1. Field of the Disclosure
Embodiments of the present disclosure relate to data security management, and particularly to a storage system and a method for managing data security of the storage system.
2. Description of Related Art
A storage device, such as a hard disk drive, a random access memory, a read only memory, a cache system, or a combination of the aforementioned hardware, is mainly used to store data. However, if such a storage device cannot provide security management of data stored in the storage device, private data can be accessed by anyone.
All of the processes described below may be embodied in, and fully automated via, functional code modules executed by one or more general purpose computers or processors. The code modules may be stored in any type of computer-readable medium or other computer storage device. Some or all of the methods may alternatively be embodied in specialized computer hardware.
The storage unit 10 may store various kinds of data, such as images and videos, for example. The storage system 1 communicates with the electronic device 2 via the interface unit 11. In some embodiments, the interface unit 11 may be a wireless interface unit or a hardwired interface unit. The wireless interface unit may be a BLUETOOTH interface unit, for example. The hardwired interface unit may be a SATA (serial advanced technology attachment) interface unit, or a IDE (Integrated-Drive-Electronics) interface unit, for example.
The storage system 1 also includes a processor 13. The processor 13 executes one or more computerized operations of the storage system 1 and other applications, to provide functions of the storage system 1.
The formatting module 120 divides the storage unit 10 into a plurality of data blocks. In some embodiments, as shown in
The encryption module 121 receives the encryption key input by a user though the keyboard 20. Specifically, the encryption module 121 receives a first encryption key input and a second encryption key input by the user, and under the condition that the first encryption key input is the same as the second encryption key input, the encryption module 121 sets the encryption key to match the two inputs.
The encryption module 121 encrypts the data in the data access block 100 using the set encryption key, and stores the set encryption key in the key block 101. In some embodiments, the encryption key may be a symmetric key or an asymmetric key. If the encryption key is symmetric, the encryption key is the same as a corresponding decryption key. If the encryption key is asymmetric, the asymmetric key may include a secret private key and a published public key, and the encryption module 121 encrypts the data in the data access block 100 using the published public key.
The decryption module 122 receives a decryption key input by the user through the keyboard 20, then determines whether the decryption key is valid. In one embodiment, if the encryption key is symmetric, the decryption module 122 determines that the decryption key is valid if the decryption key is the same as the encryption key. If the encryption key is asymmetric, the decryption module 122 determines that the decryption key is valid if the decryption key is the same as the secret private key.
The decryption module 122 decrypts the data access block 100 using the decryption key if the decryption key is valid.
In block S10, the formatting module 120 divides the storage unit 10 into a data access block 100 and a key block 101.
In block S11, the encryption module 121 receives an encryption key input by a user though the keyboard 20. The encryption module 121 receives a first encryption key input and a second encryption key input entered by the user. If the first encryption key input is the same as the second encryption key input, the encryption module 121 sets the encryption key to match the two inputs.
In block S12, the encryption module 121 encrypts the data in the data access block 100 using the set encryption key, and stores the set encryption key in the key block 101. The encryption key may be symmetric or asymmetric. If the set encryption key is symmetric, the set encryption key is the same as a corresponding decryption key. If the set encryption key is asymmetric, the asymmetric key includes a secret private key and a published public key, the data access block 100 is encrypted using the published public key.
In block S14, the decryption module 122 receives a decryption key input by the user through the keyboard 20.
In block S15, the decryption module 122 determines whether the decryption key input by the user is valid. If the encryption key is symmetric, the decryption module 122 determines that the decryption key is valid if the decryption key is the same as the set encryption key. If the set encryption key is asymmetric, the decryption module 122 determines that the decryption key is valid if the decryption key is the same as the secret private key.
In block S16, the decryption module 122 decrypts the data in the data access block 100 using the decryption key if the decryption key is valid.
Although certain inventive embodiments of the present disclosure have been specifically described, the present disclosure is not to be construed as being limited thereto. Various changes or modifications may be made to the present disclosure without departing from the scope and spirit of the present disclosure.
Number | Date | Country | Kind |
---|---|---|---|
200910309098.8 | Oct 2009 | CN | national |