CN102184357A - Portable trustworthy private information processing system - Google Patents
Portable trustworthy private information processing system Download PDFInfo
- Publication number
- CN102184357A CN102184357A CN2011101086735A CN201110108673A CN102184357A CN 102184357 A CN102184357 A CN 102184357A CN 2011101086735 A CN2011101086735 A CN 2011101086735A CN 201110108673 A CN201110108673 A CN 201110108673A CN 102184357 A CN102184357 A CN 102184357A
- Authority
- CN
- China
- Prior art keywords
- private information
- encrypted
- terminal
- information processing
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000010365 information processing Effects 0.000 title claims abstract description 20
- 230000006870 function Effects 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 12
- 108700039691 Genetic Promoter Regions Proteins 0.000 claims description 10
- 238000000034 method Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 8
- 239000000463 material Substances 0.000 claims description 5
- 238000001914 filtration Methods 0.000 claims description 2
- 230000007246 mechanism Effects 0.000 claims description 2
- 238000012360 testing method Methods 0.000 claims description 2
- 238000005259 measurement Methods 0.000 abstract 1
- 241000700605 Viruses Species 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Abstract
The invention discloses a portable trustworthy private information processing system. The system physically comprises a safety chip, a Flash memory chip and a safety COS (Chip Operating System), and logically comprises a starting region, a USB (Universal Serial Bus) intelligent key region, a hidden region and an encryption region. When a computer terminal is set to be booted from a USB port and is started to run through the system, an entire computing environment is guaranteed to be trustworthy through trusted boot and measurement; and when the computer terminal is not started and booted from the system, the system can be independently used as an encrypted U disk. Through the system, the problem of safety for personal private information processing is solved, and the trustworthy computing environment is constructed.
Description
Technical field
The present invention relates to a kind of private information disposal system, be specifically related to the believable private information disposal system of a kind of portable.
Background technology
The security of private information becomes the focus safety problem of unit, enterprises and individuals's concern day by day.The user always wishes to carry out the processing of sensitive information under a reliable computing environment, as unit document information processing, commercial matters information processing, management of personal money and personal information (as picture, video and document) etc.But in most cases, the computing platform hardware environment of handling private information is because designs simplification causes any use of resource, and especially run time version can be revised, rogue program can be implanted, and security threats such as wooden horse, virus, hacker exist all the time; Even more serious is, legal users is not carried out strict access control, causes unauthorized access, thereby causes sensitive information leakage or critical data to lose.Therefore, the computing environment that provides a secure and trusted to rely for the private information system seems particularly important.
The various security protection means that provide for computing environment safety at present comprise fire wall, intruding detection system, secure router, security gateway, antivirus software etc.Above-mentioned security protection pattern mostly is the Passive Defence pattern, and in the face of the system attack mode that emerges in an endless stream, traditional security protection means can not tackle the problem at its root, and the security effectiveness of being brought into play is also had a greatly reduced quality.And, only rely on one or more security protection softwares can't fundamentally construct reliable computing environment, guarantee the safety of private information system.
Summary of the invention
The objective of the invention is to overcome the deficiency of existing safety product Passive Defence pattern, cause the believable private information disposal system that can face various security threats when handling private information and a kind of portable is provided.This system provides reliable computing environment for unit, enterprise or individual handle private information.This system physical profile is similar with the common USB memory disc, the user can insert and move this system on any one PC that has a computational resource (CPU) or notebook computer, just switch to a reliable computing environment, even I do not carry any computer, also can on other people computing machine, handle by the relieved responsive private information of carrying out, no longer worry the intrusion and the destruction of wooden horse, virus, even system loss also can not cause the leakage of sensitive information.
The present invention is by the following technical solutions:
According to the present invention, provide a kind of portable believable private information disposal system,
Its physical composition comprises:
Safety chip is used to resist physical attacks, and have be used for being connected with the computing machine USB interface with realize with terminal between the USB interface of communicating by letter;
The Flash storage chip is connected with safety chip by memory interface, to be used for the safe storage of data; And
Safe COS is used to realize security function in logic,
Its logic is formed and is comprised:
The promoter region is used for terminal is started guiding;
USB Intelligent key district provides cryptographic service and the credible password module of standard is provided, and is used for storage and managing keys and realizes rights management by password mechanism;
The hidden area is used for storage security operating strategy and key material;
Encrypted area is used for as encrypted U disk, with encrypt file,
Wherein, describedly be stored in described promoter region from the LINUX of cutting operating system and private information processing components;
The BIOS of terminal is set, starts so that this terminal is specified with the USB interface guiding;
Insert the believable private information disposal system of described portable;
The terminal start powers up;
Correct input identity protection PIN code; described system discharge the embedded believable private information treating apparatus of described USB promoter region from cutting LINUX operating system; under the support of safety COS; this system is the integrality of metric operations system kernel, the important process of system and private information processing components successively
If it is complete, safe guidance described from the LINUX of cutting operating system to safe and reliable environment, the encrypted U disk function that using system provides, the safe storage private information, and utilize the Intelligent key, the private information processing components that provide to carry out internet bank trade and the processing of privately owned document information;
If imperfect, stop guiding and start-up system.
Wherein, the memory block of encrypted U disk is invisible to the user, by authentification of user, the storage of subscriber data after encrypting in the memory block of encrypted U disk, and when derive this memory block, is needed deciphering.
Comprise that further terminal is not set to start from USB port, the described system that then inserts terminal only is used as encrypted U disk, and need carry out authentification of user.
Wherein said credible password module comprises credible tolerance, trusted storage and credible report, and described cryptographic service comprises encryption and decryption based on grouping algorithm, based on the signature of symmetry algorithm/test label.
Wherein the private information processing components provides the cryptographic service of bank's standard Intelligent key and the application component of processing private information.
Wherein said application component comprises word processing assembly, picture processing components, PDF reader assembly, browser component and Mail Clients assembly.
Wherein said key material comprises password card primary control program, cryptographic algorithm code and working key, and described safety management strategy comprises that guiding starts security strategy, port controlling strategy, network filtering strategy.
The invention has the beneficial effects as follows:
According to the present invention, in system start-up and operational process, important process, assembly are carried out credible tolerance, the assurance system is not maliciously tampered and uses, and guarantees data security responsive, private information, for the user provides reliable private information processing environment.Simultaneously, various private information process softwares also are provided, comprise word processing, picture, Video processing, PDF document process, browser, Mail Clients etc., and the Intelligent key KEY function of the bank's standard that provides, make things convenient for user security to carry out Internet-based banking services.
The present invention can solve the safety problem that E-Government, ecommerce, Web bank and personal sensitive information are handled.The present invention is based on safe (SuSE) Linux OS, can conveniently be stored in the firmware of USB interface from cutting, miniature portable.When the user need handle privately owned or sensitive information, only need this system is inserted on any PC or notebook computer that has a computational resource (CPU), just switch to a reliable computing environment, even I do not carry any computer, also can be on other people computing machine relieved carry out information processing.
Other advantages of the present invention, target and feature will be set forth to a certain extent in the following description, and to a certain extent, based on being conspicuous to those skilled in the art, perhaps can obtain instruction from the practice of the present invention to investigating hereinafter.Target of the present invention and other advantages can realize and obtain by specifically noted structure in following instructions or the accompanying drawing.
Description of drawings:
Fig. 1 is the believable private information disposal system of portable physical composition figure.
Fig. 2 is the believable private information disposal system of a portable function composition diagram.
Fig. 3 is trusted bootstrap and tolerance process flow diagram.
Embodiment:
Below in conjunction with drawings and Examples the present invention is described further:
As shown in Figure 1, the believable private information disposal system of portable physical composition comprises safety chip, Flash storage chip and safe COS.Safety chip is connected with the USB port of computing machine by USB interface, finish and computing machine between high-speed communication.Safety chip is connected with the Flash storage chip by memory interface simultaneously, realizes the safe storage function.Safety chip can be resisted physical attacks physically, and the security function of the believable private information disposal system of logically described portable is realized by safety COS.
As shown in Figure 2, the believable private information disposal system of described portable logic is formed and is comprised four subregions, promoter region, USB Intelligent key district, hidden area and encrypted area.The promoter region comprises described from the LINUX of cutting operating system and described private information processing components for the user provides reliable computing environment; The credible tolerance of credible password module TPM(, trusted storage and credible report that USB Intelligent key district provides the cryptographic service function and standard is provided for the user) function; The hidden area is used to deposit safety management strategy and key material; Encrypted area is realized the encrypted U disk function of encrypted physical, encrypted file.
The BIOS of terminal is set, terminal can only be started from specifying the USB port guiding;
Insert the USB port that the believable private information disposal system of described portable is inserted into the computing machine appointment;
As shown in Figure 3, the terminal start powers up, and system starts from USB port.The user imports the identity protection PIN code, and as correctly, the believable private information disposal system of described portable discharges the LINUX operating system of the embedded trusted system of USB promoter region; As continuous three mistakes, system is locked; Under the support of safety COS, the believable private information disposal system of described portable is the integrality of metric operations system kernel, the important process of system and private information processing components successively, as complete, safe guidance LINUX operating system is safe and reliable environment extremely, and changes step 6 over to; As imperfect, stop to guide and starting the operating system;
The believable private information disposal system of portable is normally moved, and user's using system provides the encrypted U disk function, the safe storage private information; And the Intelligent key provide, private information processing components etc. are provided, relievedly carry out internet bank trade and handle privately owned document information such as various literal, picture, video.
If terminal is not set to start from USB port, when terminal self with os starting operation after, insert the believable private information disposal system of described portable again, at this moment the function that provides of the believable private information disposal system of portable only is encrypted U disk, system can install the encrypted U disk management software automatically during insertion, the input user password, if authentification of user passes through, the encrypted U disk district can use.
Be integrated in the believable private information disposal system of portable promoter region from the LINUX of cutting operating system and private information processing components, the private information processing components provides the cryptographic service of bank's standard Intelligent key and handles the various application components (word processing, picture processing, PDF reader, browser, Mail Clients etc.) of private information.
Although the present invention is set forth, it should be appreciated by those skilled in the art that and to carry out different modifications and distortion at the present invention and do not depart from the scope of the present invention with reference to preferred embodiment.
Claims (7)
1. believable private information disposal system of portable is characterized in that:
Its physical composition comprises:
Safety chip is used to resist physical attacks, and have be used for being connected with the computing machine USB interface with realize with terminal between the USB interface of communicating by letter;
The Flash storage chip is connected with safety chip by memory interface, to be used for the safe storage of data; And
Safe COS is used to realize security function in logic,
Its logic is formed and is comprised:
The promoter region is used for terminal is started guiding;
USB Intelligent key district provides cryptographic service and the credible password module of standard is provided, and is used for storage and managing keys and realizes rights management by password mechanism;
The hidden area is used for storage security operating strategy and key material;
Encrypted area is used for as encrypted U disk, with encrypt file,
Wherein, describedly be stored in described promoter region from the LINUX of cutting operating system and private information processing components;
The BIOS of terminal is set, starts so that this terminal is specified with the USB interface guiding;
Insert the believable private information disposal system of described portable;
The terminal start powers up;
Correct input identity protection PIN code, described system discharge the promoter region from cutting LINUX operating system, under the support of safety COS, this system is the integrality of metric operations system kernel, the important process of system and private information processing components successively,
If it is complete, safe guidance described from the LINUX of cutting operating system to safe and reliable environment, the encrypted U disk function that using system provides, the safe storage private information, and utilize the Intelligent key, the private information processing components that provide to carry out internet bank trade and the processing of privately owned document information;
If imperfect, stop guiding and start-up system.
2. the system as claimed in claim 1, wherein, the memory block of encrypted U disk is invisible to the user, by authentification of user, the storage of subscriber data after encrypting in the memory block of encrypted U disk, and when derive this memory block, is needed deciphering.
3. the system as claimed in claim 1 comprises that further terminal is not set to start from USB port, and the described system that then inserts terminal only is used as encrypted U disk, and need carry out authentification of user.
4. the system as claimed in claim 1, wherein said credible password module comprises credible tolerance, trusted storage and credible report, described cryptographic service comprises encryption and decryption based on grouping algorithm, based on the signature of symmetry algorithm/test label.
5. the system as claimed in claim 1, wherein the private information processing components provides the cryptographic service of bank's standard Intelligent key and handles the application component of private information.
6. system as claimed in claim 5, wherein said application component comprises word processing assembly, picture processing components, PDF reader assembly, browser component and Mail Clients assembly.
7. the system as claimed in claim 1, wherein said key material comprises password card primary control program, cryptographic algorithm code and working key, described safety management strategy comprises that guiding starts security strategy, port controlling strategy, network filtering strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110108673.5A CN102184357B (en) | 2011-04-28 | 2011-04-28 | Portable trustworthy private information processing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110108673.5A CN102184357B (en) | 2011-04-28 | 2011-04-28 | Portable trustworthy private information processing system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102184357A true CN102184357A (en) | 2011-09-14 |
| CN102184357B CN102184357B (en) | 2014-03-19 |
Family
ID=44570532
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110108673.5A Active CN102184357B (en) | 2011-04-28 | 2011-04-28 | Portable trustworthy private information processing system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102184357B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102610039A (en) * | 2012-03-12 | 2012-07-25 | 山东科技大学 | Encrypting method for leasehold bean milk machine |
| CN102663315A (en) * | 2012-03-28 | 2012-09-12 | 深圳市江波龙电子有限公司 | Authentication method of computer system and computer system |
| CN102722669A (en) * | 2012-05-28 | 2012-10-10 | 清华大学 | Completeness verification method of operating system |
| CN102982445A (en) * | 2012-11-16 | 2013-03-20 | 江苏乐买到网络科技有限公司 | Client-side system for achieving network safety transaction and payment |
| CN105426734A (en) * | 2015-11-12 | 2016-03-23 | 山东超越数控电子有限公司 | Identity authentication method and device based on trusted computing |
| CN108199849A (en) * | 2018-01-04 | 2018-06-22 | 北京中电华大电子设计有限责任公司 | The USBkey equipment safeties attacking system and method for a kind of real time data acquisition |
| CN108536641A (en) * | 2018-02-28 | 2018-09-14 | 郑州信大捷安信息技术股份有限公司 | Communication mechanism and the method for realizing the guiding of Windows embedded system securities with the mechanism |
| CN109086620A (en) * | 2018-07-19 | 2018-12-25 | 郑州信大捷安信息技术股份有限公司 | Physical isolation dual system construction method based on mobile memory medium |
| CN111310189A (en) * | 2018-12-11 | 2020-06-19 | 航天信息股份有限公司 | USBKEY credibility verification method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080148046A1 (en) * | 2006-12-07 | 2008-06-19 | Bryan Glancey | Real-Time Checking of Online Digital Certificates |
| CN101436234A (en) * | 2008-04-30 | 2009-05-20 | 北京飞天诚信科技有限公司 | System and method for ensuring operation environment safety |
| CN102184358A (en) * | 2011-04-28 | 2011-09-14 | 郑州信大捷安信息技术有限公司 | USB (Universal Serial Bus) embedded trustworthiness private information processing device and system |
-
2011
- 2011-04-28 CN CN201110108673.5A patent/CN102184357B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080148046A1 (en) * | 2006-12-07 | 2008-06-19 | Bryan Glancey | Real-Time Checking of Online Digital Certificates |
| CN101436234A (en) * | 2008-04-30 | 2009-05-20 | 北京飞天诚信科技有限公司 | System and method for ensuring operation environment safety |
| CN102184358A (en) * | 2011-04-28 | 2011-09-14 | 郑州信大捷安信息技术有限公司 | USB (Universal Serial Bus) embedded trustworthiness private information processing device and system |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102610039A (en) * | 2012-03-12 | 2012-07-25 | 山东科技大学 | Encrypting method for leasehold bean milk machine |
| CN102663315A (en) * | 2012-03-28 | 2012-09-12 | 深圳市江波龙电子有限公司 | Authentication method of computer system and computer system |
| CN102663315B (en) * | 2012-03-28 | 2015-04-22 | 深圳市江波龙电子有限公司 | Authentication method of computer system and computer system |
| CN102722669A (en) * | 2012-05-28 | 2012-10-10 | 清华大学 | Completeness verification method of operating system |
| CN102982445A (en) * | 2012-11-16 | 2013-03-20 | 江苏乐买到网络科技有限公司 | Client-side system for achieving network safety transaction and payment |
| CN105426734B (en) * | 2015-11-12 | 2018-04-13 | 山东超越数控电子股份有限公司 | A kind of identity identifying method and device based on trust computing |
| CN105426734A (en) * | 2015-11-12 | 2016-03-23 | 山东超越数控电子有限公司 | Identity authentication method and device based on trusted computing |
| CN108199849A (en) * | 2018-01-04 | 2018-06-22 | 北京中电华大电子设计有限责任公司 | The USBkey equipment safeties attacking system and method for a kind of real time data acquisition |
| CN108199849B (en) * | 2018-01-04 | 2021-01-05 | 北京中电华大电子设计有限责任公司 | USBKey equipment security attack system and method for real-time data acquisition |
| CN108536641A (en) * | 2018-02-28 | 2018-09-14 | 郑州信大捷安信息技术股份有限公司 | Communication mechanism and the method for realizing the guiding of Windows embedded system securities with the mechanism |
| CN108536641B (en) * | 2018-02-28 | 2020-10-23 | 郑州信大捷安信息技术股份有限公司 | Communication mechanism and method for realizing Windows embedded system safety guide by using same |
| CN109086620A (en) * | 2018-07-19 | 2018-12-25 | 郑州信大捷安信息技术股份有限公司 | Physical isolation dual system construction method based on mobile memory medium |
| CN109086620B (en) * | 2018-07-19 | 2021-03-23 | 郑州信大捷安信息技术股份有限公司 | Physical isolation dual-system construction method based on mobile storage medium |
| CN111310189A (en) * | 2018-12-11 | 2020-06-19 | 航天信息股份有限公司 | USBKEY credibility verification method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102184357B (en) | 2014-03-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102184357B (en) | Portable trustworthy private information processing system | |
| CN102184358B (en) | USB (Universal Serial Bus) embedded trustworthiness private information processing device and system | |
| US11947688B2 (en) | Secure computing system | |
| US9047486B2 (en) | Method for virtualizing a personal working environment and device for the same | |
| US10162975B2 (en) | Secure computing system | |
| US8335931B2 (en) | Interconnectable personal computer architectures that provide secure, portable, and persistent computing environments | |
| US7900252B2 (en) | Method and apparatus for managing shared passwords on a multi-user computer | |
| EP2583410B1 (en) | Single-use authentication methods for accessing encrypted data | |
| US8261072B2 (en) | Method and system for secure external TPM password generation and use | |
| CN112513857A (en) | Personalized cryptographic security access control in a trusted execution environment | |
| TWI525452B (en) | Secure virtual machine manager | |
| EP2973171B1 (en) | Context based switching to a secure operating system environment | |
| US20110093693A1 (en) | Binding a cryptographic module to a platform | |
| US11269984B2 (en) | Method and apparatus for securing user operation of and access to a computer system | |
| CN102024115B (en) | Computer with user security subsystem | |
| CN202067261U (en) | Universal serial bus (USB) embedding type trustworthy private information processing device and system | |
| Brasser et al. | Softer Smartcards: Usable Cryptographic Tokens with Secure Execution | |
| CN201845340U (en) | Safety computer provided with user safety subsystem | |
| CN202093522U (en) | Portable trustworthy private information processing system | |
| TW200841206A (en) | Method and system for secure external TPM password generation and use | |
| Rijah et al. | Security Issues and Challenges in Windows OS Level |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 450046 Henan city of Zhengzhou Province, West Zheng Dong new things are integrated services northbound Zhengzhou national trunk highway logistics building 14 floors of A towers Applicant after: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd. Address before: 450001 No. 11 Lianhua street, hi tech Development Zone, Henan, Zhengzhou Applicant before: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd. |
|
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 450046 Henan city of Zhengzhou Province, East West northbound Zheng Dong new district are integrated services Zhengzhou national trunk highway logistics building 14 floors of A towers Applicant after: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd. Address before: 450001 Henan city of Zhengzhou Province, West Zheng Dong new things are integrated services northbound Zhengzhou national trunk highway logistics building 14 floors of A towers Applicant before: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Portable trustworthy private information processing system Effective date of registration: 20180206 Granted publication date: 20140319 Pledgee: Bank of Communications Ltd. Henan branch Pledgor: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd. Registration number: 2018410000003 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20181105 Granted publication date: 20140319 Pledgee: Bank of Communications Ltd. Henan branch Pledgor: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd. Registration number: 2018410000003 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Portable Trustworthy Private Information Processing System Granted publication date: 20140319 Pledgee: Bank of Zhengzhou Co.,Ltd. Zhongyuan Science and Technology City Sub branch Pledgor: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd. Registration number: Y2024980007004 |