CN110659472A - Password card and data storage system - Google Patents
Password card and data storage system Download PDFInfo
- Publication number
- CN110659472A CN110659472A CN201910935660.1A CN201910935660A CN110659472A CN 110659472 A CN110659472 A CN 110659472A CN 201910935660 A CN201910935660 A CN 201910935660A CN 110659472 A CN110659472 A CN 110659472A
- Authority
- CN
- China
- Prior art keywords
- data
- target
- fingerprint
- chip
- fpga chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a password card, which is applied to storage equipment and comprises an FPGA chip and a fingerprint calculation chip connected with the FPGA chip; the fingerprint calculation chip is used for performing fingerprint calculation on the target data acquired by the FPGA chip to acquire target fingerprint data and uploading the target fingerprint data to the storage device through the FPGA chip; the storage device is used for matching the target fingerprint data with each fingerprint data in the fingerprint database, and updating the LBA and PBA metadata corresponding to the target data if the matching is passed; if the matching fails, sending an encryption instruction to the FPGA chip; the FPGA chip is used for acquiring target data and encrypting the target data according to the encryption instruction to acquire encrypted data; the password card effectively avoids repeated encryption of data information, reduces resource waste and improves encryption storage efficiency. The application also discloses a data storage system, which also has the beneficial effects.
Description
Technical Field
The application relates to the technical field of data security, in particular to a password card and a data storage system.
Background
In the information age, enterprises and individuals pay more and more attention to the security and privacy of data, and the need and development trend of many users is to encrypt and store the data.
At present, there are encryption cards on the market and software encryption integrated into a storage system, and if domestic storage equipment needs to perform data encryption storage, hardware equipment such as cryptographic cards or encryption machines with national password authentication must be used. However, with the development of big data, the data volume increases explosively, wherein a large amount of repeated data is not lacked, and in the process of encrypting data information by using a password card, a large amount of encrypted repeated data occurs, which not only causes serious waste of computing resources, but also greatly reduces the encryption storage efficiency.
Therefore, how to effectively avoid encrypting and storing the repeated data, reduce the waste of resources, and improve the encryption and storage efficiency is a problem to be urgently solved by those skilled in the art.
Disclosure of Invention
The password card can effectively avoid encrypting repeated data in the process of encrypting data information, greatly reduces the waste of computing resources and further improves the encryption storage efficiency; it is another object of the present application to provide a data storage system having the above-mentioned benefits.
In order to solve the technical problem, the application provides a password card which is applied to storage equipment and comprises an FPGA chip and a fingerprint calculation chip connected with the FPGA chip;
the fingerprint calculation chip is used for performing fingerprint calculation on the target data acquired by the FPGA chip to acquire target fingerprint data, and uploading the target fingerprint data to the storage device through the FPGA chip;
the storage device is used for matching the target fingerprint data with each fingerprint data in a fingerprint database, and updating the LBA and PBA metadata corresponding to the target data when the matching is passed; when the matching fails, sending an encryption instruction to the FPGA chip;
the FPGA chip is used for acquiring the target data; and carrying out encryption processing on the target data according to the encryption instruction to obtain encrypted data.
Preferably, the cryptographic card further comprises an EPCS-x chip for storing configuration information of the FPGA chip.
Preferably, the FPGA chip is provided with a PCIe-IP core, and is configured to acquire the target data issued by the PCIe bus.
Preferably, the cryptographic card further includes an EPCS-x and a cryptographic chip, and the FPGA chip is specifically configured to encrypt the target data by using the cryptographic chip to obtain the encrypted data.
Preferably, the cryptographic card further comprises an EEPROM for storing the key information.
Preferably, the FPGA chip is provided with a RAM for caching the target data, the target fingerprint data, and the encrypted data.
Preferably, the FPGA chip is further configured to determine whether target read data is cached in the RAM according to the obtained data read request, if so, feed back the target read data to the terminal device, otherwise, forward the data read request to the storage device to obtain target encrypted data fed back by the storage device, decrypt the target encrypted data through the cryptographic chip to obtain the target read data, and feed back the target read data to the terminal device.
Preferably, the storage device is further configured to receive and destage the encrypted data uploaded by the FPGA chip, and update LBA and PBA metadata corresponding to the encrypted data.
Preferably, the storage device is further configured to add target fingerprint data corresponding to the encrypted data to the fingerprint library.
In order to solve the above technical problem, the present application further provides a data storage system, including any one of the above described cryptographic cards and a storage device.
The password card is applied to storage equipment and comprises an FPGA chip and a fingerprint calculation chip connected with the FPGA chip; the fingerprint calculation chip is used for performing fingerprint calculation on the target data acquired by the FPGA chip to acquire target fingerprint data, and uploading the target fingerprint data to the storage device through the FPGA chip; the storage device is used for matching the target fingerprint data with each fingerprint data in a fingerprint database, and updating the LBA and PBA metadata corresponding to the target data when the matching is passed; when the matching fails, sending an encryption instruction to the FPGA chip; the FPGA chip is used for acquiring the target data; and carrying out encryption processing on the target data according to the encryption instruction to obtain encrypted data.
Therefore, the password card provided by the application is additionally provided with the fingerprint computing chip, the fingerprint computing chip is used for carrying out fingerprint computing on the target data acquired by the FPGA chip, the corresponding target fingerprint data is uploaded to the storage device for carrying out data repeated judgment, namely, whether the fingerprint data identical to the target fingerprint data exists in the fingerprint database of the mobile terminal is judged, if so, the target data is the repeated data, the disk drop processing is not needed, only the LBA and PBA metadata corresponding to the target data are updated, if the target data is different from the target data, if the data is not the repeated data, the normal data encryption is carried out, so that the data deduplication function is integrated in the password card, in the process of encrypting the data information by using the password card, repeated data encryption can be effectively avoided, the waste of computing resources is greatly reduced, and the encryption storage efficiency is further improved.
The data storage system provided by the application also has the beneficial effects, and is not described again here.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a cryptographic card provided in the present application;
FIG. 2 is a schematic diagram of another cryptographic card provided in the present application;
FIG. 3 is a schematic flow chart of a data storage method provided in the present application;
fig. 4 is a flowchart illustrating a data reading method provided in the present application.
Detailed Description
The core of the application is to provide the password card, and the password card can effectively avoid encrypting repeated data in the process of encrypting data information, greatly reduce the waste of computing resources and further improve the encryption storage efficiency; another core of the present application is to provide a data storage system, which also has the above-mentioned advantages.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
At present, there are encryption cards on the market and software encryption integrated into a storage system, and if domestic storage equipment needs to perform data encryption storage, hardware equipment such as cryptographic cards or encryption machines with national password authentication must be used. However, with the development of big data, the data volume increases explosively, wherein a large amount of repeated data is not lacked, and in the process of encrypting data information by using a password card, a large amount of encrypted repeated data occurs, which not only causes serious waste of computing resources, but also greatly reduces the encryption storage efficiency. Therefore, in order to solve the above problems, the present application provides a password card, which can effectively avoid encrypting repeated data in the process of encrypting data information, greatly reduce the waste of computing resources, and further improve the encryption storage efficiency.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a cryptographic card 10 applied to a storage device 20, which may include an FPGA (Field Programmable Gate Array) chip 11 and a fingerprint calculation chip 12 connected to the FPGA chip 11;
the fingerprint calculation chip 12 is configured to perform fingerprint calculation on the target data acquired by the FPGA chip 11 to obtain target fingerprint data, and upload the target fingerprint data to the storage device 20 through the FPGA chip 11;
the storage device 20 is configured to match the target fingerprint data with each fingerprint data in the fingerprint library, and update lba (logical Block address) and pba (physics Block address) metadata corresponding to the target data when the matching is passed; when the matching fails, an encryption instruction is sent to the FPGA chip 11;
the FPGA chip 11 is used for acquiring target data; and encrypting the target data according to the encryption instruction to obtain encrypted data.
Specifically, the FPGA chip 11 and the fingerprint calculation chip 12 are integrated in the cryptographic card 10, and are connected to each other, the cryptographic card 10 is applied to the storage device 20, and the storage device 20 and the FPGA chip 11 perform direct data communication, where the storage device 20 may be used to store data information, and the cryptographic card 10 may be used to encrypt and decrypt the data information.
Generally, the data deduplication function can be divided into 4 sub-modules, namely a data partitioning sub-module, a fingerprint calculation sub-module, a fingerprint matching sub-module and a data storage sub-module, wherein the most calculation resource consuming sub-module is the fingerprint calculation sub-module. Therefore, in the present application, the fingerprint calculation function is integrated into the cryptographic card 10, i.e. the above-mentioned fingerprint calculation chip 12.
Therefore, in the process of encrypting the data information by using the password card, the password card 10 receives the data information to be stored, namely the target data, through the FPGA chip 11, and performs fingerprint calculation on the target data by the fingerprint calculation chip 12 to obtain corresponding target fingerprint data. Further, the FPGA chip 11 uploads the target fingerprint data to the storage device 20, and the storage device 20 performs fingerprint matching on the target fingerprint data, specifically, a fingerprint library is preset in the storage device 20 and is used for storing fingerprint data corresponding to data information already stored by the storage device, it is conceivable that there is no duplicate data in the data information already stored in the storage device 20, and therefore, the storage device 20 performs one-by-one matching between the target fingerprint data and each fingerprint data in the fingerprint library, if the matching is passed, it indicates that the target data is repeated data already stored, at this time, it is not necessary to repeatedly encrypt and store the target data, it is only necessary to update corresponding LBA and PBA metadata, and it is not necessary to perform a disk dropping process, so that encryption and storage of duplicate data are effectively avoided; on the contrary, if the target fingerprint data does not match with each fingerprint data in the fingerprint database, it indicates that the target data is not the stored repeated data, at this time, an encryption instruction is issued to the FPGA chip 11, so that the FPGA chip 11 encrypts the target data to obtain corresponding encrypted data, and thus, the deduplication and encryption of the data information is realized.
The password card provided by the embodiment of the application is additionally provided with the fingerprint computing chip, the fingerprint computing chip is used for carrying out fingerprint computing on the target data acquired by the FPGA chip, the corresponding target fingerprint data is uploaded to the storage device for carrying out data repeated judgment, namely, whether the fingerprint data identical to the target fingerprint data exists in the fingerprint database of the mobile terminal is judged, if so, the target data is the repeated data, the disk drop processing is not needed, only the LBA and PBA metadata corresponding to the target data are updated, if the target data is different from the target data, if the data is not the repeated data, the normal data encryption is carried out, so that the data deduplication function is integrated in the password card, in the process of encrypting the data information by using the password card, repeated data encryption can be effectively avoided, the waste of computing resources is greatly reduced, and the encryption storage efficiency is further improved.
On the basis of the above embodiments:
as a preferred embodiment, the crypto card may further include an EPCS-x (serial memory) for storing configuration information of the FPGA chip.
Specifically, in the using process of the password card, the FPGA chip needs to be correspondingly configured, and the configuration can be realized by setting corresponding configuration parameters, so that the EPCS-x chip can be additionally arranged for realizing the storage of the configuration information of the FPGA chip, and after the password card is electrified every time, the FPGA chip can directly read the content of the EPCS-x chip to complete the loading of the configuration information; the EPCS-x chip can support EPCS1, EPCS4, EPCS16 and the like, and EPCS1, EPCS4 and EPCS16 are Altera-specific configuration chips with 1Mbits, 4Mbits and 16 Mbits.
As a preferred embodiment, the FPGA chip is provided with a PCIe-IP core for acquiring target data issued by the PCIe bus.
Specifically, for data communication between the FPGA chip and the storage device, PCIe-IP core may be implemented, that is, the PCIe-IP core is embedded in the FPGA chip to implement connection with the PCIe bus, so that transmission of various data information and various data requests, such as plaintext data, ciphertext data, a data read request, a data write request, and the like, between the FPGA chip and the storage device may be implemented.
As a preferred embodiment, the cryptographic card may further include an EPCS-x and a cryptographic chip, and the FPGA chip is specifically configured to encrypt the target data by using the cryptographic chip to obtain encrypted data.
Specifically, for the encryption processing to the target data, can add the password chip, from this, can utilize the password chip to carry out encryption processing to the target data, compare in directly imbedding the encryption algorithm to the FPGA chip, this kind of implementation mode is convenient for more renew the encryption mode, only needs directly to change the password chip promptly, need not to write over the encryption algorithm again, convenient and fast.
As a preferred embodiment, the cryptographic card may further comprise an EEPROM for storing the key information.
Specifically, an EEPROM, which is equivalent to an off-chip memory, may be further added to store key information of the cryptographic card, so as to implement encryption processing on target data. Of course, the storage information in the EEPROM is not limited to the key information, and may also be used to store other data information used by the cryptographic card in the use process, which is not limited in this application.
As a preferred embodiment, the FPGA chip is provided with a RAM (Random Access Memory) for caching the target data, the target fingerprint data, and the encrypted data.
Specifically, the RAM is embedded in the FPGA chip to implement caching processing of various data information, where the cached data information may include target data, target fingerprint data, encrypted data, and the like. In addition, the RAM can be partitioned to realize classified storage of daA information, for example, the RAM is divided into a RAM-A area and a RAM-B area, the RAM-A area stores target daA, and the RAM-B area stores encrypted daA, so that daA processing is facilitated.
As a preferred embodiment, the FPGA chip is further configured to determine whether target read data is cached in the RAM according to the obtained data read request, if so, feed back the target read data to the terminal device, otherwise, forward the data read request to the storage device to obtain target encrypted data fed back by the storage device, perform decryption processing on the target encrypted data through the cryptographic chip to obtain the target read data, and feed back the target read data to the terminal device.
In the preferred embodiment, the password card can be used for realizing not only the storage of data information, but also the reading of the data stored in the storage device. Specifically, when data information needs to be read, a user can initiate a data reading request through the terminal device, and after receiving the data reading request, the password card can read the cache of the user to determine whether the target reading data corresponding to the data reading request is cached by the user, and if the target reading data is cached by the user, the target reading data can be directly fed back to the terminal device to finish data reading; on the contrary, if the target read data does not exist in the self-cache, the data read request can be forwarded to the storage device, the storage device queries the data information stored in the self-cache to obtain the target encrypted data, the target encrypted data is the encrypted data of the target read data, the target read data can be obtained by performing decryption processing through the password chip, and finally, the target read data is fed back to the terminal device through the FPGA chip.
As a preferred embodiment, the storage device is further configured to receive and offload encrypted data uploaded by the FPGA chip, and update LBA and PBA metadata corresponding to the encrypted data.
Specifically, after the target data is encrypted by using the crypto card to obtain encrypted data, the encrypted data can be uploaded to the storage device for storage, and correspondingly, the corresponding LBA and PBA metadata are updated.
In a preferred embodiment, the storage device is further configured to add the target fingerprint data corresponding to the encrypted data to the fingerprint repository.
Specifically, for target data which passes through unmatched fingerprints, namely non-repeated data, after storage is completed, the corresponding target fingerprint data can be added into the fingerprint database, so that repeated encryption of the target data in a subsequent data encryption processing flow is avoided.
On the basis of the above embodiments, a more specific cryptographic card is provided in the embodiments of the present application, please refer to fig. 2, and fig. 2 is a schematic structural diagram of another cryptographic card provided in the present application.
Specifically, the password card comprises an FPGA chip, an encryption algorithm chip (the password chip shown in FIG. 2), a deduplication fingerprint calculation algorithm chip (the fingerprint calculation chip shown in FIG. 2), an FPGA configuration chip EPCS-x, a memory EEPROM and a power supply chip. The FPGA chip is a control core of the whole password card, and PCIe bus communication with the storage device is realized by utilizing an embedded PCIe-IP core inside the FPGA chip; the scheduling state machine is used for realizing data interaction among the FPGA chip, the password chip and the fingerprint computing chip; the DMA (Direct Memory Access) controller and the RAM are used for realizing data transmission and storage, the DMA controller and the RAM are jointly used as a data transmission unit, a large amount of interrupt loads of a CPU are not relied on, and the overall performance of the system is effectively improved; the EPCS-x chip is used for storing the configuration information of the FPGA chip; the EEPROM is used for storing information such as a key of the password card.
In addition, the RAM is divided into two partitions, namely 2 RAM units with 4KB (RAM-A partition and RAM-B partition), plaintext daA always exists in the RAM-A partition, the RAM-A partition is used as a daA buffer area by the fingerprint computing chip, and the RAM-A partition and the RAM-B partition can be simultaneously used as daA buffer areas by the encryption chip.
The following describes the data storage (writing) process and data reading process based on the cryptographic card in detail:
1. and (3) data storage flow:
referring to fig. 3, fig. 3 is a schematic flow chart of a data storage method provided in the present application.
For a write IO request (data storage request), firstly, a storage device blocks IO (target data) according to a fixed size, and transmits the blocked data to an RAM of an FPGA chip through a PCIe bus; further, after the target daA are transmitted to the RAM-A partition, the FPGA chip starts a dispatching control machine, the dispatching control machine commands the fingerprint calculation chip to read the target daA in the RAM-A partition and perform fingerprint calculation, and then the obtained target fingerprint daA (figure-daA) are transmitted back to the storage device; further, the storage device matches the target fingerprint data with each fingerprint data in the fingerprint database, if the target fingerprint data is matched with each fingerprint data in the fingerprint database, the target fingerprint data is repeated data, the mapping relation metadata of the LBA and the PBA can be directly changed without the need of disk dropping, and the write IO process is ended; if not, the target fingerprint daA is added in the storage device fingerprint library, the password card is requested to encrypt the target daA, at the moment, the FPGA chip starts the dispatching control machine again, the dispatching controller commands the password chip to encrypt the daA of the RAM-A partition, the encrypted daA is obtained and is transmitted back to the RAM-B partition, and finally the FPGA chip uploads the encrypted daA in the RAM-B partition to the storage device, so that the daA information is deleted and encrypted, and encrypted storage is achieved.
2. And (3) data reading flow:
referring to fig. 4, fig. 3 is a schematic flow chart of a data reading method provided in the present application.
For an IO (input/output) reading request (daA reading request), firstly, a storage device initiates the daA reading request to an FPGA (field programmable gate array) chip, the FPGA chip firstly searches whether target reading daA exist in an RAM-A partition, if the target reading daA are hit, the target reading daA are directly transmitted back to a host through a PCIe (peripheral component interface express) bus, otherwise, the FPGA chip forwards the daA reading request to the storage device to request for reading the daA of the lower layer of an IO stack; further, when the storage device finishes reading, the target encrypted daA can be transmitted to the RAM-B partition of the FPGA chip through the PCIe bus, at the moment, the FPGA chip starts the dispatching control machine, the dispatching control machine orders the encryption chip to decrypt the target encrypted daA in the RAM-B partition to obtain target read daA, the target read daA are then transmitted back to the RAM-A partition, and finally the FPGA chip transmits the target read daA in the RAM-A partition back to the host through the PCIe bus, so that decryption processing of daA information is finished, and daA reading is achieved.
The password card provided by the embodiment of the application is additionally provided with the fingerprint computing chip, the fingerprint computing chip is used for carrying out fingerprint computing on the target data acquired by the FPGA chip, the corresponding target fingerprint data is uploaded to the storage device for carrying out data repeated judgment, namely, whether the fingerprint data identical to the target fingerprint data exists in the fingerprint database of the mobile terminal is judged, if so, the target data is the repeated data, the disk drop processing is not needed, only the LBA and PBA metadata corresponding to the target data are updated, if the target data is different from the target data, if the data is not the repeated data, the normal data encryption is carried out, so that the data deduplication function is integrated in the password card, in the process of encrypting the data information by using the password card, repeated data encryption can be effectively avoided, the waste of computing resources is greatly reduced, and the encryption storage efficiency is further improved.
In order to solve the above problem, the present application further provides a data storage system, which includes any one of the above password cards and a storage device.
For the introduction of the system provided by the present application, please refer to the above method embodiment, which is not described herein again.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The cryptographic card and the data storage system provided by the present application are described in detail above. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and these improvements and modifications also fall into the elements of the protection scope of the claims of the present application.
Claims (10)
1. The password card is characterized by being applied to storage equipment and comprising an FPGA chip and a fingerprint calculation chip connected with the FPGA chip;
the fingerprint calculation chip is used for performing fingerprint calculation on the target data acquired by the FPGA chip to acquire target fingerprint data, and uploading the target fingerprint data to the storage device through the FPGA chip;
the storage device is used for matching the target fingerprint data with each fingerprint data in a fingerprint database, and updating the LBA and PBA metadata corresponding to the target data when the matching is passed; when the matching fails, sending an encryption instruction to the FPGA chip;
the FPGA chip is used for acquiring the target data; and carrying out encryption processing on the target data according to the encryption instruction to obtain encrypted data.
2. The cryptographic card of claim 1, further comprising an EPCS-x chip for storing configuration information of the FPGA chip.
3. The cryptographic card of claim 2, wherein the FPGA chip is provided with a PCIe-IP core, and configured to obtain the target data issued by the PCIe bus.
4. The cryptographic card of claim 3, further comprising a cryptographic chip, wherein the FPGA chip is specifically configured to encrypt the target data by using the cryptographic chip to obtain the encrypted data.
5. The cryptographic card of claim 4, further comprising an EEPROM for storing the key information.
6. The cryptographic card of claim 5, wherein the FPGA chip is provided with RAM for caching the target data, the target fingerprint data, and the encrypted data.
7. The cryptographic card of claim 6, wherein the FPGA chip is further configured to determine whether target read data is cached in the RAM according to the obtained data read request, if so, the target read data is fed back to a terminal device, if not, the data read request is forwarded to the storage device to obtain target encrypted data fed back by the storage device, and the target encrypted data is decrypted by the cryptographic chip to obtain the target read data, and the target read data is fed back to the terminal device.
8. The cryptographic card of any one of claims 1 to 7, wherein the storage device is further configured to receive and destage the encrypted data uploaded by the FPGA chip, and update LBA and PBA metadata corresponding to the encrypted data.
9. The cryptographic card of claim 8, wherein the storage device is further configured to add target fingerprint data corresponding to the encrypted data to the fingerprint repository.
10. A data storage system comprising a cryptographic card and a storage device as claimed in any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910935660.1A CN110659472A (en) | 2019-09-29 | 2019-09-29 | Password card and data storage system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910935660.1A CN110659472A (en) | 2019-09-29 | 2019-09-29 | Password card and data storage system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110659472A true CN110659472A (en) | 2020-01-07 |
Family
ID=69038334
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910935660.1A Pending CN110659472A (en) | 2019-09-29 | 2019-09-29 | Password card and data storage system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110659472A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112068904A (en) * | 2020-09-27 | 2020-12-11 | 山东云海国创云计算装备产业创新中心有限公司 | Chip boot operation method, device and related assembly |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080063187A1 (en) * | 2006-04-27 | 2008-03-13 | Hirotaka Yoshida | Hash value generation device, program, and hash value generation method |
| CN103237021A (en) * | 2013-04-08 | 2013-08-07 | 浪潮集团有限公司 | FPGA-chip-based (field programmable gate array chip-based) PCI-E (peripheral component interconnect-express) high-speed cipher card |
| CN103473266A (en) * | 2013-08-09 | 2013-12-25 | 记忆科技(深圳)有限公司 | Solid state disk and method for deleting repeating data thereof |
| CN106022080A (en) * | 2016-06-30 | 2016-10-12 | 北京三未信安科技发展有限公司 | Cipher card based on PCIe (peripheral component interface express) interface and data encryption method of cipher card |
| CN109324998A (en) * | 2018-09-18 | 2019-02-12 | 郑州云海信息技术有限公司 | A file processing method, device and system |
-
2019
- 2019-09-29 CN CN201910935660.1A patent/CN110659472A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080063187A1 (en) * | 2006-04-27 | 2008-03-13 | Hirotaka Yoshida | Hash value generation device, program, and hash value generation method |
| CN103237021A (en) * | 2013-04-08 | 2013-08-07 | 浪潮集团有限公司 | FPGA-chip-based (field programmable gate array chip-based) PCI-E (peripheral component interconnect-express) high-speed cipher card |
| CN103473266A (en) * | 2013-08-09 | 2013-12-25 | 记忆科技(深圳)有限公司 | Solid state disk and method for deleting repeating data thereof |
| CN106022080A (en) * | 2016-06-30 | 2016-10-12 | 北京三未信安科技发展有限公司 | Cipher card based on PCIe (peripheral component interface express) interface and data encryption method of cipher card |
| CN109324998A (en) * | 2018-09-18 | 2019-02-12 | 郑州云海信息技术有限公司 | A file processing method, device and system |
Non-Patent Citations (1)
| Title |
|---|
| 李景华,杜玉远: "《可编程逻辑器件及EDA技术 数字系统设计与SOPC技术》", 30 September 2014 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112068904A (en) * | 2020-09-27 | 2020-12-11 | 山东云海国创云计算装备产业创新中心有限公司 | Chip boot operation method, device and related assembly |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3657376B1 (en) | Hybrid-cloud data storage method and apparatus, related device, and cloud system | |
| US11270006B2 (en) | Intelligent storage devices with cryptographic functionality | |
| US8949626B2 (en) | Protection of security parameters in storage devices | |
| US11789614B2 (en) | Performance allocation among users for accessing non-volatile memory devices | |
| US10503917B2 (en) | Performing operations on intelligent storage with hardened interfaces | |
| US7631195B1 (en) | System and method for providing security to a portable storage device | |
| US8782433B2 (en) | Data security | |
| CN107256363B (en) | A high-speed encryption and decryption device composed of an array of encryption and decryption modules | |
| CN111131130B (en) | Key management method and system | |
| CN107092835B (en) | Computer data encryption device and method for virtual storage disk | |
| KR20080074848A (en) | Method and apparatus for data security processing in microcontroller | |
| US20120284534A1 (en) | Memory Device and Method for Accessing the Same | |
| US12120100B2 (en) | Secure communication between an intermediary device and a network | |
| CN105283921A (en) | Non-volatile memory operations | |
| US8938072B2 (en) | Cryptographic key derivation device and method therefor | |
| US9356782B2 (en) | Block encryption | |
| WO2019043717A1 (en) | Secured access control in a storage system | |
| KR102570581B1 (en) | Storage device set including storage device and reconfigurable logic chip, and storage system including storage device set | |
| CN110659472A (en) | Password card and data storage system | |
| CN110765501A (en) | Encrypted USB flash disk | |
| US20240154785A1 (en) | Data management method and apparatus using homomorphic encryption lookup table | |
| CN110765498A (en) | Encryption computer | |
| EP3284207B1 (en) | Device for managing multiple accesses to a secure module of a system on chip of an apparatus | |
| KR20190078198A (en) | Secure memory device based on cloud storage and Method for controlling verifying the same | |
| US10324649B2 (en) | Method for partitioning memory area of non-volatile memory |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200107 |
|
| RJ01 | Rejection of invention patent application after publication |