CN1776563A - File encrypting device based on USB interface - Google Patents
File encrypting device based on USB interface Download PDFInfo
- Publication number
- CN1776563A CN1776563A CN 200510130655 CN200510130655A CN1776563A CN 1776563 A CN1776563 A CN 1776563A CN 200510130655 CN200510130655 CN 200510130655 CN 200510130655 A CN200510130655 A CN 200510130655A CN 1776563 A CN1776563 A CN 1776563A
- Authority
- CN
- China
- Prior art keywords
- data
- computer
- encryption device
- encryption
- chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The encryption unit includes following parts: USB interface chip connected to computer host; digital signal processor (DSP) connected to USB interface chip; chip of smart card connected to DSP; drive of encryption unit is located between drive of file system in computer and hardware drive. In the invention, encryption unit for file folder, complete computer and its shortened cryptographic key are separated from computer system so as to prevent risk of information leakage caused by lost or stolen computer. Authentication is carried out for users before procedure of use in order to prevent information leakage from hardware. The invention satisfies requirement of data protection indifferent security level. Moreover, the unique sequence number of product inside chip of smart card ensures uniqueness of encryption key and encryption unit.
Description
Technical field
The present invention relates to a kind of file encrypting device, belong to the computer information safety technique field based on USB (universal serial bus).
Background technology
Characteristics such as computing machine is soft, the opening of hardware system, ease for use and standardization make computing machine have geneogenous fatal potential safety hazard, cause computer hard disk data to be easy to be illegally accessed, to usurp, to distort or to destroy.
The effective way that guarantees Computer Data Security is to adopt encryption technology that data are encrypted; original clear data is handled by certain algorithm; make it become unreadable ciphertext, the protection critical data is not stolen, reads, is distorted or destroy by the disabled user.
Northwestern Polytechnical University discloses a kind of " computer hard disk data encryption method and device thereof " in application number is 200410025825.5 application for a patent for invention.This technology is placed on data encryption device between hard disk and the main frame, and the data of transmitting between the hard disk of computing machine and the main frame are encrypted.Data encryption device adopts pci bus, can directly insert in the PCI slot on the computer motherboard.One IC-card access hole is arranged on the encryption device, and the key in the IC-card that validated user can be held reads and stores in the key management module in the encryption device.
IBM Corporation is in the application for a patent for invention of CN00131477.7 at application number, discloses the method and the device of a kind of " the unique key with inaccessible carries out encrypt/decrypt to the data that store ".It is a unique inaccessible key that this patented claim has been adopted for this computer system.This unique key can embed in the undetachable hardware of this computer system, perhaps can produce from the identification number of for example this computer system undetachable hardware.Processing procedure wherein comprises this unique key of structure, with these secret key encryption data, and deposits enciphered data in storage medium, and does not need to deposit unique key in storage medium.This storage medium can comprise any non-dismountable or detachable storage medium, comprises for example hard disc of computer, floppy disk or a CD-R.
Above-mentioned two kinds of methods can prevent all that hard disk from losing or when stolen, the danger that data can be read by other computing machine, but there is following shortcoming in above-mentioned prior art:
The key that uses when 1, the data ciphering method of Northwestern Polytechnical University is with encrypt/decrypt is stored in the key management module in the encryption device, key in the data ciphering method of IBM is produced by the identification number of undetachable hardware in the computer system, if complete machine is lost or be stolen, these two kinds of methods all can not guarantee the data security in the hard disk.
2, the total data in the hard disc of computer is encrypted, can not satisfy the user the requirement of different safety class Data Protection.
Summary of the invention
The objective of the invention is to propose a kind of computer documents folder encryption device based on USB (universal serial bus); with the information leakage danger that prevents that the computing machine complete machine from losing or occur when stolen; the encryption device that will have key separates with computer system, realizes the protection to information in the computing machine.
The computer documents folder encryption device based on USB (universal serial bus) that the present invention proposes comprises:
(1) USB (universal serial bus) chip is used for high speed data transfer and communication between main frame and the digital signal processor, is connected with main frame;
(2) digital signal processor is used for the data stream that is read by main frame is carried out encryption and decryption, is connected with the USB (universal serial bus) chip;
(3) intelligent card chip is used for storage key and personal information, is connected with digital signal processor;
(4) encryption device driver, be used for obtaining the read-write operation of main frame file system to hard disc of computer, the hard disc data of organizing 16 is converted to more one group 128 encrypting and decrypting data, the control encryption device carries out encrypting and decrypting to 128 data, places between the file system driver and hard disk drive in the computing machine.
The computer documents folder encryption device based on USB (universal serial bus) that the present invention proposes has the following advantages:
1, encryption device of the present invention and wherein key separate with computer system, the information leakage danger that can prevent that the computing machine complete machine from losing or produce when stolen.Therefore this encryption device carries out authentication to the user, even encryption device and computing machine are lost together or be stolen, also can prevent the information leakage in the hard disc of computer.
2, encryption device of the present invention is arranged between the computing machine interior file system and hard disk drive, can encrypt the file or folder of appointment, rather than to all data encryptions on the hard disk, satisfy the data protection requirement of user to different safety class.
3, comprise intelligent card chip in the encryption device of the present invention, utilize the unique sequence number of product in the intelligent card chip to produce encryption key, promptly guaranteed the uniqueness of encryption key, also guaranteed the uniqueness of encryption device as seed.
4, dual factors authentication.Only insert encryption device of the present invention, and behind the input right user password, the user could operate, so the security intensity of authentication is higher by authentication to encryption folder at the computer universal serial bus interface.
5, safe in utilization, convenient.The shape of encryption device is suitable with flash disk with size, and the user can carry encryption device as the use key, can prevent that encryption device from losing or stolen.
Description of drawings
Fig. 1 is the structured flowchart of apparatus of the present invention, is apparatus of the present invention in the frame of broken lines, and other parts are the main frame part.
Embodiment
The computer documents folder encryption device that the present invention proposes based on USB (universal serial bus), its structured flowchart as shown in Figure 1, comprise: the USB (universal serial bus) chip, be used for high speed data transfer and communication between main frame and the digital signal processor, be connected with main frame; Digital signal processor is used for the data stream that is read by main frame is carried out encryption and decryption, is connected with the USB (universal serial bus) chip; Intelligent card chip is used for storage key and personal information, is connected with digital signal processor; The encryption device driver, be used for obtaining the read-write operation of main frame file system to hard disc of computer, the hard disc data of organizing 16 is converted to more one group 128 encrypting and decrypting data, the control encryption device carries out encrypting and decrypting to 128 data, places between the file system driver and hard disk drive in the computing machine.
When the user need carry out read-write operation to the critical data in the main frame encryption folder, encryption device can be inserted on the USB (universal serial bus) of main frame.Encryption device of the present invention is encrypted the All Files that is saved in " encryption folder " at mechanical floor automatically.The cryptographic calculation of data, key use with preserve all with encryption device that USB (universal serial bus) is connected in chip internal carry out, do not enter computer environment, therefore tracking and the attack that can stop Hacker Program fully.Even the computing machine complete machine is lost or be stolen, also can effectively prevent information leakage.
In the computer documents folder encryption device based on USB (universal serial bus) of the present invention, used USB (universal serial bus) chip, use ISP1581 high speed USB 2.0 interface devices of PHILIPS Co., meet the USB2.0 standard fully, be used for high speed data transfer and communication between main frame and the digital signal processor.
Used digital signal processor, the TMS320 digital signal processor of use Texas Instruments, inside has encapsulated DES, the 3DES symmetric cryptographic algorithm of standard.The main frame stream that reads and writes data is carried out encrypting and decrypting when operation, at first from intelligent card chip, read key, carry out cryptographic algorithm then data stream is carried out encrypting and decrypting.Can reach the data transmission rate of per second 100Mbit during TMS320 digital signal processor computing des encryption algorithm, satisfy the requirement of fixed disk data enciphering speed fully.
Used intelligent card chip, 8 AT05SC smart card microcontrollers of use Atmel company are used to store and carry out the required key of cryptographic algorithm, and user password personal information such as (PIN code).This chip includes 40KB read-only memory, 2KB electric erazable programmable read-only memory, has globally unique 64 product IDs.During initialization with 64 product IDs as seed, produce user encryption/decruption key of 128, make every digital cipher in the hardware key to be had uniqueness, the possibility that key repeats is 1/1038, has guaranteed the uniqueness the when user carries out authentication.Intelligent card chip is difficult for forging, and can resist the attack of physics, electronics, chemical method, makes the encryption device based on USB (universal serial bus) have very high level security.
The encryption device driver is used for obtaining the read-write operation information of main frame file system to hard disc of computer, as drive (C:D: etc.), folder name, filename and data stream etc.; The hard disc data of organizing 16 is converted to more one group 128 encrypting and decrypting data; The control encryption device carries out encrypting and decrypting to 128 data.The encryption device driver places between computer file system driver and the hard disk drive, is one section device driver that operates on the Windows operating system Ring0 level, makes the application program can be in the operation of operating system bottom control encryption device.When operating system is sent " writing " when instruction to file,, call encryption device carries out storing into after the encryption appointment to data hard drive space simultaneously by the data stream that will carry out write operation in the encryption device driver interception internal memory.Because this method is dynamically to realize encryption, no matter system occurs crashing or outage, and the data that deposit hard disk in are ciphertext all the time, make that the security of encrypt file is more reliable.The most important thing is, the user need not be to any operation of file encryption deciphering carrying out, only need to use the original order of Windows operating system, in the process of stickup is preserved, saves as, copied to file, dragging, computing machine is finished the enciphering/deciphering operation to file automatically, thereby can realize the transparent operation of Windows operating system.
Below introduce the principle of work and the course of work of apparatus of the present invention:
The present invention proposes a kind of encryption device and the encryption method that key separates with computer system, the information leakage danger that can prevent that the computing machine complete machine from losing or produce when stolen.The user can be provided with the encryption folder that is specifically designed to the storage critical data, and encryption device only carries out the encrypting and decrypting operation to the data in the specified folder.
1, principle of work:
The generation of key and injection: the unique product ID that uses intelligent card chip in the encryption device is as seed, through the user encryption decruption key of 128 of hash algorithm generations.Key leaves in the intelligent card chip in the encryption device with the form of ciphertext, and the safety protection function of intelligent card chip can prevent that the assailant from reading key information.
Owing to used the unique sequence number of product in the intelligent card chip to produce key as seed, even the disabled user has stolen legal user's encryption device and has duplicated, intelligent card chip sequence number difference in each encryption device, USB (universal serial bus) chip, digital signal processor and intelligent card chip with same model duplicate, its result also is distinct, has guaranteed the non-reproduction of encryption device hardware.
(1) the real-time supervisory control comuter internal memory of encryption device driver is to the read-write operation of hard disk.When computing machine carried out read-write operation to encryption folder, the encryption device driver was intercepted and captured the data stream between main frame and the hard disk;
(2) after the encryption device driver will be organized the encrypting and decrypting data that 16 hard disc data is converted to a group 128 more, the encryption device of sending into based on USB (universal serial bus) carried out encrypting and decrypting;
(3) the encryption device driver is converted to many groups 16 bit data that can supply counter and disk read-write with 128 bit encryption data decryptions of encryption device output.
2, authentication process itself:
(1) computing machine carries out authentication to encryption device: when encryption device is inserted the computer universal serial bus interface, read product ID the intelligent card chip of encryption device driver in encryption device, judge whether to be legal encryption device.
(2) encryption device carries out authentication to the user: the user password (PIN code) of differentiating user identity leaves in the interior intelligent card chip of encryption device.When encryption device was inserted the computer universal serial bus interface, encryption device driver prompting user imported user password with keyboard.If identical in password and the intelligent card chip of input is then by authentication.If continuous three mistakes of password of input, the encryption device driver will lock authentication process itself.
3, the user is when using encryption device of the present invention, to encryption, the decryption oprerations method of file:
Create encryption folder: in every computing machine, can create 1-20 encryption folder.
File encryption: directly use Windows copy, operation such as paste, pull into, save as, vital document is write the encryption folder that has set, or preserve after directly in encryption folder, creating file, file all will be encrypted automatically in said process.
File decryption: directly use Windows copy, stickup, hauling-out, from set file, directly open file or save as, file will be deciphered in aforesaid operations automatically.
Claims (1)
1, a kind of computer documents folder encryption device based on USB (universal serial bus) is characterized in that this device comprises:
(1) USB (universal serial bus) chip is used for high speed data transfer and communication between main frame and the digital signal processor, is connected with main frame;
(2) digital signal processor is used for the data stream that is read by main frame is carried out encryption and decryption, is connected with the USB (universal serial bus) chip;
(3) intelligent card chip is used for storage key and personal information, is connected with digital signal processor;
(4) encryption device driver, be used for obtaining the read-write operation of main frame file system to hard disc of computer, the hard disc data of organizing 16 is converted to more one group 128 encrypting and decrypting data, the control encryption device carries out encrypting and decrypting to 128 data, places between the file system driver and hard disk drive in the computing machine.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510130655 CN1776563A (en) | 2005-12-19 | 2005-12-19 | File encrypting device based on USB interface |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510130655 CN1776563A (en) | 2005-12-19 | 2005-12-19 | File encrypting device based on USB interface |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1776563A true CN1776563A (en) | 2006-05-24 |
Family
ID=36766128
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200510130655 Pending CN1776563A (en) | 2005-12-19 | 2005-12-19 | File encrypting device based on USB interface |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1776563A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100446024C (en) * | 2007-01-26 | 2008-12-24 | 北京飞天诚信科技有限公司 | Protection method and system of electronic document |
| CN100449560C (en) * | 2006-09-26 | 2009-01-07 | 南京擎天科技有限公司 | Computer data security protective method |
| CN101236535B (en) * | 2007-07-31 | 2010-12-22 | 北京理工大学 | Hard disk encryption method based on optical disk under Window environment |
| CN102236747A (en) * | 2010-04-23 | 2011-11-09 | 北京同方微电子有限公司 | Method for upgrading conventional computer into trusted computer |
| CN102436568A (en) * | 2010-09-29 | 2012-05-02 | 孔令军 | Computer external encryption device with storage function and encryption and decryption method utilizing same |
| CN103761067A (en) * | 2013-12-13 | 2014-04-30 | 昆山五昌新精密电子工业有限公司 | Processing system and processing method for encryption/decryption of data files |
| CN104079414A (en) * | 2014-07-18 | 2014-10-01 | 成都卫士通信息产业股份有限公司 | Encryptor authentication method and device with identity authentication mechanism |
| CN104751072A (en) * | 2015-03-17 | 2015-07-01 | 山东维固信息科技股份有限公司 | Secrete-related control system providing completely transparent user experience based on real-time encryption and decryption technology |
| CN105468940A (en) * | 2015-11-30 | 2016-04-06 | 北京深思数盾科技有限公司 | Software protection method and apparatus |
| CN107273768A (en) * | 2017-06-20 | 2017-10-20 | 广州金沅达电子科技有限公司 | A kind of encrypted U disk and its encryption method |
| CN112968774A (en) * | 2021-02-01 | 2021-06-15 | 中国海洋石油集团有限公司 | Method, device storage medium and equipment for encrypting and decrypting configuration file |
-
2005
- 2005-12-19 CN CN 200510130655 patent/CN1776563A/en active Pending
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100449560C (en) * | 2006-09-26 | 2009-01-07 | 南京擎天科技有限公司 | Computer data security protective method |
| CN100446024C (en) * | 2007-01-26 | 2008-12-24 | 北京飞天诚信科技有限公司 | Protection method and system of electronic document |
| CN101236535B (en) * | 2007-07-31 | 2010-12-22 | 北京理工大学 | Hard disk encryption method based on optical disk under Window environment |
| CN102236747A (en) * | 2010-04-23 | 2011-11-09 | 北京同方微电子有限公司 | Method for upgrading conventional computer into trusted computer |
| CN102436568A (en) * | 2010-09-29 | 2012-05-02 | 孔令军 | Computer external encryption device with storage function and encryption and decryption method utilizing same |
| CN102436568B (en) * | 2010-09-29 | 2014-12-17 | 苏州慧尔科技发展有限公司 | Computer external encryption device with storage function and encryption and decryption method utilizing same |
| CN103761067A (en) * | 2013-12-13 | 2014-04-30 | 昆山五昌新精密电子工业有限公司 | Processing system and processing method for encryption/decryption of data files |
| CN104079414A (en) * | 2014-07-18 | 2014-10-01 | 成都卫士通信息产业股份有限公司 | Encryptor authentication method and device with identity authentication mechanism |
| CN104751072A (en) * | 2015-03-17 | 2015-07-01 | 山东维固信息科技股份有限公司 | Secrete-related control system providing completely transparent user experience based on real-time encryption and decryption technology |
| CN105468940A (en) * | 2015-11-30 | 2016-04-06 | 北京深思数盾科技有限公司 | Software protection method and apparatus |
| CN107273768A (en) * | 2017-06-20 | 2017-10-20 | 广州金沅达电子科技有限公司 | A kind of encrypted U disk and its encryption method |
| CN112968774A (en) * | 2021-02-01 | 2021-06-15 | 中国海洋石油集团有限公司 | Method, device storage medium and equipment for encrypting and decrypting configuration file |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1776563A (en) | File encrypting device based on USB interface | |
| US9240883B2 (en) | Multi-key cryptography for encrypting file system acceleration | |
| CN101853363B (en) | File protection method and system | |
| CN101196855B (en) | Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method | |
| CN1592877A (en) | Method and device for encryption/decryption of data on mass storage device | |
| CN102073808B (en) | Method for encrypting and storing information through SATA interface and encryption card | |
| CN102693399B (en) | System and method for on-line separation and recovery of electronic documents | |
| CN1725196A (en) | Enciphered protection and read write control method for computer data | |
| CN102831346B (en) | A kind of file protecting system carries out the method for file encryption-decryption | |
| CN104239820A (en) | Secure storage device | |
| US20080123858A1 (en) | Method and apparatus for accessing an encrypted file system using non-local keys | |
| CN103218575A (en) | Host file security monitoring method | |
| EP2037389A1 (en) | An electronic file protection system having one or more removeable memory devices | |
| CN111324901A (en) | Method for creating and decrypting enterprise security encrypted file | |
| CN1293483C (en) | Multistorage type physical buffer computer data safety protection method and device | |
| CN1304915C (en) | Computer hard disk data encrypting method and device | |
| CN100462993C (en) | Outer placed mobile storage in use for alete information processing | |
| CN110489978A (en) | A kind of file encryption-decryption method | |
| CN1266617C (en) | Computer data protective method | |
| CN112711764A (en) | Data reading and writing method and device and electronic equipment | |
| CN100543762C (en) | Computer-aided design data encryption protecting method based on hardware environment | |
| CN2854676Y (en) | File binder encipher device based on universal serial bus interface | |
| CN101099207A (en) | Portable data support with watermark function | |
| EP2037390A1 (en) | System and method of protecting content of an electronic file for sending and receiving | |
| CN112287415B (en) | USB storage device access control method, system, medium, device and application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |