Search

CN-115357951-B - Dual-core encryption bridge for converting multi-host interface into SATA bridge and encryption and decryption transmission method

CN115357951BCN 115357951 BCN115357951 BCN 115357951BCN-115357951-B

Abstract

The invention belongs to the technical field of data security transmission, and particularly relates to a dual-core encryption bridge of a multi-host interface SATA (serial advanced technology attachment) bridge and an encryption and decryption transmission method. The dual-core encryption bridge of the multi-host interface SATA bridge comprises a host, a dual-core embedded processor module, a first data interface, a second data interface and a total control program which are connected by buses. The dual-core embedded processor module comprises a first core, a second core, an SDRAM, a DTCM and a data transmission completion mark, wherein the first core is used for receiving data transmitted by an external data interface, encrypting and decrypting the data and transmitting the encrypted and decrypted data to the external interface, the second core is used for receiving or transmitting data from the SDRAM and monitoring the DTCM mutually, the SDRAM is used for storing the data, the DTCM is used for storing the data transmission completion mark, the first core comprises CryptoEngine used for encrypting and decrypting the data, and the second core comprises SATAHost used for sending the encrypted and decrypted data and SATADEVICE used for receiving the encrypted and decrypted data. The invention solves the problems of low performance and efficiency of the encryption bridge and limited application scene in the prior art.

Inventors

  • WEI LANLAN

Assignees

  • 山东方寸微电子科技有限公司

Dates

Publication Date
20260512
Application Date
20220819

Claims (9)

  1. 1. The dual-core encryption bridge of the multi-host interface SATA bridge is characterized by comprising a host, a dual-core embedded processor module, a first data interface, a second data interface and a total control program which are connected through a bus; the dual core embedded processor module includes: The first kernel is used for receiving the data transmitted by the external data interface, carrying out encryption and decryption processing and transmitting the encrypted and decrypted data to the external data interface; a second kernel for receiving or transmitting encrypted and decrypted data from the SDRAM and mutually monitoring with the DTCM; SDRAM for storing data; A DTCM for storing a flag of completion of data transmission; the first kernel and the second kernel share DTCM and SDRAM; the first kernel comprises a Crypto Engine for encrypting and decrypting data; the second kernel comprises a SATA Host for sending the encrypted and decrypted data and SATA DEVICE for receiving the encrypted and decrypted data; The dual-core embedded processor module comprises a first dual-core embedded processor and a second dual-core embedded processor; The SATA Host in the second core of the first dual-core embedded processor is connected with SATA DEVICE in the second core of the second dual-core embedded processor through a data transmission line; SATA DEVICE in the second core of the first dual-core embedded processor is connected with a SATA Host in the second core of the second dual-core embedded processor through a data transmission line.
  2. 2. The dual-core cryptographic bridge of a multi-host interface to SATA bridge of claim 1 wherein, The first dual-core embedded processor and the second dual-core embedded processor are respectively provided with 1 SATA Host and 1 SATA DEVICE SATA Host; data is transmitted between the SATA Host of the first dual-core embedded processor and SATA DEVICE of the second dual-core embedded processor in a SATA DMA mode; Data is transferred between the SATA Host of the second dual-core embedded processor and SATA DEVICE of the first dual-core embedded processor by SATA DMA.
  3. 3. The dual core encryption bridge of claim 1, wherein the data interface comprises a USB/PCIE/GMAC/SATA/SAS interface or other data interface.
  4. 4. A method for encrypting and decrypting a dual-core encryption bridge of a multi-host interface to SATA bridge as recited in any one of claims 1 to 3, comprising: a data configuration step, wherein a host computer issues configuration commands related to data according to a defined protocol, namely transparent transmission or encryption or decryption; A data encryption and decryption step, namely after the dual-core embedded processor module receives a configuration command, the data to be encrypted and decrypted enter the dual-core embedded processor module through a data interface, and a first kernel of the dual-core embedded processor module receives the data to be encrypted and decrypted to a Crypto Engine and starts encryption and decryption; And a data transmission step, namely storing the encrypted and decrypted data into SDRAM of the dual-core embedded processor module, setting a flag for finishing data storage in DTCM of the dual-core embedded processor module, monitoring the DTCM of the dual-core embedded processor module in real time by a second inner core of the dual-core embedded processor module, and transmitting the data out of the SATA interface after SATAHost of the second inner core of the dual-core embedded processor module receives the flag for finishing data receiving.
  5. 5. The encryption and decryption transmission method of a dual-core encryption bridge of a multi-host interface to SATA bridge of claim 4 wherein said dual-core embedded processor module comprises a first dual-core embedded processor and a second dual-core embedded processor; the data transmission step further includes: Transmitting data to SATA DEVICE in a second core of the second dual-core embedded processor by a SATA Host in the second core of the first dual-core embedded processor; SATA DEVICE of the second dual-core embedded processor receives data and transmits the data to SDRAM of the second dual-core embedded processor; The DTCM of the second dual-core embedded processor sets a data receiving completion flag and informs a first kernel of the second dual-core embedded processor; And the first core of the second dual-core embedded processor monitors the DTCM of the second dual-core embedded processor in real time, and when the first core of the second dual-core embedded processor receives a mark that the data is received completely, the data is transmitted out of the data interface of the second dual-core embedded processor.
  6. 6. The method for encrypting and decrypting a dual-core encryption bridge of a multi-host interface to SATA bridge according to claim 4, wherein when the host sequentially sends a plurality of data packets, the dual-core embedded processor module operates the same, comprising: after the encryption and decryption of the first Data packet Data Pack 0 are completed, the first kernel informs the second kernel of the Data to be transmitted in the SDRAM through the DTCM in the first dual-core embedded processor; at the moment, starting SATA DMA of the first dual-core embedded processor, and sending data to the second dual-core embedded processor through SATA Host of the second core of the first dual-core embedded processor; in the first dual-core embedded processor, after SATAHost of the second core finishes sending the Data Pack 0, informing the first core by the DTCM that the new Data packet is continuously received; In the first dual-core embedded processor, after encryption and decryption of a first Data packet Data Pack 0 by a Crypto Engine of a first core are completed, the first core continuously receives a second Data packet Data Pack 1; The encryption and decryption process and the transmission process of the second Data packet are the same as those of the first Data packet Data Pack 0.
  7. 7. The method for encrypting and decrypting the dual-core encryption bridge of the multi-host interface to SATA bridge according to claim 5, wherein the data to be encrypted and decrypted is entered through the first data interface or the second data interface.
  8. 8. The method for encrypting and decrypting the dual-core encryption bridge of the multi-host interface to SATA bridge according to claim 6, wherein the host at the first data interface end and the host at the second data interface are independent from each other in configuring parameters.
  9. 9. The encryption and decryption transmission method for a dual-core encryption bridge of a multi-host interface to SATA bridge of claim 4 wherein the first core is a CK core or other core and the second core is an ARM core or other core.

Description

Dual-core encryption bridge for converting multi-host interface into SATA bridge and encryption and decryption transmission method Technical Field The invention belongs to the technical field of data security transmission, and particularly relates to a dual-core encryption bridge of a multi-host interface SATA (serial advanced technology attachment) bridge and an encryption and decryption transmission method. Background With popularization of internet application and industrial and commercial intelligent popularization, the problem of information storage safety is becoming more and more important. The file data stored in various terminals and servers are sensitive and private data related to enterprises or individuals, and if hard disk equipment is stolen or internal personnel illegally accesses, the risk of information leakage exists, so that huge losses are brought to the enterprises or individuals. In today's computer environment, there are many security threats in end user devices. These threats are unintentional, such as human error, while others are intended. A common threat is that the user's hard disk device is lost or stolen, and how to protect the data security in the hard disk device in the case of losing the hard disk device becomes a problem to be studied and solved currently. The prior patent literature also discloses related solutions, such as: The Chinese patent document CN109657502A discloses a SATA bridging real-time transmission encryption system and method based on a domestic cryptographic algorithm, and the system comprises a desktop system security storage control chip, a SATA DEVICE IP core, a SATA HOST IP core and a hard disk which are sequentially connected, and also comprises a USB HOST IP core, wherein the USB HOST IP core is used for carrying out identity authentication on a storage device U_KEY which is inserted into an external USB port of the security storage control chip of the desktop system, and a simple data management protocol SM1 module and an SM4 module which are used for encrypting and decrypting data are respectively connected with the SATA DEVICE IP core and the SATA HOST IP core. The data transfer is accomplished by controlling the two tables with registers in accordance with the command protocol in the FIS field. In the prior art, an encryption chip is added on the hardware of a computer terminal, and data written into a hard disk is encrypted and decrypted through the encryption chip, mostly in a mode of an encryption bridge. SATA is commonly referred to as SERIAL ADVANCED Technology Attachment (serial advanced technology attachment), an industry standard based serial hardware driver interface, a hard disk interface specification commonly proposed by the companies Intel, IBM, dell, APT, maxtor and Seagate. The external data interface is only a USB interface, the process of the scheme is a serial process based on single-core data encryption transmission, the algorithm only comprises a domestic cryptographic algorithm, and the application scene is limited. The scheme can generate performance loss in the application process, and limit the high-bandwidth performance of the high-speed interface. Disclosure of Invention The present invention is directed to overcoming at least one of the above-mentioned drawbacks of the prior art and providing a dual-core encryption bridge for a multi-host interface to SATA bridge. The invention also discloses an encryption/decryption transmission method for the multi-host interface to SATA bridge, which is used for solving the problems of low performance, low transmission efficiency and limited application scene of the encryption bridge in the prior art. The invention realizes the efficient encryption transmission of key data by means of a dual-core queue technology and a SATA high-speed interface bridging path at the bottom layer. Description of technical terms: 1. SDRAM is an abbreviation for synchronous dynamic random-access memory, which refers to synchronous dynamic random access memory; 2. DTCM is an abbreviation for DATA TIGHTLY Coupled Memory, which refers to data tightly Coupled Memory; 3. crypto Engine refers to an encryption Engine; 4. DMA refers to direct memory access; 5. SATA Host refers to SATA Host; 6. SATA DEVICE refers to SATA device. The detailed technical scheme of the invention is as follows: A dual-core encryption bridge of a multi-host interface to SATA bridge comprises a host, a dual-core embedded processor module, a first data interface, a second data interface and a total control program which are connected through buses. The dual-core embedded processor module comprises a first core, a second core, an SDRAM, a DTCM, a first core and a second core, wherein the first core is used for receiving data transmitted by an external data interface, conducting encryption and decryption processing, transmitting encrypted and decrypted data to the external data interface, the second core is used for receiving or transmitti