CN112882660A - Secure storage device - Google Patents
Secure storage deviceDownload PDFInfo
- Publication number
- CN112882660A CN112882660ACN202110249386.XACN202110249386ACN112882660ACN 112882660 ACN112882660 ACN 112882660ACN 202110249386 ACN202110249386 ACN 202110249386ACN 112882660 ACN112882660 ACN 112882660A
- Authority
- CN
- China
- Prior art keywords
- unit
- storage
- storage controller
- controller
- downlink
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0655—Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
- G06F3/0658—Controller construction arrangements
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0629—Configuration or reconfiguration of storage systems
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Human Computer Interaction (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
Description
Translated fromChinese技术领域technical field
本发明涉及计算机信息安全和网络安全领域,尤其涉及一种安全存储装置。The present invention relates to the field of computer information security and network security, in particular to a secure storage device.
背景技术Background technique
随着互联网以及数字经济的发展,数据传输在容量方面的要求越来越高且面临日益增加的安全威胁。企业、政府、军事部门等的内部网络与外部网络之间的交互越来越频繁,为保证数据交互的安全,数据交互通常采用单向传输的方式。目前普遍使用的传输设备有光盘、网闸、光闸、保密优盘等。With the development of the Internet and the digital economy, data transmission is increasingly demanding in terms of capacity and faces increasing security threats. The interaction between internal networks and external networks of enterprises, governments, military departments, etc. is becoming more and more frequent. To ensure the security of data interaction, data interaction usually adopts one-way transmission. At present, the commonly used transmission devices include optical discs, gates, optical gates, and confidential USB flash drives.
光盘传输被大量使用,但光盘具有一些缺点,例如:容量有限,信息存储量一般不超过10GB;使用不便捷,容易损坏,使用后需要及时销毁,造成一定程度上的资源浪费。网闸(GAP)即网络安全隔离设备,架设在两个不连通的网络(内网和外网)之间,通过控制数据交换区与内外网在任意时刻不能同时连接,在内外网物理隔离的情况下实现数据的安全摆渡。但是,网闸也是有缺陷的,例如:其数据交互速度慢,可靠性差,无法提供可追溯性,不能很好地支持对大文件和海量数据的传输,会影响业务时效性。光闸(FGAP)即安全光传输设备,是在网闸基础上发展而成的,其是基于光的单向性物理隔离软硬件系统。光闸一般用于对安全性要求极高的数据交互场景,如涉密网络与非涉密网络之间的数据交互、行业内网与公共网络之间的数据交互等。网闸和光闸是昂贵的,而且不具备数据存储功能,体积较大,不方便携带。保密U盘也被称为安全U盘,仅采用授权管理和口令控制的方式实现U盘数据的加密保护。虽然使用方便,但是保密U盘安全性较低,使用安全U盘引发的信息安全问题也屡屡发生。Optical disc transmission is widely used, but optical discs have some disadvantages, such as: limited capacity, information storage generally does not exceed 10GB; inconvenient to use, easy to damage, need to be destroyed in time after use, resulting in a certain degree of waste of resources. Gatekeeper (GAP) is a network security isolation device, which is set up between two disconnected networks (internal network and external network). In this case, the safe transfer of data can be realized. However, gatekeepers are also flawed. For example, their data exchange speed is slow, their reliability is poor, they cannot provide traceability, and they cannot well support the transmission of large files and massive data, which will affect the timeliness of business. Optical gate (FGAP) is a secure optical transmission equipment, which is developed on the basis of gatekeeper. It is a unidirectional physical isolation software and hardware system based on light. Optical gates are generally used in data interaction scenarios with extremely high security requirements, such as data interaction between classified networks and non-classified networks, and data interaction between industry intranets and public networks. Gatekeepers and shutters are expensive, have no data storage function, are bulky, and are inconvenient to carry. Confidential U disk is also called secure U disk, which only uses authorization management and password control to realize the encryption protection of U disk data. Although it is convenient to use, the security of the confidential U disk is relatively low, and the information security problems caused by the use of the secure U disk also occur frequently.
因此,存在对改进的安全存储装置的需要。Accordingly, there is a need for an improved secure storage device.
发明内容SUMMARY OF THE INVENTION
本发明的目的在于提出一种能解决或至少缓解上述问题中的至少一些的安全存储装置。It is an object of the present invention to propose a secure storage device that solves or at least alleviates at least some of the above-mentioned problems.
本发明提供至少以下技术方案:The present invention provides at least the following technical solutions:
1.一种安全存储装置,包括:传输接口、主控单元、下行传输链路、下行存储控制器、上行传输链路、上行存储控制器、存储接口切换单元、存储单元,其中所述主控单元连接到所述传输接口、所述下行存储控制器、所述上行存储控制器和所述存储接口切换单元,所述下行传输链路连接在所述传输接口和所述下行存储控制器之间,所述上行传输链路连接在所述传输接口和所述上行存储控制器之间,所述下行存储控制器和所述上行存储控制器中的每个经由所述存储接口切换单元连接至所述存储单元,其中1. A security storage device, comprising: a transmission interface, a main control unit, a downlink, a downlink storage controller, an uplink transmission link, an uplink storage controller, a storage interface switching unit, and a storage unit, wherein the main controller unit is connected to the transmission interface, the downlink storage controller, the uplink storage controller and the storage interface switching unit, and the downlink transmission link is connected between the transmission interface and the downlink storage controller , the uplink transmission link is connected between the transmission interface and the uplink storage controller, and each of the downlink storage controller and the uplink storage controller is connected to the storage interface switching unit via the storage interface switching unit. the storage unit, where
所述下行存储控制器被配置为由所述主控单元选择性地启用或禁用以允许或禁止对所述存储单元的写入访问,the downstream storage controller is configured to be selectively enabled or disabled by the master unit to allow or disable write access to the storage unit,
所述上行存储控制器被配置为由所述主控单元选择性地启用或禁用以允许或禁止对所述存储单元的读出访问,the up memory controller is configured to be selectively enabled or disabled by the master unit to allow or disable read access to the memory cells,
所述存储接口切换单元被配置为由所述主控单元控制为选择性地与所述下行存储控制器或所述上行存储控制器接通,the storage interface switching unit is configured to be controlled by the main control unit to selectively connect with the downstream storage controller or the upstream storage controller,
所述主控单元被配置为选择性地执行至少一种控制中之一,所述至少一种控制包括使所述安全存储装置工作于只写模式的第一控制、使所述安全存储装置工作于只读模式的第二控制和/或使所述安全存储装置工作于读写模式的第三控制,The main control unit is configured to selectively perform one of at least one control including a first control to operate the secure storage device in a write-only mode, to operate the secure storage device a second control in read-only mode and/or a third control to operate the secure storage device in read-write mode,
其中所述第一控制包括:启用所述下行存储控制器、禁用所述上行存储控制器,并控制所述存储接口切换单元仅与所述下行存储控制器接通,使得来自经由所述传输接口连接至所述安全存储装置的上位机的数据能够依次经由所述传输接口、所述下行传输链路、所述下行存储控制器、所述存储接口切换单元被传输至并写入所述存储单元;所述第二控制包括:禁用所述下行存储控制器、启用所述上行存储控制器,控制所述存储接口切换单元仅与所述上行存储控制器接通,使得存储在所述存储单元中的数据能够被读取并依次经由所述存储接口切换单元、所述上行存储控制器、所述上行传输链路和所述传输接口被传输至所述上位机;所述第三控制包括:控制所述存储接口切换单元分时地与所述下行存储控制器或所述上行存储控制器接通,在所述存储接口切换单元与所述下行存储控制器接通时启用所述下行存储控制器、禁用所述上行存储控制器,在所述存储接口切换单元与所述上行存储控制器接通时禁用所述下行存储控制器、启用所述上行存储控制器,使得当所述存储接口切换单元与所述下行存储控制器接通时,来自所述上位机的数据能够依次经由所述传输接口、所述下行传输链路、所述下行存储控制器、所述存储接口切换单元被传输至并写入所述存储单元,并且当所述存储接口切换单元与所述上行存储控制器接通时,存储在所述存储单元中的数据能够被读取并依次经由所述存储接口切换单元、所述上行存储控制器、所述上行传输链路和所述传输接口被传输至所述上位机。The first control includes: enabling the downlink storage controller, disabling the uplink storage controller, and controlling the storage interface switching unit to connect only with the downlink storage controller, so that the data from the downlink storage controller is connected via the transmission interface. The data of the host computer connected to the secure storage device can be sequentially transmitted to and written to the storage unit via the transmission interface, the downlink transmission link, the downlink storage controller, and the storage interface switching unit ; The second control includes: disabling the downlink storage controller, enabling the uplink storage controller, and controlling the storage interface switching unit to connect only with the uplink storage controller, so that storage is stored in the storage unit The data can be read and sequentially transmitted to the upper computer via the storage interface switching unit, the uplink storage controller, the uplink transmission link and the transmission interface; the third control includes: controlling The storage interface switching unit is connected to the downlink storage controller or the uplink storage controller in a time-sharing manner, and the downlink storage controller is enabled when the storage interface switch unit is connected to the downlink storage controller . Disable the upstream storage controller, disable the downstream storage controller when the storage interface switching unit is connected to the upstream storage controller, and enable the upstream storage controller, so that when the storage interface switching unit is connected When connected with the downlink storage controller, the data from the upper computer can be transmitted to the parallel via the transmission interface, the downlink transmission link, the downlink storage controller, and the storage interface switching unit in sequence. Writing to the storage unit, and when the storage interface switching unit is connected to the upstream storage controller, the data stored in the storage unit can be read and sequentially passed through the storage interface switching unit, the storage unit, and the storage unit. The uplink storage controller, the uplink transmission link and the transmission interface are transmitted to the upper computer.
2.根据方案1所述的安全存储装置,其中,2. The secure storage device of claim 1, wherein,
所述下行传输链路包括连接到所述传输接口的第一光发射单元、连接到所述下行存储控制器的第一光接收单元以及位于所述第一光发射单元与所述第一光接收单元之间的第一传输光路;The downlink transmission link includes a first optical transmitting unit connected to the transmission interface, a first optical receiving unit connected to the downlink memory controller, and a first optical receiving unit located between the first optical transmitting unit and the first optical receiving unit a first transmission optical path between units;
所述上行传输链路包括连接到所述上行存储控制器的第二光发射单元、连接到所述传输接口的第二光接收单元以及位于所述第二光发射单元与所述第二光接收单元之间的第二传输光路。The uplink transmission link includes a second optical transmitting unit connected to the uplink storage controller, a second optical receiving unit connected to the transmission interface, and a second optical receiving unit located between the second optical transmitting unit and the second optical receiving unit A second transmission light path between units.
3.根据方案2所述的安全存储装置,其中,3. The secure storage device of claim 2, wherein,
所述第一光发射单元连接到所述主控单元并被配置为由所述主控单元选择性地启用或禁用,其中所述第一控制还包括启用所述第一光发射单元,所述第二控制还包括禁用所述第一光发射单元,所述第三控制还包括:在所述存储接口切换单元与所述下行存储控制器接通时启用所述第一光发射单元,以及在所述存储接口切换单元与所述上行存储控制器接通时禁用所述第一光发射单元;和/或,所述第一光接收单元连接到所述主控单元并被配置为由所述主控单元选择性地启用或禁用,其中所述第一控制还包括启用所述第一光接收单元,所述第二控制还包括禁用所述第一光接收单元,所述第三控制还包括:在所述存储接口切换单元与所述下行存储控制器接通时启用所述第一光接收单元,以及在所述存储接口切换单元与所述上行存储控制器接通时禁用所述第一光接收单元,The first light emitting unit is connected to the main control unit and is configured to be selectively enabled or disabled by the main control unit, wherein the first control further includes enabling the first light emitting unit, the The second control further includes disabling the first light emission unit, the third control further includes enabling the first light emission unit when the memory interface switching unit is turned on with the downstream memory controller, and when the memory interface switching unit is turned on with the downstream memory controller The first light emitting unit is disabled when the storage interface switching unit is turned on with the upstream storage controller; and/or the first light receiving unit is connected to the main control unit and configured to be controlled by the The main control unit selectively enables or disables, wherein the first control further includes enabling the first light receiving unit, the second control further includes disabling the first light receiving unit, and the third control further includes : enabling the first light receiving unit when the storage interface switching unit is connected to the downstream storage controller, and disabling the first light receiving unit when the storage interface switching unit is connected to the upstream storage controller light receiving unit,
和/或,and / or,
所述第二光发射单元连接到所述主控单元并被配置为由所述主控单元选择性地启用或禁用,其中所述第一控制还包括禁用所述第二光发射单元,所述第二控制还包括启用所述第二光发射单元,所述第三控制还包括:在所述存储接口切换单元与所述下行存储控制器接通时禁用所述第二光发射单元,以及在所述存储接口切换单元与所述上行存储控制器接通时启用所述第二光发射单元;和/或,所述第二光接收单元连接到所述主控单元并被配置为由所述主控单元选择性地启用或禁用,其中所述第一控制还包括禁用所述第二光接收单元,所述第二控制还包括启用所述第二光接收单元,所述第三控制还包括:在所述存储接口切换单元与所述下行存储控制器接通时禁用所述第二光接收单元,以及在所述存储接口切换单元与所述上行存储控制器接通时启用所述第二光接收单元。the second light emitting unit is connected to the main control unit and is configured to be selectively enabled or disabled by the main control unit, wherein the first control further includes disabling the second light emitting unit, the The second control further includes enabling the second light emission unit, the third control further includes disabling the second light emission unit when the memory interface switching unit is turned on with the downstream memory controller, and when the memory interface switching unit is turned on with the downstream memory controller The second light-emitting unit is enabled when the storage interface switching unit is connected to the upstream storage controller; and/or the second light-receiving unit is connected to the main control unit and configured to be controlled by the The main control unit selectively enables or disables, wherein the first control further includes disabling the second light receiving unit, the second control further includes enabling the second light receiving unit, and the third control further includes : disabling the second light receiving unit when the storage interface switching unit is connected to the downstream storage controller, and enabling the second light receiving unit when the storage interface switching unit is connected to the upstream storage controller light receiving unit.
4.根据方案2或3所述的安全存储装置,其中,4. The secure storage device according to claim 2 or 3, wherein,
所述下行传输链路还包括位于所述第一传输光路上的第一光开关,所述第一光开关被配置为被选择性地闭合或断开以接通或断开所述第一传输光路;和/或The downlink also includes a first optical switch on the first transmission optical path, the first optical switch configured to be selectively closed or open to switch the first transmission on or off optical path; and/or
所述上行传输链路还包括位于所述第二传输光路上的第二光开关,所述第二光开关被配置为被选择性地闭合或断开以接通或断开所述第二传输光路。The uplink transmission link also includes a second optical switch on the second transmission optical path, the second optical switch configured to be selectively closed or opened to switch the second transmission on or off light path.
5.根据方案4所述的安全存储装置,其中,5. The secure storage device of claim 4, wherein,
所述第一光开关为第一电控光开关,所述第一电控光开关连接到所述主控单元并被配置为由所述主控单元选择性地闭合或断开以接通或断开所述第一传输光路,其中所述第一控制还包括闭合所述第一电控光开关,所述第二控制还包括断开所述第一电控光开关,所述第三控制还包括:在所述存储接口切换单元与所述下行存储控制器接通时闭合所述第一电控光开关,以及在所述存储接口切换单元与所述上行存储控制器接通时断开所述第一电控光开关;所述第二光开关为第二电控光开关,所述第二电控光开关连接到所述主控单元并被配置为由所述主控单元选择性地闭合或断开以接通或断开所述第二传输光路,其中所述第一控制还包括断开所述第二电控光开关,所述第二控制还包括闭合所述第二电控光开关,所述第三控制还包括:在所述存储接口切换单元与所述下行存储控制器接通时断开所述第二电控光开关,以及在所述存储接口切换单元与所述上行存储控制器接通时闭合所述第二电控光开关,The first optical switch is a first electrically controlled optical switch connected to the main control unit and configured to be selectively closed or opened by the main control unit to turn on or Disconnecting the first transmission optical path, wherein the first control further includes closing the first electrically controlled optical switch, the second controlling further includes opening the first electrically controlled optical switch, and the third controlling It also includes: closing the first electronically controlled optical switch when the storage interface switching unit is connected to the downstream storage controller, and disconnecting the storage interface switching unit when the storage interface switching unit is connected to the upstream storage controller the first electrically controlled optical switch; the second electrically controlled optical switch is a second electrically controlled optical switch connected to the main control unit and configured to be selectively selected by the main control unit grounding or opening to connect or disconnect the second transmission optical path, wherein the first control further includes opening the second electrically controlled optical switch, and the second controlling further includes closing the second electrically controlled optical switch. The third control further includes: turning off the second electronically controlled optical switch when the storage interface switching unit and the downstream storage controller are connected, and turning off the storage interface switching unit and the downstream storage controller. closing the second electronically controlled optical switch when the upstream storage controller is turned on,
或者,or,
所述第一光开关为适于手动控制的第一机械光开关;所述第二光开关为适于手动控制的第二机械光开关。The first optical switch is a first mechanical optical switch suitable for manual control; the second optical switch is a second mechanical optical switch suitable for manual control.
6.根据方案1所述的安全存储装置,其中,存储在所述存储单元中的数据是使用加密密钥进行加密的,其中6. The secure storage device of claim 1, wherein the data stored in the storage unit is encrypted using an encryption key, wherein
所述安全存储装置还包括连接到所述主控单元的随机数发生器,所述随机数发生器用于产生随机数和将所述随机数提供给所述主控单元用于对所述加密密钥的至少一个密钥分量进行更新,或者The secure storage device also includes a random number generator connected to the main control unit for generating random numbers and providing the random numbers to the main control unit for encrypting the encryption key. at least one key component of the key is updated, or
所述安全存储装置还包括连接到所述主控单元的密钥分量传输接口,所述密钥分量传输接口用于所述主控单元从外部的随机数发生器接收随机数用于对所述加密密钥的至少一个密钥分量进行更新。The secure storage device further includes a key component transmission interface connected to the main control unit, and the key component transmission interface is used for the main control unit to receive random numbers from an external random number generator for use in the At least one key component of the encryption key is updated.
7.根据方案6所述的安全存储装置,其中,所述随机数发生器为量子随机数发生器。7. The secure storage device according to claim 6, wherein the random number generator is a quantum random number generator.
8.根据方案6或7所述的安全存储装置,其中,所述安全存储装置还包括连接到所述主控单元的安全单元,所述至少一个密钥分量包括与所述安全单元相关联的第一密钥分量和与所述安全存储装置的设备ID相关联的第二密钥分量,所述安全单元用于存储所述第一密钥分量和所述第二密钥分量。8. The secure storage device of clause 6 or 7, wherein the secure storage device further comprises a security unit connected to the master control unit, the at least one key component comprising a security unit associated with the security unit. a first key component and a second key component associated with the device ID of the secure storage device, the secure unit for storing the first key component and the second key component.
9.根据方案8所述的安全存储装置,其中,所述加密密钥是基于所述第一密钥分量、所述第二密钥分量和第三密钥分量生成的,所述第三密钥分量基于写入或读出所述存储在所述存储单元中的数据的用户在将所述数据写入或读出所述安全存储装置期间使用的用户口令。9. The secure storage device of clause 8, wherein the encryption key is generated based on the first key component, the second key component and a third key component, the third key component. The key component is based on a user password used by the user writing or reading the data stored in the storage unit during writing or reading the data to the secure storage device.
10.根据方案9所述的安全存储装置,其中,所述第三密钥分量由被配置为适于被安装在所述上位机中的上位机软件基于所述用户口令生成。10. The secure storage device of clause 9, wherein the third key component is generated based on the user password by host computer software configured to be adapted to be installed in the host computer.
11.根据方案1-7中任一项所述的安全存储装置,其中,所述主控单元被配置为基于与当前访问所述安全存储装置的用户相关联的配置信息执行所述至少一种控制中之一。11. The secure storage device of any one of aspects 1-7, wherein the main control unit is configured to execute the at least one based on configuration information associated with a user currently accessing the secure storage device one of the controls.
12.根据方案11所述的安全存储装置,其中,所述主控单元被配置为从所述上位机接收所述配置信息,所述配置信息由被配置为适于被安装在所述上位机中的上位机软件基于所述用户的权限生成。12. The secure storage device of clause 11, wherein the main control unit is configured to receive the configuration information from the host computer, the configuration information being configured to be suitable for being installed on the host computer The host computer software in is generated based on the authority of the user.
本发明的安全存储装置支持只写模式、只读模式和读写模式这三种工作模式,能根据情况灵活地被配置为工作于这三种工作模式中之一,同时实现上行传输通道和下行传输通道之间的物理隔离和逻辑隔离,提供高安全性。另外,本发明的方案可支持大容量存储,并有利于实现经由安全存储装置的高速数据传输和提供安全存储装置的可便携性。The security storage device of the present invention supports three working modes: a write-only mode, a read-only mode and a read-write mode, and can be flexibly configured to work in one of the three working modes according to the situation, and simultaneously realize the upstream transmission channel and the downstream Physical and logical isolation between transmission channels provides high security. In addition, the solution of the present invention can support large-capacity storage, and is beneficial to realize high-speed data transmission via the secure storage device and provide portability of the secure storage device.
附图说明Description of drawings
以示例的方式参考以下附图描述本发明的非限制性且非穷举性实施例,其中:Non-limiting and non-exhaustive embodiments of the present invention are described by way of example with reference to the following figures, wherein:
图1是示出根据本发明一实施例的安全存储装置的示意图;1 is a schematic diagram illustrating a secure storage device according to an embodiment of the present invention;
图2是示出根据本发明另一实施例的安全存储装置的示意图;FIG. 2 is a schematic diagram illustrating a secure storage device according to another embodiment of the present invention;
图3是示出根据本发明一实施例的安全存储装置及与其连接的上位机的示意图;3 is a schematic diagram illustrating a secure storage device and a host computer connected thereto according to an embodiment of the present invention;
图4是例示在图3的情况下进行数据写入的示例过程的流程图;FIG. 4 is a flowchart illustrating an example process for data writing in the situation of FIG. 3;
图5是例示在图3的情况下进行数据读取的示例过程的流程图。FIG. 5 is a flowchart illustrating an example process of data reading in the case of FIG. 3 .
具体实施方式Detailed ways
为了使本发明的上述以及其他特征和优点更加清楚,下面结合附图进一步描述本发明,其中,附图构成本申请一部分,并与本发明的实施例一起用于阐释本发明的原理。应当理解,本文给出的具体实施例是出于向本领域技术人员解释的目的,仅是示例性的,而非限制性的。In order to make the above and other features and advantages of the present invention clearer, the present invention is further described below with reference to the accompanying drawings, which form a part of this application and together with the embodiments of the present invention, serve to explain the principles of the present invention. It should be understood that the specific embodiments given herein are for the purpose of explaining to those skilled in the art, and are merely illustrative and not restrictive.
在本文中描述的特征可以不同的形式体现,并且不应被解释为限于在本文中描述的实施例。而是,提供在本文中描述的实施例仅仅是为了例示实施在本文中描述的结构、方法、过程和/或操作的许多可能方式中的一些。在以下描述中,阐述了许多具体细节,以提供对本发明的透彻理解。然而,对于本领域的普通技术人员来说将明显的是,不必采用所述具体细节来实践本发明。为了清楚和简化目的,当其可能使本发明的主题模糊不清时,对本文所描述的器件、部件和单元的已知功能和结构的详细具体说明将省略。The features described herein may be embodied in different forms and should not be construed as limited to the embodiments described herein. Rather, the embodiments described herein are provided merely to illustrate some of the many possible ways to implement the structures, methods, procedures and/or operations described herein. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, to one of ordinary skill in the art that the specific details need not be employed to practice the present invention. For the purpose of clarity and simplicity, detailed detailed descriptions of well-known functions and structures of the devices, components and units described herein are omitted when it may obscure the subject matter of the present invention.
图1示意性示出了根据本发明一实施例的安全存储装置10。如图1所示,安全存储装置10包括:传输接口101、主控单元102、下行传输链路103、下行存储控制器105、上行传输链路104、上行存储控制器106、存储接口切换单元107和存储单元108。主控单元102连接到传输接口101、下行存储控制器105、上行存储控制器106和存储接口切换单元107。下行传输链路103连接在传输接口101和下行存储控制器105之间。上行传输链路104连接在传输接口101和上行存储控制器106之间。下行存储控制器105和上行存储控制器106中的每个经由存储接口切换单元107连接至存储单元108。Figure 1 schematically shows a
传输接口101用于将安全存储装置10连接到上位机,并用于在安全存储装置10和其所连接的上位机之间传输数据。传输接口101可以为各种合适的接口设备,如USB接口、网口等。The transmission interface 101 is used to connect the
下行传输链路103和上行传输链路104均用于传输数据。具体而言,下行传输链路103被配置为将数据从传输接口101传输至下行存储控制器105,该数据由传输接口101所连接到的上位机传输给传输接口101、也可以被称为“下行数据”。上行传输链路104被配置为将数据从上行存储控制器106传输到传输接口101,该数据由存储单元108经由存储接口切换单元107传输给上行存储控制器106、也可以被称为“上行数据”。下行传输链路103和上行传输链路104中的每个可以采用各种可能的传输介质实现,例如可以被实现为电传输链路、光传输链路等。Both downlink 103 and
存储单元108用于存储数据。下行存储控制器105用于管理和控制对存储单元108的写入访问。上行存储控制器106用于管理和控制对存储单元108的读出访问。这样的存储单元和存储控制器本身可以是现有技术中已知的,可以采用各种合适的手段和技术——包括现有技术中已知的用于存储设备和存储设备管理/控制的手段和技术——实现。有利的是,下行存储控制器105和上行存储控制器106是彼此独立的、分开实现的模块。The storage unit 108 is used to store data. Downstream memory controller 105 is used to manage and control write access to memory cells 108 . Up memory controller 106 is used to manage and control read access to memory cells 108 . Such storage units and storage controllers may themselves be known in the art, and various suitable means and techniques may be employed - including means known in the art for storage devices and storage device management/control and technology - implementation. Advantageously, the down memory controller 105 and the up memory controller 106 are independent, separately implemented modules.
下行传输链路103、下行存储控制器105和存储接口切换单元107构成下行数据通道。上行传输链路104、上行存储控制器106和存储接口切换单元107构成上行数据通道。下行数据通道和上行数据通道中的每个位于传输接口101与存储单元108之间。The
根据本发明,下行存储控制器105被配置为由主控单元102选择性地启用或禁用以允许或禁止对存储单元108的写入访问;上行存储控制器106被配置为由主控单元102选择性地启用或禁用以允许或禁止对存储单元108的读出访问;存储接口切换单元107被配置为由主控单元102控制为选择性地与下行存储控制器105或上行存储控制器106接通;主控单元102被配置为选择性地执行至少一种控制中之一,所述至少一种控制包括使所述安全存储装置工作于只写模式的第一控制、使所述安全存储装置工作于只读模式的第二控制和/或使所述安全存储装置工作于读写模式的第三控制。In accordance with the present invention, the downstream memory controller 105 is configured to be selectively enabled or disabled by the master unit 102 to allow or disable write access to the memory unit 108; the upstream memory controller 106 is configured to be selected by the master unit 102 The memory interface switching unit 107 is configured to be controlled by the main control unit 102 to selectively connect with the downstream memory controller 105 or the upstream memory controller 106 ; the main control unit 102 is configured to selectively execute one of at least one control, the at least one control including a first control for operating the secure storage device in a write-only mode, enabling the secure storage device to operate A second control in read-only mode and/or a third control to operate the secure storage device in read-write mode.
所述第一控制可以包括:启用下行存储控制器105、禁用上行存储控制器106,并控制存储接口切换单元107仅与下行存储控制器105接通。作为主控单元102执行第一控制的结果,安全存储装置10工作于只写模式。在只写模式下,安全存储装置仅支持数据写入,来自经由传输接口101连接至所述安全存储装置的上位机的数据能够依次经由传输接口101、下行传输链路103、下行存储控制器105、存储接口切换单元107被传输至并写入存储单元108。所述第二控制可以包括:禁用下行存储控制器105、启用上行存储控制器106,控制存储接口切换单元107仅与上行存储控制器106接通。作为主控单元102执行第二控制的结果,安全存储装置10工作于只读模式。在只读模式下,安全存储装置仅支持数据读出,存储在存储单元108中的数据能够被读取并依次经由存储接口切换单元107、上行存储控制器106、上行传输链路104和传输接口101被传输至所述上位机。所述第三控制可以包括:控制存储接口切换单元107分时地与下行存储控制器105或上行存储控制器106接通,在存储接口切换单元107与下行存储控制器105接通时启用下行存储控制器105、禁用上行存储控制器106,在存储接口切换单元107与上行存储控制器106接通时禁用下行存储控制器105、启用上行存储控制器106。作为主控单元102执行第三控制的结果,安全存储装置10工作于读写模式。在读写模式下,安全存储装置支持数据写入和读出,当存储接口切换单元107与下行存储控制器105接通时,来自所述上位机的数据能够依次经由传输接口101、下行传输链路103、下行存储控制器105、存储接口切换单元107被传输至并写入存储单元108;并且,当存储接口切换单元107与上行存储控制器106接通时,存储在存储单元108中的数据能够被读取并依次经由存储接口切换单元107、上行存储控制器106、上行传输链路104和传输接口101被传输至所述上位机。如此,通过对存储接口切换单元107的控制,实现下行数据通道与上行数据通道之间的物理隔离,同时通过下行存储控制器105仅支持对存储单元108的写入操作和通过上行存储控制器106仅支持对存储单元108的读出操作,实现下行数据通道与上行数据通道之间的逻辑隔离。The first control may include: enabling the downstream storage controller 105 , disabling the upstream storage controller 106 , and controlling the storage interface switching unit 107 to only connect with the downstream storage controller 105 . As a result of the main control unit 102 performing the first control, the
主控单元102执行的控制可以基于其接收的配置信息,该配置信息由主控单元经由传输接口101接收自安全存储装置10所连接的上位机(未示出),如下文将描述的。The control performed by the main control unit 102 may be based on configuration information it receives from a host computer (not shown) to which the
图2示意性示出了根据本发明另一实施例的安全存储装置20。如图2所示,安全存储装置20包括:传输接口201、主控单元202、第一光发射单元2031、第一光开关2032、第一光接收单元2033、第二光发射单元2041、第二光开关2042、第二光接收单元2043、下行存储控制器205、上行存储控制器206、存储接口切换单元207、存储单元208、安全单元209和随机数发生器210。第一光发射单元2031、第一光开关2032和第一光接收单元2033的组合构成为光链路的下行传输链路——该下行传输链路亦被称为“下行光传输链路”。第二光发射单元2041、第二光开关2042和第二光接收单元2043的组合构成为光链路的上行传输链路——该上行传输链路亦被称为“上行光传输链路”。Figure 2 schematically shows a
所述下行光传输链路、下行存储控制器205和存储接口切换单元207构成下行数据通道。所述上行光传输链路、上行存储控制器206和存储接口切换单元207构成上行数据通道。下行数据通道和上行数据通道中的每个位于传输接口201与存储单元208之间。The downlink optical transmission link, the downlink storage controller 205 and the storage interface switching unit 207 constitute a downlink data channel. The uplink optical transmission link, the uplink storage controller 206 and the storage interface switching unit 207 constitute an uplink data channel. Each of the downstream data channel and the upstream data channel is located between the transmission interface 201 and the storage unit 208 .
图2中的传输接口201、主控单元202、下行光传输链路、下行存储控制器205、上行光传输链路、上行存储控制器206、存储接口切换单元207和存储单元208可分别与图1中的传输接口101、主控单元102、下行传输链路103、下行存储控制器105、上行传输链路104、上行存储控制器106、存储接口切换单元107和存储单元108相同或类似地连接和起作用,只是主控单元202还连接到安全单元209、随机数发生器210、第一光发射单元2031、第一光开关2032、第一光接收单元2033、第二光发射单元2041、第二光开关2042和第二光接收单元2043,并且还可以附加地被配置为执行与这些部件相关联的操作——包括执行上述第一控制、第二控制和第三控制时涉及的与这些部件相关联的控制,如下面将描述的。The transmission interface 201, the main control unit 202, the downlink optical transmission link, the downlink storage controller 205, the uplink optical transmission link, the uplink storage controller 206, the storage interface switching unit 207 and the storage unit 208 in FIG. 1, the transmission interface 101, the main control unit 102, the
第一光发射单元2031和第一光接收单元2033用于相互协作以进行数据传输。例如,第一光发射单元2031可将接收到的数据转化为光信号后发送给第一光接收单元2033,第一光接收单元2033在接收到该光信号后将其转化为数据供进一步传输。类似地,第二光发射单元2041和第二光接收单元2043用于相互协作以进行数据传输。例如,第二光发射单元2041可将接收到的数据转化为光信号后发送给第二光接收单元2043,第二光接收单元2043在接收到该光信号后将其转化为数据供进一步传输。The first light emitting unit 2031 and the first light receiving unit 2033 are used to cooperate with each other for data transmission. For example, the first light emitting unit 2031 can convert the received data into an optical signal and send it to the first light receiving unit 2033, and the first light receiving unit 2033 converts the optical signal into data for further transmission after receiving the light signal. Similarly, the second light emitting unit 2041 and the second light receiving unit 2043 are used to cooperate with each other for data transmission. For example, the second light emitting unit 2041 can convert the received data into an optical signal and send it to the second light receiving unit 2043, and the second light receiving unit 2043 converts the optical signal into data for further transmission after receiving the light signal.
第一光开关2032设置在位于第一光发射单元2031和第一光接收单元2033之间的第一传输光路上,可以被配置为被选择性地闭合或断开以接通或断开所述第一传输光路。第二光开关2042设置在位于第二光发射单元2041和第二光接收单元2043之间的第二传输光路上,可以被配置为被选择性地闭合或断开以接通或断开所述第二传输光路。The first
在图2的情况下,第一光开关2032可以是第一电控光开关,被配置为由主控单元202选择性地闭合或断开以接通或断开所述第一传输光路,从而接通或断开所述下行光传输链路。第二光开关2042可以是第二电控光开关,被配置为由主控单元202选择性地闭合或断开以接通或断开所述第二传输光路,从而接通或断开所述上行光传输链路。在此情况下,主控单元202执行上述第一控制还可以附加地包括执行以下操作:闭合所述第一电控光开关、断开所述第二电控光开关;主控单元202执行上述第二控制还可以附加地包括执行以下操作:断开所述第一电控光开关、闭合所述第二电控光开关;主控单元202执行上述第三控制还可以附加地包括执行以下操作:在存储接口切换单元207与下行存储控制器205接通时闭合所述第一电控光开关、断开所述第二电控光开关,以及在存储接口切换单元207与上行存储控制器206接通时断开所述第一电控光开关、闭合所述第二电控光开关。In the case of FIG. 2 , the first
根据另一可能的实现,第一光开关2032可以是适于手动控制的第一机械光开关,第二光开关2042可以是适于手动控制的第二机械光开关。这样的机械光开关可由用户操作以闭合或断开,无需连接至主控单元202。According to another possible implementation, the first
第一光发射单元2031、第一光接收单元2033、第二光发射单元2041和第二光接收单元2043中的每个可以被配置为由主控单元202选择性地启用或禁用。在图2的情况下,主控单元202执行上述第一控制还可以附加地包括执行以下操作:启用第一光发射单元2031和第一光接收单元2033、禁用第二光发射单元2041和/或第二光接收单元2043;主控单元202执行上述第二控制还可以附加地包括执行以下操作:禁用第一光发射单元2031和/或第一光接收单元2033、启用第二光发射单元2041和第二光接收单元2043;主控单元202执行上述第三控制还可以附加地包括执行以下操作:在存储接口切换单元207与下行存储控制器205接通时启用第一光发射单元2031和第一光接收单元2033、禁用第二光发射单元2041和/或第二光接收单元2043,以及在存储接口切换单元207与上行存储控制器206接通时禁用第一光发射单元2031和/或第一光接收单元2033、启用第二光发射单元2041和第二光接收单元2043。Each of the first light emitting unit 2031 , the first light receiving unit 2033 , the second light emitting unit 2041 and the second light receiving unit 2043 may be configured to be selectively enabled or disabled by the main control unit 202 . In the case of FIG. 2 , performing the above-mentioned first control by the main control unit 202 may additionally include performing the following operations: enabling the first light emitting unit 2031 and the first light receiving unit 2033 , disabling the second light emitting unit 2041 and/or The second light-receiving unit 2043; the main control unit 202 performing the above-mentioned second control may additionally include performing the following operations: disabling the first light-emitting unit 2031 and/or the first light-receiving unit 2033, enabling the second light-emitting unit 2041 and The second light receiving unit 2043; the main control unit 202 performing the above-mentioned third control may additionally include performing the following operations: enabling the first light emitting unit 2031 and the first light emitting unit 2031 and the first light emitting unit 2031 when the storage interface switching unit 207 is connected to the downstream storage controller 205 light receiving unit 2033, disabling the second light transmitting unit 2041 and/or the second light receiving unit 2043, and disabling the first light transmitting unit 2031 and/or the first light transmitting unit 2031 and/or the first light transmitting unit 2031 when the storage interface switching unit 207 is turned on with the upstream storage controller 206 The light receiving unit 2033, the second light emitting unit 2041 and the second light receiving unit 2043 are enabled.
图2中将上行传输链路和下行传输链路设置为光链路是有利的,例如有利于进一步确保数据在期望的上行或下行方向上的单向传输、提高传输安全性,实现上、下行传输链路的隔离,避免经其传输的数据受电磁干扰的影响。It is advantageous to set the uplink transmission link and the downlink transmission link as optical links in FIG. 2, for example, it is beneficial to further ensure the unidirectional transmission of data in the desired uplink or downlink direction, improve transmission security, and realize uplink and downlink. Isolation of the transmission link to avoid the influence of electromagnetic interference on the data transmitted through it.
另外,在图2的情况下,除了通过存储接口切换单元207实现物理隔离以及通过下行存储控制器205和上行存储控制器206实现逻辑隔离之外,还可以通过对第一光发射单元2031、第一光开关2032、第一光接收单元2033、第二光发射单元2041、第二光开关2042和第二光接收单元2043中全部或部分的控制实现附加的物理隔离。In addition, in the case of FIG. 2 , in addition to the physical isolation achieved by the storage interface switching unit 207 and the logical isolation achieved by the downlink storage controller 205 and the uplink storage controller 206, the first optical emission unit 2031, the The control of all or part of an
尽管图2中示出第一光发射单元2031、第一光接收单元2033、第二光发射单元2041和第二光接收单元2043均连接到主控单元202,但这不是必需的。对于第一光发射单元2031、第一光接收单元2033、第二光发射单元2041和第二光接收单元2043中的每个,其可以不连接到主控单元202、不由主控单元202控制,而是通过其他方式被控制——例如被手动控制,或者在安全存储装置20工作期间始终处于被启用的状态。Although it is shown in FIG. 2 that the first light emitting unit 2031 , the first light receiving unit 2033 , the second light emitting unit 2041 and the second light receiving unit 2043 are all connected to the main control unit 202 , this is not required. For each of the first light emitting unit 2031, the first light receiving unit 2033, the second light emitting unit 2041 and the second light receiving unit 2043, which may not be connected to the main control unit 202, and not controlled by the main control unit 202, Rather, it is controlled in other ways—eg, manually, or always enabled during operation of the
安全单元209可用于存储安全相关的信息,例如密钥分量、身份认证相关的信息、日志等,如下面将描述的。安全单元209可以各种可能的方式实现,例如可以软件、硬件、固件或其组合实现。安全单元209被实现为单个芯片即安全芯片是有利的。The security unit 209 may be used to store security-related information, such as key components, authentication-related information, logs, etc., as will be described below. The security unit 209 can be implemented in various possible ways, for example, in software, hardware, firmware or a combination thereof. It is advantageous for the security unit 209 to be implemented as a single chip, the security chip.
随机数发生器210用于产生随机数并将产生的随机数提供给主控单元202用于至少一个密钥分量的生成和/或更新,如下面将描述的。随机数发生器210可以为量子随机数发生器或其他合适的随机数发生器。The
根据另一可能的实现,代替随机数发生器210,安全存储装置20可以包括一个连接到主控单元202的密钥分量传输接口,所述密钥分量传输接口被配置为适于连接到外部的随机数发生器,用于主控单元202从该外部的随机数发生器接收其产生的随机数用于对至少一个密钥分量进行更新。According to another possible implementation, instead of the
本文中,“密钥分量”应被广义地理解为生成加密或解密密钥所基于、依赖或使用的任何安全相关的信息部分。例如,生成用于数据加密(例如,下行数据加密)或数据解密(例如,上行数据解密)的密钥所基于、依赖或使用的一个或多个安全相关的信息部分中任一可以被称为一个密钥分量。Herein, a "key component" should be understood broadly as any security-relevant portion of information on which an encryption or decryption key is based, relied upon, or used to generate. For example, any of one or more security-related pieces of information on which keys for data encryption (eg, downstream data encryption) or data decryption (eg, upstream data decryption) are based, relied upon, or used may be referred to as A key component.
除了控制安全存储装置的工作模式之外,主控单元,如主控单元102和202,还可以具有附加的功能,例如用于监控所述安全存储装置及其部件的状态、生成日志、进行身份认证等。In addition to controlling the working mode of the secure storage device, the main control units, such as the main control units 102 and 202, may also have additional functions, such as for monitoring the status of the secure storage device and its components, generating logs, performing identification certification, etc.
参照图3-5,以示例的方式结合图2的安全存储装置20描述本发明的安全存储装置的运行。3-5, the operation of the secure storage device of the present invention is described in connection with the
图3示出安全存储装置20连接到上位机。上位机可以是例如计算机或其他可能的上位机。上位机中安装有为安全存储装置20配备的、适于与安全存储装置20协作的上位机软件。上位机软件被配置为适于与用户交互,可以配置有适于由用户操作的特征和/或用户界面。FIG. 3 shows that the
图4例示的进行数据写入的过程包括步骤401、步骤402、步骤403、步骤404、步骤405、步骤406、步骤407、步骤408、步骤409和步骤410。The data writing process illustrated in FIG. 4 includes
在步骤401,给安全存储装置20上电。At
在步骤402,安装在上位机中的上位机软件通过传输接口201与安全存储装置20的主控单元202建立连接,形成认证连接通道。In
在步骤403,主控单元202进行身份认证。具体而言,响应于用户输入登录信息,上位机软件基于所述登录信息中包含的用户口令生成用户的身份认证数据,并经由传输接口201将该身份认证数据发送给主控单元202。主控单元202基于接收到的身份认证数据对用户进行身份认证,例如,对照存储在安全单元209中的口令密钥分量对接收到的身份认证数据进行鉴别。鉴别可按各种合适的方式或流程进行,可遵循国家密码相关标准例如GB/T158043.2-2017的规定。这里,口令密钥分量即为身份认证相关的信息。用户口令密钥分量可以在创建用户时、变更用户的用户口令时或其他合适的时机由上位机软件生成或更新。例如,上位机软件可以基于设置的用户口令通过调用伪随机算法或随机数发生器生成口令密钥分量,然后将该口令密钥分量经由传输接口201和主控单元202存储到安全单元209的存储区域中。In
在步骤404,主控单元202判断用户是否通过身份认证。若判断结果为否定,该过程返回步骤402,并且主控单元202返回身份认证失败的信息给上位机,并继续等待用户登录。若判断结果为肯定,该过程进行到步骤405,并且主控单元从上位机接收与登录用户相关联的配置信息,并根据接收的配置信息开启相应的数据通道并初始化开启的数据通道。该配置信息可由上位机软件基于登录用户的权限生成并发送给主控单元202。用户访问命令可由用户经由上位机软件进行的输入或操作产生。开启数据通道可以包括执行根据登录用户的权限所允许的工作模式所对应的一种授权控制。例如,根据情况,所述授权控制可以包括上述的第一控制、第二控制和第三控制中的一个。例如,若登录用户仅具有将数据写入安全存储装置的只写权限,相应的授权控制仅包括所述第一控制;若登录用户仅具有从安全存储装置读取数据的只读权限,相应的授权控制仅包括所述第二控制;若登录用户既具有将数据写入安全存储装置的写入权限又具有从安全存储装置读取数据的读取权限,相应的授权控制可以包括所述第三控制。In
根据情况,开启数据通道可以包括执行所述第一控制、第二控制或第三控制,这可以涉及:桥接相关的光学器件(例如,第一光发射单元2031、第一光开关2032、第一光接收单元2033,或第二光发射单元2041、第二光开关2042和第二光接收单元2043),对相关的电气部件(如,下行存储控制器205和安全单元209,或上行存储控制器206和安全单元209)上电,对已桥接的光学器件和已上电的电气部件进行相应的控制等。数据通道开启并初始化成功后,数据通道中的存储控制器与上位机之间建立起用户数据通道,并进入等待模式,等待数据访问指令。在传输接口201为USB 3.0接口的情况下,建立的用户数据通道为USB 3.0高速用户数据通道。为方便描述,在图4的情况下,假设登录用户仅具有只写权限,用户访问命令为数据写入指令,并且相应地,开启的数据通道为下行数据通道,该数据通道中的存储控制器即下行存储控制器205。Depending on the situation, turning on the data channel may include performing the first control, the second control, or the third control, which may involve: bridging related optical devices (eg, the first light emitting unit 2031, the
在步骤405,下行存储控制器205等待来自上位机的下行数据。响应于来自用户的数据写入指令,上位机可将相应的数据加密后经由传输接口201和下行光传输链路传递给下行存储控制器205。例如,加密密钥可由上位机软件基于登录用户的用户口令、安全存储装置20的设备ID密钥分量和安全单元密钥分量生成。设备ID密钥分量可在安全存储装置20出厂时被设置并写入安全单元209的存储区域中,并且可以可选地在安全存储装置20出厂后被更新,例如在创建用户时、变更用户口令时或其他合适的时机借助于随机数发生器210产生的随机数进行更新;或者,设备ID密钥分量可在安全存储装置20出厂时、创建用户时、修改用户口令时或其他合适的时机借助于随机数发生器210产生的随机数来生成。例如,对于安全存储装置20,主控单元202可以在创建用户时、变更用户口令时或其他合适的时机指示随机数发生器210产生随机数,并利用产生的随机数生成或更新安全存储装置20的设备ID密钥分量;生成或更新的设备ID密钥分量可以存储在安全单元209的存储区域中。安全单元密钥分量可在安全存储装置20出厂时被设置并写入安全单元209的存储区域中,并且可以可选地在安全存储装置20出厂后被更新,例如在创建用户时、变更用户口令时或其他合适的时机借助于随机数发生器210产生的随机数进行更新;或者,安全单元密钥分量可在安全存储装置20出厂时、创建用户时、变更用户口令时或其他合适的时机借助于随机数发生器210产生的随机数来生成。例如,对于安全存储装置20,主控单元202可以在创建用户时、变更用户口令时或其他合适的时机指示随机数发生器210产生随机数,并利用产生的随机数生成或更新安全存储装置20的安全单元密钥分量,然后将生成或更新的安全单元密钥分量发送给安全单元209供存储在其中。主控单元202可以在需要时从安全单元209获取存储在其中的设备ID密钥分量、安全单元密钥分量。上位机在下发数据之前,经由传输接口201和主控单元202从安全单元209中获取所述设备ID密钥分量和安全单元密钥分量,并基于登录用户的用户口令、设备ID密钥分量以及安全单元密钥分量通过各种可能的手段或算法生成数据加密所使用的加密密钥。例如,上位机可将所述用户口令、设备ID密钥分量以及安全单元密钥分量输入到hash函数(SM3、SHA等hash算法)以生成加密密钥。对数据的加密可以采用各种合适的加密算法,包括例如但不限于各种标准加密算法以及国家密码局认定的加密算法,例如AES加密算法或SM4加密算法。In
在步骤406,下行存储控制器205判断来自上位机的下行数据是否已到达。若判断结果为否定,该过程返回到步骤405。若判断结果为肯定,该过程进行到步骤407。In
在步骤407,下行存储控制器205经由存储接口切换单元207将接收到的下行数据写入存储单元208的目标地址。该目标地址可由下行存储控制器205自动分配。In
在步骤408,下行存储控制器205判断接收到的下行数据是否被成功写入存储单元208。若判断结果为肯定,该过程进行到步骤409。若判断结果为否定,该过程进行到步骤410。下行存储控制器205可以将判断结果反馈给主控单元202。In
在步骤409,主控单元202根据来自下行存储控制器205的反馈返回数据写入成功的状态信息给上位机。In
在步骤410,主控单元202根据来自下行存储控制器205的反馈返回数据写入失败的状态信息给上位机。In
返回的状态信息可以由上位机呈现给登录用户。The returned status information can be presented to the logged in user by the host computer.
图5例示的进行数据读取的过程包括步骤501、步骤502、步骤503、步骤504、步骤505、步骤506、步骤507、步骤508、步骤509和步骤510。The data reading process illustrated in FIG. 5 includes
步骤501、步骤502、步骤503、步骤504可以分别与步骤401、步骤402、步骤403、步骤404相同或类似,只是:为方便描述,在图5的情况下,假设登录用户仅具有只读权限,用户访问命令为数据读取指令,并且相应地,开启的数据通道为上行数据通道,该数据通道中的存储控制器即上行存储控制器206。
在步骤505,上行存储控制器206等待来自上位机的数据读取指令。In
在步骤506,上行存储控制器206判断来自上位机的数据读取指令是否已到达。若判断结果为否定,该过程返回到步骤505。若判断结果为肯定,该过程进行到步骤507。响应于接收到来自用户的数据读取指令,上位机可经由传输接口201和主控单元202将数据读取指令传递给上行存储控制器206。In
在步骤507,上行存储控制器206经由存储接口切换单元207从存储单元208获取待读取的数据,并经由上行光传输链路和传输接口201将所述待读取的数据传输到上位机。所述待读取的数据可由来自用户的数据读取指令指示。传输到上位机的所述数据是加密的,在到达上位机后可由上位机软件利用解密密钥进行解密。例如,解密密钥可由上位机软件基于登录用户的用户口令、安全存储装置20的设备ID密钥分量和安全单元密钥分量生成。上位机在接收到来自存储单元208的上行数据之后,可以经由传输接口201和主控单元202从安全单元209中获取所述设备ID密钥分量和安全单元密钥分量,并基于登录用户的用户口令、设备ID密钥分量以及安全单元密钥分量通过各种可能的手段或算法生成数据解密所使用的解密密钥。例如,上位机可将所述用户口令、设备ID密钥分量以及安全单元密钥分量输入到hash函数(SM3、SHA等hash算法)以生成解密密钥。In
在步骤508,上行存储控制器206判断是否成功从存储单元208读取数据。若判断结果为肯定,该过程进行到步骤509。若判断结果为否定,该过程进行到步骤510。上行存储控制器206可以将判断结果反馈给主控单元202。In
在步骤509,主控单元202根据来自上行存储控制器206的反馈返回数据读取成功的状态信息给上位机。In
在步骤510,主控单元202根据来自上行存储控制器206的反馈返回数据读取失败的状态信息给上位机。In
返回的状态信息可以由上位机呈现给登录用户。The returned status information can be presented to the logged in user by the host computer.
本发明的安全存储装置可以被配置为支持管理员角色和普通用户角色。当以管理员角色访问所述安全存储装置时,可实现对普通用户的添加、删除,用户权限、用户口令的设置和变更,设备日志的查看和导出和其他可能期望的功能,例如数据读出、数据写入等。当以普通用户角色访问所述安全存储装置时,上位机软件可以根据用户的权限生成与用户相关联的配置信息,以用于经由所述安全存储装置的主控单元配置所述安全存储装置的工作模式,并相应地执行数据加密并写入和/或执行数据读出并解密。The secure storage device of the present invention can be configured to support both administrator roles and normal user roles. When accessing the secure storage device as an administrator, adding and deleting ordinary users, setting and changing user rights, user passwords, viewing and exporting device logs, and other functions that may be desired, such as data readout, can be implemented. , data writing, etc. When accessing the secure storage device in the role of a common user, the upper computer software may generate configuration information associated with the user according to the user's authority, so as to configure the configuration information of the secure storage device via the main control unit of the secure storage device. mode of operation, and perform data encryption and writing and/or data read and decrypt accordingly.
另外,本发明的安全存储装置可以被配置为支持多个普通用户,使得对于每个普通用户,仅自己写入安全存储装置的数据是可见的,而其他用户存储的数据是不可见的。对于管理员,所有用户存储的数据都可以是可见的、可读取的和可删除的。对于普通用户,当安全存储装置工作在只读模式下时,普通用户不可删除安全存储装置中存储的任何数据;当安全存储装置工作在只写或读写模式下时,普通用户能够删除自己存储在安全存储装置中的数据。In addition, the secure storage device of the present invention can be configured to support a plurality of ordinary users, so that for each ordinary user, only data written to the secure storage device by itself is visible, while data stored by other users is invisible. For administrators, all user-stored data can be visible, readable, and deletable. For ordinary users, when the secure storage device works in read-only mode, ordinary users cannot delete any data stored in the secure storage device; when the secure storage device works in write-only or read-write mode, ordinary users can delete their own storage. data in secure storage.
上位机软件还可以可选地被配置为在进行数据加密或解密时执行完整性校验,以判断文件是否有损坏或被篡改。具体而言,在进行数据写入时,上位机软件可以计算待写入数据的md5值,将加密后的该待写入数据和计算的md5值一并写入安全存储装置的存储单元;在进行数据读出时,上位机软件将读出的数据进行解密,然后对解密的数据计算md5值,将该md5值和之前写入所述存储单元的md5值进行比较,由此判断数据是否有损坏或被篡改。The upper computer software can also optionally be configured to perform an integrity check when encrypting or decrypting data to determine whether the file is damaged or tampered with. Specifically, when writing data, the host computer software can calculate the md5 value of the data to be written, and write the encrypted data to be written and the calculated md5 value into the storage unit of the secure storage device; When the data is read out, the host computer software decrypts the read data, then calculates the md5 value of the decrypted data, and compares the md5 value with the md5 value previously written into the storage unit, thereby judging whether the data has damaged or tampered with.
应理解,本发明的装置的一些模块/单元可全部或部分地通过软件、硬件、固件或其组合来实现。所述各模块/单元各自可以实现为独立的部件或模块,或者两个或更多个模块/单元可实现为单个部件或模块。It should be understood that some modules/units of the apparatus of the present invention may be implemented in whole or in part by software, hardware, firmware or a combination thereof. Each of the modules/units may be implemented as separate components or modules, or two or more modules/units may be implemented as a single component or module.
以上描述的各技术特征可以任意地组合。尽管未对这些技术特征的所有可能组合进行描述,但这些技术特征的任何组合都应当被认为由本说明书涵盖,只要这样的组合不存在矛盾。The technical features described above can be combined arbitrarily. Although not all possible combinations of these technical features have been described, any combination of these technical features should be considered to be covered by this description, as long as such combinations are not contradictory.
通过具体实施方式的说明,应当可对本发明为达成预定目的所采取的技术手段及功效有更加深入且具体的了解,然而所附图示仅是提供参考与说明之用,并非用来对本发明加以限制。Through the description of the specific embodiments, it should be possible to have a more in-depth and specific understanding of the technical means and effects adopted by the present invention to achieve the predetermined purpose. However, the accompanying drawings are only for reference and description, not for the present invention. limit.
Claims (12)
Translated fromChinesePriority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110249386.XACN112882660A (en) | 2021-03-08 | 2021-03-08 | Secure storage device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110249386.XACN112882660A (en) | 2021-03-08 | 2021-03-08 | Secure storage device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112882660Atrue CN112882660A (en) | 2021-06-01 |
Family
ID=76055691
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110249386.XAPendingCN112882660A (en) | 2021-03-08 | 2021-03-08 | Secure storage device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112882660A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103403691A (en)* | 2011-03-10 | 2013-11-20 | 株式会社东芝 | Information processing device, external storage device, host device, relay device, control program, and control method of information processing device |
| CN103854699A (en)* | 2012-11-29 | 2014-06-11 | 三星电子株式会社 | Nonvolatile memory, operating method thereof and calculation device |
| US20140164725A1 (en)* | 2012-12-06 | 2014-06-12 | Samsung Electronics Co., Ltd. | System on chip to perform a secure boot, an image forming apparatus using the same, and method thereof |
| CN104267925A (en)* | 2014-09-23 | 2015-01-07 | 无锡华大国奇科技有限公司 | Elastic first-in first-out memory and storage method |
| CN105763262A (en)* | 2016-01-29 | 2016-07-13 | 浪潮(北京)电子信息产业有限公司 | Portable storage device |
| CN106209356A (en)* | 2016-07-07 | 2016-12-07 | 上海交通大学 | The privacy control method remotely controlled for Internet of Things and system |
| CN215450156U (en)* | 2021-03-08 | 2022-01-07 | 吴曼青 | Secure storage device |
- 2021
- 2021-03-08CNCN202110249386.XApatent/CN112882660A/enactivePending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103403691A (en)* | 2011-03-10 | 2013-11-20 | 株式会社东芝 | Information processing device, external storage device, host device, relay device, control program, and control method of information processing device |
| CN103854699A (en)* | 2012-11-29 | 2014-06-11 | 三星电子株式会社 | Nonvolatile memory, operating method thereof and calculation device |
| US20140164725A1 (en)* | 2012-12-06 | 2014-06-12 | Samsung Electronics Co., Ltd. | System on chip to perform a secure boot, an image forming apparatus using the same, and method thereof |
| CN104267925A (en)* | 2014-09-23 | 2015-01-07 | 无锡华大国奇科技有限公司 | Elastic first-in first-out memory and storage method |
| CN105763262A (en)* | 2016-01-29 | 2016-07-13 | 浪潮(北京)电子信息产业有限公司 | Portable storage device |
| CN106209356A (en)* | 2016-07-07 | 2016-12-07 | 上海交通大学 | The privacy control method remotely controlled for Internet of Things and system |
| CN215450156U (en)* | 2021-03-08 | 2022-01-07 | 吴曼青 | Secure storage device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9722977B2 (en) | Secure host authentication using symmetric key crytography | |
| US8417967B2 (en) | Storage device data encryption using a binary large object (BLOB) | |
| US8335915B2 (en) | Encryption based security system for network storage | |
| CN104639516B (en) | Identity identifying method, equipment and system | |
| EP3629181B1 (en) | Privileged access auditing | |
| CN107563213B (en) | Safety secrecy control device for preventing data extraction of storage equipment | |
| CN101441601B (en) | Ciphering transmission method of hard disk ATA instruction and system | |
| US11144635B2 (en) | Restricted command set management in a data storage system | |
| US8189790B2 (en) | Developing initial and subsequent keyID information from a unique mediaID value | |
| CN102081713B (en) | An Office System for Preventing Data Leakage | |
| CN101271497A (en) | Electric document anti-disclosure system and its implementing method | |
| TWI789291B (en) | Module and method for authenticating data transfer between a storage device and a host device | |
| CN114741706A (en) | Virtual disk file encryption method, device and equipment | |
| CN215450156U (en) | Secure storage device | |
| EP1388061A2 (en) | Encryption based security system for network storage | |
| CN103413100A (en) | File security protection system | |
| US20240396880A1 (en) | Communication link | |
| CN116708435A (en) | Cryptographic-based protocol-free cross-network access method and system | |
| CN112882660A (en) | Secure storage device | |
| US20170060597A1 (en) | Method of booting a production computer system | |
| CN114340051B (en) | Portable gateway based on high-speed transmission interface | |
| EP4078410B1 (en) | Secure multi-domain computer with security module | |
| JP3911964B2 (en) | Computer system and data decoding method | |
| CN112149167A (en) | Data storage encryption method and device based on master-slave system | |
| KR101595793B1 (en) | one to one connection system using an optical fiber channel cable between computer and computer |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |