技术领域technical field
本发明涉及数据安全存储领域,具体涉及一种便携式加密机。The invention relates to the field of safe data storage, in particular to a portable encryption machine.
背景技术Background technique
云计算(英语:Cloud Computing),是一种基于互联网的计算方式,通过这种方式,共享的软硬件资源和信息可以按需提供给计算机和其他设备。典型的云计算提供商往往提供通用的网络业务应用,可以通过浏览器等软件或者其他Web服务来访问,而软件和数据都存储在服务器上。云计算服务通常提供通用的通过浏览器访问的在线商业应用,软件和数据可存储在数据中心。Cloud computing (English: Cloud Computing) is an Internet-based computing method in which shared hardware and software resources and information can be provided to computers and other devices on demand. Typical cloud computing providers often provide general-purpose network business applications, which can be accessed through software such as browsers or other Web services, while software and data are stored on servers. Cloud computing services usually provide general-purpose online business applications accessed through a browser, and software and data can be stored in data centers.
云计算是基于互联网的相关服务的增加、使用和交付模式,通常涉及通过互联网来提供动态易扩展且经常是虚拟化的资源。Cloud computing is the growth, usage and delivery model of Internet-based related services, usually involving the provision of dynamically scalable and often virtualized resources over the Internet.
当云计算系统运算和处理的核心是大量数据的存储和管理时,云计算系统中就需要配置大量的存储设备,那么云计算系统就转变成为一个云存储系统,所以云存储是一个以数据存储和管理为核心的云计算系统。When the core of cloud computing system computing and processing is the storage and management of large amounts of data, a large number of storage devices need to be configured in the cloud computing system, then the cloud computing system will be transformed into a cloud storage system, so cloud storage is a data storage and management as the core cloud computing system.
云计算的特点:Features of cloud computing:
1、安全,云计算提供了最可靠、最安全的数据存储中心,用户不用再担心数据丢失、病毒入侵等麻烦。1. Security. Cloud computing provides the most reliable and secure data storage center, and users no longer need to worry about data loss, virus intrusion and other troubles.
2、方便,它对用户端的设备要求最低,使用起来很方便。2. Convenience, it has the lowest requirements on the equipment of the user end, and it is very convenient to use.
3、数据共享,它可以轻松实现不同设备间的数据与应用共享。3. Data sharing, which can easily realize data and application sharing between different devices.
4、无限可能,它为我们使用网络提供了几乎无限多的可能。4. Infinite possibilities, it provides almost infinite possibilities for us to use the Internet.
这是一个大数据的时代,尤其是物联网将成万上亿计的网络传感器嵌入到现实世界的各种设备中,如移动电话、智能电表、汽车和工业机器等,用来感知、创造并交换数据,无处不在的传感网络带来了大量的数据,这些数据正日益成为与实物资本和人力资源同等重要的生产要素。This is an era of big data, especially the Internet of Things, which embeds tens of thousands of network sensors into various devices in the real world, such as mobile phones, smart meters, cars and industrial machines, to sense, create and exchange Data, the ubiquitous sensor network has brought a large amount of data, which is increasingly becoming a production factor as important as physical capital and human resources.
与此同时,云计算为物联网所产生的海量数据提供了很好的存储空间,并使得实时在线处理成为可能。特别是云计算概念衍生出新的概念——云存储,可以通过集群应用、网格技术或分布式文件系统等功能,将网络中大量各种不同类型的存储设备通过应用软件集合起来协同工作,共同对外提供数据存储和业务访问功能的一个系统。At the same time, cloud computing provides a good storage space for the massive data generated by the Internet of Things, and makes real-time online processing possible. In particular, the concept of cloud computing derives a new concept - cloud storage, which can integrate a large number of different types of storage devices in the network through application software to work together through functions such as cluster applications, grid technology, or distributed file systems. A system that jointly provides data storage and business access functions to the outside world.
随着云计算应用的推广,越来越多的用户会将自己的私有数据上传到云,然而云运营商对用户私有数据的保护做的并不到位,即用户私人数据对运营商来讲是OPEN的。因此,用户上传数据如何保护,是云安全的必要组成部分。With the promotion of cloud computing applications, more and more users will upload their private data to the cloud. However, cloud operators do not protect users' private data in place, that is, users' private data is important to operators. OPEN's. Therefore, how to protect user uploaded data is an essential part of cloud security.
发明内容Contents of the invention
本发明要解决的技术问题是:便携式加密机的最终目标是保障个人用户的数据信息上传云时完整、不受损坏、不被窃取。The technical problem to be solved by the present invention is: the ultimate goal of the portable encryption machine is to ensure that the data information of individual users is complete, free from damage, and free from theft when they are uploaded to the cloud.
本发明所采用的技术方案为:The technical scheme adopted in the present invention is:
一种便携式加密机,所述加密机以通用U盘控制器作为USB Device接口接收和发送数据,通过FPGA实现NandFlash(NF) Interface和加解密算法模块;FPGA的配置通过U盘控制器中的MCU进行控制;FPGA中NF Interface和加解密算法模块之间通过Data Buffer连接。A kind of portable encrypting machine, described encrypting machine receives and sends data with universal U disk controller as USB Device interface, realizes NandFlash (NF) Interface and encryption and decryption algorithm module by FPGA; The configuration of FPGA is through the MCU in U disk controller Control; the NF Interface in the FPGA and the encryption and decryption algorithm module are connected through the Data Buffer.
所述Data Buffer由FPGA内部BlockRAM实现,数据无需存储在片外。The Data Buffer is implemented by the FPGA internal BlockRAM, and the data does not need to be stored off-chip.
所述加密机使用过程如下:The process of using the encryption machine is as follows:
用户需要上传的数据会首先通过USB接口进入加密机,数据经过加密后再通过USB接口返回Host端,之后再通过网络上传云;The data that the user needs to upload will first enter the encryption machine through the USB interface. After the data is encrypted, it will be returned to the Host through the USB interface, and then uploaded to the cloud through the network;
同理,用户数据由云下载后,首先通过USB接口进入加密机进行数据解密,然后通过USB口返回Host端,用户正常使用。In the same way, after the user data is downloaded from the cloud, it first enters the encryption machine through the USB interface for data decryption, and then returns to the Host side through the USB port, and the user can use it normally.
注:NandFlash——NOR和NAND是现在市场上两种主要的非易失闪存技术。Intel于1988年首先开发出NOR flash技术,彻底改变了原先由EPROM和EEPROM一统天下的局面。紧接着,1989年,东芝公司发表了NAND flash结构,强调降低每比特的成本,更高的性能,并且像磁盘一样可以通过接口轻松升级。NAND结构能提供极高的单元密度,可以达到高存储密度,并且写入和擦除的速度也很快。Note: NandFlash - NOR and NAND are the two main non-volatile flash technologies on the market today. Intel first developed NOR flash technology in 1988, which completely changed the situation where EPROM and EEPROM dominated the world. Then, in 1989, Toshiba released the NAND flash structure, emphasizing the reduction of cost per bit, higher performance, and it can be easily upgraded through the interface like a disk. The NAND structure can provide extremely high cell density, can achieve high storage density, and the speed of writing and erasing is also very fast.
本发明的有益效果为:本发明结构设计合理,使用方便,能够有效保障个人用户的数据信息上传云时完整、不受损坏、不被窃取,保障了云系统使用时用户的安全性和私密性。The beneficial effects of the present invention are: the present invention has a reasonable structural design and is convenient to use, and can effectively ensure that the data information of individual users is complete, free from damage, and free from theft when uploading to the cloud, and ensures the security and privacy of users when using the cloud system .
附图说明Description of drawings
图1为本发明便携式加密机架构框图。Fig. 1 is a block diagram of the portable encryption machine of the present invention.
具体实施方式Detailed ways
下面参照附图所示,通过具体实施方式对本发明进一步说明:Below with reference to shown in accompanying drawing, the present invention is further described by specific embodiment:
实施例1:Example 1:
如图1所示,一种便携式加密机,所述加密机以通用U盘控制器作为USB Device接口接收和发送数据,通过FPGA实现NandFlash(NF) Interface和加解密算法模块;FPGA的配置通过U盘控制器中的MCU进行控制;FPGA中NF Interface和加解密算法模块之间通过Data Buffer连接。As shown in Figure 1, a kind of portable encrypting machine, described encrypting machine receives and sends data with universal U disk controller as USB Device interface, realizes NandFlash (NF) Interface and encryption and decryption algorithm module by FPGA; The configuration of FPGA is through U The MCU in the disk controller is controlled; the NF Interface in the FPGA and the encryption and decryption algorithm module are connected through the Data Buffer.
实施例2:Example 2:
在实施例1的基础上,本实施例所述Data Buffer由FPGA内部BlockRAM实现,数据无需存储在片外。On the basis of Embodiment 1, the Data Buffer described in this embodiment is implemented by the BlockRAM inside the FPGA, and the data does not need to be stored off-chip.
实施例3:Example 3:
在实施例1或2的基础上,本实施例所述加密机使用过程如下:On the basis of embodiment 1 or 2, the use process of the encryption machine described in this embodiment is as follows:
用户需要上传的数据会首先通过USB接口进入加密机,数据经过加密后再通过USB接口返回Host端,之后再通过网络上传云;The data that the user needs to upload will first enter the encryption machine through the USB interface. After the data is encrypted, it will be returned to the Host through the USB interface, and then uploaded to the cloud through the network;
同理,用户数据由云下载后,首先通过USB接口进入加密机进行数据解密,然后通过USB口返回Host端,用户正常使用。In the same way, after the user data is downloaded from the cloud, it first enters the encryption machine through the USB interface for data decryption, and then returns to the Host side through the USB port, and the user can use it normally.
以上实施方式仅用于说明本发明,而并非对本发明的限制,有关技术领域的普通技术人员,在不脱离本发明的精神和范围的情况下,还可以做出各种变化和变型,因此所有等同的技术方案也属于本发明的范畴,本发明的专利保护范围应由权利要求限定。The above embodiments are only used to illustrate the present invention, but not to limit the present invention. Those of ordinary skill in the relevant technical field can make various changes and modifications without departing from the spirit and scope of the present invention. Therefore, all Equivalent technical solutions also belong to the category of the present invention, and the scope of patent protection of the present invention should be defined by the claims.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510062677.2ACN104618095A (en) | 2015-02-06 | 2015-02-06 | Portable encrypting machine |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510062677.2ACN104618095A (en) | 2015-02-06 | 2015-02-06 | Portable encrypting machine |
| Publication Number | Publication Date |
|---|---|
| CN104618095Atrue CN104618095A (en) | 2015-05-13 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510062677.2APendingCN104618095A (en) | 2015-02-06 | 2015-02-06 | Portable encrypting machine |
| Country | Link |
|---|---|
| CN (1) | CN104618095A (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102201267A (en)* | 2010-03-26 | 2011-09-28 | 上海摩波彼克半导体有限公司 | Platform system for realizing circuit verification of Nandflash flash memory controller based on FPGA (Field Programmable Gate Array) and method thereof |
| CN103729324A (en)* | 2014-01-22 | 2014-04-16 | 浪潮电子信息产业股份有限公司 | Security protection device of cloud storage file based on USB3.0 interface |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102201267A (en)* | 2010-03-26 | 2011-09-28 | 上海摩波彼克半导体有限公司 | Platform system for realizing circuit verification of Nandflash flash memory controller based on FPGA (Field Programmable Gate Array) and method thereof |
| CN103729324A (en)* | 2014-01-22 | 2014-04-16 | 浪潮电子信息产业股份有限公司 | Security protection device of cloud storage file based on USB3.0 interface |
| Title |
|---|
| 孙安云: "基于FAT文件系统的NAND Flash嵌入式存储模块的设计和实现", 《中国优秀硕士学位论文全文数据库信息科技辑》* |
| 李亚强: "基于Z8HM2芯片的加密U盘的设计", 《中国优秀硕士学位论文全文数据库信息科技辑》* |
| Publication | Publication Date | Title |
|---|---|---|
| US9172532B1 (en) | Multi-tiered encryption system for efficiently regulating use of encryption keys | |
| US10541804B2 (en) | Techniques for key provisioning in a trusted execution environment | |
| CN100454321C (en) | USB device with data memory and intelligent secret key and control method thereof | |
| CN108959932A (en) | The technology of safety chip memory for credible performing environment | |
| US9729438B2 (en) | Cloud-based anonymous routing | |
| CN103366135A (en) | Tenant driven security system and method in a storage cloud | |
| CN107302546A (en) | Big data platform safety accesses system, method and electronic equipment | |
| CN107124271A (en) | A kind of data encryption, decryption method and equipment | |
| CN102571916A (en) | Framework of leasing software of cloud storage space and operating method of framework | |
| CN106022080A (en) | Cipher card based on PCIe (peripheral component interface express) interface and data encryption method of cipher card | |
| US20190296893A1 (en) | Techniques for cipher system conversion | |
| US8776057B2 (en) | System and method for providing evidence of the physical presence of virtual machines | |
| CN104657411A (en) | Method and system for information technology resource management | |
| TWI716385B (en) | Authentication method and authentication device | |
| CN106991061A (en) | A kind of SATA hard disc crypto module and its method of work | |
| CN105740733B (en) | A kind of encryption mobile hard disk and its implementation | |
| CN102200948A (en) | Multi-partition memory device and access method thereof | |
| CN102194292A (en) | Billing server, tax copying system and tax copying method | |
| US20230087260A1 (en) | Storage controller and storage system comprising the same | |
| CN104902031A (en) | Enterprise intelligent cloud system based on virtual desktop | |
| CN104182691A (en) | Data encryption method and device | |
| CN205829704U (en) | cloud storage system | |
| CN104463510A (en) | Finance management system | |
| CN103729324A (en) | Security protection device of cloud storage file based on USB3.0 interface | |
| CN107493301A (en) | A data access system |
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date:20150513 |