CN101894234A - COS general file access control system - Google Patents
COS general file access control system Download PDFInfo
- Publication number
- CN101894234A CN101894234A CN2010102380524A CN201010238052A CN101894234A CN 101894234 A CN101894234 A CN 101894234A CN 2010102380524 A CN2010102380524 A CN 2010102380524A CN 201010238052 A CN201010238052 A CN 201010238052A CN 101894234 A CN101894234 A CN 101894234A
- Authority
- CN
- China
- Prior art keywords
- smart card
- file
- access control
- manager
- cos
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention aims at disclosing a COS general file access control system, comprising an intelligent card, wherein the intelligent card comprises an IO transmission manager and a command analyzer; a universal access control manager for controlling and managing the resources in the intelligent card through an access control strategy is arranged in the intelligent card, and is connected with the command analyzer and the IO transmission manager in sequence; the universal access control manager is embedded into the intelligent card, and then the access control strategy in the intelligent card is autonomously set by a user and is written to a strategy library file in the intelligent card; when the intelligent card is accessed externally, the universal access control manager manages and controls the resource in the intelligent card according to corresponding strategies in the strategy library file so as to improve the control capability of the intelligent card on external illegal access, thus achieving the purpose of the invention.
Description
Technical field
The present invention relates to a kind of COS universal file access control system, the smart card in particularly a kind of computer security and smart card security field is to COS (smart card operating system Card Operating System) the universal file access control system of the safe access control of exterior terminal.
Background technology
In PKI uses, with the information of public key encryption, have only with corresponding private key and could decipher, so the security that PKI uses, that is to say that the security of information just can be protected so as long as private key is safe based on the security of private key.During PKI in early days used, private key was kept on the terminal with soft certificate form, because terminal suffers the attack of virus, wooden horse easily, therefore occurred the private key leakage problem easily.In order to address this problem, the smart card that has private key and certificate is applied in the PKI system as the encryption device that is independent of terminal, especially can independently produce the smart card of public private key pair, its private key can't be read by terminal, various asymmetric calculating are directly finished in smart card, thereby strengthened the security of private key, be with a wide range of applications.
The security feature of smart card " not card release of private key " has solved the problem of private key safe storage, but this can not solve the following several subject matters that face in the private key use:
Illegal input: the assailant may determine security-related information by illegal input, and causes that card breaks down or destroys the safe condition of smart card.
Replay Attack: the assailant may finish the operation of (or part is finished) by reusing an authorized person and pass the interior security context of card, walks around security mechanism, and the interception smart card operating instruction is also revised, and causes smart card to carry out disable instruction.
Forced resetting: the assailant can carry out inappropriate instruction by the selectivity operation and carry out, and causes smart card to enter unsafe life cycle.
Smart card realizes that by built-in security system the security system of smart card comprises safe condition, security attribute and security mechanism three parts to the safeguard protection of resource in blocking:
1) safe condition of smart card.The safe condition of smart card represents to finish the following action back possible current state that obtains:
Finish reset answer (ATR) and possible protocol parameter is selected;
Execute individual command or a series of order of verification process.
Smart card specification ISO 7816-4 has set forth the safe condition of four kinds of smart cards, is respectively:
The global safety state, the safe condition that is associated with the MF file;
The application safety state, the safe condition relevant with application can be associated with the DF file of representing certain application generally speaking;
The file security state, the safe condition that is associated with concrete file (comprising DF and EF file);
The instruction secure state, the safe condition that and instruction is relevant.
2) security attribute of smart card.The security attribute of smart card has defined the behavior that allows and has finished the condition that this behavior will be carried out.The security attribute of file depends on its classification (as MF, DF or EF) and the optional parameter in the document control information, and the optional parameter in the document control information of father file.
The security attribute of smart card can be accomplished: the safe condition of specifying smart card before visit data; Under the particular state of smart card, can limit visit to some data and function; The safe function that definition is carried out is to obtain certain safe condition.When the smart card file is carried out initialization, need carry out security attribute to file and set.
3) security mechanism of smart card.The security mechanism of smart card can comprise multiple, as PIN code checking, internal authentication, external authentication, SMC mechanism etc.When the safety condition of smart card was met, smart card will be thus lifted to corresponding safe condition, checked by COS whether safe condition meets the security attribute of the access file of wanting.For example, personal information is put into one use DF, can select one or more security mechanisms according to designing requirement so, as require PIN code checking, external authentication; When external world's visit personal information, be successively by PIN code checking, external authentication, the ability successful access.
Common smart card security mechanism is as follows:
The PIN code checking refers to carry out authentication by enter password (PIN code); In order to prevent outside brute force attack, the PIN code checking can be provided with the upper limit of makeing mistakes, and surpasses certain number of times if PIN code is made mistakes continuously, and smart card will automatically lock.
Internal authentication refers to the identity of smartcard internal representative is verified; Generally come authentication smart card to have corresponding private key by public key certificate.
External authentication refers to smart card outside (comprising the long-distance user, card reader, CSP etc.) information resources identity is authenticated the same internal authentication of authentication method.
SMC mechanism, in common terminal and smart card were mutual, terminal sent to PIN code, the private key data of smart card and may be intercepted and captured by the hacker; In order to solve the privacy concerns of instruction transmission, ISO/IEC 7816-4 has introduced SMC (Security Module Card) mechanism, its idiographic flow is: the user is imported smart card operating instruction into SMC earlier, and SMC will spread out of after will instructing and encrypting, and sends to user smart card and carries out; This has guaranteed the security of smart card instruction to a certain extent; But when SMC encrypted smart card operating instruction, the safety of SMC can not be guaranteed, and the instruction that passes to SMC has the risk that is intercepted equally.
Though the security mechanism of existing smart card can protect the information in the smart card not to be subjected to extraneous unauthorized access to a certain extent; but because the safety of terminal can not get guaranteeing; the assailant might walk around the security system of smart card fully, directly the information in the access card.For example, when smart card is opened with shared model, legal program has been passed through the inspection of security mechanism, variation has taken place in the safe condition of smart card, at this moment, if illegal program is also visited smart card, illegal program will be walked around the security mechanism of smart card, the risk that causes private key file to be capped or replace; And the shared model of smart card operation is by the terminal operating system management, and the assailant can operate under exclusive occupying mode by attack patterns such as process injection and kernel injections fully.
On the other hand, traditional access control scheme underaction.In the application of IC cards process, the access control scheme that resource adopts in the COS decision card.And COS is customized by card issuer, and the user can not change.Will cause application of IC cards too rigid like this, security arrangement is too single.
In sum, need a kind of COS universal file access control system to solve above-mentioned problem especially.
Summary of the invention
The object of the present invention is to provide a kind of COS universal file access control system, at the deficiencies in the prior art, on the basis of original smart card system, access control scheme based on the policy library file, by writing the strategy of external user customization, by the general-purpose accessing control manager according to the policy library file to the control and management that conducts interviews of resource in blocking, to solve existing smart card security problem, increase the dirigibility of application of IC cards simultaneously.
Technical matters solved by the invention can realize by the following technical solutions:
A kind of COS universal file access control system comprises smart card; Described smart card comprises IO delivery manager, command analysis device and general-purpose accessing control manager, it is characterized in that, be provided with a general-purpose accessing control manager of the resource in the smart card being carried out control and management by access control policy in described smart card, described general-purpose accessing control manager is connected to each other with described command analysis device and described IO delivery manager successively.
In one embodiment of the invention, in described general-purpose accessing control manager, also comprise, the resource in the smart card is managed by the policy library file by the policy library file of external user customization.
In one embodiment of the invention, when the application access smart card, instruction is by IO delivery manager, command analysis device, enter the general-purpose accessing control manager, through the order structure analysis, determine the file (F) and the file type (F_T) thereof of visit, the search strategy library file gets the access control model (A_C_M) that outfile can adopt according to file applications type (as personal information, private key file etc.) then.
Further, in application access smart card process, the access control model according to file adopts will continue to use this access control model to this file.
COS universal file access control system of the present invention is embedded into smartcard internal with the general-purpose accessing control manager, the access control policy of smartcard internal independently is set by the user then, and writes in the smart card.When external world's visit smart card, the general-purpose accessing control manager can be carried out control and management to resource in the smart card according to the strategy in the corresponding policy library file, to improve the smart card control ability of unauthorized access to external world, realizes purpose of the present invention.
Characteristics of the present invention can be consulted the detailed description of the graphic and following better embodiment of this case and be obtained to be well understood to.
Description of drawings
Fig. 1 is the structured flowchart of COS universal file access control system of the present invention;
Fig. 2 is the workflow diagram of COS universal file access control system of the present invention.
Embodiment
For technological means, creation characteristic that the present invention is realized, reach purpose and effect is easy to understand, below in conjunction with concrete diagram, further set forth the present invention.
As shown in Figure 1 and Figure 2, general COS file access control system of the present invention comprises smart card 100, and smart card 100 comprises general-purpose accessing control manager 110, IO delivery manager 120 and command analysis device 130; General-purpose accessing control manager 110 is carried out control and management by access control policy to the resource in the smart card 100, and general-purpose accessing control manager 110 is connected to each other with command analysis device 130 and IO delivery manager 120 successively.
The major function of IO delivery manager 120 is the electric signals that receive from terminal hardware, converts logical data to and passes to command analysis device 130; To pass to terminal hardware with electric signal from the response message of smart card.
The major function of command analysis device 130 is to the instruction dissection process.
The major function of general-purpose accessing control manager 110 is the operating strategy library file, whether the command information that receives is analyzed its required strategy, satisfied, the safe condition of revised file system, returns testing result according to tactful testing conditions.
When application access smart card 100, instruction is by IO delivery manager 120, command analysis device 130, enter general-purpose accessing control manager 110, according to the file (F) and the file type (F T) thereof of visit, the access control model of correspondence in the search strategy library file.When application access smart card 100, the access control model according to file adopts will continue to use this file access controlling models to this file.
Based on the design of above COS universal file access control system of the present invention, the concrete execution flow process of COS universal file access control system of the present invention, as shown in Figure 2.
When COS universal file access control system of the present invention was worked, the instruction after command analysis device 130 will be resolved sent to general-purpose accessing control manager 110; General-purpose accessing control manager 110 is according to the strategy in the solicited message selection strategy library file; Whether detect safety condition according to strategy satisfies; If satisfy, then revise safe condition; Otherwise, keep original safe condition; Return testing result.
Embodiment
Add access control model that the smart card of general-purpose accessing control manager adopts can have a variety of, below we with UCON
ABCAccess control model is that example is carried out labor.
The smart card application environment example of COS universal file access control system of the present invention, adopt common double certificate mechanism, a certificate is to be used for doing digital signature, and the public and private key of its correspondence is produced by smart card self, and the security feature of smart card itself can guarantee not card release of private key; Another certificate is used for carrying out encryption and decryption operation, and the public and private key of its correspondence is write by third party's trust authority (as CA etc.).Below we will be in conjunction with UCON
ABCAccess control model is analyzed the access control policy of smart card.
Usually, validated user is to conduct interviews according to the step of the standard locked resource to smart card, just verifies earlier, then visit.But, because terminal is uncontrollable for the accessing operation of smart card, during particularly with shared model visit smart card, after the assailant can wait for that validated user or program are by the smart card checking, directly send the unauthorized access order from terminal, walk around safety verification, cause leakage of information to smart card.So, when setting up access control policy, take into full account 16 kinds of UCON that file access is adopted
ABCBasic model so that in time find safety problem, guarantees the secure access of file.
In a session, smart card may be selected such access control scheme: 1) in this session, only verify once that later data access just no longer needs checking; 2) though be in a session, each data access all can be verified, just our said onX model.When conducting interviews again, all to check current security context again, will prevent that like this hacker from walking around the visit that the validated user identity is carried out smart card information.
According to concrete application, we have customized the part access control policy of smart card with user identity, and are as shown in table 1.
Table 1 access control policy
As can be seen from Table 1, UCON
ABC(A, B, C) row are UCON
ABCThe content of A, B and C representative in the model adopts model to classify the access control type that resource access adopts as, and they are under the jurisdiction of UCON
ABC16 kinds of basic models.
We with (S, O, the R) visit of expression main object, S can represent the user, O is expressed as file or instruction manipulation, R represents the authority of authorizing.ATT (S) and ATT (O) represent the community set of main body S and the community set of object O respectively.M represents the set of all basic models, because operation all is made up of A, B and C three parts each time, (A, B C) represent so we are with tlv triple M.And the element in each model (A, B are usually to be represented by the unit in the table 1 C), thus can represent with the binary orientation values, as (0,1), be (preA pre-update), is expressed as first mandate, the back use, and attribute is that front end upgrades; (1,2), be (onA, ongoing-Update), mandate in the expression visit, attribute is for upgrading in the visit.If the model of an application function is M ((1,2), (3,0), (4,0)), the mode of this model representation mandate is mandate in the visit, and attribute is for upgrading in the visit; The mode of fulfilling obligations is fulfiled in visiting, and attribute is immutable; Condition is pre-judgement, and attribute is immutable.
If user User-X visits personal information, the employing model is M ((1,2), (3,0), (4,0)).The command analysis device inquires this corresponding Access Model from the policy library file of general-purpose accessing manager after, just can be according to this access control model execute file operation, its concrete formization is described below.
When user User-X visit personal information, in access process, (onA ongoing-update), authorizes in the expression visit, and upgrades attribute in the visit in the A employing; (onB immutable), finish obligation in the expression visit, and attribute can not be changed in the B employing; (preC, immutable), expression is carried out condition earlier and is detected, and attribute can not be changed in the C employing.It is defined as follows:
-S=User-X, the O=personal information
-ATT(S),ATT(O)
-A=(onA,ongoing-update),
B=(onB,immutable),
C=(preC,immutable)
-R={Read,Write,Update}
-getModel(M(A,B,C))
-ChangeATT (S, O)=0,1,2,3} (obtaining) by UCON16 kind basic model
When user User-X visit personal information,, need to carry out following three steps according to the description of above A, B, C: at first, the safety condition current according to the content detection of C, and after detection is finished, the visit to this information will no longer detect next time; Finish corresponding obligation according to the content of B then, as write daily record etc., and each visit all to be finished corresponding obligation; According to the result that finishes of C and B, determine the Authorization result of A at last, as read operation, write operation upgrades operation etc.
The formalized description that detects safety condition is as follows:
C
PreCon ∈ { card inserts, sets up communication }
getPreCon(S,O,R):S×O×R×preCon
ChangeATT(S,O)
C=0
preConChecked(getPreCon(S,O,R))
=>allowed(S,O,R)
C
=>stopped(S,O,R)
C
The formalized description of finishing corresponding obligation is as follows:
B
OnB ∈ { input PINs, daily record is write in two-way authentication, limits number of times }
getOnB(S,O,R)=S×O×R×onB
ChangeATT(S,O)
B=0
OnBChecked(getOnB(S,O,R))
=>allowed(S,O,R)
B
=>stopped(S,O,R)
B
The formalized description of carrying out associated authorization is as follows:
A
OnA ∈ { read operation, write operation upgrade operation }
ChangeATT(S,O)
A=2
COS universal file access control system of the present invention adds general-purpose accessing control manager 110 (as based on UCON
ABCAccess control model) smart card 100 makes its illegal act that can detect terminal flexibly effectively, and this provides reliable assurance for various application of IC cards safety.If be applied to our the daily U shield of using, attempt to read wherein for illegal terminal that the behavior of information will be detected by the U shield, and can require terminal to carry out corresponding strategy, as write daily record etc.
More than show and described ultimate principle of the present invention, principal character and advantage of the present invention.The technician of the industry should understand; the present invention is not restricted to the described embodiments; what describe in the foregoing description and the instructions is principle of the present invention; without departing from the spirit and scope of the present invention; the present invention also has various changes and modifications; these changes and improvements all fall in the claimed scope of the invention, and the claimed scope of the present invention is defined by appending claims and equivalent thereof.
Claims (4)
1. COS universal file access control system, comprise smart card, described smart card comprises IO delivery manager, command analysis device and general-purpose accessing control manager, it is characterized in that, be provided with a general-purpose accessing control manager of the resource in the smart card being carried out control and management by access control policy in described smart card, described general-purpose accessing control manager is connected to each other with described command analysis device and described IO delivery manager successively.
2. COS universal file access control system as claimed in claim 1 is characterized in that, comprises the policy library file of customization in described general-purpose accessing control manager, and COS manages the file in the smart card by the policy library file.
3. COS universal file access control system as claimed in claim 1, it is characterized in that, when the application access smart card, instruction enters universal access controller by IO delivery manager, command interpreter, order structure is analyzed, determine the file and the file type thereof of visit, search the policy library file in the general-purpose accessing control manager then, get the access control model that outfile adopts according to the file applications type.
4. COS universal file access control system as claimed in claim 3 is characterized in that, when the application access smart card, the access control model according to file adopts will continue to use this access control model to this file in access process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102380524A CN101894234A (en) | 2010-07-27 | 2010-07-27 | COS general file access control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102380524A CN101894234A (en) | 2010-07-27 | 2010-07-27 | COS general file access control system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101894234A true CN101894234A (en) | 2010-11-24 |
Family
ID=43103424
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102380524A Pending CN101894234A (en) | 2010-07-27 | 2010-07-27 | COS general file access control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101894234A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108537067A (en) * | 2018-02-28 | 2018-09-14 | 北京智芯微电子科技有限公司 | Safety protection of chip method and system |
| CN113127426A (en) * | 2021-04-28 | 2021-07-16 | 武汉天喻信息产业股份有限公司 | File management method and system of smart card |
| CN114462041A (en) * | 2021-12-24 | 2022-05-10 | 麒麟软件有限公司 | Dynamic trusted access control method and system based on dual-system architecture |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1687905A (en) * | 2005-05-08 | 2005-10-26 | 华中科技大学 | Multi-smart cards for internal operating system |
| CN1968467A (en) * | 2006-06-21 | 2007-05-23 | 华为技术有限公司 | Mobile terminal and terminal user information protection method |
| US20090154705A1 (en) * | 2007-12-13 | 2009-06-18 | Price Iii William F | Apparatus and Method for Facilitating Cryptographic Key Management Services |
-
2010
- 2010-07-27 CN CN2010102380524A patent/CN101894234A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1687905A (en) * | 2005-05-08 | 2005-10-26 | 华中科技大学 | Multi-smart cards for internal operating system |
| CN1968467A (en) * | 2006-06-21 | 2007-05-23 | 华为技术有限公司 | Mobile terminal and terminal user information protection method |
| US20090154705A1 (en) * | 2007-12-13 | 2009-06-18 | Price Iii William F | Apparatus and Method for Facilitating Cryptographic Key Management Services |
Non-Patent Citations (1)
| Title |
|---|
| 《硅谷》 20100123 邓赟 智能卡操作系统(COS)安全管理研究 , 2 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108537067A (en) * | 2018-02-28 | 2018-09-14 | 北京智芯微电子科技有限公司 | Safety protection of chip method and system |
| CN108537067B (en) * | 2018-02-28 | 2022-02-11 | 北京智芯微电子科技有限公司 | Chip safety protection method and system |
| CN113127426A (en) * | 2021-04-28 | 2021-07-16 | 武汉天喻信息产业股份有限公司 | File management method and system of smart card |
| CN114462041A (en) * | 2021-12-24 | 2022-05-10 | 麒麟软件有限公司 | Dynamic trusted access control method and system based on dual-system architecture |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101176100B (en) | Methods and apparatus for generating endorsement credentials for software-based security coprocessors | |
| US8533797B2 (en) | Using windows authentication in a workgroup to manage application users | |
| US20060047954A1 (en) | Data access security implementation using the public key mechanism | |
| WO2020216131A1 (en) | Digital key-based identity authentication method, terminal apparatus, and medium | |
| DE102013106295A1 (en) | Embedded secure element for authentication, storage and transaction in a mobile terminal | |
| US20080120726A1 (en) | External storage device | |
| US20150244718A1 (en) | Biometric authentication | |
| KR20150113152A (en) | Smart card and smart card system with enhanced security features | |
| CA2650662A1 (en) | Portable device and methods for performing secure transactions | |
| CN104794388A (en) | Application program access protection method and application program access protection device | |
| KR20120112598A (en) | Implementing method, system of universal card system and smart card | |
| Akram et al. | Trusted platform module for smart cards | |
| CN101403993A (en) | Data security safekeeping equipment and method | |
| CN106156607A (en) | A kind of SElinux safety access method and POS terminal | |
| EP3387605B1 (en) | Interception of touch pad events for handling in a secure environment | |
| US8151111B2 (en) | Processing device constituting an authentication system, authentication system, and the operation method thereof | |
| US20200210611A1 (en) | Hardware safe for protecting sensitive data with controlled external access | |
| CN101894234A (en) | COS general file access control system | |
| CN102004977A (en) | Safe network payment method and system | |
| US20110264900A1 (en) | Method and arrangement for configuring electronic devices | |
| CN109584421A (en) | A kind of intelligent door lock authentication administrative system based on domestic safety chip | |
| CN112422281B (en) | Method and system for changing secret key in security module | |
| US11593780B1 (en) | Creation and validation of a secure list of security certificates | |
| CN107273725A (en) | A kind of data back up method and system for classified information | |
| Toll et al. | The Caernarvon secure embedded operating system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20101124 |