CN215450156U

CN215450156U - Secure storage device

Info

Publication number: CN215450156U
Application number: CN202120492882.3U
Authority: CN
Inventors: 吴曼青
Original assignee: Individual
Current assignee: Individual
Priority date: 2021-03-08
Filing date: 2021-03-08
Publication date: 2022-01-07
Anticipated expiration: 2031-03-08

Abstract

The utility model provides a secure storage device. The device comprises a transmission interface, a storage unit and the following parts positioned between the transmission interface and the storage unit: uplink and downlink transmission links; an upstream and downstream memory controller each selectively enabled and disabled by the master control unit for allowing only read access and write access to the device, respectively; and the storage interface switching unit is correspondingly controlled by the main control unit to be only communicated with the uplink storage controller, only communicated with the downlink storage controller or communicated with the uplink or downlink storage controller in a time division manner according to the read-only mode, the write-only mode or the read-write mode of the device. The safety storage device can be flexibly configured to work in one of read-only, write-only and read-write modes according to conditions, and simultaneously realizes physical isolation and logical isolation between uplink and downlink data transmission channels, thereby providing high safety. In addition, the present invention can support mass storage and is advantageous in realizing high-speed data transmission via a storage device and providing portability of the storage device.

Description

Secure storage device

Technical Field

The utility model relates to the field of computer information security and network security, in particular to a secure storage device.

Background

With the development of the internet and digital economy, data transmission is increasingly demanding in terms of capacity and faces increasing security threats. Interaction between internal networks and external networks of enterprises, governments, military departments and the like is more and more frequent, and in order to ensure the safety of data interaction, a unidirectional transmission mode is usually adopted for data interaction. The transmission equipment commonly used at present is an optical disc, a network gate, an optical shutter, a secure flash disk and the like.

Optical disc transmission is heavily used, but optical discs have some disadvantages, such as: the capacity is limited, and the information storage capacity generally does not exceed 10 GB; the use is inconvenient, the damage is easy, and the waste of resources to a certain extent is caused by timely destroying after the use. The network Gate (GAP), i.e. the network safety isolation device, is erected between two networks (internal network and external network) which are not communicated, and can not be connected with the internal network and the external network at any time by controlling the data exchange area, thereby realizing the safety ferry of data under the condition of physical isolation of the internal network and the external network. However, the gatekeeper is also deficient, for example: the data interaction speed is low, the reliability is poor, the traceability can not be provided, the transmission of large files and mass data can not be well supported, and the service timeliness can be influenced. Optical gating (FGAP), i.e. a secure optical transmission device, was developed on the basis of a gatekeeper, which is based on unidirectional physical isolation of light from software and hardware systems. The optical gate is generally used in a data interaction scenario with a high requirement on security, such as data interaction between a confidential network and a non-confidential network, data interaction between an industry intranet and a public network, and the like. The net gate and the optical gate are expensive, have no data storage function, are large in size and are inconvenient to carry. The secret U disk is also called a safety U disk, and the encryption protection of the U disk data is realized only by adopting an authorization management and password control mode. Although the USB flash disk is convenient to use, the security of the secret USB flash disk is low, and information security problems caused by using the secure USB flash disk are frequent.

Accordingly, there is a need for an improved secure storage device.

SUMMERY OF THE UTILITY MODEL

It is an object of the present invention to propose a secure storage device which solves or at least alleviates at least some of the above problems.

The utility model provides at least the following technical scheme:

1. a secure storage device, comprising: the device comprises a transmission interface, a main control unit, a downlink transmission link, a downlink storage controller, an uplink transmission link, an uplink storage controller, a storage interface switching unit and a storage unit, wherein the main control unit is connected to the transmission interface, the downlink storage controller, the uplink storage controller and the storage interface switching unit, the downlink transmission link is connected between the transmission interface and the downlink storage controller, the uplink transmission link is connected between the transmission interface and the uplink storage controller, and each of the downlink storage controller and the uplink storage controller is connected to the storage unit through the storage interface switching unit, wherein the transmission interface, the main control unit, the downlink storage controller, the uplink storage controller and the storage interface switching unit are connected to the storage unit through the storage interface switching unit, and the transmission interface, the uplink storage controller and the downlink storage controller are connected to the storage unit through the storage interface switching unit

The downstream memory controller is configured to be selectively enabled or disabled by the master unit to allow or disable write access to the memory units,

the upstream memory controller is configured to be selectively enabled or disabled by the master unit to allow or disable read access to the memory cells,

the storage interface switching unit is configured to be controlled by the main control unit to selectively communicate with the downstream storage controller or the upstream storage controller,

the master control unit is configured to selectively perform one of at least one control including a first control to operate the secure storage device in a write-only mode, a second control to operate the secure storage device in a read-only mode, and/or a third control to operate the secure storage device in a read-write mode,

wherein the first control includes: enabling the downlink storage controller, disabling the uplink storage controller, and controlling the storage interface switching unit to be only connected with the downlink storage controller, so that data from an upper computer connected to the secure storage device via the transmission interface can be transmitted to and written into the storage unit via the transmission interface, the downlink transmission link, the downlink storage controller, and the storage interface switching unit in sequence; the second control includes: disabling the downlink storage controller, enabling the uplink storage controller, and controlling the storage interface switching unit to be only connected with the uplink storage controller, so that data stored in the storage unit can be read and transmitted to the upper computer through the storage interface switching unit, the uplink storage controller, the uplink transmission link and the transmission interface in sequence; the third control includes: the storage interface switching unit is controlled to be switched on with the downlink storage controller or the uplink storage controller in a time-sharing manner, the downlink storage controller is enabled and the uplink storage controller is disabled when the storage interface switching unit is switched on with the downlink storage controller, the downlink storage controller is disabled and the uplink storage controller is enabled when the storage interface switching unit is switched on with the uplink storage controller, so that when the storage interface switching unit is switched on with the downlink storage controller, data from the upper computer can be transmitted to and written into the storage unit through the transmission interface, the downlink transmission link, the downlink storage controller and the storage interface switching unit in sequence, and when the storage interface switching unit is switched on with the uplink storage controller, the data stored in the storage unit can be read and sequentially transmitted through the storage interface switching unit, The uplink storage controller, the uplink transmission link and the transmission interface are transmitted to the upper computer.

2. The secure storage apparatus according to claim 1, wherein,

the downlink transmission link comprises a first light emitting unit connected to the transmission interface, a first light receiving unit connected to the downlink storage controller, and a first transmission optical path between the first light emitting unit and the first light receiving unit;

the upstream transmission link includes a second light emitting unit connected to the upstream storage controller, a second light receiving unit connected to the transmission interface, and a second transmission optical path between the second light emitting unit and the second light receiving unit.

3. The secure storage apparatus according to claim 2, wherein,

the first light emitting unit is connected to the master control unit and configured to be selectively enabled or disabled by the master control unit, wherein the first control further comprises enabling the first light emitting unit, the second control further comprises disabling the first light emitting unit, the third control further comprises: enabling the first light emitting unit when the storage interface switching unit is connected with the downlink storage controller, and disabling the first light emitting unit when the storage interface switching unit is connected with the uplink storage controller; and/or the first light receiving unit is connected to the master control unit and configured to be selectively enabled or disabled by the master control unit, wherein the first controlling further comprises enabling the first light receiving unit, the second controlling further comprises disabling the first light receiving unit, the third controlling further comprises: enabling the first optical receiving unit when the storage interface switching unit is connected with the downstream storage controller, and disabling the first optical receiving unit when the storage interface switching unit is connected with the upstream storage controller,

and/or the presence of a gas in the gas,

the second light emitting unit is connected to the master control unit and configured to be selectively enabled or disabled by the master control unit, wherein the first control further comprises disabling the second light emitting unit, the second control further comprises enabling the second light emitting unit, the third control further comprises: disabling the second light emitting unit when the storage interface switching unit is connected with the downstream storage controller, and enabling the second light emitting unit when the storage interface switching unit is connected with the upstream storage controller; and/or the second light receiving unit is connected to the master control unit and configured to be selectively enabled or disabled by the master control unit, wherein the first control further comprises disabling the second light receiving unit, the second control further comprises enabling the second light receiving unit, the third control further comprises: and the second optical receiving unit is disabled when the storage interface switching unit is connected with the downlink storage controller, and the second optical receiving unit is enabled when the storage interface switching unit is connected with the uplink storage controller.

4. The secure storage apparatus according to claim 2 or 3, wherein,

the downstream transmission link further includes a first optical switch positioned on the first transmission lightpath, the first optical switch configured to be selectively closed or opened to switch the first transmission lightpath on or off; and/or

The upstream transmission link also includes a second optical switch positioned on the second transmission optical path, the second optical switch configured to be selectively closed or opened to switch the second transmission optical path on or off.

5. The secure storage apparatus according to claim 4, wherein,

the first optical switch is a first electrically controlled optical switch connected to the master control unit and configured to be selectively closed or opened by the master control unit to turn on or off the first transmission optical path, wherein the first control further comprises closing the first electrically controlled optical switch, the second control further comprises opening the first electrically controlled optical switch, the third control further comprises: the first electric control optical switch is closed when the storage interface switching unit is connected with the downlink storage controller, and the first electric control optical switch is opened when the storage interface switching unit is connected with the uplink storage controller; the second optical switch is a second electrically controlled optical switch connected to the master control unit and configured to be selectively closed or opened by the master control unit to turn on or off the second transmission optical path, wherein the first control further comprises opening the second electrically controlled optical switch, the second control further comprises closing the second electrically controlled optical switch, the third control further comprises: the second electric control optical switch is switched off when the storage interface switching unit is switched on with the downlink storage controller, and the second electric control optical switch is switched on when the storage interface switching unit is switched on with the uplink storage controller,

or,

the first optical switch is a first mechanical optical switch suitable for manual control; the second optical switch is a second mechanical optical switch adapted for manual control.

6. The secure storage apparatus according to claim 1, wherein the data stored in the storage unit is encrypted using an encryption key, wherein

The secure storage apparatus further comprises a random number generator connected to the master control unit for generating a random number and providing the random number to the master control unit for updating at least one key component of the encryption key, or

The secure storage device further comprises a key component transmission interface connected to the main control unit, wherein the key component transmission interface is used for the main control unit to receive random numbers from an external random number generator for updating at least one key component of the encryption key.

7. The secure memory device of scheme 6, wherein the random number generator is a quantum random number generator.

8. The secure storage apparatus of claim 6 or 7, wherein the secure storage apparatus further comprises a security unit connected to the master unit, the at least one key share comprising a first key share associated with the security unit and a second key share associated with a device ID of the secure storage apparatus, the security unit to store the first key share and the second key share.

9. The secure storage of claim 8, wherein the encryption key is generated based on the first key share, the second key share, and a third key share, the third key share being based on a user password used by a user writing or reading the data stored in the storage unit during writing or reading the data to or from the secure storage.

10. The secure storage of claim 9, wherein the third key component is generated by host computer software configured to be adapted to be installed in the host computer based on the user password.

11. The secure storage apparatus of any of claims 1-7, wherein the master unit is configured to perform one of the at least one control based on configuration information associated with a user currently accessing the secure storage apparatus.

12. The secure storage apparatus according to claim 11, wherein the main control unit is configured to receive the configuration information from the upper computer, the configuration information being generated by upper computer software configured to be adapted to be installed in the upper computer based on the authority of the user.

The safe storage device of the utility model supports three working modes of a write-only mode, a read-only mode and a read-write mode, can be flexibly configured to work in one of the three working modes according to the situation, simultaneously realizes the physical isolation and the logical isolation between an uplink transmission channel and a downlink transmission channel, and provides high safety. In addition, the scheme of the utility model can support mass storage, and is favorable for realizing high-speed data transmission through the safety storage device and providing portability of the safety storage device.

Drawings

Non-limiting and non-exhaustive embodiments of the present invention are described by way of example with reference to the following drawings, in which:

FIG. 1 is a schematic diagram illustrating a secure storage device according to an embodiment of the present invention;

FIG. 2 is a schematic diagram illustrating a secure storage according to another embodiment of the present invention;

FIG. 3 is a schematic diagram illustrating a secure storage device and an upper computer connected thereto according to an embodiment of the utility model;

FIG. 4 is a flowchart illustrating an example process of data writing in the case of FIG. 3;

fig. 5 is a flowchart illustrating an example process of data reading in the case of fig. 3.

Detailed Description

In order that the manner in which the above recited and other features and advantages of the present invention are obtained will be readily understood, a further description of the utility model will be rendered by reference to the appended drawings, which form a part hereof, and which together with the embodiments thereof serve to explain the principles of the present invention. It is understood that the specific embodiments described herein are for purposes of illustration only and are not intended to be limiting.

The features described herein may be embodied in different forms and should not be construed as limited to the embodiments set forth herein. Rather, the embodiments described herein are provided merely to illustrate some of the many possible ways of implementing the structures, methods, processes, and/or operations described herein. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. However, it will be apparent to one of ordinary skill in the art that the specific details need not be employed to practice the present invention. For the purpose of clarity and simplicity, detailed descriptions of known functions and structures of devices, components and units described herein will be omitted when they may obscure the subject matter of the present invention.

FIG. 1 schematically illustrates a secure storage device 10 according to an embodiment of the present invention. As shown in fig. 1, the secure storage apparatus 10 includes: a transmission interface 101, a main control unit 102, a downlink transmission link 103, a downlink storage controller 105, an uplink transmission link 104, an uplink storage controller 106, a storage interface switching unit 107 and a storage unit 108. The main control unit 102 is connected to the transmission interface 101, the downstream memory controller 105, the upstream memory controller 106, and the memory interface switching unit 107. The downstream transmission link 103 is coupled between the transmission interface 101 and the downstream memory controller 105. The upstream transmission link 104 is connected between the transmission interface 101 and the upstream memory controller 106. Each of the downstream memory controller 105 and the upstream memory controller 106 is connected to the memory unit 108 via the memory interface switching unit 107.

The transmission interface 101 is used to connect the secure storage device 10 to an upper computer and to transmit data between the secure storage device 10 and the upper computer to which it is connected. The transmission interface 101 may be any suitable interface device, such as a USB interface, a network interface, etc.

Both the downstream transmission link 103 and the upstream transmission link 104 are used for transmitting data. In particular, the downstream transmission link 103 is configured to transmit data from the transmission interface 101 to the downstream storage controller 105, which data is transmitted by the upper computer to which the transmission interface 101 is connected to the transmission interface 101, which may also be referred to as "downstream data". The upstream transmission link 104 is configured to transmit data from the upstream memory controller 106 to the transmission interface 101, which data is transmitted by the memory unit 108 to the upstream memory controller 106 via the memory interface switching unit 107, which may also be referred to as "upstream data". Each of the downstream transmission link 103 and the upstream transmission link 104 may be implemented using various possible transmission media, e.g., as an electrical transmission link, an optical transmission link, etc.

The storage unit 108 is used to store data. Downstream storage controller 105 is used to manage and control write access to storage units 108. The upstream memory controller 106 is used to manage and control read access to the memory cells 108. Such storage units and storage controllers may themselves be known in the art, and may be implemented using various suitable means and techniques, including means and techniques for storage device and storage device management/control known in the art. Advantageously, the downstream memory controller 105 and the upstream memory controller 106 are separate, separately implemented modules independent of each other.

The downstream transmission link 103, the downstream memory controller 105 and the memory interface switching unit 107 constitute a downstream data channel. The upstream transmission link 104, the upstream memory controller 106, and the memory interface switching unit 107 constitute an upstream data channel. Each of the downstream data channel and the upstream data channel is located between the transmission interface 101 and the memory unit 108.

In accordance with the present invention, the downstream memory controller 105 is configured to be selectively enabled or disabled by the master unit 102 to allow or disable write access to the memory units 108; the upstream memory controller 106 is configured to be selectively enabled or disabled by the master control unit 102 to allow or disable read access to the memory cells 108; the storage interface switching unit 107 is configured to be controlled by the main control unit 102 to selectively communicate with the downstream storage controller 105 or the upstream storage controller 106; the master control unit 102 is configured to selectively perform one of at least one control including a first control that operates the secure storage device in a write-only mode, a second control that operates the secure storage device in a read-only mode, and/or a third control that operates the secure storage device in a read-write mode.

The first control may include: the downstream memory controller 105 is enabled, the upstream memory controller 106 is disabled, and the memory interface switching unit 107 is controlled to be turned on only with the downstream memory controller 105. As a result of the master control unit 102 performing the first control, the secure storage apparatus 10 operates in the write-only mode. In the write-only mode, the secure storage apparatus supports only data writing, and data from an upper computer connected to the secure storage apparatus via the transmission interface 101 can be transmitted to and written in the storage unit 108 via the transmission interface 101, the downlink transmission link 103, the downlink storage controller 105, and the storage interface switching unit 107 in sequence. The second control may include: the downstream memory controller 105 is disabled, the upstream memory controller 106 is enabled, and the memory interface switching unit 107 is controlled to be connected to only the upstream memory controller 106. As a result of the main control unit 102 performing the second control, the secure storage apparatus 10 operates in the read-only mode. In the read-only mode, the secure storage device only supports data readout, and data stored in the storage unit 108 can be read and transmitted to the upper computer via the storage interface switching unit 107, the uplink storage controller 106, the uplink transmission link 104, and the transmission interface 101 in sequence. The third control may include: the memory interface switching unit 107 is controlled to be turned on with the downstream memory controller 105 or the upstream memory controller 106 by a time division, the downstream memory controller 105 is enabled and the upstream memory controller 106 is disabled when the memory interface switching unit 107 is turned on with the downstream memory controller 105, and the downstream memory controller 105 is disabled and the upstream memory controller 106 is enabled when the memory interface switching unit 107 is turned on with the upstream memory controller 106. As a result of the main control unit 102 performing the third control, the secure storage apparatus 10 operates in the read-write mode. In a read-write mode, the secure storage device supports data writing and reading, and when the storage interface switching unit 107 is connected with the downlink storage controller 105, data from the upper computer can be transmitted to and written into the storage unit 108 through the transmission interface 101, the downlink transmission link 103, the downlink storage controller 105 and the storage interface switching unit 107 in sequence; and, when the storage interface switching unit 107 is turned on with the upstream storage controller 106, the data stored in the storage unit 108 can be read and transmitted to the upper computer via the storage interface switching unit 107, the upstream storage controller 106, the upstream transmission link 104, and the transmission interface 101 in this order. In this way, by controlling the memory interface switching unit 107, physical isolation between the downstream data channel and the upstream data channel is achieved, while logical isolation between the downstream data channel and the upstream data channel is achieved by the downstream memory controller 105 supporting only the write operation to the memory unit 108 and by the upstream memory controller 106 supporting only the read operation to the memory unit 108.

The control performed by the master control unit 102 may be based on configuration information it receives, which is received by the master control unit via the transmission interface 101 from an upper computer (not shown) to which the secure storage 10 is connected, as will be described below.

Fig. 2 schematically shows a secure storage apparatus 20 according to another embodiment of the present invention. As shown in fig. 2, the secure storage device 20 includes: the device comprises a transmission interface 201, a main control unit 202, a first light emitting unit 2031, a first light switch 2032, a first light receiving unit 2033, a second light emitting unit 2041, a second light switch 2042, a second light receiving unit 2043, a downlink memory controller 205, an uplink memory controller 206, a memory interface switching unit 207, a memory unit 208, a security unit 209 and a random number generator 210. The combination of the first light transmitting unit 2031, the first optical switch 2032, and the first light receiving unit 2033 constitutes a downlink transmission link of an optical link — this downlink transmission link is also referred to as a "downlink optical transmission link". The combination of the second light emitting unit 2041, the second optical switch 2042 and the second light receiving unit 2043 constitutes an uplink transmission link of an optical link, which is also referred to as an "uplink optical transmission link".

The downstream optical transmission link, the downstream memory controller 205 and the memory interface switching unit 207 form a downstream data channel. The upstream optical transmission link, the upstream memory controller 206 and the memory interface switching unit 207 form an upstream data channel. Each of the downstream data channel and the upstream data channel is located between the transmission interface 201 and the memory unit 208.

The transmission interface 201, the master control unit 202, the downstream optical transmission link, the downstream memory controller 205, the upstream optical transmission link, the upstream memory controller 206, the memory interface switching unit 207, and the memory unit 208 in fig. 2 may be respectively connected and function the same as or similar to the transmission interface 101, the master control unit 102, the downstream transmission link 103, the downstream memory controller 105, the upstream transmission link 104, the upstream memory controller 106, the memory interface switching unit 107, and the memory unit 108 in fig. 1, except that the master control unit 202 is further connected to the security unit 209, the random number generator 210, the first light emitting unit 2031, the first light switch 2032, the first light receiving unit 2033, the second light emitting unit 2041, the second light switch 2042, and the second light receiving unit 2043, and may additionally be configured to perform operations associated with these components, including performing the first control, the second control, and the memory controller, The controls associated with these components involved in the second control and the third control are as will be described below.

The first light emitting unit 2031 and the first light receiving unit 2033 are used for cooperating with each other to perform data transmission. For example, the first light emitting unit 2031 may convert the received data into an optical signal and transmit it to the first light receiving unit 2033, and the first light receiving unit 2033 converts the optical signal into data for further transmission after receiving it. Similarly, the second light emitting unit 2041 and the second light receiving unit 2043 are used to cooperate with each other for data transmission. For example, the second light emitting unit 2041 may convert the received data into an optical signal and send the optical signal to the second light receiving unit 2043, and the second light receiving unit 2043 converts the optical signal into data for further transmission after receiving the optical signal.

The first optical switch 2032 is disposed on the first transmission light path between the first light emitting unit 2031 and the first light receiving unit 2033, and may be configured to be selectively closed or opened to turn on or off the first transmission light path. The second optical switch 2042 is disposed on a second transmission light path between the second light emitting unit 2041 and the second light receiving unit 2043, and may be configured to be selectively closed or opened to turn on or off the second transmission light path.

In the case of fig. 2, the first optical switch 2032 can be a first electrically controlled optical switch configured to be selectively closed or opened by the master control unit 202 to switch on or off the first transmission lightpath to switch on or off the downstream optical transmission link. The second optical switch 2042 can be a second electrically controlled optical switch configured to be selectively closed or opened by the master control unit 202 to switch the second transmission optical path on or off to switch the upstream optical transmission link on or off. In this case, the main control unit 202 performing the above-described first control may additionally include performing the following operations: closing the first electrically controlled optical switch and opening the second electrically controlled optical switch; the main control unit 202 performing the above-described second control may additionally include performing the following operations: opening the first electrically controlled optical switch and closing the second electrically controlled optical switch; the main control unit 202 performing the above-mentioned third control may additionally include performing the following operations: the first electronic control optical switch is turned on and the second electronic control optical switch is turned off when the storage interface switching unit 207 and the downstream storage controller 205 are turned on, and the first electronic control optical switch is turned off and the second electronic control optical switch is turned on when the storage interface switching unit 207 and the upstream storage controller 206 are turned on.

According to another possible implementation, the first optical switch 2032 may be a first mechanical optical switch adapted to be manually controlled and the second optical switch 2042 may be a second mechanical optical switch adapted to be manually controlled. Such a mechanical light switch may be operated by a user to close or open without being connected to the master control unit 202.

Each of the first light emitting unit 2031, the first light receiving unit 2033, the second light emitting unit 2041, and the second light receiving unit 2043 may be configured to be selectively enabled or disabled by the main control unit 202. In the case of fig. 2, the master control unit 202 performing the above-described first control may additionally include performing the following operations: enabling the first light emitting unit 2031 and the first light receiving unit 2033, disabling the second light emitting unit 2041 and/or the second light receiving unit 2043; the main control unit 202 performing the above-described second control may additionally include performing the following operations: disabling the first light emitting unit 2031 and/or the first light receiving unit 2033, enabling the second light emitting unit 2041 and the second light receiving unit 2043; the main control unit 202 performing the above-mentioned third control may additionally include performing the following operations: the first light emitting unit 2031 and the first light receiving unit 2033 are enabled, the second light emitting unit 2041 and/or the second light receiving unit 2043 are disabled when the storage interface switching unit 207 is switched on with the downstream storage controller 205, and the first light emitting unit 2031 and/or the first light receiving unit 2033 are disabled, the second light emitting unit 2041 and the second light receiving unit 2043 are enabled when the storage interface switching unit 207 is switched on with the upstream storage controller 206.

It is advantageous to arrange the uplink transmission link and the downlink transmission link as optical links in fig. 2, for example, to further ensure unidirectional transmission of data in a desired uplink or downlink direction, to improve transmission security, to achieve isolation of the uplink and downlink transmission links, and to avoid the data transmitted via the uplink and downlink transmission links from being affected by electromagnetic interference.

In addition, in the case of fig. 2, in addition to the physical isolation implemented by the storage interface switching unit 207 and the logical isolation implemented by the downstream storage controller 205 and the upstream storage controller 206, additional physical isolation may be implemented by controlling all or part of the first optical transmission unit 2031, the first optical switch 2032, the first optical reception unit 2033, the second optical transmission unit 2041, the second optical switch 2042, and the second optical reception unit 2043.

Although it is illustrated in fig. 2 that the first light emitting unit 2031, the first light receiving unit 2033, the second light emitting unit 2041, and the second light receiving unit 2043 are all connected to the main control unit 202, this is not necessary. For each of the first light emitting unit 2031, the first light receiving unit 2033, the second light emitting unit 2041, and the second light receiving unit 2043, it may not be connected to the main control unit 202, not controlled by the main control unit 202, but controlled by other means, for example, manually, or always in an enabled state during the operation of the secure storage device 20.

The security unit 209 may be used to store security related information, such as key components, authentication related information, logs, etc., as will be described below. The security unit 209 may be implemented in various possible ways, e.g. in software, hardware, firmware or a combination thereof. It is advantageous that the secure element 209 is implemented as a single chip, i.e. a secure chip.

The random number generator 210 is operable to generate random numbers and provide the generated random numbers to the master control unit 202 for generation and/or updating of at least one key component, as will be described below. The random number generator 210 may be a quantum random number generator or other suitable random number generator.

According to another possible implementation, instead of the random number generator 210, the secure storage device 20 may comprise a key share transmission interface connected to the master control unit 202, said key share transmission interface being configured to be adapted to be connected to an external random number generator for the master control unit 202 to receive from the external random number generator the random numbers it generates for updating at least one key share.

Herein, a "key component" should be understood broadly as any security-related information part on which, on or in use, an encryption or decryption key is generated. For example, any of one or more security-related information portions on which, dependent on, or used to generate keys for data encryption (e.g., downstream data encryption) or data decryption (e.g., upstream data decryption) may be referred to as a key component.

In addition to controlling the mode of operation of the secure storage, the master units, such as master units 102 and 202, may also have additional functions, such as for monitoring the status of the secure storage and its components, generating logs, performing identity authentication, etc.

Referring to fig. 3-5, the operation of the secure storage apparatus of the present invention is described, by way of example, in connection with the secure storage apparatus 20 of fig. 2.

Fig. 3 shows the secure storage device 20 connected to an upper computer. The host computer may be, for example, a computer or other possible host computer. The upper computer is installed with upper computer software which is equipped for the safety storage device 20 and is suitable for cooperating with the safety storage device 20. The upper computer software is configured to interact with a user and may be configured with features and/or user interfaces adapted to be operated by the user.

The process of performing data writing illustrated in fig. 4 includes step 401, step 402, step 403, step 404, step 405, step 406, step 407, step 408, step 409, and step 410.

At step 401, the secure storage device 20 is powered up.

In step 402, the upper computer software installed in the upper computer establishes a connection with the main control unit 202 of the secure storage device 20 through the transmission interface 201, forming an authentication connection channel.

At step 403, the master control unit 202 performs identity authentication. Specifically, in response to the user inputting login information, the upper computer software generates the authentication data of the user based on a user password included in the login information, and sends the authentication data to the main control unit 202 via the transmission interface 201. The main control unit 202 authenticates the user based on the received authentication data, e.g. authenticates the received authentication data against a password key component stored in the security unit 209. Authentication may be performed in various suitable ways or procedures, and may follow the provisions of national password-related standards, such as GB/T158043.2-2017. Here, the password key component is information related to identity authentication. The user password key component may be generated or updated by the upper computer software when the user is created, when the user password of the user is changed, or at other suitable times. For example, the upper computer software may generate a password key component by calling a pseudo-random algorithm or a random number generator based on the set user password, and then store the password key component into the storage area of the security unit 209 via the transmission interface 201 and the main control unit 202.

In step 404, the main control unit 202 determines whether the user is authenticated. If the determination result is negative, the process returns to step 402, and the main control unit 202 returns the information of the identity authentication failure to the upper computer and continues to wait for the user to log in. If the determination result is positive, the process proceeds to step 405, and the main control unit receives configuration information associated with the login user from the upper computer, opens a corresponding data channel according to the received configuration information, and initializes the opened data channel. The configuration information may be generated by the upper computer software based on the authority of the login user and sent to the main control unit 202. The user access command may be generated by a user input or operation via the upper computer software. Opening the data channel may include performing an authorization control corresponding to an operation mode allowed according to the authority of the logged-in user. For example, the authorization control may include one of the first control, the second control, and the third control described above, as appropriate. For example, if the logged-on user only has write-only permission to write data to the secure storage device, the corresponding authorization control only includes the first control; if the login user only has read-only permission to read data from the secure storage device, the corresponding authorization control only comprises the second control; if the logged-on user has both write permission to write data to the secure storage device and read permission to read data from the secure storage device, the corresponding authorization control may comprise the third control.

Depending on the circumstances, opening the data channel may include performing the first control, the second control, or the third control, which may involve: bridging the associated optical devices (e.g., the first light emitting unit 2031, the first light switch 2032, the first light receiving unit 2033, or the second light emitting unit 2041, the second light switch 2042, and the second light receiving unit 2043), powering up the associated electrical components (e.g., the downstream memory controller 205 and the security unit 209, or the upstream memory controller 206 and the security unit 209), performing corresponding control of the bridged optical devices and the powered-up electrical components, and so on. After the data channel is started and initialized successfully, a user data channel is established between a storage controller and an upper computer in the data channel, and the data channel enters a waiting mode to wait for a data access instruction. In the case that the transmission interface 201 is a USB 3.0 interface, the established user data channel is a USB 3.0 high-speed user data channel. For convenience of description, in the case of fig. 4, it is assumed that the login user only has write only authority, the user access command is a data write instruction, and accordingly, the opened data channel is a downstream data channel, i.e., the downstream memory controller 205 in the data channel.

In step 405, the downstream storage controller 205 waits for downstream data from the host computer. In response to a data write command from a user, the host computer may encrypt corresponding data and transmit the encrypted data to the downstream storage controller 205 via the transmission interface 201 and the downstream optical transmission link. For example, the encryption key may be generated by the upper computer software based on the user password of the login user, the device ID key component of the secure storage 20, and the secure element key component. The device ID key component may be set and written in the storage area of the secure unit 209 at the time of shipment of the secure storage apparatus 20, and may optionally be updated after shipment of the secure storage apparatus 20, for example, at the time of creation of a user, at the time of change of a user password, or at another suitable timing by means of a random number generated by the random number generator 210; alternatively, the device ID key component may be generated by means of a random number generated by the random number generator 210 at the time of shipment of the secure storage apparatus 20, at the time of creation of the user, at the time of modification of the user password, or at another suitable timing. For example, for the secure storage apparatus 20, the main control unit 202 may instruct the random number generator 210 to generate a random number when creating a user, changing a user password, or other suitable timing, and generate or update the device ID key component of the secure storage apparatus 20 using the generated random number; the generated or updated device ID key component may be stored in a storage area of the security unit 209. The secure unit key component may be set and written in the storage area of the secure unit 209 at the time of shipment of the secure storage apparatus 20, and may optionally be updated after shipment of the secure storage apparatus 20, for example, at the time of creation of a user, at the time of change of a user password, or at another suitable timing by means of a random number generated by the random number generator 210; alternatively, the secure element key component may be generated by means of a random number generated by the random number generator 210 at the time of shipment of the secure storage device 20, at the time of creation of the user, at the time of change of the user password, or at another suitable timing. For example, for the secure storage device 20, the master control unit 202 may instruct the random number generator 210 to generate a random number at the time of creating the user, at the time of changing the user password, or at another suitable timing, and generate or update the secure unit key component of the secure storage device 20 using the generated random number, and then transmit the generated or updated secure unit key component to the secure unit 209 for storage therein. The main control unit 202 can acquire the device ID key component, the secure unit key component, stored therein from the secure unit 209 as needed. Before issuing data, the upper computer acquires the device ID key component and the secure unit key component from the secure unit 209 via the transmission interface 201 and the main control unit 202, and generates an encryption key used for data encryption by various possible means or algorithms based on the user password of the login user, the device ID key component, and the secure unit key component. For example, the host computer may input the user password, the device ID key component, and the security element key component to a hash function (SM3, SHA, etc. hash algorithm) to generate an encryption key. The encryption of the data may employ a variety of suitable encryption algorithms including, for example and without limitation, various standard encryption algorithms and national Bureau of cryptography recognized encryption algorithms such as the AES encryption algorithm or the SM4 encryption algorithm.

In step 406, the downstream storage controller 205 determines whether downstream data from the upper computer has arrived. If the determination is negative, the process returns to step 405. If the determination is positive, the process proceeds to step 407.

In step 407, the downstream memory controller 205 writes the received downstream data to the target address of the memory unit 208 via the memory interface switching unit 207. The target address may be automatically assigned by the downstream memory controller 205.

In step 408, the downstream memory controller 205 determines whether the received downstream data is successfully written into the memory cell 208. If the determination is positive, the process proceeds to step 409. If the determination is negative, the process proceeds to step 410. The downstream memory controller 205 may feed back the determination result to the main control unit 202.

In step 409, the main control unit 202 returns status information of successful data writing to the upper computer according to the feedback from the downlink memory controller 205.

In step 410, the master control unit 202 returns status information of data write failure to the upper computer according to the feedback from the downlink memory controller 205.

The returned state information can be presented to the login user by the upper computer.

The process of performing data reading illustrated in fig. 5 includes step 501, step 502, step 503, step 504, step 505, step 506, step 507, step 508, step 509, and step 510.

Steps

501, 502, 503, 504 may be the same or similar to

steps

401, 402, 403, 404, respectively, except that: for convenience of description, in the case of fig. 5, it is assumed that the login user only has read-only right, the user access command is a data read command, and accordingly, the opened data channel is an upstream data channel, i.e., the upstream memory controller 206 in the data channel.

At step 505, the upstream memory controller 206 waits for a data read command from the host computer.

At step 506, the upstream memory controller 206 determines whether a data read command has arrived from the host computer. If the determination is negative, the process returns to step 505. If the determination is positive, the process proceeds to step 507. In response to receiving a data read instruction from a user, the host computer may transmit the data read instruction to the upstream storage controller 206 via the transmission interface 201 and the main control unit 202.

In step 507, the uplink storage controller 206 acquires the data to be read from the storage unit 208 via the storage interface switching unit 207, and transmits the data to be read to the upper computer via the uplink optical transmission link and the transmission interface 201. The data to be read may be indicated by a data read instruction from a user. The data transmitted to the upper computer is encrypted and can be decrypted by the upper computer software by using the decryption key after reaching the upper computer. For example, the decryption key may be generated by the upper computer software based on the user password of the login user, the device ID key component of the secure storage 20, and the secure element key component. The upper computer, after receiving the uplink data from the storage unit 208, may acquire the device ID key component and the secure unit key component from the secure unit 209 via the transmission interface 201 and the main control unit 202, and generate a decryption key used for data decryption by various possible means or algorithms based on the user password of the login user, the device ID key component, and the secure unit key component. For example, the host computer may input the user password, the device ID key component, and the security element key component to a hash function (SM3, SHA, etc. hash algorithm) to generate a decryption key.

At step 508, the upstream memory controller 206 determines whether the data was successfully read from the memory cells 208. If the determination is positive, the process proceeds to step 509. If the determination is negative, the process proceeds to step 510. The upstream memory controller 206 may feed back the determination result to the main control unit 202.

In step 509, the main control unit 202 returns status information of successful data reading to the upper computer according to the feedback from the uplink storage controller 206.

In step 510, the master control unit 202 returns status information of data read failure to the host computer according to the feedback from the uplink memory controller 206.

The secure storage of the present invention may be configured to support an administrator role and a general user role. When the secure storage device is accessed in an administrator role, addition and deletion of ordinary users, setting and changing of user authority and user passwords, viewing and exporting of device logs and other functions which may be expected, such as data reading, data writing and the like, can be realized. When accessing the secure storage in a normal user role, the upper computer software may generate configuration information associated with a user according to the user's authority for configuring an operation mode of the secure storage via a main control unit of the secure storage, and accordingly perform data encryption and writing and/or perform data reading and decryption.

In addition, the secure storage of the present invention may be configured to support multiple general users, such that for each general user, only data written to the secure storage by itself is visible, while data stored by other users is not visible. All user stored data may be visible, readable and deletable to the administrator. For a common user, when the secure storage device operates in a read-only mode, the common user cannot delete any data stored in the secure storage device; when the safety storage device works in a write-only mode or a read-write mode, a common user can delete the data stored in the safety storage device.

The host computer software may also optionally be configured to perform an integrity check when encrypting or decrypting the data to determine if the file is corrupted or tampered with. Specifically, when data is written, the upper computer software can calculate the md5 value of the data to be written, and write the encrypted data to be written and the calculated md5 value into the storage unit of the secure storage device; when data is read, the upper computer software decrypts the read data, then calculates the md5 value of the decrypted data, and compares the md5 value with the md5 value previously written into the storage unit, thereby judging whether the data is damaged or tampered.

It should be understood that some of the modules/units of the apparatus of the present invention may be implemented in whole or in part by software, hardware, firmware, or a combination thereof. Each of the modules/units may be implemented as a separate component or module, or two or more modules/units may be implemented as a single component or module.

The respective technical features described above may be arbitrarily combined. Although not all possible combinations of features are described, any combination of features should be considered to be covered by the present specification as long as there is no contradiction between such combinations.

While the utility model has been described in connection with specific embodiments thereof, it is to be understood that it is intended by the appended drawings that all such modifications as fall within the true spirit and scope of the utility model are intended to be included within the scope of the utility model.

Claims

1. A secure storage device, the secure storage device comprising: the device comprises a transmission interface, a main control unit, a downlink transmission link, a downlink storage controller, an uplink transmission link, an uplink storage controller, a storage interface switching unit and a storage unit, wherein the main control unit is connected to the transmission interface, the downlink storage controller, the uplink storage controller and the storage interface switching unit, the downlink transmission link is connected between the transmission interface and the downlink storage controller, the uplink transmission link is connected between the transmission interface and the uplink storage controller, and each of the downlink storage controller and the uplink storage controller is connected to the storage unit through the storage interface switching unit, wherein the transmission interface, the main control unit, the downlink storage controller, the uplink storage controller and the storage interface switching unit are connected to the storage unit through the storage interface switching unit, and the transmission interface, the uplink storage controller and the downlink storage controller are connected to the storage unit through the storage interface switching unit

2. The secure storage device of claim 1,

3. The secure storage device of claim 2,

and/or the presence of a gas in the gas,

4. Secure storage means according to claim 2 or 3,

5. The secure storage device of claim 4,

or,

6. The secure storage device of claim 1, wherein the data stored in the storage unit is encrypted using an encryption key, wherein

7. The secure memory device of claim 6, wherein the random number generator is a quantum random number generator.

8. The secure storage apparatus of claim 6 or 7, further comprising a security unit connected to the master unit, the at least one key share comprising a first key share associated with the security unit and a second key share associated with a device ID of the secure storage apparatus, the security unit to store the first key share and the second key share.

9. The secure storage device of claim 8, wherein the encryption key is generated based on the first key share, the second key share, and a third key share, the third key share being based on a user password used by a user writing or reading the data stored in the storage unit during writing or reading the data to or from the secure storage device.