CN102387150B - Access control method and system of mobile memory and mobile memory - Google Patents
Access control method and system of mobile memory and mobile memory Download PDFInfo
- Publication number
- CN102387150B CN102387150B CN201110338436.8A CN201110338436A CN102387150B CN 102387150 B CN102387150 B CN 102387150B CN 201110338436 A CN201110338436 A CN 201110338436A CN 102387150 B CN102387150 B CN 102387150B
- Authority
- CN
- China
- Prior art keywords
- authentication
- mobile memory
- file
- level
- file access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an access control and system of a mobile memory and a mobile memory, belonging to the field of information security. The method comprises the steps of: connecting the mobile memory whit a file information displaying device; receiving authorization request from the file information displaying device, wherein the authorization request is of the authorization type as any one of N authorization type, and N is integer more than 1; distinguishing the authorization type of the authorization request by the mobile memory after receiving the authorization request; authorizing the authorization request in the way of authorizing corresponding to the authorization type; determining current security level by the mobile memory based on the authorization type and authorization result after finishing the authorization; receiving the file access operation request from the file information displaying device by the mobile memory; and carrying out corresponding file access operation according to the existing security level. In the control method disclosed by the invention, a plurality of authorization types is introduced to authorize, so that the access security of the mobile memory can be improved.
Description
Technical field
The present invention relates to information security field, relate in particular to a kind of access control method, system and mobile memory of mobile memory.
Background technology
Along with mobile memory, the rapid of the mobile memory (being designated hereinafter simply as USB flash disk) that the USB of especially take is interface popularized, and the safety issue that is stored in the file in USB flash disk receives publicity day by day.
In order to strengthen the fail safe of USB flash disk, the safe U disc that can control the file access operation of USB flash disk is applied to the fields such as military affairs, finance, business gradually.The safe U disc basic principle of controlling that conducts interviews is, user is before the file in safe U disc conducts interviews, need to safe U disc, send authenticate password (being designated hereinafter simply as password) by terminal, safe U disc authenticates password, and authentication is carried out the operations such as file read-write by rear just permission to safe U disc.
Existing safe U disc only carries out authentication by static authenticate password to user, and fail safe is poor.
Summary of the invention
Embodiment of the present invention provides a kind of access control method, system and mobile memory of mobile memory, can solve existing safe U disc and only by static authenticate password, user be carried out to authentication, fail safe is poor, thereby improves the fail safe of mobile memory access control.
For solving the problem of prior art, embodiment of the present invention provides a kind of access control method of mobile memory, and the method comprises the following steps:
After mobile memory is connected with fileinfo display unit, receive the authentication request that fileinfo display unit sends, the auth type of described authentication request is any in N kind auth type, and N is greater than 1 integer;
After receiving authentication request, after mobile memory is identified the auth type of authentication request, adopt the authentication mode corresponding with auth type to authenticate authentication request;
After having authenticated, mobile memory is determined current level of security according to auth type and authentication result;
Mobile memory receives after the file access operation requests of fileinfo display unit transmission, according to current level of security, carries out corresponding file access operation.
In said method, described auth type comprises: static password authentication, dynamic password authentication and certificate verification.
In said method, mobile memory is identified the auth type of authentication request in the following ways:
By the auth type indication field comprising in authentication request, the auth type of this authentication request is identified.
In said method, mobile memory authenticates authentication request in the following ways:
If the auth type of authentication request is static password authentication, mobile memory contrasts the static password of storing in the static password comprising in authentication request and its secure storage areas, if both match, and static password authentication success; Otherwise static password authentication failure;
If the auth type of authentication request is dynamic password authentication, mobile memory contrasts the dynamic password comprising in the current dynamic password of its generation and authentication request, if both match, and dynamic password authentication success; Otherwise dynamic password authentication failure;
If the auth type of authentication request is certificate verification, mobile memory receives after the authentication request of fileinfo display unit transmission, and the display unit certificate comprising in authentication request is authenticated.
In said method, after having authenticated, mobile memory is determined current level of security according to authentication result and different auth types in the following manner:
If authentication result is authentification failure, mobile memory is defined as current level of security cannot carry out the lowest security level of file access operation;
If authentication result is authentication success, mobile memory is defined as current level of security and the auth type of described authentication request level of security one to one; Or mobile memory is determined current level of security according to the static password comprising in the auth type of described authentication request and described authentication request or dynamic password or display unit certificate.
In said method, mobile memory is defined as current level of security and the auth type of described authentication request level of security one to one in the following manner:
If auth type is static password authentication, determine that the current level of security of this user is rudimentary level of security;
If auth type is dynamic password authentication, determine that the current level of security of this user is intermediate level of security;
If auth type is certificate verification, determine that the current level of security of this user is advanced security rank.
In said method, mobile memory receives after the file access operation requests of display unit transmission, carries out corresponding file access operation in the following manner according to current level of security:
Mobile memory is analyzed file access operation requests, obtains this and asks corresponding file access action type and file access operand, and judge whether to allow to carry out the request of this document accessing operation according to current level of security;
If allow, carry out the request of this document accessing operation, mobile memory is carried out corresponding file access operation, and to fileinfo display unit backspace file access result;
If do not allow, carry out the request of this document accessing operation, mobile memory returns to the response message of forbidding carrying out corresponding file access operation to fileinfo display unit.
Embodiment of the present invention also provides a kind of mobile memory, and this mobile memory comprises:
Data transmission module, main control module, memory module and at least one dynamic password generation module;
Wherein, described data transmission module is connected with described main control module, for connecting outside fileinfo display unit, and makes to carry out between main control module and fileinfo display unit the transmission of data;
Described dynamic password generation module is connected with described main control module, for generating the dynamic password authenticating for the main control module authentication request that is dynamic password authentication to auth type;
Described memory module is connected with described main control module, for storage file information and for static password and the certificate of main control module authentication;
Described main control module, for receiving by described data transmission module the authentication request that fileinfo display unit sends, authentication request is any authentication of choosing in N kind auth type, N is greater than 1 integer; After the auth type of the authentication request of receiving is identified, adopt the authentication mode corresponding with auth type to authenticate authentication request; After having authenticated, according to auth type and authentication result, determine current level of security; Receive the file access operation requests of fileinfo display unit transmission by described data transmission module after, according to current level of security, carry out corresponding file access operation.
In above-mentioned mobile memory, after receiving authentication request, the auth type indication field of described main control module for comprising by authentication request, identifies the auth type of this authentication request.
In above-mentioned mobile memory, if the auth type of authentication request is static password authentication, described main control module, contrasts for the static password of storing in static password that authentication request is comprised and described memory module, if both match, static password authentication success; Otherwise static password authentication failure;
If the auth type of authentication request is dynamic password authentication, described main control module, for the current dynamic password that described dynamic password generation module is generated and the dynamic password that authentication request comprises, contrast, if both match, dynamic password authentication successfully; Otherwise dynamic password authentication failure;
If the auth type of authentication request is certificate verification, described main control module, for receiving after the authentication request of fileinfo display unit transmission, authenticates the display unit certificate comprising in authentication request.
In above-mentioned mobile memory, after having authenticated, when described main control module is determined current level of security according to authentication result and different auth types,
If authentication result is authentification failure, the lowest security level of described main control module for current level of security is defined as carrying out file access operation;
If authentication result is authentication success, described main control module is for being defined as current level of security and the auth type of described authentication request level of security one to one; Or main control module is determined current level of security for the static password that comprises according to the auth type of described authentication request and described authentication request or dynamic password or display unit certificate.
In above-mentioned mobile memory, at described main control module, current level of security is defined as with the auth type of described authentication request one to one during level of security,
If auth type is static password authentication, described main control module is for determining that the current level of security of this user is rudimentary level of security;
If auth type is dynamic password authentication, described main control module is for determining that the current level of security of this user is intermediate level of security;
If auth type is certificate verification, described main control module is for determining that the current level of security of this user is advanced security rank.
In above-mentioned mobile memory, after receiving the file access operation requests of display unit transmission, described main control module is also for analyzing file access operation requests, obtain this and ask corresponding file access action type and file access operand, and judge whether to allow to carry out the request of this document accessing operation according to current level of security; If allow, carry out the request of this document accessing operation, mobile memory is carried out corresponding file access operation, and to fileinfo display unit backspace file access result.
Embodiment of the present invention further provides a kind of mobile memory access control system, and this system comprises:
Mobile memory and fileinfo display unit, mobile memory is connected with fileinfo display unit;
Wherein, the mobile memory described in described mobile memory employing the claims 7~12 any one.
As seen from the above technical solution provided by the invention, the control method that adopts the embodiment of the present invention to provide, when mobile memory being conducted interviews to control, introducing multiple different authentication type authenticates, avoid only adopting single static password authentication, thereby improved the fail safe of the file access operation of mobile memory; And, after having authenticated, can determine according to authentication result and different authentication type user's current level of security, thereby realize same user and can use dissimilar authentication mode at different occasion/security contexts, make same mobile memory applicable to using in different occasion/security contexts.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain other accompanying drawings according to these accompanying drawings.
The access control method flow chart of the mobile memory that Fig. 1 provides for the embodiment of the present invention;
The structural representation of the mobile memory that Fig. 2 provides for the embodiment of the present invention;
The access control system structural representation of the mobile memory that Fig. 3 provides for the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on embodiments of the invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to protection scope of the present invention.
Core of the present invention is, mobile memory adopts multiple auth type (static password authentication, dynamic password authentication, certificate verification) user's file access operation is controlled, various auth type correspondences identical or different level of security, the file access operating right that different level of security is corresponding different.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
the first embodiment of the method
Fig. 1 is the access control method flow chart of mobile memory of the present invention.As shown in Figure 1, the method comprises the steps:
101, after mobile memory is connected with display unit, display unit shows user's authentication interface, with the selection of pointing out user to carry out auth type, and inputs or select corresponding password or certificate.
Above-mentioned display unit can be personal computer or special-purpose fileinfo display unit.
The auth type that user can select comprises: static password authentication, dynamic password authentication, certificate verification.
If selection static password authentication, user should input user name (optional) and static password conventionally; If selection dynamic password authentication, the dynamic password that user conventionally should input user name (optional) and for example, obtain by token device (, OTP token); If user selects certificate verification, user should input user name (optional) conventionally, and selects corresponding user certificate.
102, display unit sends authentication request to mobile memory;
Difference according to the auth type adopting, can comprise in above-mentioned authentication request: the certificate of static password or dynamic password or this display unit.
Alternatively, in above-mentioned authentication request, can also comprise user name.
Above-mentioned static password can be arranged in advance by administrative staff or the user of mobile memory, display unit can read acquisition from its built-in or external memory module, or by user, input acquisition, and be included in and in authentication request, send to mobile memory.
Above-mentioned dynamic password can be obtained by special-purpose token device by user, and input and display device, and display unit is included in the dynamic password of user input in authentication request, to send to mobile memory.
Above-mentioned display unit certificate can read acquisition by display unit from its built-in or external memory module, and is sent to mobile memory.
Above-mentioned external memory module can be storage card, smart card, SIM card etc.
In addition, in above-mentioned authentication request, can also comprise auth type indication field, for identifying the auth type of current employing.
103, mobile memory receives after the authentication request of display unit transmission, carries out the identification of auth type; If adopt static password mode to authenticate, jump to step 104; If adopt dynamic password mode to authenticate, jump to step 105, if adopt certificate mode to authenticate, jump to step 106;
Mobile memory can be identified by the auth type indication field in authentication request the auth type of current employing.
104, if adopt static password mode to authenticate, mobile memory contrasts the static password of storing in the static password comprising in authentication request and its secure storage areas, if matched, shows static password authentication success; Otherwise show static password authentication failure.
If comprise user name in authentication request, mobile memory can obtain corresponding static password and contrasts from secure storage areas according to user name; If do not comprise user name in authentication request, mobile memory can obtain a plurality of effective static passwords from secure storage areas, and respectively with authentication request in the static password that comprises contrast, as long as the static password obtaining mates with the static password comprising in authentication request, show static password authentication success from secure storage areas.
Above-mentioned effective static password refers to, at least with a static password that level of security is corresponding.
105, if adopt dynamic password mode to authenticate, mobile memory contrasts the dynamic password comprising in the current dynamic password of its generation and authentication request, if both couplings show dynamic password authentication success; Otherwise show dynamic password authentication failure.
In order to support dynamic password authentication, mobile memory as dynamic password server (for example, OTP server), one or more dynamic password makers need to be set therein, each dynamic password maker can be corresponding with one or more tokens (or user).
While being provided with a plurality of dynamic password maker in mobile memory, user obtains current dynamic password by token, input and display device, and dynamic password is included in authentication request and is sent to after mobile memory, as long as the dynamic password that the dynamic password comprising in authentication request and one of them dynamic password maker generate matches, show dynamic password authentication success.
In addition, in mobile memory, be provided with a plurality of dynamic password makers, each dynamic password maker is corresponding with a user, and while comprising user name in authentication request, user obtains current dynamic password by token, by user name and this dynamic password in the lump input and display device, and user name and this dynamic password are included in authentication request and are sent to after mobile memory, mobile memory can obtain the dynamic password that the dynamic password maker corresponding with this user name generates according to the user name comprising in authentication request, by it is compared to carry out the authentication of dynamic password with the dynamic password comprising in authentication request.
106, if adopt certificate mode to authenticate, mobile memory receives after the authentication request of display unit transmission, and the certificate wherein comprising (hereinafter referred to as display unit certificate) is authenticated;
Above-mentioned verification process can be divided into following sub-step:
106a, the issuer identification information in mobile memory reading displayed device certificate, and the issuer certificate corresponding according to this acquisition of information;
106b, mobile memory reads the PKI of this certificate from issuer certificate;
106c, mobile memory is used above-mentioned PKI to verify the certificate signature field of display unit certificate, if signature verification success shows certificate verification success, otherwise shows certificate verification failure.
Obviously, in order to support certificate mode to authenticate, in mobile memory, need to store one or more certificates (issuer certificate), corresponding believable CA (the Certificate Authority of each root certificate, authentication center), display unit certificate is issued by above-mentioned CA.
107, after authentication success, mobile memory determines according to different auth types and authentication result the level of security that this user is current, and records current level of security;
In the present embodiment, can different level of securitys be set respectively for different auth types and authentication result, be respectively from low to high:
Corresponding lowest security level during authentification failure;
The corresponding rudimentary level of security of static password authentication;
The corresponding intermediate level of security of dynamic password authentication;
The corresponding advanced security rank of certificate verification.
In the present embodiment, different corresponding different file access action type and/or the file access operands of level of security.
File access action type can comprise: file attribute information is browsed, file reading, and revised file, deleted file, creates file, creates file, Delete Folder etc.
Above-mentioned file attribute information is browsed also can be called browse through folders operation, refers to that the file attribute informations such as file/Folder Name, file type, date created, modification date of the file or folder to comprising in a certain disk partition or file are browsed.
File access operand can be divided into: disk partition, file, file.
For example:
When level of security is while being senior, can carry out all accessing operations to the All Files in all catalogues (file) of all subregions; Can carry out to all file access operands all types of file access operations;
When level of security is when middle rank, can the All Files in all subregion/catalogues (file) be read, retouching operation, and can create the accessing operations such as file, browse through folders; But do not allow to carry out deleted file, the operations such as Delete Folder; Can carry out to all files accessing operation object the file access operation of part type;
When level of security is while being rudimentary, can carry out read operation to all or part of file in part subregion/catalogue (file), and can carry out the accessing operations such as browse through folders; But do not allow the operations such as the file of modifying, deleted file, Delete Folder; Can carry out to partial document accessing operation object the file access operation of part type.
When level of security is lowermost level, user cannot carry out file access operation to mobile memory by display unit.
108, mobile memory wait for user by display unit to the request of mobile memory Transmit message accessing operation.
109, mobile memory receives after the file access operation requests of display unit transmission, this request is analyzed, obtained this and ask corresponding file access action type and file access operand, and judge whether to allow to carry out the request of this document accessing operation according to current level of security; If allow, perform step 110; If do not allowed, perform step 111.
110, if allow the request of execute file accessing operation, mobile memory is carried out corresponding file access operation, and for example, to display unit backspace file access result (, returning to corresponding file data etc.), and jump to step 108.
111, if do not allow the request of execute file accessing operation, mobile memory returns to the response message of forbidding carrying out corresponding file access operation to display unit, and jumps to step 108.
the second embodiment of the method
The difference of the second embodiment and the first embodiment is: in the first embodiment, and the corresponding different level of security of different auth types; In the second embodiment, each auth type can corresponding a plurality of level of securitys, and the quantity of level of security is also without identical with the quantity of auth type, the level of security that different auth types can be corresponding identical.For example, static password authentication can corresponding a plurality of level of securitys, and different static passwords is corresponding from different level of securitys; Dynamic password and static password are similar; Certificate verification also can corresponding a plurality of level of securitys, and different certificates is corresponding from different level of securitys.Therefore, in a second embodiment, step 107 should be replaced by step 107 ':
107 ', after authentication success, mobile memory determines according to static password, dynamic password or certificate different in different auth types and corresponding auth type the level of security that this user is current.
first device embodiment
It shown in Fig. 2, is the structural representation of mobile memory provided by the invention.As shown in Figure 2, this mobile memory comprises: data transmission module, main control module, memory module and at least one dynamic password generation module;
Wherein, data transmission module is connected with main control module, for threaded file information display device, and makes to carry out between main control module and fileinfo display unit the transmission of data;
Dynamic password generation module is connected with main control module, for generating the dynamic password authenticating for the main control module authentication request that is dynamic password authentication to auth type;
Memory module is connected with main control module, for storage file information and for static password and the certificate of main control module authentication;
Main control module, for receiving the authentication request of any auth type of choosing from multiple auth type that user sends by fileinfo display unit by described data transmission module; After receiving that the auth type of authentication request is identified, adopt the authentication mode corresponding with auth type to authenticate authentication request; After having authenticated, according to authentication result and different auth types, determine the level of security that this user is current, and record current level of security; And receive the file access operation requests that user sends by fileinfo display unit by described data transmission module after, according to the current level of security of record, carry out corresponding file access operation.
Above-mentioned mobile memory, after receiving authentication request, the auth type indication field of described main control module for comprising by authentication request, identifies the auth type of this authentication request.
Above-mentioned mobile memory, after to authentication request authentification failure, described main control module is also for current level of security is made as to lowest security level, so that user cannot carry out file access operation to mobile memory by fileinfo display unit;
After to authentication request authentication success, described main control module is also for determining that according to different auth types the current level of security of this user is same level of security, or, according to different auth types, determine that the current level of security of this user is different level of security.
Above-mentioned mobile memory, after receiving the file access operation requests of display unit transmission, described main control module is also for analyzing file access operation requests, obtain this and ask corresponding file access action type and file access operand, and judge whether to allow to carry out the request of this document accessing operation according to current level of security; If allow, carry out the request of this document accessing operation, mobile memory is carried out corresponding file access operation, and to fileinfo display unit backspace file access result.
As shown in Figure 2, the dynamic password generation module in above-mentioned mobile memory also can arrange a plurality of as required, and each dynamic password generation module is all connected with main control module; Described main control module also obtains for the user name comprising according to authentication request the dynamic password that the dynamic password generation module corresponding with this user name generates, by it is compared to carry out the authentication of dynamic password with the dynamic password comprising in authentication request.
the first system embodiment
It shown in Fig. 3, is the structural representation of mobile memory provided by the invention.As shown in Figure 3, this system comprises: mobile memory and fileinfo display unit, and mobile memory is connected with fileinfo display unit; Wherein, mobile memory adopts the mobile memory providing in above-mentioned first device embodiment.
In sum, adopt the control method of mobile memory of the present invention, due to the multiple auth type of introducing except static password authentication, improved the fail safe of the file access operation of mobile memory; And allow same user to use dissimilar authentication mode at different occasion/security contexts, same mobile memory is used in different occasion/security contexts; For example, if user uses mobile memory by storing the terminal (display unit) of certificate, can use certificate authentication mode, to obtain the highest safe class; If cannot adopt certificate verification mode, but the current dynamic password generating device (token) that carried of user can be used dynamic password authentication mode, to obtain intermediate safe class; If current occasion does not have certificate, there is no dynamic password generating device yet, user can use static password authentication mode, and in this case, user only can obtain lower safe class, and specific file is carried out to limited accessing operation.
The above; be only the present invention's embodiment preferably, but protection scope of the present invention is not limited to this, is anyly familiar with in technical scope that those skilled in the art disclose in the present invention; the variation that can expect easily or replacement, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claims.
Claims (6)
1. an access control method for mobile memory, is characterized in that, the method comprises the following steps:
Mobile memory, with after outside fileinfo display unit is connected, receives the authentication request that fileinfo display unit sends, and fileinfo display unit shows user's authentication interface, to point out user to carry out the selection of auth type; The auth type of described authentication request is any in N kind auth type, and N is greater than 1 integer, and described authentication request comprises auth type indication field;
After receiving authentication request, after mobile memory is identified the auth type of authentication request according to described auth type indication field, adopt the authentication mode corresponding with auth type to authenticate authentication request;
After having authenticated, mobile memory is determined current level of security according to auth type and authentication result, and wherein, the corresponding different level of security of different auth types, specifically comprises: corresponding lowest security level during authentification failure; The corresponding rudimentary level of security of static password authentication; The corresponding intermediate level of security of dynamic password authentication; The corresponding advanced security rank of certificate verification; Or the corresponding a plurality of level of securitys of each auth type, specifically comprise: the corresponding a plurality of level of securitys of static password authentication, different static passwords is corresponding from different level of securitys; The corresponding a plurality of level of securitys of dynamic password authentication, different dynamic passwords is corresponding from different level of securitys; The corresponding a plurality of level of securitys of certificate verification, different certificates is corresponding from different level of securitys;
Mobile memory receives after the file access operation requests of fileinfo display unit transmission, described file access operation requests is analyzed, obtain file access action type corresponding to described file access request and file access object, according to current level of security, carry out corresponding file access operation, if allow, carry out described file access operation requests, mobile memory is carried out corresponding file access operation, and to fileinfo display unit backspace file access result; If do not allow, carry out described file access operation requests, mobile memory returns to the response message of forbidding carrying out corresponding file access operation to fileinfo display unit, wherein, different corresponding different file access action type and/or the file access operands of level of security, described file access action type comprises, file attribute information is browsed, file reading, revised file, deleted file, establishment file, create file or Delete Folder, described file access object comprises, disk partition, file, file.
2. the access control method of mobile memory according to claim 1, is characterized in that,
Described auth type comprises: static password authentication, dynamic password authentication and certificate verification.
3. the access control method of mobile memory according to claim 1, is characterized in that,
Mobile memory authenticates authentication request in the following ways:
If the auth type of authentication request is static password authentication, mobile memory contrasts the static password of storing in the static password comprising in authentication request and its secure storage areas, if both match, and static password authentication success; Otherwise static password authentication failure;
If the auth type of authentication request is dynamic password authentication, mobile memory contrasts the dynamic password comprising in the current dynamic password of its generation and authentication request, if both match, and dynamic password authentication success; Otherwise dynamic password authentication failure;
If the auth type of authentication request is certificate verification, mobile memory receives after the authentication request of fileinfo display unit transmission, and the display unit certificate comprising in authentication request is authenticated.
4. a mobile memory, is characterized in that, this mobile memory comprises:
Data transmission module, main control module, memory module and at least one dynamic password generation module;
Wherein, described data transmission module is connected with described main control module, for connecting outside fileinfo display unit, and makes to carry out between main control module and fileinfo display unit the transmission of data;
Described dynamic password generation module is connected with described main control module, for generating the dynamic password authenticating for the main control module authentication request that is dynamic password authentication to auth type;
Described memory module is connected with described main control module, for storage file information and for static password and the certificate of main control module authentication;
Described main control module, for receiving by described data transmission module the authentication request that fileinfo display unit sends, authentication request is any authentication of choosing in N kind auth type, and N is greater than 1 integer, and request comprises auth type indication field; After the authentication request of receiving is identified according to the auth type of described auth type indication field, adopt the authentication mode corresponding with auth type to authenticate authentication request; After having authenticated, according to auth type and authentication result, determine current level of security, wherein, the corresponding different level of security of different auth types, specifically comprises: corresponding lowest security level during authentification failure; The corresponding rudimentary level of security of static password authentication; The corresponding intermediate level of security of dynamic password authentication; The corresponding advanced security rank of certificate verification; Or the corresponding a plurality of level of securitys of each auth type, specifically comprise: the corresponding a plurality of level of securitys of static password authentication, different static passwords is corresponding from different level of securitys; The corresponding a plurality of level of securitys of dynamic password authentication, different dynamic passwords is corresponding from different level of securitys; The corresponding a plurality of level of securitys of certificate verification, different certificates is corresponding from different level of securitys; Receive the file access operation requests of fileinfo display unit transmission by described data transmission module after, described file access operation requests is analyzed, obtain file access action type corresponding to described file access request and file access object, according to current level of security, carry out corresponding file access operation, if allow, carry out described file access operation requests, mobile memory is carried out corresponding file access operation, and to fileinfo display unit backspace file access result; If do not allow, carry out described file access operation requests, mobile memory returns to the response message of forbidding carrying out corresponding file access operation to fileinfo display unit, wherein, different corresponding different file access action type and/or the file access operands of level of security, described file access action type comprises, file attribute information is browsed, file reading, revised file, deleted file, establishment file, create file or Delete Folder, described file access object comprises, disk partition, file, file.
5. mobile memory according to claim 4, is characterized in that,
If the auth type of authentication request is static password authentication, described main control module, contrasts for the static password of storing in static password that authentication request is comprised and described memory module, if both match, and static password authentication success; Otherwise static password authentication failure;
If the auth type of authentication request is dynamic password authentication, described main control module, for the current dynamic password that described dynamic password generation module is generated and the dynamic password that authentication request comprises, contrast, if both match, dynamic password authentication successfully; Otherwise dynamic password authentication failure;
If the auth type of authentication request is certificate verification, described main control module, for receiving after the authentication request of fileinfo display unit transmission, authenticates the display unit certificate comprising in authentication request.
6. a mobile memory access control system, is characterized in that, this system comprises:
Mobile memory and fileinfo display unit, mobile memory is connected with fileinfo display unit;
Wherein, the mobile memory described in described mobile memory employing the claims 4~5 any one.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110338436.8A CN102387150B (en) | 2011-10-31 | 2011-10-31 | Access control method and system of mobile memory and mobile memory |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110338436.8A CN102387150B (en) | 2011-10-31 | 2011-10-31 | Access control method and system of mobile memory and mobile memory |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102387150A CN102387150A (en) | 2012-03-21 |
| CN102387150B true CN102387150B (en) | 2014-11-26 |
Family
ID=45826124
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110338436.8A Active CN102387150B (en) | 2011-10-31 | 2011-10-31 | Access control method and system of mobile memory and mobile memory |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102387150B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102014207704B4 (en) * | 2013-04-26 | 2019-11-28 | Avago Technologies International Sales Pte. Ltd. | METHOD AND SYSTEMS FOR SECURING AUTHENTICATION OF APPLICATIONS IN A NETWORK |
| US9282086B2 (en) | 2013-04-26 | 2016-03-08 | Broadcom Corporation | Methods and systems for secured authentication of applications on a network |
| CN103984890A (en) * | 2014-05-26 | 2014-08-13 | 惠州华阳通用电子有限公司 | Method and apparatus for entering hidden setting of in-vehicle infotainment information system |
| CN104506317A (en) * | 2014-12-01 | 2015-04-08 | 金硕澳门离岸商业服务有限公司 | An authentication method and device based on multiple authentication modes |
| CN107872458B (en) * | 2017-11-10 | 2019-07-12 | 恒宝股份有限公司 | A kind of chip and its access method |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW200512658A (en) * | 2003-09-19 | 2005-04-01 | Hui Lin | Authentication process for data storage application and IC card authentication hardware |
| TW200636554A (en) * | 2004-12-21 | 2006-10-16 | Sandisk Corp | Memory ststem with versatile content control |
| WO2006066604A1 (en) * | 2004-12-22 | 2006-06-29 | Telecom Italia S.P.A. | Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor |
| CN101908960A (en) * | 2009-06-02 | 2010-12-08 | 上海科大智能科技股份有限公司 | Multiple security method of electronic file concerning security matters |
| CN201518127U (en) * | 2009-10-13 | 2010-06-30 | 航天信息股份有限公司 | Encrypted mobile memory based on password authentication |
| CN101764742B (en) * | 2009-12-30 | 2015-09-23 | 福建星网锐捷网络有限公司 | A kind of network resource visit control system and method |
| CN102075547B (en) * | 2011-02-18 | 2014-03-26 | 天地融科技股份有限公司 | Dynamic password generating method and device and authentication method and system |
| CN102223364B (en) * | 2011-05-09 | 2014-06-04 | 飞天诚信科技股份有限公司 | Method and system for accessing e-book data |
-
2011
- 2011-10-31 CN CN201110338436.8A patent/CN102387150B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN102387150A (en) | 2012-03-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10142324B2 (en) | Method for reading attributes from an ID token | |
| US9779393B2 (en) | Secure distributed single action payment authorization system | |
| US8839383B2 (en) | Authentification broker for the securities industry | |
| US7743409B2 (en) | Methods used in a mass storage device with automated credentials loading | |
| EP1920380B1 (en) | Mass storage device with automated credentials loading | |
| US8850548B2 (en) | User-portable device and method of use in a user-centric identity management system | |
| CN102387150B (en) | Access control method and system of mobile memory and mobile memory | |
| CN103502993A (en) | Virtual computer system, confidential information protection method, and confidential information protection program | |
| CN105141614B (en) | A kind of access right control method and device of movable storage device | |
| CN102542444A (en) | Method, device and system for carrying out identity verification of mobile payment | |
| CN102368230A (en) | Mobile memory and access control method thereof as well as system | |
| BR112021005781A2 (en) | APPLIANCE, METHOD, AND, NON-TRANSITORY COMPUTER READable STORAGE MEDIA | |
| CN110011957A (en) | Safety certifying method, device, electronic equipment and the storage medium of business account | |
| US20180039988A1 (en) | Methods for controlling access to a financial account | |
| US20160086168A1 (en) | Establishing communication between a reader application and a smart card emulator | |
| CN110324344A (en) | The method and device of account information certification | |
| CN107239691B (en) | The method, apparatus and system that the external device that access calculates equipment is controlled | |
| US20170132629A1 (en) | Cloud-se-based cloud-se system, mobile terminal, and mobile payment method thereof | |
| US8881256B1 (en) | Portable access to auditing information | |
| US20130204929A1 (en) | Information Generation System And Method Therefor | |
| CN102426555A (en) | Mobile memory, and access control method and system thereof | |
| CN101165697A (en) | Individual information fingerprint protection and management system | |
| CN102521164B (en) | Access control method of mobile memory, mobile memory and system | |
| JP6009521B2 (en) | User identification system, method and program | |
| US11893587B2 (en) | System for enhanced authentication using non-fungible tokens (NFTs) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C53 | Correction of patent for invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 102211 Beijing city Changping District Baishan town 100 Ge Road No. 9 Building No. 2 hospital Applicant after: Tendyron Technology Co., Ltd. Address before: 100083, B, block 17, golden building, No. 1810 Qinghua East Road, Beijing, Haidian District Applicant before: Beijing Tendyron Technology Co., Ltd. |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |