, 预先存储于 Flash阵列 111上的数据是可见的, 进入步骤 306; [0049] Step 305: Perform a locking function. That is, the MCU module 103 reads the lock command sent by the user from the GSM module 102, and the MCU module 103 sets the lock signal A to the disable state, and simultaneously sets the lock signal B to the enable state. Thereafter, the power module A106 is powered. The powered SATA controller 107 and the Flash array Ij l08 are in a power-off state. For the user, the data stored on the Flash array 108 is invisible. On the contrary, the SATA controller 110 and the Flash array powered by the power module A109. 111 is in a power supply state, for the user, the data pre-stored on the flash array 111 is visible, proceeds to step 306;
[0050] 步骤 306, MCU完成锁定后, 向用户 SIM卡卡号发送确认信息, 告知用户已经 完成锁定功能。 [0050] Step 306: After completing the lock, the MCU sends an acknowledgement message to the user SIM card number to inform the user that the lock function has been completed.
[0051] 图 1是本发明激活流程示意图。 1 is a schematic diagram of an activation process of the present invention.
[0052] 步骤 401, 本发明产品上 GSM模块接收到用户发送的激活命令, MCU读取激活 命令, 进入步骤 402; [0052] Step 401, the GSM module on the product of the present invention receives the activation command sent by the user, and the MCU reads the activation command, and proceeds to step 402;
[0053] 步骤 402, MCU将发送激活命令的用户 SIM卡卡号与保存在内部 flash中的卡号 进行对比, 进入步骤 403; [0053] Step 402, the MCU compares the user SIM card number that sends the activation command with the card number stored in the internal flash, and proceeds to step 403;
[0054] 步骤 403, MCU判断用户 SIM卡卡号是否有发送激活命令的权限, 若是, 则进 入步骤 405, 若否, 则进入步骤 404; [0054] Step 403, the MCU determines whether the user SIM card number has the right to send an activation command, and if so, proceeds to step 405, and if not, proceeds to step 404;
[0055] 步骤 404, 本发明产品绑定的 SIM卡向有权限的用户 SIM卡发送告警信息; [0055] Step 404: The SIM card bound to the product of the present invention sends an alarm message to the SIM card of the authorized user.
[0056] 步骤 405, 执行锁定功能。 即 MCU模块 103从 GSM模块 102读取到用户发送的激 活指令, MCU模块 103将锁定信号 A置为使能状态, 同吋将锁定信号 B置为去使 能状态, 此吋, 由电源模块 A106供电的 SATA控制器 107和 Flash阵歹 Ij l08处于供 电状态, 电源模块 A109供电的 SATA控制器 110和 Flash阵列 111处于断电状态对 于使用者来说, Flash阵列 108上存储的数据是可见的, 相反, Flash阵列 111上的 数据是不可见的, 进入步骤 406; [0056] Step 405: Perform a locking function. That is, the MCU module 103 reads the activation command sent by the user from the GSM module 102, and the MCU module 103 sets the lock signal A to the enable state, and simultaneously sets the lock signal B to the disable state. Thereafter, the power module A106 is powered. The power supply SATA controller 107 and the flash array Ij l08 are in a power supply state, and the SATA controller 110 and the flash array 111 powered by the power module A 109 are in a power-off state. For the user, the data stored on the flash array 108 is visible. In contrast, the data on the flash array 111 is invisible, proceeds to step 406;
[0057] 步骤 406, MCU完成激活命令后, 向用户 SIM卡卡号发送确认信息, 告知用户 已经完成激活命令。 [0057] Step 406: After completing the activation command, the MCU sends an acknowledgement message to the user SIM card number to inform the user that the activation command has been completed.
[0058] 图 2是本发明擦除流程示意图。
[0059] 步骤 501, 本发明产品上 GSM模块接收到用户发送到擦除命令, MCU读取擦除 命令后, 进入步骤 502; 2 is a schematic diagram of an erasing process of the present invention. [0059] Step 501, the GSM module on the product of the present invention receives the user sends an erase command, and the MCU reads the erase command, and proceeds to step 502;
[0060] 步骤 502, MCU将发送激活命令的用户 SIM卡卡号与保存在内部 flash中的卡号 进行对比, 同吋将用户 SIM卡发送到密码与保存在 flash中的秘密进行比较, 进入 步骤 503; [0060] Step 502, the MCU compares the user SIM card number that sends the activation command with the card number stored in the internal flash, and simultaneously compares the user SIM card to the password and the secret stored in the flash, and proceeds to step 503;
[0061] 步骤 503, MCU判断用户 SIM卡卡号是否有发送激活命令的权限, 若是, 则进 入步骤 505, 若否, 则进入步骤 504; [0061] Step 503, the MCU determines whether the user SIM card number has the right to send an activation command, and if so, proceeds to step 505, and if not, proceeds to step 504;
[0062] 步骤 504, 本发明产品绑定的 SIM卡向有权限的用户 SIM卡发送告警信息, 进入 步骤 514; [0062] Step 504, the SIM card bound to the product of the present invention sends an alarm message to the authorized user SIM card, and proceeds to step 514;
[0063] 步骤 505, 判定数据盘是否处于锁定状态, 若是, 进入步骤 506, 若否, 则进入 步骤 509; [0063] Step 505, it is determined whether the data disk is in the locked state, and if so, proceeds to step 506, and if not, proceeds to step 509;
[0064] 步骤 506, 与本发明产品绑定的 SIM卡向用户 SIM卡发送告警信息, 告知用户数 据盘处于锁定状态, 无法完成擦除操作, 需要用户发送激活命令, 进入步骤 507 [0064] Step 506: The SIM card bound to the product of the present invention sends an alarm message to the user SIM card, and informs the user that the data disk is in a locked state, and the user cannot send an activation command, and the user needs to send an activation command to proceed to step 507.
[0065] 步骤 507, 等待用户发送激活数据盘的命令, 进入步骤 508; [0065] Step 507, waiting for the user to send a command to activate the data disk, proceeds to step 508;
[0066] 步骤 508, 判断在规定的吋间 T1内, 数据盘是否被激活, 若是, 则进入步骤 509 [0066] Step 508: Determine whether the data disk is activated within the specified time T1, and if yes, proceed to step 509.
, 若否, 则进入步骤 513; If not, proceed to step 513;
[0067] 步骤 509, 本发明产品绑定的 SIM卡向有权限的用户 SIM卡发送确认信息, 确认 用户是否确定要擦除数据盘数据, 进入步骤 510; [0067] Step 509, the SIM card bound to the product of the present invention sends a confirmation message to the authorized user SIM card, confirming whether the user determines to erase the data disk data, and proceeds to step 510;
[0068] 步骤 510, 用户 SIM卡在规定吋间 T2内是否确认, 若否, 则进入步骤 513, 若是[0068] Step 510: Whether the user SIM card is confirmed in the specified time T2, if not, proceeding to step 513, if yes
, 则进入步骤 511 ; , then proceeds to step 511;
[0069] 步骤 511, 执行擦除命令, 即 MCU模块 103从 GSM模块 102读取到用户发送的擦 除指令, MCU模块 103将锁定信号 A维持原使能状态不变, 擦除信号 A置为有效 , 触发 SATA控制器 A107的擦除功能, SATA控制器 A107将对 Flash阵歹 Ij l08执行 不可恢复到擦除操作, 以此来保证数据的安全性, 当 SATA控制器完成擦除操作 后, 将擦除完成信号 A置为有效, MCU检测到擦除完成信号 A有效, 表示 SATA 控制器 A107完成了擦除操作, 进入步骤 512; [0069] Step 511, executing an erase command, that is, the MCU module 103 reads the erase command sent by the user from the GSM module 102, and the MCU module 103 maintains the lock signal A unchanged in the original enable state, and the erase signal A is set to Effective, triggering the erase function of SATA controller A107, SATA controller A107 will perform non-recoverable to erase operation on Flash array Ij l08, in order to ensure data security, when the SATA controller completes the erase operation, The erase completion signal A is asserted, the MCU detects that the erase completion signal A is valid, indicating that the SATA controller A 107 has completed the erase operation, proceeds to step 512;
[0070] 步骤 512, 当 MCU检测到 SATA控制器完成擦除信号有效后, 向用户 SIM卡发送
完成擦除命令信息, 告知用户已经完成擦除命令; [0070] Step 512: After the MCU detects that the SATA controller completes the erasure signal, it sends the message to the user SIM card. Complete the erase command information to inform the user that the erase command has been completed;
[0071] 步骤 513, 完成擦除命令。 [0071] Step 513, completing the erase command.
[0072] 图 3是本发明擦除锁定流程示意图。 3 is a schematic diagram of an erase locking process of the present invention.
[0073] 步骤 601, 本发明产品上 GSM模块接收到用户发送的擦除锁定命令, MCU读取 擦除锁定命令, 进入步骤 602; [0073] Step 601, the GSM module on the product of the present invention receives the erase lock command sent by the user, the MCU reads the erase lock command, and proceeds to step 602;
[0074] 步骤 602, MCU将发送擦除命令的用户 SIM卡卡号与保存在内部 flash中的卡号 进行对比, 进入步骤 603; [0074] Step 602, the MCU compares the user SIM card number that sends the erase command with the card number stored in the internal flash, and proceeds to step 603;
[0075] 步骤 603, MCU判断用户 SIM卡卡号是否有发送擦除锁定命令的权限, 若是, 则进入步骤 605, 若否, 则进入步骤 604; [0075] Step 603, the MCU determines whether the user SIM card number has the right to send an erase lock command, and if so, proceeds to step 605, and if not, proceeds to step 604;
[0076] 步骤 604, 本发明产品绑定的 SIM卡向有权限的用户 SIM卡发送告警信息; [0077] 步骤 605, 执行图 2所示的擦除命令, 进入步骤 606; [0076] Step 604, the SIM card bound to the product of the present invention sends an alarm message to the authorized user SIM card; [0077] Step 605, executing the erase command shown in FIG. 2, proceeds to step 606;
[0078] 步骤 606, 执行图 3所示的锁定命令, 进入步骤 607; [0078] Step 606, executing the lock command shown in Figure 3, proceeds to step 607;
[0079] 步骤 607, MCU完成擦除锁定命令后, 向用户 SIM卡卡号发送确认信息, 告知 用户已经完成擦除锁定命令。 [0079] Step 607: After completing the erase lock command, the MCU sends an acknowledgement message to the user SIM card number to inform the user that the erase lock command has been completed.
序列表自由内容 Sequence table free content
[0080] 本发明提供了一种基于 PCIE接口的固态硬盘保密系统及方法, 对本发明的技术 方案进行进一步详细说明。 应当理解, 此处所描述的具体实施例仅用以解释本 发明, 并不限定本发明。 The present invention provides a solid state hard disk security system and method based on a PCIE interface, and the technical solution of the present invention is further described in detail. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
[0081] 以上所述的具体实施例, 对本发明的目的、 技术方案和有益效果进行了更详细 的说明, 所应理解的是, 以上所述仅为本发明的具体实施例而已, 并不用于限 定本发明的保护范围, 凡在本发明的精神和原则之内, 所做的任何修改、 等同 替换、 改进等, 均应包含在本发明的保护范围之内。
The specific embodiments described above are intended to describe the objects, technical solutions, and advantages of the present invention in more detail. It is to be understood that the foregoing description is only exemplary embodiments of the present invention All modifications, equivalents, improvements, etc., made within the spirit and scope of the invention are intended to be included within the scope of the invention.
Claims
权利要求书 Claim
本发明提供基于 PCIE接口的固态硬盘保密系统及方法, 所述系统包 含天线、 GSM模块、 MCU模块、 PCIE/SATA协议转换器、 PCIE接口 、 电源模块、 SATA控制器、 Flash阵列组成。 The invention provides a solid state hard disk security system and method based on a PCIE interface, and the system comprises an antenna, a GSM module, an MCU module, a PCIE/SATA protocol converter, a PCIE interface, a power module, a SATA controller, and a Flash array.
所述的天线 101模块的功能是接收用户手机通过无线基站发送到短信 息信号及发射 GSM模块 102发送到短信息信号。 The function of the antenna 101 module is to receive the short message sent by the user's mobile phone to the short message through the wireless base station and the transmitting GSM module 102.
所述的 GSM模块负责接收和发送短信息。 MCU模块为核心模块, 负 责处理用户的各种操作指令, 并根据用户指令发送擦除信号及锁定信 号, 以实现本发明的锁定功能、 擦除功能、 先擦除再锁定功能。 所述的 PCIE接口负责本发明的保密固态硬盘与各种类别的计算机主 板连接, 以实现各个信号线的连接。 The GSM module is responsible for receiving and transmitting short messages. The MCU module is a core module, and is responsible for processing various operation commands of the user, and sends an erase signal and a lock signal according to the user command to implement the lock function, the erase function, and the first erase and lock function of the present invention. The PCIE interface is responsible for connecting the secure solid state drive of the present invention to various types of computer main boards to achieve connection of individual signal lines.
所述的 PCIE/SATA协议转换器负责将主板的 PCIE信号转换成 SATA控 制器 A和 SATA控制器 B能够识别且能够处理的 SATA信号, 同吋配合 电源模块的选择, 实现信号的桥接。
The PCIE/SATA protocol converter is responsible for converting the PCIE signal of the motherboard into a SATA signal that the SATA controller A and the SATA controller B can recognize and process, and the signal bridge is matched with the selection of the power module.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610988062.7 | 2016-11-10 | ||
| CN201610988062.7A CN108073833A (en) | 2016-11-10 | 2016-11-10 | Solid state disk secrecy system and method based on PCIE interfaces |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2018086171A1 true WO2018086171A1 (en) | 2018-05-17 |
Family
ID=62109058
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/CN2016/108179 WO2018086171A1 (en) | 2016-11-10 | 2016-12-01 | Pcie interface-based solid-state hard disk security system and method |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN108073833A (en) |
| WO (1) | WO2018086171A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108776765A (en) * | 2018-06-11 | 2018-11-09 | 山东超越数控电子股份有限公司 | A kind of hard disk data protection method and device |
| CN111045597A (en) * | 2018-10-12 | 2020-04-21 | 三星电子株式会社 | Computer system |
| CN113111397A (en) * | 2021-05-11 | 2021-07-13 | 上海爱武信息科技有限公司 | Hard disk data logic and physical destruction control system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101706853A (en) * | 2009-11-10 | 2010-05-12 | 徐欣 | Solid state disk (SSD)-based anti-leakage self-destruction system |
| CN101782951A (en) * | 2009-11-10 | 2010-07-21 | 徐欣 | Hard disc remote destroying antitheft system and method |
| CN202189354U (en) * | 2011-07-29 | 2012-04-11 | 苏州捷泰科信息技术有限公司 | Safe solid hard disc system based on universal serial bus (USB) interface |
| CN102902633A (en) * | 2011-07-29 | 2013-01-30 | 苏州捷泰科信息技术有限公司 | Remote encryption system and remote encryption method for solid-state disk |
-
2016
- 2016-11-10 CN CN201610988062.7A patent/CN108073833A/en active Pending
- 2016-12-01 WO PCT/CN2016/108179 patent/WO2018086171A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101706853A (en) * | 2009-11-10 | 2010-05-12 | 徐欣 | Solid state disk (SSD)-based anti-leakage self-destruction system |
| CN101782951A (en) * | 2009-11-10 | 2010-07-21 | 徐欣 | Hard disc remote destroying antitheft system and method |
| CN202189354U (en) * | 2011-07-29 | 2012-04-11 | 苏州捷泰科信息技术有限公司 | Safe solid hard disc system based on universal serial bus (USB) interface |
| CN102902633A (en) * | 2011-07-29 | 2013-01-30 | 苏州捷泰科信息技术有限公司 | Remote encryption system and remote encryption method for solid-state disk |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108776765A (en) * | 2018-06-11 | 2018-11-09 | 山东超越数控电子股份有限公司 | A kind of hard disk data protection method and device |
| CN111045597A (en) * | 2018-10-12 | 2020-04-21 | 三星电子株式会社 | Computer system |
| CN113111397A (en) * | 2021-05-11 | 2021-07-13 | 上海爱武信息科技有限公司 | Hard disk data logic and physical destruction control system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108073833A (en) | 2018-05-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9817609B2 (en) | System and method for encrypted disk drive sanitizing | |
| CN102385671B (en) | Software enciphering method and system | |
| TWI596503B (en) | Secure control of self-encrypting storage devices | |
| CN101615161B (en) | Method for encrypting and decrypting hard disk, hard disk driving device and hard disk | |
| CN110851886B (en) | storage device | |
| US8910301B2 (en) | System and method for locking and unlocking storage device | |
| CN105934751B (en) | Data erasure for target devices | |
| US20100023650A1 (en) | System and method for using a smart card in conjunction with a flash memory controller to detect logon authentication | |
| US11157181B2 (en) | Card activation device and methods for authenticating and activating a data storage device by using a card activation device | |
| TW201207862A (en) | Memory identification code generating method, management method, controller and storage system | |
| KR20180045039A (en) | Security Subsystem | |
| TWI514149B (en) | Storage device and method for storage device state recovery | |
| TWI614632B (en) | Prevention of cable-swap security attack on storage devices | |
| US11163912B2 (en) | Data attestation in memory | |
| WO2018086171A1 (en) | Pcie interface-based solid-state hard disk security system and method | |
| US20190324678A1 (en) | System and Method for Encrypted Disk Drive Sanitizing | |
| US20230185482A1 (en) | Burn-In Solid State Drives through Generation of Proof of Space Plots in A Manufacturing Facility | |
| CN102902633B (en) | Remote encryption system and remote encryption method for solid-state disk | |
| CN113536330A (en) | Storage device and data cleaning method thereof | |
| CN113748698A (en) | Secure communication while accessing a network | |
| CN218068848U (en) | Embedded software encryption protection system based on CPLD | |
| CN103577744A (en) | Network on-line activating mode for Android mobile internet equipment | |
| KR20140112837A (en) | Embedded system, authentication system comprising the same, method of authenticating the system | |
| CN107346403B (en) | Operation method and device of external memory and intelligent terminal | |
| KR101530656B1 (en) | USB memory device with authentication by RFID and its driving method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16921280 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 16921280 Country of ref document: EP Kind code of ref document: A1 |
|
| 32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 05/11/2019) |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 16921280 Country of ref document: EP Kind code of ref document: A1 |