USB-to-SATA加密:FFE/FDE、PIN/Keypad/Finger
SPELITE MX+/MX2与USB-SATA转接桥片组合(如:JMS578/580、ASM235等),可以实现USB接口的移动存储装置加密,也可以自动的转换任何SATA存储设备为FFE、FDE、OPAL2.0数据盘、eDriver、微软Windows EHDD等;
SPELITE MX+/MX2与USB-SATA桥接芯片的组合可以实现Keypad、FingerPrint、SamrtCard、APP以及2种组合的双要素认证的USB安全移动存储装置。
| 方案编号 | 方案名称 | 方案说明 |
|---|---|---|
| Solution 1 | 加密U盘 | 各类加密U盘,支持FFE、FDE、按键、指纹、PIN码等各类身份认证。 |
| Solution 2 | 加密USB移动存储 | 各类加密USB移动存储,支持BitLocker数据盘、OPAL、FDE,支持Smart Card、IC卡、按键、指纹、PIN码等各类身份认证。 |
| Solution 3 | USB Interfaced Single Factor Unlock PIN | MX+/MX2 awaits the Unlock PIN authentication (SATA host HMAC method) from the host computer to enable cryptographic operation. 1.Disk drive is visible on the Disk Manager of the host computer and can be normally operated when the correct Unlock PIN is presented. All data written is automatically encrypted at SATA in-line 6Gbps speed. 2.Visible but not operable when no Unlock PIN is presented. 3.None operable when the Unlock PIN is not authenticated. The Unlock PIN dominates thus must be entered to authenticate. |
| Solution 4 | Enigma3.0/4.0 | Data-In-Motion Encryption Using Enigma 3.1 CloudKey. |
| Solution 5 | Enigma 3.0/4.0 RSA/ECC CloudKey | Deploy RSA2048/ECC DSA to perform FDE/SED and exchange encrypted file/folder through any public network securely by Right-Clicking or Drag & Drop: 1.本机文件加解密. 2.网盘、云盘文件加解密. 3.一对一、一对多加密文件共享、传递. 4.支持邮件、QQ、微信、网盘、云盘等各类网络传输. |
方案均支持SATA 6Gbps无损实时加解密,操作系统无关,配套完整原理图、固件SDK与量产指导文档。
Back To Top →SSD加密:SED、FDE、OPAL
SPELITE MX+/MX2可以应用在各种SATA接口下,用以实现SATA-to-SATA的高速加解密桥接。可以自动的转换任何SATA存储设备为SED/FDE、OPAL2.0盘、eDriver、微软Windows EHDD等;
SPELITE MX+/MX2提供I2C、SPI、SATA API等多种方式对接密钥管理的TCM、TPM、SE、MCU等各类密码管理芯片和PIN码输入;也支持通过加密、安全的HMAC、CMAC、RSA、SM2等方法导入密钥或PIN码。
| 方案编号 | 方案名称 | 方案说明 |
|---|---|---|
| Solution 1 | SATA-to-SATA加密桥板 | 通过桥接的形态将主机和SATA存储连接,主机数据通过桥板加密写入任何SATA存储,反向可解密;广泛应用于各类主机、加密设备的改造、升级。 |
| Solution 2 | SED/FDE加密SSD | 在2.5"SSD或M.2的SATA存储设备上板载嵌入SPELITE MX+/MX2,即可实现标准的SED、FDE的SSD存储设备,可广泛使用在现行的各类SSD设备上。 |
| Solution 3 | 加密数据盘 | SPELITE MX+/MX2 Encrypted Data Drive Managed by ZhongDaIC OPAL2.0 Disk Manager:MX+/MX2 eDrive Controller automatically transforms any GENERIC SATA disk drive with any capacity into an Opal2.0 compliant data drive. Use the ZhongDaIC Opal2.0 Disk Manager utility to manage the encrypted disk drive. |
| Solution 4 | 加密OS盘(windows、linux...) | SPELITE MX+/MX2 eDrive Controller automatically transforms any GENERIC SATA disk drive with any capacity into an Opal2.0 compliant OS drive which awaits the PRE-BOOT authentication to enable cryptographic booting on the drive. 1.OS on the disk drive is only allowed to boot upon pre-boot authentication. After successful booting, the disk drive then becomes visible and operable on the Disk Manager of the host computer. All data written is automatically encrypted at SATA in-line 6Gbps speed. 2.Invisible when there is no pre-boot authentication. 3.Consult us for an actual implementation. |
| Solution 5 | Windows BitLocker eDriver | Allow BitLocker to take advantages of the SPELITE MX+/MX2 eDrive Controller encrypted operating system drive capabilities: 1.Automatically transforms any GENERIC SATA disk drive with any capacity into Microsoft EHDD or eDrive. 2.Perform hardware-based SATA in-line 6Gbps AES CBC or XTS 256-bit encryption on the OS drive. 3.Streamline BitLocker configurations to save hours of painful software converting process. 4.Microsoft Windows 10 certified. 5.Can be a PIN authenticated encrypted OS drive. |
| Solution 6 | 流媒体加密 | 对视频、网络数据包、语音等各类流媒体进行实时高速加密。 1.应用于高清4K的视频会议,实时加解密,不增加服务器端负担,由各个视频终端上的SPELITE MX+/MX2完成实时加解密. 2.高速网络数据包加密,实时对网络数据包进行加密,服务器端和客户端都由硬件完成. 3.语音、视频等多媒体数据流的实时高速加密. 4.云端网盘、云存储实时加密存储. |
方案均支持SATA 6Gbps无损实时加解密,操作系统无关,配套完整原理图、固件SDK与量产指导文档。
Back To Top →Secure NAS & DAS
基于SPELITE MX+/MX2芯片为网络存储NAS、直连存储DAS提供底层硬件级SATA 6Gbps实时加密,独立旁路加密不占用设备CPU;支持物理密钥锁、多因子身份校验、全盘SED/FDE加密,兼容企业私有云、本地大容量存储、工控离线存储场景,可搭配AK32-T2国密芯片实现等保合规。
| 方案编号 | 方案名称 | 方案说明 |
|---|---|---|
| Solution 1 | 加密DAS直连存储阵列 | 多盘位直连硬盘柜,内置MX+加密桥模块,整机硬件全盘加密;配备物理钥匙锁闭硬盘仓,支持Thunderbolt、USB、eSATA多接口直连主机,适用于影视素材、离线涉密大容量数据存储。 |
| Solution 2 | 企业加密NAS私有云 | NAS硬盘位内置MX2加密芯片,所有硬盘数据落地自动硬件加密;兼容SMB/NFS/FTP/HTTPS加密传输协议,支持AD/LDAP域账户、2FA双因子登录,远程访问全程SSL隧道加密,杜绝内网数据窃取。 |
| Solution 3 | SED OPAL企业加密NAS | 遵循OPAL 2.0标准硬件加密,MX+管控全盘密钥,硬盘脱离设备后数据完全不可读;支持管理员远程密钥销毁、分级用户访问权限、全操作审计日志,满足金融、政企等保三级合规要求。 |
| Solution 4 | 国密合规NAS/DAS模组方案 | MX+/MX2搭配AK32-T2商密芯片,原生支持SM2/SM3/SM4国密算法;密钥由国密安全芯片独立托管,可输出完整国密检测材料,适配政务、军工、医疗涉密存储项目。 |
| Solution 5 | 离线防勒索加密DAS存储 | 物理断网隔离直连存储,硬件加密隔离勒索病毒渗透;支持定时自动快照、WORM防篡改只读分区,文件无法被恶意加密篡改,用于核心研发资料、财务备份离线归档。 |
全系方案SATA 6Gbps无损实时加解密,系统无感知、无需修改NAS固件,配套PCB参考设计、密钥管理工具、量产适配手册。
Back To Top →Thunderbolt & PCIe加密
Based on SPELITE MX+/MX2 matched with dedicated PCIe encryption modules, hardware inline encryption is realized for Thunderbolt 3/4 and PCIe NVMe high-speed storage. Encryption and decryption run independently on hardware without occupying host CPU, with negligible bandwidth loss. Supports external Thunderbolt encrypted enclosures, internal PCIe encrypted SSD accelerator cards and industrial PCIe encrypted data acquisition storage. Compatible with international AES standards and national cryptography algorithms for high-throughput scenarios such as 8K video editing, database servers and industrial confidential data recording.
| Solution No. | Solution Name | Description |
|---|---|---|
| Solution 1 | Thunderbolt 3/4 External Encrypted DAS | Multi-bay direct-attached storage embedded with MX2 crypto chip, full-disk real-time hardware encryption. Delivers full 40Gbps throughput, supports fingerprint & physical PIN unlock. Ideal for offline secure storage of 4K/8K media assets and large design files. |
| Solution 2 | PCIe x4 NVMe Encryption Accelerator Card | Standard PCIe expansion crypto bridge, all NVMe disk I/O passes through independent hardware encryption layer, fully compliant with OPAL / FDE specifications. Cross-platform compatibility with Windows, Linux and macOS, widely deployed on workstations and database servers. |
| Solution 3 | Thunderbolt Secure Workstation Storage Pool | Laptops & desktops connect encrypted disk pool via Thunderbolt interface, pre-boot authentication is mandatory before disk mounting. Native integration with Microsoft BitLocker, isolates confidential R&D, design and financial data on desktop terminals. |
| Solution 4 | Industrial PCIe Encrypted Data Capture Module | Wide-temperature industrial PCIe board for real-time hardware encryption of high-speed collected data before writing to local SSD. Supports offline air-gapped data archiving, applicable to autonomous driving, medical imaging and industrial inspection confidential storage. |
| Solution 5 | Thunderbolt + AK32-T2 National Crypto Combo | MX2 paired with AK32-T2 commercial security chip to implement SM2/SM3/SM4 hardware encryption over Thunderbolt high-speed links. Independent key management by national crypto chip, complete compliance documents for classified government & military storage projects. |
| Solution 6 | Multi-disk PCIe Encrypted RAID Controller | Single PCIe lane expands multiple SATA/NVMe bays with unified hardware encryption control. Supports encrypted RAID 0/1/5 arrays for server mass backup, featuring remote key revocation and full operation audit logging. |
All solutions deliver line-rate encryption matching native Thunderbolt / PCIe bandwidth without software performance loss. Full package deliverables include schematic diagrams, firmware SDK and Thunderbolt compatibility debugging guides.
Back To Top →