CN108537072A - A kind of USB interface-based security system - Google Patents
A kind of USB interface-based security system Download PDFInfo
- Publication number
- CN108537072A CN108537072A CN201711363761.3A CN201711363761A CN108537072A CN 108537072 A CN108537072 A CN 108537072A CN 201711363761 A CN201711363761 A CN 201711363761A CN 108537072 A CN108537072 A CN 108537072A
- Authority
- CN
- China
- Prior art keywords
- switch
- usb
- mac address
- main control
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Small-Scale Networks (AREA)
Abstract
A kind of USB interface-based security system, is related to information security field;Including main control module, first interface module, first switch, USB Hub modules, third switch, second interface module, photoelectric conversion module, second switch and the 4th switch;Main control module is differentiated by the sequence number to external USB device to be identified with pre-stored white list;And by differentiating with pre-stored white list to outside computer MAC Address to be bound;The open close of first switch and third switch is controlled, the unicom of external USB device to be identified and external computer to be bound finally is realized;The present invention is devised for relating computer, and non-concerning security matters single machine and test machine are basic USB flash disk compliance check device, realize USB flash disk and computer justification communicating requirement.
Description
Technical field
The present invention relates to a kind of information security field, especially a kind of USB interface-based security system.
Background technology
Still pass through software control and physics for the protection of information security is main for the security of USB interface at present
What partition method carried out.It is blocked in the operating system of equipment where software aspects are based primarily upon USB interface, such as certain company
" three-in-one " software etc., but such software belongs to passive defense mode, first should by operating system identification in principle
USB device has been accessed on USB interface, then according to corresponding security strategy, is authorized or is blocked, has belonged to USB device
Through access system, this plays the stop mode during event or after event, this can not play event in equipment access system and advances row resistance
Only;Physical isolation method mainly seals with wax to the USB port on computer, this makes troubles to user again, can not be to USB port spirit
It is living to use mandate, reduction user experience.
The method of existing control USB port at this stage
(1) Physical is isolated
Physically-isolated method is very simple, is exactly that will extend USB port on computer motherboard to remove, by integrated USB port
It is blocked with hot melt adhesive or glue, i.e., USB peripheral can not be inserted into USB port, to achieve the purpose that control port.
(2) BIOS is shielded
Start computer, press F2 or DEL keys (mainboard difference is slightly different), is arranged into BIOS, USB device is set as
Disable.It is that BIOS sets an administrator's password again, it is therefore an objective to the people in addition to administrator does not allow access into setting modification, this
The computer of sample setting can not just use USB peripheral.
(3) driver control is deleted
The included USB device driving of deletion system, the equipment such as such USB flash disk are inserted into computer and can not find driving, naturally just not
It can use.But control with this method in fact more fragile, it is easy to can be restriction cancellation.
(4) software controls
It finds that the method feasibility controlled using software is relatively high in work, can not only control USB peripheral, but also do not influence
The use of USB keyboard mouse and USB-KEY.Military enterprise, which commonly controls the software that USB is used, to be had:It is three-in-one, vrv
Deng.
(5) other methods
The method for controlling USB port is also very much, such as:Server is established, is managed using the domains AD.This method is suitable for
Larger enterprise network does not do excessive introduction here;The drive other than shielding physical hard disk can be also utilized, control is reached
The purpose, etc. that USB peripheral can not map.
Above USB port control method, is identified or blocks before all cannot accomplishing USB device access system, special
It is not allow that prevention and control software is installed in some test equipments or the equipment being currently running or do not allowing to carry out any behaviour
Under conditions of work, above method cannot be realized;Here, we have proposed a kind of security method based on USB, it can
Accomplish to prevent in advance, and can realize under the premise of not installing or small client is installed, realizes that USB2.0/3.0's is anti-
Control.
Invention content
It is an object of the invention to overcome the above-mentioned deficiency of the prior art, a kind of USB interface-based security is provided
System is devised for relating computer, and non-concerning security matters single machine and test machine are basic USB flash disk compliance check device, have write U
Disk uniqueness recognizer develops the licensed software of concerning security matters unit USB security control boxes, it is reasonable with computer to realize USB flash disk
Property communicating requirement.
The above-mentioned purpose of the present invention is achieved by following technical solution:
A kind of USB interface-based security system, including main control module, first interface module, first switch, USB
Hub modules, third switch, second interface module, photoelectric conversion module, second switch and the 4th switch;
Main control module:When initialization, sequence number and the outside computer to be bound of manual entry outside USB device to be identified
MAC Address;Sequence number and MAC Address are integrated into white list, and stored;Acquisition sequence number is sent out to instruct to first interface mould
Block;The sequence number that first interface module transmits is received, sequence number and the white list of storage are differentiated;When sequence number is present in
When in white list, close command is sent out to first switch;When sequence number is not present in white list, open command is sent out to
Four switches;Acquisition MAC Address electric signal is sent out to instruct to photoelectric conversion module;Receive the MAC Address that photoelectric conversion module transmits
Electric signal;And MAC Address and the white list of storage are differentiated;When MAC Address is present in white list, sends out closure and refer to
It enables to third and switching;When MAC Address is not present in white list, open command is sent out to second switch;
First interface module:The acquisition sequence number instruction that main control module transmits is received, external USB device to be identified is obtained
Sequence number, and sequence number is sent to main control module;
First switch:The close command that main control module transmits is received, is closed, is connected to first interface module and USB Hub moulds
Block;
4th switch:Receive the open command that main control module transmits;Disconnect the connection with external USB device to be identified;
Photoelectric conversion module:The acquisition MAC Address electric signal instruction that main control module transmits is received, MAC Address electricity will be obtained
Signal instruction, which is converted to, obtains the instruction of MAC Address optical signal, is then converted to obtain the instruction of MAC Address electric signal;Obtain external wait for
The electric signal for binding computer MAC Address, converts the electric signal of MAC Address to optical signal, is then converted to the telecommunications of MAC Address
Number;And the electric signal of MAC Address is sent to main control module;
Third switchs:The close command that main control module transmits is received, is closed, is connected to USB Hub modules and second interface mould
Block;Realize that external USB device to be identified passes sequentially through first interface module, first switch, USB Hub modules, third switch, the
Two interface modules and photoelectric conversion module are connected to outside computer to be bound;
Second switch:Receive the open command that main control module transmits;Disconnect the unicom with external computer to be bound.
Under a kind of above-mentioned USB interface-based security system, the init state, first switch is in disconnected
Open state.
Under a kind of above-mentioned USB interface-based security system, the init state, the 4th switch, which is in, to be closed
Conjunction state.
Under a kind of above-mentioned USB interface-based security system, the init state, third switch is in disconnected
Open state.
Under a kind of above-mentioned USB interface-based security system, the init state, second switch is in and closes
Conjunction state.
In a kind of above-mentioned USB interface-based security system, when external USB device to be identified waits binding with outside
Computer is connected to;After connection, main control module sends out open command to second switch and the 4th and switchs respectively, realizes external to be identified
Miscellaneous equipment is not accessed in USB device and outside computer access to be bound.
In a kind of above-mentioned USB interface-based security system, the USB Hub modules include USB 3.0 and USB
2.0 both of which.
The present invention has the following advantages that compared with prior art:
(1) present invention carries out safeguard protection using excellent prevention and control equipment to computer, can be before illegal USB device access system
It is prevented, avoids the danger that the subsequent prevention method that software controls is brought and the inconvenience that physical isolation method is brought;
(2) upper computer software of the present invention has log management function, can effectively monitor all USB device plug daily records,
Convenient for examining record in the future, and occupied space, memory are minimum;
(3) present invention has rapidity, safety, the design of convenience.The present invention supports the number based on 3.0 interfaces of USB
According to high-speed transfer;Support controls host computer and the USB device of access by the separate memory controller of excellent prevention and control equipment;Branch
Hold the identification authentication management of online, offline two kinds of host computers.
Description of the drawings
Fig. 1 is security system schematic of the present invention.
Specific implementation mode
The present invention is described in further detail in the following with reference to the drawings and specific embodiments:
It is security system schematic as shown in Figure 1, as seen from the figure, a kind of USB interface-based security system,
Including main control module, first interface module, first switch, USB Hub modules, third switch, second interface module, opto-electronic conversion
Module, second switch and the 4th switch;
Main control module:When initialization, sequence number and the outside computer to be bound of manual entry outside USB device to be identified
MAC Address;Sequence number and MAC Address are integrated into white list, and stored;Acquisition sequence number is sent out to instruct to first interface mould
Block;The sequence number that first interface module transmits is received, sequence number and the white list of storage are differentiated;When sequence number is present in
When in white list, close command is sent out to first switch;When sequence number is not present in white list, open command is sent out to
Four switches;Acquisition MAC Address electric signal is sent out to instruct to photoelectric conversion module;Receive the MAC Address that photoelectric conversion module transmits
Electric signal;And MAC Address and the white list of storage are differentiated;When MAC Address is present in white list, sends out closure and refer to
It enables to third and switching;When MAC Address is not present in white list, open command is sent out to second switch;
First interface module:The acquisition sequence number instruction that main control module transmits is received, external USB device to be identified is obtained
Sequence number, and sequence number is sent to main control module;
First switch:Under init state, first switch is off;The closure that main control module transmits is received to refer to
It enables, is closed, be connected to first interface module and USB Hub modules;
4th switch:Under init state, the 4th switch is in closed state;The disconnection that main control module transmits is received to refer to
It enables;Disconnect the connection with external USB device to be identified;
Photoelectric conversion module:The acquisition MAC Address electric signal instruction that main control module transmits is received, MAC Address electricity will be obtained
Signal instruction, which is converted to, obtains the instruction of MAC Address optical signal, is then converted to obtain the instruction of MAC Address electric signal;Obtain external wait for
The electric signal for binding computer MAC Address, converts the electric signal of MAC Address to optical signal, is then converted to the telecommunications of MAC Address
Number;And the electric signal of MAC Address is sent to main control module;
Third switchs:Under init state, third switch is off;The closure that main control module transmits is received to refer to
It enables, is closed, be connected to USB Hub modules and second interface module;Realize that external USB device to be identified passes sequentially through first interface mould
Block, first switch, USB Hub modules, third switch, second interface module and photoelectric conversion module and outside computer to be bound
Connection;
Second switch:Under init state, second switch is in closed state;The disconnection that main control module transmits is received to refer to
It enables;Disconnect the unicom with external computer to be bound;
When external USB device to be identified is connected to outside computer to be bound;After connection, main control module sends out disconnection respectively
Instruction to second switch and the 4th switchs, and realizes that external USB device to be identified does not connect with the computer access to be bound of outside
Enter miscellaneous equipment.
USB Hub modules include 2.0 both of which of USB 3.0 and USB.
The present invention carries out safeguard protection using excellent prevention and control equipment to computer, can advance in illegal USB device access system
Row prevents, and avoids the danger that the subsequent prevention method that software controls is brought and the inconvenience that physical isolation method is brought;And have
There is the design of rapidity, safety, convenience.The present invention supports the high speed data transfer based on 3.0 interfaces of USB;It supports by excellent
The separate memory controller of prevention and control equipment controls host computer and the USB device of access;Support online, offline two kinds it is upper
The identification authentication management of machine.
The content that description in the present invention is not described in detail belongs to the known technology of those skilled in the art.
Claims (7)
1. a kind of USB interface-based security system, it is characterised in that:Including main control module, first interface module, first
Switch, USB Hub modules, third switch, second interface module, photoelectric conversion module, second switch and the 4th switch;
Main control module:When initialization, sequence number and the outside computer to be bound of manual entry outside USB device to be identified
MAC Address;Sequence number and MAC Address are integrated into white list, and stored;Acquisition sequence number is sent out to instruct to first interface mould
Block;The sequence number that first interface module transmits is received, sequence number and the white list of storage are differentiated;When sequence number is present in
When in white list, close command is sent out to first switch;When sequence number is not present in white list, open command is sent out to
Four switches;Acquisition MAC Address electric signal is sent out to instruct to photoelectric conversion module;Receive the MAC Address that photoelectric conversion module transmits
Electric signal;And MAC Address and the white list of storage are differentiated;When MAC Address is present in white list, sends out closure and refer to
It enables to third and switching;When MAC Address is not present in white list, open command is sent out to second switch;
First interface module:The acquisition sequence number instruction that main control module transmits is received, the sequence of external USB device to be identified is obtained
Number, and sequence number is sent to main control module;
First switch:The close command that main control module transmits is received, is closed, is connected to first interface module and USB Hub modules;
4th switch:Receive the open command that main control module transmits;Disconnect the connection with external USB device to be identified;
Photoelectric conversion module:The acquisition MAC Address electric signal instruction that main control module transmits is received, MAC Address electric signal will be obtained
Instruction, which is converted to, obtains the instruction of MAC Address optical signal, is then converted to obtain the instruction of MAC Address electric signal;Outside is obtained to wait binding
The electric signal of computer MAC Address converts the electric signal of MAC Address to optical signal, is then converted to the electric signal of MAC Address;
And the electric signal of MAC Address is sent to main control module;
Third switchs:The close command that main control module transmits is received, is closed, is connected to USB Hub modules and second interface module;It is real
Existing external USB device to be identified passes sequentially through first interface module, first switch, USB Hub modules, third switch, second connects
Mouth mold block and photoelectric conversion module are connected to outside computer to be bound;
Second switch:Receive the open command that main control module transmits;Disconnect the unicom with external computer to be bound.
2. a kind of USB interface-based security system according to claim 1, it is characterised in that:The initialization
Under state, first switch is off.
3. a kind of USB interface-based security system according to claim 1, it is characterised in that:The initialization
Under state, the 4th switch is in closed state.
4. a kind of USB interface-based security system according to claim 1, it is characterised in that:The initialization
Under state, third switch is off.
5. a kind of USB interface-based security system according to claim 1, it is characterised in that:The initialization
Under state, second switch is in closed state.
6. a kind of USB interface-based security system according to claim 1, it is characterised in that:When outside waits knowing
Other USB device is connected to outside computer to be bound;After connection, main control module sends out open command to second switch and respectively
Four switches are realized in external USB device to be identified and outside computer access to be bound and do not access miscellaneous equipment.
7. a kind of USB interface-based security system according to claim 1, it is characterised in that:The USB Hub
Module includes 2.0 both of which of USB 3.0 and USB.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711363761.3A CN108537072A (en) | 2017-12-18 | 2017-12-18 | A kind of USB interface-based security system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711363761.3A CN108537072A (en) | 2017-12-18 | 2017-12-18 | A kind of USB interface-based security system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108537072A true CN108537072A (en) | 2018-09-14 |
Family
ID=63488967
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711363761.3A Pending CN108537072A (en) | 2017-12-18 | 2017-12-18 | A kind of USB interface-based security system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108537072A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020087781A1 (en) * | 2018-10-29 | 2020-05-07 | 北京博衍思创信息科技有限公司 | External connection type terminal protection device and protection system |
CN111597544A (en) * | 2020-05-18 | 2020-08-28 | 贵州电网有限责任公司 | Intermediary physical isolation method and system applied to USB interface |
CN111597520A (en) * | 2020-05-18 | 2020-08-28 | 贵州电网有限责任公司 | Computer USB interface information security prevention and control method and system |
CN111753340A (en) * | 2020-05-18 | 2020-10-09 | 贵州电网有限责任公司 | USB interface information security prevention and control method and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101901559A (en) * | 2010-07-30 | 2010-12-01 | 中国船舶重工集团公司第七○九研究所 | Safety control method for USB (Universal Serial Bus) interface |
CN201796367U (en) * | 2010-09-06 | 2011-04-13 | 航天信息股份有限公司 | Usb isolator |
CN106055502A (en) * | 2015-04-10 | 2016-10-26 | 国际商业机器公司 | Universal serial bus (usb) filter hub |
-
2017
- 2017-12-18 CN CN201711363761.3A patent/CN108537072A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101901559A (en) * | 2010-07-30 | 2010-12-01 | 中国船舶重工集团公司第七○九研究所 | Safety control method for USB (Universal Serial Bus) interface |
CN201796367U (en) * | 2010-09-06 | 2011-04-13 | 航天信息股份有限公司 | Usb isolator |
CN106055502A (en) * | 2015-04-10 | 2016-10-26 | 国际商业机器公司 | Universal serial bus (usb) filter hub |
Non-Patent Citations (1)
Title |
---|
张玉鑫: "基于身份识别的USB边界防护系统设计与实现", 《中国优秀硕士论文全文数据库》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020087781A1 (en) * | 2018-10-29 | 2020-05-07 | 北京博衍思创信息科技有限公司 | External connection type terminal protection device and protection system |
US10885230B1 (en) | 2018-10-29 | 2021-01-05 | Beijing Beyondinfo Technology Co., Ltd. | External terminal protection device and protection system |
CN111597544A (en) * | 2020-05-18 | 2020-08-28 | 贵州电网有限责任公司 | Intermediary physical isolation method and system applied to USB interface |
CN111597520A (en) * | 2020-05-18 | 2020-08-28 | 贵州电网有限责任公司 | Computer USB interface information security prevention and control method and system |
CN111753340A (en) * | 2020-05-18 | 2020-10-09 | 贵州电网有限责任公司 | USB interface information security prevention and control method and system |
CN111597520B (en) * | 2020-05-18 | 2023-10-17 | 贵州电网有限责任公司 | Computer USB interface information security prevention and control method and system |
CN111597544B (en) * | 2020-05-18 | 2024-05-14 | 贵州电网有限责任公司 | Intermediate physical isolation method and system applied to USB interface |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108537072A (en) | A kind of USB interface-based security system | |
US20080022376A1 (en) | System and method for hardware access control | |
US20080215728A1 (en) | Computer Management System and Computer Management Method | |
CN100385860C (en) | Method and device for safety of storaged network data | |
CN101751524A (en) | Device, method and computer for management of computer external equipment | |
CN100583119C (en) | Mobile memory and method for controlling data download of computer | |
CN106446654A (en) | Isolation method based on fingerprint recognition of computer input and output devices | |
CN101561855B (en) | Method and system for controlling computer to access USB device | |
CN111783177A (en) | Device and method for carrying out safety protection and management on USB port | |
CN105279453B (en) | It is a kind of to support the partitions of file for separating storage management to hide system and method | |
CN106844254A (en) | Mobile memory medium switching device, data ferry-boat system and method | |
CN107645310A (en) | The data transmission device and data transmission method of breaker controller | |
CN101267340B (en) | A SN theft prevention authentication method | |
CN104573559B (en) | It is a kind of to support the storage of the file of password authorization and operation log and access method | |
CN107623699A (en) | A kind of encryption system based on cloud environment | |
CN104598838B (en) | A kind of random verification and provide trusted operating environment file store and edit methods | |
CN103944886A (en) | Method and system for achieving safety of port | |
CN115859233A (en) | Human-computer interaction authority management method and system based on EPICS | |
CN103679063A (en) | Multi-domain switching system and method having access to virtualized desktop | |
CN1878172A (en) | USB unidirectional physical insulation network gap | |
CN110221991A (en) | The management-control method and system of computer peripheral | |
CN104598837A (en) | Method for realizing environment required for safe file editing | |
CN104598787B (en) | The file of a kind of artificial mandate and offer trusted operations environment stores and edit methods | |
CN204557665U (en) | A kind of ATM encryption authorization hub | |
CN101419536B (en) | Computer internal memory data acquiring method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180914 |
|
RJ01 | Rejection of invention patent application after publication |