阅读说明：本技术 一种基于fpga的数据保护系统 (Data protection system based on FPGA ) 是由 王培培 陈乃阔 李�昊 吴之光 牛晓威 于 2021-08-20 设计创作，主要内容包括：一种基于FPGA的数据保护系统,其特征在于,包括FPGA芯片、放电控制模块、供电转换模块、存储设备,其中所述放电控制模块的信号输入端和供电输入端分别与所述FPGA芯片和供电转换模块相连,配置用于根据FPGA芯片的指令将供电转换模块输入的高压电流发送到与所述FPGA芯片相连的存储设备中以将其销毁。通过本发明所提供的一种基于FPGA芯片的数据保护系统,通过FPGA芯片根据系统外部的用户的使用状态的变化,控制与其连接的放电控制模块,在面临外部存储设备出现数据泄露风险时及时将外部存储设备通过高压电流烧坏,以牺牲存储设备的代价保护其存储的数据的安全性。实现数据防泄漏的最后一道安全屏障,防护效率极高。并还且具备一定的数据恢复软保护能力。(The FPGA-based data protection system is characterized by comprising an FPGA chip, a discharge control module, a power supply conversion module and a storage device, wherein a signal input end and a power supply input end of the discharge control module are respectively connected with the FPGA chip and the power supply conversion module, and the FPGA chip is configured and used for sending high-voltage current input by the power supply conversion module to the storage device connected with the FPGA chip according to an instruction of the FPGA chip so as to destroy the storage device. According to the data protection system based on the FPGA chip, the FPGA chip controls the discharge control module connected with the FPGA chip according to the change of the use state of a user outside the system, and the external storage equipment is burnt out in time through high-voltage current when the risk of data leakage of the external storage equipment occurs, so that the safety of the stored data is protected at the expense of the storage equipment. The last safety barrier for preventing data leakage is realized, and the protection efficiency is extremely high. And also has certain data recovery soft protection capability.)

1. A data protection system based on FPGA is characterized by comprising an FPGA chip, a discharge control module, a power supply conversion module and a storage device,

the signal input end and the power supply input end of the discharge control module are respectively connected with the FPGA chip and the power supply conversion module, and the power supply control module is configured to send high-voltage current input by the power supply conversion module to the storage device connected with the FPGA chip according to an instruction of the FPGA chip so as to destroy the storage device.

2. The system according to claim 1, wherein a protection circuit is arranged in a connection circuit between the storage device connected with the FPGA chip and the FPGA chip, and the protection circuit is connected in series in one or more pin circuits of a plurality of IO interfaces connected with the FPGA chip and the storage device.

3. The system according to claim 2, wherein the protection circuit comprises an inductor and a capacitor connected in series in a circuit, wherein one end of the capacitor is connected to data pins of a plurality of IO interfaces connected to the FPGA chip, the other end of the capacitor is connected to one end of the inductor, and the other end of the inductor is connected to the discharge control module.

4. The system of claim 3, further comprising a storage device sensing circuit, wherein the storage device sensing circuit is located between the connection structures of the shells of the storage system, is connected with the FPGA chip, and is configured to send the state that the shells of the storage system are opened to the FPGA chip, and send a corresponding instruction to the discharge control module by the FPGA chip to output the high-voltage current to the storage device.

5. The system of claim 4, wherein the FPGA chip is configured to:

receiving a security key from a numeric key input in response to initiating a storage security verification;

carrying out consistency check on the security key and the security key stored in the flash;

and in response to the fact that the times of verification failure reach a preset value, controlling the discharge control module to send out high-voltage current to destroy the storage device connected with the FPGA chip.

6. The system of claim 5, wherein the FPGA chip is further configured to:

and responding to the successful verification, and disconnecting the input of the storage device induction circuit to the FPGA chip.

7. The system according to claim 1, wherein the power conversion module comprises an inverting boost module and a power supply module, and an input end of the inverting boost module is connected to the power supply module and configured to boost the voltage output by the power supply module to a specific value and convert the voltage into alternating current.

8. The system of claim 7, wherein the power conversion module further comprises a rechargeable battery, and the rechargeable battery is connected to the power conversion module and configured to supply power to the inverter boost module when the power supply module is powered off.

9. The system of claim 8, wherein the FPGA chip is further configured to:

acquiring the electric quantity of the rechargeable battery, and judging whether the electric quantity of the rechargeable battery is lower than a preset electric quantity;

and in response to the electric quantity of the rechargeable battery being lower than a preset electric quantity, rewriting an index file of a storage device connected with the FPGA chip in a specific mode.

10. The system of claim 9, wherein the specific manner comprises encrypting the index file, splitting the content of the index file and then recombining in a certain order, and splitting the content of the index file and then recombining in a certain order and encrypting again.

Technical Field

The invention belongs to the field of computers, and particularly relates to a data protection system based on an FPGA.

Background

Data security has an opposite multi-aspect meaning: firstly, the safety of data is mainly characterized in that a modern cryptographic algorithm is adopted to carry out active protection on the data, such as data confidentiality, data integrity, bidirectional identity authentication and the like, and secondly, the safety of data protection is mainly characterized in that a modern information storage means is adopted to carry out active protection on the data, such as means of disk arrays, data backup, remote disaster recovery and the like are adopted to ensure the safety of the data, the data safety is an active contained measure, the safety of the data must be based on a reliable cryptographic algorithm and a safety system, and the two types of symmetric algorithms and public key cryptographic systems are mainly adopted.

There is also a data loss caused by the theft or replacement of the storage device, and the storage device such as a hard disk can be directly taken down after the storage device is shut down or powered off, and even the hard disk supporting hot plug which is conveniently detached is easier to be replaced.

Therefore, a data protection system that can effectively prevent data leakage due to removal or theft of a storage device is needed.

Disclosure of Invention

In order to solve the problems, the invention provides a data protection system based on an FPGA, which comprises an FPGA chip, a discharge control module, a power supply conversion module and a storage device,

the signal input end and the power supply input end of the discharge control module are respectively connected with the FPGA chip and the power supply conversion module, and the power supply control module is configured to send high-voltage current input by the power supply conversion module to a storage device connected with the FPGA chip according to an instruction of the FPGA chip so as to destroy the storage device.

In some embodiments of the present invention, a protection circuit is disposed in a connection circuit between the storage device connected to the FPGA chip and the FPGA chip, and the protection circuit is connected in series to one or more pin circuits of a plurality of IO interfaces connected to the storage device and the FPGA chip.

In some embodiments of the present invention, the protection circuit includes an inductor and a capacitor connected in series in a circuit, where one end of the capacitor is connected to data pins of a plurality of IO interfaces connected to the FPGA chip, the other end of the capacitor is connected to one end of the inductor, and the other end of the inductor is connected to the discharge control module.

In some embodiments of the present invention, the storage device sensing circuit is located between the connection structures of the shells of the storage system, connected to the FPGA chip, and configured to send a state that the shells of the storage system are opened to the FPGA chip, and the FPGA chip sends a corresponding command to the discharge control module to output a high-voltage current to the storage device.

In some embodiments of the invention, the FPGA chip is configured to:

receiving a security key from a numeric key input in response to initiating a storage security verification;

carrying out consistency check on the security key and the security key stored in the flash;

and in response to the fact that the times of verification failure reach a preset value, controlling the discharge control module to send out high-voltage current to destroy the storage device connected with the FPGA chip.

In some embodiments of the invention, the FPGA chip is further configured to:

and responding to the successful verification, and disconnecting the input of the storage device induction circuit to the FPGA chip.

In some embodiments of the present invention, the power supply conversion module includes an inverting and boosting module and a power supply module, and an input end of the inverting and boosting module is connected to the power supply module and configured to boost a voltage output by the power supply module to a specific value and convert the voltage into an alternating current.

In some embodiments of the present invention, the power supply conversion module further includes a rechargeable battery, and the rechargeable battery is connected to the power supply conversion module and configured to supply power to the inverter boost module when the power supply module is powered off.

In some embodiments of the invention, the FPGA chip is further configured to:

acquiring the electric quantity of the rechargeable battery, and judging whether the electric quantity of the rechargeable battery is lower than a preset electric quantity;

and in response to the electric quantity of the rechargeable battery being lower than a preset electric quantity, rewriting an index file of a storage device connected with the FPGA chip in a specific mode.

In some embodiments of the present invention, the specific manner includes encrypting the index file, splitting the content of the index file and then recombining in a certain order, and splitting the content of the index file and then recombining in a certain order and encrypting again.

According to the data protection system based on the FPGA chip, the FPGA chip controls the discharge control module connected with the FPGA chip according to the change of the use state of a user outside the system, and the external storage equipment is burnt out in time through high-voltage current when the risk of data leakage of the external storage equipment occurs, so that the safety of the stored data is protected at the expense of the storage equipment. The last safety barrier for preventing data leakage is realized, and the protection efficiency is extremely high. And also has certain data recovery soft protection capability.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

FIG. 1 is a schematic diagram of a data protection system based on an FPGA chip according to the present invention;

fig. 2 is a schematic diagram of a device interface protection circuit according to an embodiment of the present invention;

FIG. 3 is a flowchart of a method provided by an embodiment of the present invention;

fig. 4 is a flowchart of a method according to an embodiment of the invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.

As shown in fig. 1, the invention provides a data protection system based on an FPGA chip, which includes an FPGA chip, a discharge control module 3, a power supply conversion module 2, and a storage device, wherein a signal input end and a power supply input end of the discharge control module 3 are respectively connected to the FPGA chip and the power supply conversion module 2, and are configured to send a high-voltage current output by the power supply conversion module 2 to the storage device connected to the FPGA chip according to an instruction of the FPGA chip so as to destroy the high-voltage current.

In practical applications, because an FPGA (Field Programmable Gate Array) has excellent parallel processing capability, it is commonly used as an expansion unit of an IO device, and can make edge computing and storage far exceed the concurrent processing and transmission capability of a conventional computer in the Field of storage management by virtue of its parallel computing capability, and thus is often used as a bridge for bridging an external IO device or a storage device and a CPU of the computer.

The data protection system disclosed by the invention relies on the FPGA chip as a data processing unit, and because the FPGA chip has the programmable characteristic, in some embodiments of the invention, the FPGA chip also shares some processing tasks of data protection logic.

In this embodiment, the data protection system based on the FPGA chip disclosed in the present invention mainly includes an FPGA chip 1, a power supply conversion module, and a discharge control module 3. As shown in fig. 3, the signal control input terminal of the discharge control module is connected to the FPGA chip 1 and receives a logic instruction from the FPGA chip. The discharge control module 3 is also connected with the output end of the power supply conversion module 3 and receives the high-voltage current from the power supply conversion module. And releases high-voltage current to the storage device connected with the FPGA chip 1 under the control of the FPGA chip.

In some embodiments of the present invention, a protection circuit is disposed in a connection circuit between the storage device connected to the FPGA chip and the FPGA chip, and the protection circuit is connected in series to one or more pin circuits of a plurality of IO interfaces connected to the storage device and the FPGA chip.

In this embodiment, the protection circuit is configured to protect an internal circuit connected to the FPGA chip from being damaged by the high-voltage current released by the discharge control module 3, and therefore, the protection circuit is located in a plurality of pin circuits of a plurality of IO interfaces connected to the FPGA chip 1.

In some embodiments of the present invention, the protection circuit includes an inductor and a capacitor connected in series in a circuit, wherein one end of the capacitor is connected to a data pin of the FPGA chip, and the other end of the capacitor is connected to one end of the inductor; the other end of the inductor is connected with the discharge control module.

In this embodiment, the interface circuit for connecting the external storage device and the FPGA chip is provided with a protection circuit as shown in fig. 2, each pin of each connection interface includes a circuit as shown in fig. 2, and the protection circuit is connected in series with 1 inductor L1 and a capacitor C1 with a certain capacity. The capacitor section is connected with the pins of the IO interfaces of the FPGA chip, and the output ends of the external storage device and the discharge control module 3 are connected with an interface L1C at one end of the inductor. When the FPGA chip sends out a storage device burning instruction, the discharge control module 3 sends out high-voltage current, and the pin of the external storage device is in connection with the discharge control module 3, so that the high-voltage current can be directly transmitted to the external storage device, and a storage circuit of the storage device is directly burned.

In addition, because the protection circuit has an inductor and a capacitor, the internal circuits such as the FPGA chip can be prevented from being affected by the high-voltage current released by the discharge module 3.

In some embodiments of the present invention, the storage device sensing circuit is located between the connection structures of the shells of the storage system, connected to the FPGA chip, and configured to send a state that the shells of the storage system are opened to the FPGA chip, and the FPGA chip sends a corresponding command to the discharge control module to output a high-voltage current to the storage device.

In this embodiment, the data protection system provided by the present invention further includes a sensing circuit, the sensing circuit is located inside the housing of the device, the connection point of the housing is connected to the magnetic circuit, the sensing circuit is in a connection state when the housing is closed, and when the housing is opened under an external force, the magnetic connection of the portion of the connection point of the housing is disconnected, and the sensing circuit is in a disconnection state. The induction circuit is connected with the FPGA chip 1, the state of the induction circuit is fed back to the FPGA chip, when the state of the induction circuit is disconnected and the safety key in the FPGA chip is not confirmed, the FPGA chip 1 sends an instruction to the discharge control module 3, so that the discharge control module 3 releases high-voltage current to burn out the storage device.

As shown in fig. 3, in some embodiments of the invention, the FPGA chip is configured to perform the following steps:

receiving a security key from a numeric key input in response to initiating a storage security verification;

carrying out consistency check on the security key and the security key stored in the flash;

and in response to the fact that the times of verification failure reach a preset value, controlling the discharge control module to send out high-voltage current to destroy the storage device connected with the FPGA chip.

In this embodiment, when the storage device is normally detached, the corresponding security key may be input through the number key, and the FPGA compares the security key stored in the Flash after receiving the security key. And if the judgment result is inconsistent, initiating a warning. If the verification of the safety key input for more than 3 times fails within 3 hours, the FPGA chip 1 enters a dangerous state, and if the verification of the safety key is triggered again and fails in the dangerous state, the FPGA chip 1 sends a command for releasing high-voltage current to the discharge control module 3, and the discharge control module 3 outputs high-voltage current to the storage device in response to the command to burn out a circuit in the storage device.

In some embodiments of the invention, the FPGA chip is further configured to:

and responding to the successful verification, and disconnecting the input of the storage device induction circuit to the FPGA chip.

In this embodiment, after the input security key is verified, the FPGA chip 1 will turn off the input of the status signal of the sensing circuit for 3 hours. The enclosure may be opened at this point to remove the storage device in the device without triggering a response mechanism that burns the storage device.

In some embodiments of the present invention, the power supply conversion module includes an inverting and boosting module and a power supply module, and an input end of the inverting and boosting module is connected to the power supply module and configured to boost a voltage output by the power supply module to a specific value and convert the voltage into an alternating current.

In this embodiment, the power supply conversion module 2 includes an inverter boost module 6 and a power supply module 4, the power supply module 4 converts an external power supply into a voltage supply device required by the system, and simultaneously, the voltage 12V or 5V which is the same as that of the system is input to the inverter boost module 6, and the inverter boost module boosts the input voltage to 36V and converts direct current into alternating current.

In some embodiments of the present invention, the inverter/booster module 6 converts the 12V or 5V dc power into ac power, and slowly increases the voltage from 5V or 12V to 36V when the discharge control module 3 discharges the storage device. The protection effect of a protection circuit for preventing overcurrent in the storage device on the storage device is solved through the slow increase of the voltage.

In some embodiments of the present invention, the power supply conversion module further includes a rechargeable battery, and the rechargeable battery is connected to the power supply conversion module and configured to supply power to the inverter boost module when the power supply module is powered off.

In this embodiment, the power supply conversion module is further provided with a rechargeable battery 5, the power supply module supplies power to the rechargeable battery 5, and the rechargeable battery 5 supplies power to the inverter boost module and the system when the power supply module loses the power supplied by the external power supply.

As shown in fig. 4, in some embodiments of the invention, the FPGA chip is further configured to:

step S201, acquiring the electric quantity of the rechargeable battery, and judging whether the electric quantity of the rechargeable battery is lower than a preset electric quantity;

s202, in response to the fact that the electric quantity of the rechargeable battery is lower than the preset electric quantity, rewriting an index file of a storage device connected with the FPGA chip in a specific mode.

In this embodiment, the FPGA chip 1 is further configured to detect an electric quantity of the rechargeable battery 5, and when it is detected that the remaining electric quantity of the rechargeable battery 5 is less than 10%, obtain index file content of a storage device connected to the FPGA chip, shuffle the file content in a certain manner, rewrite the file content into a specific storage area of the storage device, and wait for a forced shutdown caused by a power failure.

In some embodiments of the present invention, the specific manner includes encrypting the index file, splitting the content of the index file and then recombining in a certain order, and splitting the content of the index file and then recombining in a certain order and encrypting again.

In this embodiment, the rewriting of the storage device index file by the FPGA chip 1 may be by encrypting the content of the index file and writing the encrypted data into the boot area of the storage device. Or dividing the content of the index file of the storage device and disordering the divided data according to a certain sequence. For example, the content of the index file of a certain storage device is converted into a character string and then divided into 10 groups, and the index file is rearranged according to the grouping sequence of the index file data after grouping corresponding to the first 5 digits according to the sequence of the first 5 unrepeated digits in the serial number of the device. The method specifically comprises the following steps: and acquiring the unique ID serial number of the equipment, if the serial number is ST002543124, and the first 5 nonrepeating numbers are 2, 5, 4, 3 and 1, dividing the index file into 10 groups, placing the 2 nd group data at the first position, placing the 5 th group data at the second position, placing the 4 th group data at the third position, and placing the 3 rd group data at the fourth position. And (3) putting the 1 st group of data in the fifth position, sequentially arranging the rest data in the subsequent positions according to the original sequence, arranging the 6 th group in the sixth position, arranging the 7 th group in the seventh position, and so on. And rewriting the contents of the index file in the rearranged sequence into a specific guide area. Without knowing the index file of the data storage, the files inside the device cannot be acquired even if the storage device is stolen.

In some embodiments of the present invention, the method further comprises encrypting the grouped and disorderly ordered index file and writing the encrypted index file to the specific boot area.

When the system is powered on and started again, the FPGA chip 1 reversely obtains the content of the correct index file according to the rewriting mode of the storage device, and rewrites the content into a specific boot area. The file structure and the file content inside the storage device can be retrieved.

According to the data protection system based on the FPGA chip, the FPGA chip controls the discharge control module connected with the FPGA chip according to the change of the use state of a user outside the system, and the external storage equipment is burnt out in time through high-voltage current when the risk of data leakage of the external storage equipment occurs, so that the safety of the stored data is protected at the expense of the storage equipment. The last safety barrier for preventing data leakage is realized, and the protection efficiency is extremely high. And also has certain data recovery soft protection capability. And the scheme that the data content is leaked due to the fact that the storage device is taken away by breaking the device forcibly when the power is cut off can be prevented.

Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

The technical content provided by the present invention is described in detail above, and the principle and the implementation of the present invention are explained in this document by applying specific examples, and the above description of the examples is only used to help understanding the method of the present invention and the core idea thereof; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.