CN106991061A - A kind of SATA hard disc crypto module and its method of work - Google Patents
A kind of SATA hard disc crypto module and its method of work Download PDFInfo
- Publication number
- CN106991061A CN106991061A CN201710211357.8A CN201710211357A CN106991061A CN 106991061 A CN106991061 A CN 106991061A CN 201710211357 A CN201710211357 A CN 201710211357A CN 106991061 A CN106991061 A CN 106991061A
- Authority
- CN
- China
- Prior art keywords
- sata
- module
- hard disc
- interface
- main control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
A kind of SATA hard disc crypto module, including SSD main control chips, FPGA module and the SATA interface depressed place being sequentially connected;The SSD main control chips are connected with host side, and the SSD main control chips are connected by ONFI interfaces with FPGA module;The FPGA module is connected by SATA interface depressed place with equipment end.The present invention connects FPGA module using SSD main control chips by ONFI interfaces, realizes that user storage data is interacted, it is ensured that data transfer, the encryption and decryption performance of storage between host side and SATA hard disc.
Description
Technical field
The present invention relates to a kind of SATA hard disc crypto module and its method of work, belong to the technology neck of data storage security
Domain.
Background technology
As data value is constantly lifted and memory technology is continued to develop, the importance of storage system is constantly lifted, number
According to as most crucial assets.The data storage of the local SATA hard disc of user often turns into the preferred object of attacker, so as to reach
To the purpose for stealing, distorting or destroying data, if without safe precaution measure, once attacker successfully steals, its negative shadow
Sound will be inestimable, therefore the local SATA hard disc storage safety of user becomes most important.
The encryption protecting method of the existing local SATA hard disc of user is divided into two kinds, and first method uses the side of software cryptography
Formula realizes storage data encryption in file system, and this implementation is realized simply, but there is poor performance, there are security breaches
Easily by it is broken the problems such as;Second method is used increases fixed disk data enciphering card or data transfer encryption between host side and hard disk
Device, is realized and SATA hard disc data encrypting and deciphering is handled, but this implementation can only be realized to data encrypting and deciphering processing, it is impossible to
The characteristic such as support cryptographic algorithm flexibly to replace, various SATA interfaces flexibly supported, using being restricted.
The content of the invention
In view of the shortcomings of the prior art, the present invention provides a kind of SATA hard disc crypto module.
The present invention also provides the method for work of above-mentioned SATA hard disc crypto module.
The present invention can solve the problem that the development difficulty in the protection of original user local SATA hard disc storage data encryption is big, performance
The problems such as difference, algorithm are difficult extension, ensure that confidentiality, the integrality of SATA hard disc data storage, and possess cryptographic algorithm
Flexibly replace, to advantages such as the flexible supports of various SATA interfaces, so that meeting user is being locally stored answering for data security arts
With.
Technical scheme is as follows:
A kind of SATA hard disc crypto module, including SSD main control chips, FPGA module and the SATA interface depressed place being sequentially connected;
The SSD main control chips are connected with host side, and the SSD main control chips are connected by ONFI interfaces with FPGA module;It is described
FPGA module is connected by SATA interface depressed place with equipment end.The present invention realizes the height of data storage between host side and equipment end
Fast interface conversion and data encrypting and deciphering.
According to currently preferred, the SSD main control chips include built-in firmware program:ONFI modules, FTL modules, set
Standby interface module and device management module;
The ONFI modules are used to realize that SSD main control chips are communicated by ONFI interfaces and FPGA module;
The FTL modules are used to realize from LBA logical block addresses to the mapping of PBA physical block address, realize file
Management of the system to equipment end, described equipment end is SATA hard disc;
The device interface module, which is used to realize, to be managed the relevant interface of SSD main control chips:Managed including SSD interface,
Power management and queue management;
The device management module is used for full disk encryption, key management, log management and volume production management.
According to currently preferred, the FPGA module includes ONFI interface modules, symmetric cryptographic algorithm module and SATA
Interface module;
The ONFI interface modules include clock control, data queue's control, port controlling, instruction buffer, address buffer
With data input and output buffer logic;
The symmetric cryptographic algorithm module includes being used for algorithm control and symmetric cryptographic algorithm engine logic, due to FPGA tools
Standby programmable advantage, therefore symmetric cryptographic algorithm engine can be developed for various cryptographic algorithms, realize that cryptographic algorithm is flexibly replaced
Change;
It is defeated that the SATA interface module includes clock control, port controlling, command generator, instruction buffer and data input
Go out buffer logic.
According to currently preferred, the interface that the SATA interface depressed place is provided include standard SATA interface, mSATA interfaces,
M.2 the mini SATA interfaces such as interface, the various SATA interface hard disks for connecting equipment end.
Such as the method for work of above-mentioned SATA hard disc crypto module, including, using the SATA hard disc crypto module by main frame
End is connected with equipment end, realizes that the encryption to SATA hard disc data is stored and decryption is read;
The encryption realized to SATA hard disc data is stored, including, the data of host side are transferred to institute by SSD main control chips
State FPGA module and carry out data encryption, the data after encryption are write by SATA hard disc by the SATA interface depressed place;
Realize that the decryption to SATA hard disc data is read:Including the SATA hard disc will be inside it by SATA protocol
The data of storage transfer to the FPGA module to carry out data deciphering, are returned to the data after decryption by the SSD main control chips
Host side.
According to currently preferred, the host side, SSD main control chips, FPGA module, SATA interface depressed place and SATA hard disc
Between connection for serial connection.The advantage of this design is, using serial connection, in the absence of data bypass, it is ensured that data add
The validity of close storage.
A kind of SATA hard disc of securely reading data, it is characterised in that the SATA hard disc includes hard disc module and SATA
Harddisk password module:
The SATA hard disc crypto module includes SSD main control chips, FPGA module and SATA interface depressed place;The SSD master controls
Chip is connected by ONFI interfaces with FPGA module;The FPGA module is connected by SATA interface depressed place with the hard disc module.
The technical advantage of the present invention:
1. the present invention connects FPGA module using SSD main control chips by ONFI interfaces, realize that user storage data is interacted,
It ensure that data transfer between host side and SATA hard disc, the encryption and decryption performance of storage.
2. SATA hard disc crypto module of the present invention uses to ensure that data encrypting and deciphering performance, AES are flexibly replaced
FPGA is used for data encrypting and deciphering, and FPGA connects SATA interface depressed place by SATA interface, realizes the high-speed interface conversion of data storage
And data encrypting and deciphering;
3. the present invention provides the mini SATA interfaces such as standard SATA interface, mSATA/M.2, connection using SATA interface depressed place
Various SATA interface hard disks, so as to greatly improve the application of crypto module.
Brief description of the drawings
Fig. 1 is a kind of block architecture diagram of SATA hard disc crypto module of the present invention.
Embodiment
The present invention is described in detail with reference to embodiment and Figure of description, but not limited to this.
Embodiment 1,
A kind of SATA hard disc crypto module, including SSD main control chips, FPGA module and the SATA interface depressed place being sequentially connected;
The SSD main control chips are connected with host side, and the SSD main control chips are connected by ONFI interfaces with FPGA module;It is described
FPGA module is connected by SATA interface depressed place with equipment end.
The SSD main control chips include built-in firmware program:ONFI modules, FTL modules, device interface module and equipment pipe
Manage module;
The ONFI modules are used to realize that SSD main control chips are communicated by ONFI interfaces and FPGA module;
The FTL modules are used to realize from LBA logical block addresses to the mapping of PBA physical block address, realize file
Management of the system to equipment end, described equipment end is SATA hard disc;
The device interface module, which is used to realize, to be managed the relevant interface of SSD main control chips:Managed including SSD interface,
Power management and queue management;
The device management module is used for full disk encryption, key management, log management and volume production management.
The FPGA module includes ONFI interface modules, symmetric cryptographic algorithm module and SATA interface module;
The ONFI interface modules include clock control, data queue's control, port controlling, instruction buffer, address buffer
With data input and output buffer logic;
The symmetric cryptographic algorithm module includes being used for algorithm control and symmetric cryptographic algorithm engine logic, due to FPGA tools
Standby programmable advantage, therefore symmetric cryptographic algorithm engine can be developed for various cryptographic algorithms, realize that cryptographic algorithm is flexibly replaced
Change;
It is defeated that the SATA interface module includes clock control, port controlling, command generator, instruction buffer and data input
Go out buffer logic.
Embodiment 2,
A kind of SATA hard disc crypto module as described in Example 1, its difference is that what the SATA interface depressed place was provided connects
Mouth includes standard SATA interface, M.2 mSATA interfaces, the mini SATA interfaces such as interface, the various SATA for connecting equipment end
Interface hard disk.
Embodiment 3,
A kind of method of work of SATA hard disc crypto module as described in embodiment 1,2, including, utilize the SATA hard disc
Host side is connected by crypto module with equipment end, realizes that the encryption to SATA hard disc data is stored and decryption is read;
The encryption realized to SATA hard disc data is stored, including, the data of host side are transferred to institute by SSD main control chips
State FPGA module and carry out data encryption, the data after encryption are write by SATA hard disc by the SATA interface depressed place;
Realize that the decryption to SATA hard disc data is read:Including the SATA hard disc will be inside it by SATA protocol
The data of storage transfer to the FPGA module to carry out data deciphering, are returned to the data after decryption by the SSD main control chips
Host side.
Embodiment 4,
A kind of method of work of SATA hard disc crypto module as described in Example 3, its difference is, the host side,
Connection between SSD main control chips, FPGA module, SATA interface depressed place and SATA hard disc is serial connection.
Embodiment 5,
A kind of SATA hard disc of securely reading data, it is characterised in that the SATA hard disc includes hard disc module and SATA
Harddisk password module:
The SATA hard disc crypto module includes SSD main control chips, FPGA module and SATA interface depressed place;The SSD master controls
Chip is connected by ONFI interfaces with FPGA module;The FPGA module is connected by SATA interface depressed place with the hard disc module.
Embodiment described in above is only a part of embodiment of the invention, rather than whole embodiments.Based on this
Embodiment in invention, the every other reality that those of ordinary skill in the art are obtained under the premise of creative work is not made
Example is applied, the scope of protection of the invention is belonged to.
Claims (7)
1. a kind of SATA hard disc crypto module, it is characterised in that including the SSD main control chips being sequentially connected, FPGA module and
SATA interface depressed place;The SSD main control chips are connected with host side, and the SSD main control chips pass through ONFI interfaces and FPGA module
It is connected;The FPGA module is connected by SATA interface depressed place with equipment end.
2. a kind of SATA hard disc crypto module according to claim 1, it is characterised in that the SSD main control chips include
Built-in firmware program:ONFI modules, FTL modules, device interface module and device management module;
The ONFI modules are used to realize that SSD main control chips are communicated by ONFI interfaces and FPGA module;
The FTL modules are used to realize from LBA logical block addresses to the mapping of PBA physical block address, realize file system
Management to equipment end, described equipment end is SATA hard disc;
The device interface module, which is used to realize, to be managed the relevant interface of SSD main control chips:Including SSD interface management, power supply
Management and queue management;
The device management module is used for full disk encryption, key management, log management and volume production management.
3. a kind of SATA hard disc crypto module according to claim 1, it is characterised in that the FPGA module includes ONFI
Interface module, symmetric cryptographic algorithm module and SATA interface module;
The ONFI interface modules include clock control, data queue's control, port controlling, instruction buffer, address buffer sum
According to input and output buffer logic;
The symmetric cryptographic algorithm module include be used for algorithm control and symmetric cryptographic algorithm engine logic, due to FPGA possesses can
The advantage of programming, therefore symmetric cryptographic algorithm engine can be developed for various cryptographic algorithms, realize that cryptographic algorithm is flexibly replaced;
It is slow that the SATA interface module includes clock control, port controlling, command generator, instruction buffer and data input and output
Rush logic.
4. a kind of SATA hard disc crypto module according to claim 1, it is characterised in that what the SATA interface depressed place was provided
Interface includes standard SATA interface, M.2 mSATA interfaces, the mini SATA interfaces such as interface, for connecting the various of equipment end
SATA interface hard disk.
5. a kind of method of work of SATA hard disc crypto module according to claim 1-4 any one, it is characterised in that
The method of work includes, and host side is connected with equipment end using the SATA hard disc crypto module, realizes to SATA hard disc number
According to encryption storage and decryption read;
The encryption realized to SATA hard disc data is stored, including, SSD main control chips transfer to the data of host side described
FPGA module carries out data encryption, and the data after encryption are write into SATA hard disc by the SATA interface depressed place;
Realize that the decryption to SATA hard disc data is read:Including the SATA hard disc will be in its storage inside by SATA protocol
Data transfer to the FPGA module to carry out data deciphering, the data after decryption are returned to by main frame by the SSD main control chips
End.
6. a kind of method of work of SATA hard disc crypto module according to claim 5, it is characterised in that the main frame
Connection between end, SSD main control chips, FPGA module, SATA interface depressed place and SATA hard disc is serial connection.
7. a kind of SATA hard disc of securely reading data, it is characterised in that the SATA hard disc includes hard disc module and SATA is hard
Disk crypto module:
The SATA hard disc crypto module includes SSD main control chips, FPGA module and SATA interface depressed place;The SSD main control chips
It is connected by ONFI interfaces with FPGA module;The FPGA module is connected by SATA interface depressed place with the hard disc module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710211357.8A CN106991061A (en) | 2017-03-31 | 2017-03-31 | A kind of SATA hard disc crypto module and its method of work |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710211357.8A CN106991061A (en) | 2017-03-31 | 2017-03-31 | A kind of SATA hard disc crypto module and its method of work |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106991061A true CN106991061A (en) | 2017-07-28 |
Family
ID=59416056
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710211357.8A Pending CN106991061A (en) | 2017-03-31 | 2017-03-31 | A kind of SATA hard disc crypto module and its method of work |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106991061A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108280372A (en) * | 2018-02-23 | 2018-07-13 | 深圳国微技术有限公司 | A kind of safety chip |
| CN109784104A (en) * | 2019-01-25 | 2019-05-21 | 山东超越数控电子股份有限公司 | SATA hard disc crypto module and its working method, system and its working method |
| CN109918918A (en) * | 2019-03-19 | 2019-06-21 | 联芸科技(杭州)有限公司 | A kind of credible accounting system implementation based on solid-state disk master control |
| CN111176563A (en) * | 2019-12-24 | 2020-05-19 | 湖南国科微电子股份有限公司 | Method for bypass access to storage data, storage device and bypass access storage system |
| CN113704835A (en) * | 2021-08-20 | 2021-11-26 | 北京计算机技术及应用研究所 | Trusted storage hard disk supporting encryption card function |
| CN114880257A (en) * | 2022-03-28 | 2022-08-09 | 中安云科科技发展(山东)有限公司 | M.2 interface cipher card |
| CN117473573A (en) * | 2023-12-28 | 2024-01-30 | 山东华翼微电子技术股份有限公司 | SATA interface system and data security ferrying method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201662811U (en) * | 2010-08-20 | 2010-12-01 | 河南省电力公司 | Dual-network isolated SSD hard disk |
| CN103345453A (en) * | 2013-06-27 | 2013-10-09 | 清华大学 | Hard disk data encryption card supporting SATA interface and encryption and decryption method |
| CN105205416A (en) * | 2015-08-25 | 2015-12-30 | 浪潮集团有限公司 | Mobile hard disk password module |
| CN105740733A (en) * | 2016-01-28 | 2016-07-06 | 山东超越数控电子有限公司 | Encrypted mobile hard disk and realization method thereof |
| CN106971102A (en) * | 2017-03-24 | 2017-07-21 | 山东超越数控电子有限公司 | A kind of start authentication method and device based on harddisk password module |
-
2017
- 2017-03-31 CN CN201710211357.8A patent/CN106991061A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201662811U (en) * | 2010-08-20 | 2010-12-01 | 河南省电力公司 | Dual-network isolated SSD hard disk |
| CN103345453A (en) * | 2013-06-27 | 2013-10-09 | 清华大学 | Hard disk data encryption card supporting SATA interface and encryption and decryption method |
| CN105205416A (en) * | 2015-08-25 | 2015-12-30 | 浪潮集团有限公司 | Mobile hard disk password module |
| CN105740733A (en) * | 2016-01-28 | 2016-07-06 | 山东超越数控电子有限公司 | Encrypted mobile hard disk and realization method thereof |
| CN106971102A (en) * | 2017-03-24 | 2017-07-21 | 山东超越数控电子有限公司 | A kind of start authentication method and device based on harddisk password module |
Non-Patent Citations (1)
| Title |
|---|
| 胡嘉玺 等: "《固态硬盘火力全开 超高速SSD应用详解与技巧》", 31 January 2014 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108280372A (en) * | 2018-02-23 | 2018-07-13 | 深圳国微技术有限公司 | A kind of safety chip |
| CN109784104A (en) * | 2019-01-25 | 2019-05-21 | 山东超越数控电子股份有限公司 | SATA hard disc crypto module and its working method, system and its working method |
| CN109918918A (en) * | 2019-03-19 | 2019-06-21 | 联芸科技(杭州)有限公司 | A kind of credible accounting system implementation based on solid-state disk master control |
| CN109918918B (en) * | 2019-03-19 | 2021-04-23 | 联芸科技(杭州)有限公司 | Trusted computing system implementation scheme based on solid-state disk master control |
| CN111176563A (en) * | 2019-12-24 | 2020-05-19 | 湖南国科微电子股份有限公司 | Method for bypass access to storage data, storage device and bypass access storage system |
| CN111176563B (en) * | 2019-12-24 | 2023-10-31 | 湖南国科微电子股份有限公司 | Method for bypass access to storage data, storage device and bypass access storage system |
| CN113704835A (en) * | 2021-08-20 | 2021-11-26 | 北京计算机技术及应用研究所 | Trusted storage hard disk supporting encryption card function |
| CN113704835B (en) * | 2021-08-20 | 2023-11-10 | 北京计算机技术及应用研究所 | Trusted storage hard disk supporting encryption card function |
| CN114880257A (en) * | 2022-03-28 | 2022-08-09 | 中安云科科技发展(山东)有限公司 | M.2 interface cipher card |
| CN117473573A (en) * | 2023-12-28 | 2024-01-30 | 山东华翼微电子技术股份有限公司 | SATA interface system and data security ferrying method |
| CN117473573B (en) * | 2023-12-28 | 2024-04-19 | 山东华翼微电子技术股份有限公司 | SATA interface system and data security ferrying method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106991061A (en) | A kind of SATA hard disc crypto module and its method of work | |
| US10503934B2 (en) | Secure subsystem | |
| CN110618947A (en) | Techniques for secure I/O with memory encryption engine | |
| CN102073808B (en) | Method for encrypting and storing information through SATA interface and encryption card | |
| CN104160407B (en) | Using storage control EBI guaranteeing the data transmission security between storage device and main frame | |
| JP7222971B2 (en) | Apparatus and method for encryption and decryption of stored data | |
| CN104252426A (en) | Multiple volume encryption of storage devices using self encrypting drive (sed) | |
| JP2020535693A (en) | Storage data encryption / decryption device and method | |
| CN105243344A (en) | Chipset with hard disk encryption function and host computer controller | |
| CN104573441A (en) | Computer with data privacy function and data encryption and hiding method thereof | |
| CN111131130B (en) | Key management method and system | |
| CN103345453B (en) | Based on supporting the method that the fixed disk data enciphering card of SATA interface is encrypted | |
| TW201521413A (en) | Virtual bands concentration for self encrypting drives | |
| CN105740733B (en) | A kind of encryption mobile hard disk and its implementation | |
| CN105354503A (en) | Data encryption/decryption method for storage apparatus | |
| CN105205416A (en) | Mobile hard disk password module | |
| CN204669402U (en) | A kind of cloud data message encrypting and decrypting system based on USB flash disk | |
| CN203930840U (en) | A kind of hardware encryption card | |
| CN102609368A (en) | Solid-state-drive data encryption and decryption method and solid state drive | |
| CN103049705A (en) | Virtualization based method, terminal and system for secure storage | |
| CN103729324A (en) | Security protection device of cloud storage file based on USB3.0 interface | |
| CN113721838B (en) | Write, read data method for memory device, memory controller, and DMA engine | |
| US20160026582A1 (en) | Encrypt data of storage device | |
| CN104951407A (en) | U disc capable of being encrypted and encryption method thereof | |
| CN116204111A (en) | Method for managing namespaces and storage device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170728 |