CN108537072A - A kind of USB interface-based security system - Google Patents

A kind of USB interface-based security system Download PDF

Info

Publication number
CN108537072A
CN108537072A CN201711363761.3A CN201711363761A CN108537072A CN 108537072 A CN108537072 A CN 108537072A CN 201711363761 A CN201711363761 A CN 201711363761A CN 108537072 A CN108537072 A CN 108537072A
Authority
CN
China
Prior art keywords
switch
usb
mac address
main control
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711363761.3A
Other languages
Chinese (zh)
Inventor
张玉强
高世伟
李潇
张玉鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Aerospace Times Electronics Corp
Beijing Aerospace Control Instrument Institute
Original Assignee
China Aerospace Times Electronics Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Aerospace Times Electronics Corp filed Critical China Aerospace Times Electronics Corp
Priority to CN201711363761.3A priority Critical patent/CN108537072A/en
Publication of CN108537072A publication Critical patent/CN108537072A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Small-Scale Networks (AREA)

Abstract

A kind of USB interface-based security system, is related to information security field;Including main control module, first interface module, first switch, USB Hub modules, third switch, second interface module, photoelectric conversion module, second switch and the 4th switch;Main control module is differentiated by the sequence number to external USB device to be identified with pre-stored white list;And by differentiating with pre-stored white list to outside computer MAC Address to be bound;The open close of first switch and third switch is controlled, the unicom of external USB device to be identified and external computer to be bound finally is realized;The present invention is devised for relating computer, and non-concerning security matters single machine and test machine are basic USB flash disk compliance check device, realize USB flash disk and computer justification communicating requirement.

Description

A kind of USB interface-based security system
Technical field
The present invention relates to a kind of information security field, especially a kind of USB interface-based security system.
Background technology
Still pass through software control and physics for the protection of information security is main for the security of USB interface at present What partition method carried out.It is blocked in the operating system of equipment where software aspects are based primarily upon USB interface, such as certain company " three-in-one " software etc., but such software belongs to passive defense mode, first should by operating system identification in principle USB device has been accessed on USB interface, then according to corresponding security strategy, is authorized or is blocked, has belonged to USB device Through access system, this plays the stop mode during event or after event, this can not play event in equipment access system and advances row resistance Only;Physical isolation method mainly seals with wax to the USB port on computer, this makes troubles to user again, can not be to USB port spirit It is living to use mandate, reduction user experience.
The method of existing control USB port at this stage
(1) Physical is isolated
Physically-isolated method is very simple, is exactly that will extend USB port on computer motherboard to remove, by integrated USB port It is blocked with hot melt adhesive or glue, i.e., USB peripheral can not be inserted into USB port, to achieve the purpose that control port.
(2) BIOS is shielded
Start computer, press F2 or DEL keys (mainboard difference is slightly different), is arranged into BIOS, USB device is set as Disable.It is that BIOS sets an administrator's password again, it is therefore an objective to the people in addition to administrator does not allow access into setting modification, this The computer of sample setting can not just use USB peripheral.
(3) driver control is deleted
The included USB device driving of deletion system, the equipment such as such USB flash disk are inserted into computer and can not find driving, naturally just not It can use.But control with this method in fact more fragile, it is easy to can be restriction cancellation.
(4) software controls
It finds that the method feasibility controlled using software is relatively high in work, can not only control USB peripheral, but also do not influence The use of USB keyboard mouse and USB-KEY.Military enterprise, which commonly controls the software that USB is used, to be had:It is three-in-one, vrv Deng.
(5) other methods
The method for controlling USB port is also very much, such as:Server is established, is managed using the domains AD.This method is suitable for Larger enterprise network does not do excessive introduction here;The drive other than shielding physical hard disk can be also utilized, control is reached The purpose, etc. that USB peripheral can not map.
Above USB port control method, is identified or blocks before all cannot accomplishing USB device access system, special It is not allow that prevention and control software is installed in some test equipments or the equipment being currently running or do not allowing to carry out any behaviour Under conditions of work, above method cannot be realized;Here, we have proposed a kind of security method based on USB, it can Accomplish to prevent in advance, and can realize under the premise of not installing or small client is installed, realizes that USB2.0/3.0's is anti- Control.
Invention content
It is an object of the invention to overcome the above-mentioned deficiency of the prior art, a kind of USB interface-based security is provided System is devised for relating computer, and non-concerning security matters single machine and test machine are basic USB flash disk compliance check device, have write U Disk uniqueness recognizer develops the licensed software of concerning security matters unit USB security control boxes, it is reasonable with computer to realize USB flash disk Property communicating requirement.
The above-mentioned purpose of the present invention is achieved by following technical solution:
A kind of USB interface-based security system, including main control module, first interface module, first switch, USB Hub modules, third switch, second interface module, photoelectric conversion module, second switch and the 4th switch;
Main control module:When initialization, sequence number and the outside computer to be bound of manual entry outside USB device to be identified MAC Address;Sequence number and MAC Address are integrated into white list, and stored;Acquisition sequence number is sent out to instruct to first interface mould Block;The sequence number that first interface module transmits is received, sequence number and the white list of storage are differentiated;When sequence number is present in When in white list, close command is sent out to first switch;When sequence number is not present in white list, open command is sent out to Four switches;Acquisition MAC Address electric signal is sent out to instruct to photoelectric conversion module;Receive the MAC Address that photoelectric conversion module transmits Electric signal;And MAC Address and the white list of storage are differentiated;When MAC Address is present in white list, sends out closure and refer to It enables to third and switching;When MAC Address is not present in white list, open command is sent out to second switch;
First interface module:The acquisition sequence number instruction that main control module transmits is received, external USB device to be identified is obtained Sequence number, and sequence number is sent to main control module;
First switch:The close command that main control module transmits is received, is closed, is connected to first interface module and USB Hub moulds Block;
4th switch:Receive the open command that main control module transmits;Disconnect the connection with external USB device to be identified;
Photoelectric conversion module:The acquisition MAC Address electric signal instruction that main control module transmits is received, MAC Address electricity will be obtained Signal instruction, which is converted to, obtains the instruction of MAC Address optical signal, is then converted to obtain the instruction of MAC Address electric signal;Obtain external wait for The electric signal for binding computer MAC Address, converts the electric signal of MAC Address to optical signal, is then converted to the telecommunications of MAC Address Number;And the electric signal of MAC Address is sent to main control module;
Third switchs:The close command that main control module transmits is received, is closed, is connected to USB Hub modules and second interface mould Block;Realize that external USB device to be identified passes sequentially through first interface module, first switch, USB Hub modules, third switch, the Two interface modules and photoelectric conversion module are connected to outside computer to be bound;
Second switch:Receive the open command that main control module transmits;Disconnect the unicom with external computer to be bound.
Under a kind of above-mentioned USB interface-based security system, the init state, first switch is in disconnected Open state.
Under a kind of above-mentioned USB interface-based security system, the init state, the 4th switch, which is in, to be closed Conjunction state.
Under a kind of above-mentioned USB interface-based security system, the init state, third switch is in disconnected Open state.
Under a kind of above-mentioned USB interface-based security system, the init state, second switch is in and closes Conjunction state.
In a kind of above-mentioned USB interface-based security system, when external USB device to be identified waits binding with outside Computer is connected to;After connection, main control module sends out open command to second switch and the 4th and switchs respectively, realizes external to be identified Miscellaneous equipment is not accessed in USB device and outside computer access to be bound.
In a kind of above-mentioned USB interface-based security system, the USB Hub modules include USB 3.0 and USB 2.0 both of which.
The present invention has the following advantages that compared with prior art:
(1) present invention carries out safeguard protection using excellent prevention and control equipment to computer, can be before illegal USB device access system It is prevented, avoids the danger that the subsequent prevention method that software controls is brought and the inconvenience that physical isolation method is brought;
(2) upper computer software of the present invention has log management function, can effectively monitor all USB device plug daily records, Convenient for examining record in the future, and occupied space, memory are minimum;
(3) present invention has rapidity, safety, the design of convenience.The present invention supports the number based on 3.0 interfaces of USB According to high-speed transfer;Support controls host computer and the USB device of access by the separate memory controller of excellent prevention and control equipment;Branch Hold the identification authentication management of online, offline two kinds of host computers.
Description of the drawings
Fig. 1 is security system schematic of the present invention.
Specific implementation mode
The present invention is described in further detail in the following with reference to the drawings and specific embodiments:
It is security system schematic as shown in Figure 1, as seen from the figure, a kind of USB interface-based security system, Including main control module, first interface module, first switch, USB Hub modules, third switch, second interface module, opto-electronic conversion Module, second switch and the 4th switch;
Main control module:When initialization, sequence number and the outside computer to be bound of manual entry outside USB device to be identified MAC Address;Sequence number and MAC Address are integrated into white list, and stored;Acquisition sequence number is sent out to instruct to first interface mould Block;The sequence number that first interface module transmits is received, sequence number and the white list of storage are differentiated;When sequence number is present in When in white list, close command is sent out to first switch;When sequence number is not present in white list, open command is sent out to Four switches;Acquisition MAC Address electric signal is sent out to instruct to photoelectric conversion module;Receive the MAC Address that photoelectric conversion module transmits Electric signal;And MAC Address and the white list of storage are differentiated;When MAC Address is present in white list, sends out closure and refer to It enables to third and switching;When MAC Address is not present in white list, open command is sent out to second switch;
First interface module:The acquisition sequence number instruction that main control module transmits is received, external USB device to be identified is obtained Sequence number, and sequence number is sent to main control module;
First switch:Under init state, first switch is off;The closure that main control module transmits is received to refer to It enables, is closed, be connected to first interface module and USB Hub modules;
4th switch:Under init state, the 4th switch is in closed state;The disconnection that main control module transmits is received to refer to It enables;Disconnect the connection with external USB device to be identified;
Photoelectric conversion module:The acquisition MAC Address electric signal instruction that main control module transmits is received, MAC Address electricity will be obtained Signal instruction, which is converted to, obtains the instruction of MAC Address optical signal, is then converted to obtain the instruction of MAC Address electric signal;Obtain external wait for The electric signal for binding computer MAC Address, converts the electric signal of MAC Address to optical signal, is then converted to the telecommunications of MAC Address Number;And the electric signal of MAC Address is sent to main control module;
Third switchs:Under init state, third switch is off;The closure that main control module transmits is received to refer to It enables, is closed, be connected to USB Hub modules and second interface module;Realize that external USB device to be identified passes sequentially through first interface mould Block, first switch, USB Hub modules, third switch, second interface module and photoelectric conversion module and outside computer to be bound Connection;
Second switch:Under init state, second switch is in closed state;The disconnection that main control module transmits is received to refer to It enables;Disconnect the unicom with external computer to be bound;
When external USB device to be identified is connected to outside computer to be bound;After connection, main control module sends out disconnection respectively Instruction to second switch and the 4th switchs, and realizes that external USB device to be identified does not connect with the computer access to be bound of outside Enter miscellaneous equipment.
USB Hub modules include 2.0 both of which of USB 3.0 and USB.
The present invention carries out safeguard protection using excellent prevention and control equipment to computer, can advance in illegal USB device access system Row prevents, and avoids the danger that the subsequent prevention method that software controls is brought and the inconvenience that physical isolation method is brought;And have There is the design of rapidity, safety, convenience.The present invention supports the high speed data transfer based on 3.0 interfaces of USB;It supports by excellent The separate memory controller of prevention and control equipment controls host computer and the USB device of access;Support online, offline two kinds it is upper The identification authentication management of machine.
The content that description in the present invention is not described in detail belongs to the known technology of those skilled in the art.

Claims (7)

1. a kind of USB interface-based security system, it is characterised in that:Including main control module, first interface module, first Switch, USB Hub modules, third switch, second interface module, photoelectric conversion module, second switch and the 4th switch;
Main control module:When initialization, sequence number and the outside computer to be bound of manual entry outside USB device to be identified MAC Address;Sequence number and MAC Address are integrated into white list, and stored;Acquisition sequence number is sent out to instruct to first interface mould Block;The sequence number that first interface module transmits is received, sequence number and the white list of storage are differentiated;When sequence number is present in When in white list, close command is sent out to first switch;When sequence number is not present in white list, open command is sent out to Four switches;Acquisition MAC Address electric signal is sent out to instruct to photoelectric conversion module;Receive the MAC Address that photoelectric conversion module transmits Electric signal;And MAC Address and the white list of storage are differentiated;When MAC Address is present in white list, sends out closure and refer to It enables to third and switching;When MAC Address is not present in white list, open command is sent out to second switch;
First interface module:The acquisition sequence number instruction that main control module transmits is received, the sequence of external USB device to be identified is obtained Number, and sequence number is sent to main control module;
First switch:The close command that main control module transmits is received, is closed, is connected to first interface module and USB Hub modules;
4th switch:Receive the open command that main control module transmits;Disconnect the connection with external USB device to be identified;
Photoelectric conversion module:The acquisition MAC Address electric signal instruction that main control module transmits is received, MAC Address electric signal will be obtained Instruction, which is converted to, obtains the instruction of MAC Address optical signal, is then converted to obtain the instruction of MAC Address electric signal;Outside is obtained to wait binding The electric signal of computer MAC Address converts the electric signal of MAC Address to optical signal, is then converted to the electric signal of MAC Address; And the electric signal of MAC Address is sent to main control module;
Third switchs:The close command that main control module transmits is received, is closed, is connected to USB Hub modules and second interface module;It is real Existing external USB device to be identified passes sequentially through first interface module, first switch, USB Hub modules, third switch, second connects Mouth mold block and photoelectric conversion module are connected to outside computer to be bound;
Second switch:Receive the open command that main control module transmits;Disconnect the unicom with external computer to be bound.
2. a kind of USB interface-based security system according to claim 1, it is characterised in that:The initialization Under state, first switch is off.
3. a kind of USB interface-based security system according to claim 1, it is characterised in that:The initialization Under state, the 4th switch is in closed state.
4. a kind of USB interface-based security system according to claim 1, it is characterised in that:The initialization Under state, third switch is off.
5. a kind of USB interface-based security system according to claim 1, it is characterised in that:The initialization Under state, second switch is in closed state.
6. a kind of USB interface-based security system according to claim 1, it is characterised in that:When outside waits knowing Other USB device is connected to outside computer to be bound;After connection, main control module sends out open command to second switch and respectively Four switches are realized in external USB device to be identified and outside computer access to be bound and do not access miscellaneous equipment.
7. a kind of USB interface-based security system according to claim 1, it is characterised in that:The USB Hub Module includes 2.0 both of which of USB 3.0 and USB.
CN201711363761.3A 2017-12-18 2017-12-18 A kind of USB interface-based security system Pending CN108537072A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711363761.3A CN108537072A (en) 2017-12-18 2017-12-18 A kind of USB interface-based security system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711363761.3A CN108537072A (en) 2017-12-18 2017-12-18 A kind of USB interface-based security system

Publications (1)

Publication Number Publication Date
CN108537072A true CN108537072A (en) 2018-09-14

Family

ID=63488967

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711363761.3A Pending CN108537072A (en) 2017-12-18 2017-12-18 A kind of USB interface-based security system

Country Status (1)

Country Link
CN (1) CN108537072A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020087781A1 (en) * 2018-10-29 2020-05-07 北京博衍思创信息科技有限公司 External connection type terminal protection device and protection system
CN111597544A (en) * 2020-05-18 2020-08-28 贵州电网有限责任公司 Intermediary physical isolation method and system applied to USB interface
CN111597520A (en) * 2020-05-18 2020-08-28 贵州电网有限责任公司 Computer USB interface information security prevention and control method and system
CN111753340A (en) * 2020-05-18 2020-10-09 贵州电网有限责任公司 USB interface information security prevention and control method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101901559A (en) * 2010-07-30 2010-12-01 中国船舶重工集团公司第七○九研究所 Safety control method for USB (Universal Serial Bus) interface
CN201796367U (en) * 2010-09-06 2011-04-13 航天信息股份有限公司 Usb isolator
CN106055502A (en) * 2015-04-10 2016-10-26 国际商业机器公司 Universal serial bus (usb) filter hub

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101901559A (en) * 2010-07-30 2010-12-01 中国船舶重工集团公司第七○九研究所 Safety control method for USB (Universal Serial Bus) interface
CN201796367U (en) * 2010-09-06 2011-04-13 航天信息股份有限公司 Usb isolator
CN106055502A (en) * 2015-04-10 2016-10-26 国际商业机器公司 Universal serial bus (usb) filter hub

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张玉鑫: "基于身份识别的USB边界防护系统设计与实现", 《中国优秀硕士论文全文数据库》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020087781A1 (en) * 2018-10-29 2020-05-07 北京博衍思创信息科技有限公司 External connection type terminal protection device and protection system
US10885230B1 (en) 2018-10-29 2021-01-05 Beijing Beyondinfo Technology Co., Ltd. External terminal protection device and protection system
CN111597544A (en) * 2020-05-18 2020-08-28 贵州电网有限责任公司 Intermediary physical isolation method and system applied to USB interface
CN111597520A (en) * 2020-05-18 2020-08-28 贵州电网有限责任公司 Computer USB interface information security prevention and control method and system
CN111753340A (en) * 2020-05-18 2020-10-09 贵州电网有限责任公司 USB interface information security prevention and control method and system
CN111597520B (en) * 2020-05-18 2023-10-17 贵州电网有限责任公司 Computer USB interface information security prevention and control method and system
CN111597544B (en) * 2020-05-18 2024-05-14 贵州电网有限责任公司 Intermediate physical isolation method and system applied to USB interface

Similar Documents

Publication Publication Date Title
CN108537072A (en) A kind of USB interface-based security system
US20080022376A1 (en) System and method for hardware access control
US20080215728A1 (en) Computer Management System and Computer Management Method
CN100385860C (en) Method and device for safety of storaged network data
CN101751524A (en) Device, method and computer for management of computer external equipment
CN100583119C (en) Mobile memory and method for controlling data download of computer
CN106446654A (en) Isolation method based on fingerprint recognition of computer input and output devices
CN101561855B (en) Method and system for controlling computer to access USB device
CN111783177A (en) Device and method for carrying out safety protection and management on USB port
CN105279453B (en) It is a kind of to support the partitions of file for separating storage management to hide system and method
CN106844254A (en) Mobile memory medium switching device, data ferry-boat system and method
CN107645310A (en) The data transmission device and data transmission method of breaker controller
CN101267340B (en) A SN theft prevention authentication method
CN104573559B (en) It is a kind of to support the storage of the file of password authorization and operation log and access method
CN107623699A (en) A kind of encryption system based on cloud environment
CN104598838B (en) A kind of random verification and provide trusted operating environment file store and edit methods
CN103944886A (en) Method and system for achieving safety of port
CN115859233A (en) Human-computer interaction authority management method and system based on EPICS
CN103679063A (en) Multi-domain switching system and method having access to virtualized desktop
CN1878172A (en) USB unidirectional physical insulation network gap
CN110221991A (en) The management-control method and system of computer peripheral
CN104598837A (en) Method for realizing environment required for safe file editing
CN104598787B (en) The file of a kind of artificial mandate and offer trusted operations environment stores and edit methods
CN204557665U (en) A kind of ATM encryption authorization hub
CN101419536B (en) Computer internal memory data acquiring method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180914

RJ01 Rejection of invention patent application after publication