CN109635596B - Safety protection system and method for multimedia touch control integrated machine - Google Patents
Safety protection system and method for multimedia touch control integrated machine Download PDFInfo
- Publication number
- CN109635596B CN109635596B CN201811532844.5A CN201811532844A CN109635596B CN 109635596 B CN109635596 B CN 109635596B CN 201811532844 A CN201811532844 A CN 201811532844A CN 109635596 B CN109635596 B CN 109635596B
- Authority
- CN
- China
- Prior art keywords
- ops
- operating system
- daemon
- integrated machine
- heartbeat signal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 14
- 238000012795 verification Methods 0.000 claims abstract description 57
- 230000004044 response Effects 0.000 claims abstract description 27
- 230000002159 abnormal effect Effects 0.000 claims description 4
- 230000006870 function Effects 0.000 description 8
- 238000012544 monitoring process Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Abstract
The invention discloses a safety protection system and a protection method thereof for a multimedia touch integrated machine, wherein the protection system comprises a safety encryption chip, a daemon management module and a daemon verification module, and the safety encryption chip is provided with an encryption verification module; the daemon management module is used for sending heartbeat signals to the OPS PC operating system, judging whether the OPS PC operating system operates normally or not according to the waiting time of the response signals of the OPS PC operating system, and closing the OPS PC operating system if the waiting time is exceeded; the daemon check module is used for receiving the heartbeat signal, checking whether the heartbeat signal is legal or not through the encryption check module, if the heartbeat signal is legal, sending a response signal, and if the heartbeat signal is not legal or not received after the waiting time is exceeded, closing the OPS PC operating system. According to the invention, the daemon management module and the daemon verification module mutually detect whether the desktop runs normally or not by utilizing signals, so that the multimedia touch control integrated machine control main board and the OPS PC operating system of the desktop are ensured to be mutually and reliably marked, and the safety risk is effectively reduced.
Description
Technical Field
The invention relates to the technical field of authorization safety of multimedia touch control integrated machine equipment, in particular to a safety protection system and a safety protection method for a multimedia touch control integrated machine.
Background
Along with the wide application of the multimedia touch integrated machine equipment, an OPS PC module matched with the multimedia touch integrated machine is also widely used. OPS (Open Pluggable Specification ) is a standardized digital signage interface specification co-formulated by Intel and display manufacturers. The OPS is composed of an X86 mini PC (computer) with an Intel Rui processor, which is provided with a memory, a hard disk, various input/output interfaces and a Windows operation interface.
The ensuing windows system creates numerous security issues. On the one hand, whether the used system is original, reliable marking is uncertain, and on the other hand, whether the application installed in the system is original, and the system is uncontrollable, and the two reasons lead to safety risks easily occurring in the use of the multimedia touch integrated machine by a user.
In view of this, there is an urgent need for improvements to existing security systems to reduce operational risks.
Disclosure of Invention
The invention aims to solve the technical problems that the existing safety system cannot detect whether reliable standard allocation exists and has higher safety risk.
In order to solve the technical problems, the technical scheme adopted by the invention is to provide a safety protection system for a multimedia touch integrated machine, which comprises the following components:
the safe encryption chip is arranged on the control main board of the multimedia touch control integrated machine and is provided with an encryption verification module;
the daemon management module is arranged in an operating system in the control main board of the multimedia touch integrated machine and is used for sending a heartbeat signal to the OPS PC operating system, judging whether the OPS PC operating system operates normally or not according to the waiting time of a response signal of the OPS PC operating system, if the waiting time is exceeded, the OPS PC operating system is not operated normally, and the OPS PC operating system is closed;
the daemon verification module is arranged in the OPS PC operating system and is used for receiving the heartbeat signal sent by the daemon management module in real time, verifying whether the heartbeat signal is legal or not through the encryption verification module, if so, sending a response signal to the daemon management module, if not, closing the OPS PC operating system, and if not, closing the OPS PC operating system.
In another preferred embodiment, the daemon management module and the daemon verification module are connected by an OPS interface.
In another preferred embodiment, the OPS PC operating system is provided with an SW1 on-off bus.
In another preferred embodiment, the security encryption chip is accessed to the control system of the multimedia touch integrated machine through a built-in USB channel.
The invention also provides a protection method based on the safety protection system for the multimedia touch integrated machine, which comprises the following steps:
the method comprises the steps that a safety encryption chip is arranged on a control main board of the multimedia touch control integrated machine, and an encryption verification module is arranged in the safety encryption chip;
the daemon management module is arranged in an operating system in a control main board of the multimedia touch integrated machine, a heartbeat signal is sent to an OPS PC operating system, a response signal of the OPS PC operating system is received, whether the OPS PC operating system operates normally or not is judged according to the waiting time of the response signal of the OPS PC operating system, abnormal operation is caused when the waiting time is exceeded, and the OPS PC operating system is closed;
and the daemon verification module is arranged in the OPS PC operating system, the heartbeat signal sent by the daemon management module is received in real time, whether the heartbeat signal is legal or not is verified through the encryption verification module, if yes, a response signal is sent to the daemon management module, if not, the OPS PC operating system is closed, and if not, the OPS PC operating system is closed.
In another preferred embodiment, the daemon module sends heartbeat signals periodically with a timing period of 30s.
In another preferred embodiment, the daemon module receives the reply signal at a timing with a timing period of 1s.
In another preferred embodiment, after the daemon verification module receives the heartbeat signal, the heartbeat signal is verified by encrypting the heartbeat signal by using the encryption function in the encryption verification module, the verification returns to 1, the response signal is sent through the USB channel, and if the verification returns to 0, the OPS PC operating system is closed.
Compared with the prior art, the security encryption chip is arranged on the control main board of the multimedia touch integrated machine, the encryption verification module is arranged in the security encryption chip, the daemon management module is arranged in the operating system in the control main board of the multimedia touch integrated machine, the daemon verification module is arranged in the OPS PC operating system, whether the signals are used for mutually detecting normal operation or not is ensured, the mutual reliable standard allocation of the control main board of the multimedia touch integrated machine and the OPS PC operating system of the desktop is ensured, and the security risk of a user in the use of the multimedia touch integrated machine is effectively reduced.
Drawings
Fig. 1 is a schematic connection diagram of a control motherboard of a multimedia touch integrated device and an OPS PC operating system in the present invention;
fig. 2 is an interaction flow chart of an optimized embodiment of the security desktop of the multimedia touch integrated device in the present invention.
Detailed Description
The invention provides a safety protection system and a safety protection method for a multimedia touch integrated machine, which ensure that a control main board of the multimedia touch integrated machine on a desktop and an OPS PC operating system are mutually and reliably marked, and effectively reduce the safety risk of a user in the use of the multimedia touch integrated machine. The invention is described in detail below with reference to the drawings and the detailed description.
As shown in FIG. 1, the security protection system for the multimedia touch integrated machine provided by the invention comprises a security encryption chip, a daemon management module and a daemon verification module. The guard management module and the guard verification module monitor heartbeat mutually, and the guard verification module performs encryption verification by calling the security encryption chip to ensure that the heartbeat monitoring of the guard management module is reliable.
As shown in fig. 2, the security encryption chip is built in the control motherboard 10 of the multimedia touch integrated machine, and is provided with an encryption verification module. The daemon management module is arranged in an operating system in the control main board 10 of the multimedia touch integrated machine and is used for sending a heartbeat signal to the OPS PC operating system 20, judging whether the OPS PC operating system 20 is normally operated according to the waiting time of a response signal of the OPS PC operating system 20, if the waiting time is exceeded, the OPS PC operating system 20 is abnormally operated, and closing the OPS PC operating system 20. The daemon verification module is arranged in the OPS PC operating system 20 and is used for receiving the heartbeat signal sent by the daemon management module in real time, verifying whether the heartbeat signal is legal or not through the encryption verification module, if so, sending a response signal to the daemon management module, if not, closing the OPS PC operating system 20, and if not, closing the OPS PC operating system 20.
Wherein the daemon management module and the daemon verification module are connected through an OPS interface 30. The OPS interface 30 is provided with a SW1 on-off bus connected to the OPS PC operating system 20, and the SW1 on-off bus is responsible for on-off control of the OPS PC operating system 20. The OPS interface 30 is internally provided with a USB channel, the security encryption chip is connected to the control system of the multimedia touch integrated machine through the USB channel, and the USB channel is used for the communication of the whole system. Buses such as HDMI required for other display functions of the multimedia touch integrated machine are not described.
The invention also provides a protection method of the safety protection system for the multimedia touch integrated machine, which comprises the following steps:
the method comprises the steps that a safety encryption chip is arranged on a control main board 10 of the multimedia touch integrated machine, and an encryption verification module is arranged in the safety encryption chip;
the daemon management module is arranged in an operating system in the control main board 10 of the multimedia touch integrated machine, a heartbeat signal is sent to the OPS PC operating system 20, a response signal of the OPS PC operating system 20 is received, whether the OPS PC operating system 20 operates normally or not is judged according to the waiting time of the response signal of the OPS PC operating system 20, abnormal operation is caused when the waiting time is exceeded, and the OPS PC operating system 20 is closed;
the daemon verification module is arranged in the OPS PC operating system 20, the heartbeat signal sent by the daemon management module is received in real time, whether the heartbeat signal is legal or not is verified through the encryption verification module, if yes, a response signal is sent to the daemon management module, if not, the OPS PC operating system 20 is closed, and if not, the OPS PC operating system 20 is closed.
After the multimedia touch integrated machine control main board 10 is started, besides the function that the multimedia touch integrated machine control main board needs to be started and completed, a start daemon management module is additionally arranged. After the OPS PC operating system 20 is powered on, the built-in daemon check-up module will run automatically.
The daemon check module does not send a response signal in a timing period, meaning three cases: the multimedia touch integrated machine control main board 10 is an illegal main board (namely, the condition that the verification of the heartbeat signal fails), or the heartbeat signal is not received and the closing instruction is intercepted after the waiting time is exceeded, so that the OPS system is failed to be closed due to the artificial interruption, or the OPS PC operating system 20 is an illegal system, or the OPS PC operating system 20 does not respond. The OPS PC is deemed to have a problem, or it is an unauthorized system, or the system is rendered unresponsive. At this time, the daemon management module will force to turn off the OPS PC operating system 20 through the SW1 on-off bus, thereby achieving the effects of protecting authorized use and saving energy due to abnormal shutdown.
The daemon management module sends heartbeat signals at fixed time, and the timing period is 30s. The time length can be adjusted according to the protection intensity and the application scene, and can be set to be 40s or other time according to the requirement.
The daemon management module receives the response signal at regular time, the timing period is 1s, the response signal possibly sent by the daemon verification module can be received in time, and the response signal can be set to 2s or other time according to the requirement.
After the daemon verification module receives the heartbeat signal, the heartbeat signal is verified by encrypting the heartbeat signal by utilizing an encryption function in the encryption verification module, and the verification returns to 1, which indicates that the multimedia touch integrated machine control main board 10 connected with the OPS PC operating system 20 is a legal authorized main board, a response signal is sent through the USB channel, if the verification returns to 0, the OPS PC operating system 20 is closed, and the OPS PC operating system 20 is forced to be closed, so that the OPS PC operating system 20 is prevented from being placed on an illegal multimedia touch integrated machine for use.
The following are preferred embodiments:
the multimedia touch control integrated machine control system is an Android operating system, a security encryption chip is arranged on a multimedia touch control integrated machine control main board 10 of the system, and the encryption chip is accessed through a built-in USB channel. The cryptographic chip driver provides a cryptographic check function for invocation. The Android operating system may drive an instruction to provide a CloseOPS () system for turning off an OPS PC
In the Android system startup script, we run daemon module daemon a, the daemon module daemon a is in circulation operation after being started, at every 30 seconds, the daemon module daemon a sends a heartbeat signal ALMsg to the OPS PC operating system 20 via the USB channel to make a query as to whether it is alive. The daemon management module daemon a will go to the listening port to see if there is a reply signal OPSAnmsg, which is a message sent from the OPS PC operating system 20 over the USB channel, 1 second in cycle. If the accumulated wait has exceeded 30 seconds and no answer signal OPSAnmsg has been received, the daemon management module DaemonA calls a CloseOPS () system call to shut down OPS PC operating system 20.
In the built-in OPS PC operating system 20, we default to pre-install windows systems in which daemon module DaemonW is started by default. The daemon verification module Daemonw is also in circulation operation after being started, and the circulation interval is 1 second, and every second can go to the monitoring port to check whether the heartbeat signal ALMsg exists.
If the data is received, the daemon verification module DaemonW will call the Encryption () function provided inside the secure Encryption chip to encrypt the verification, and the verification returns to 1, then sends the response signal OPSAnmsg to the daemon management module DaemonA through the USB channel, and if the verification returns to 0, calls the CloseWindows () system function, and closes the OPS PC operating system 20. When the daemon module DaemonW program runs for 30 seconds and still receives the heartbeat signal ALMsg, the closwindows () system function is directly called to close the OPS PC operating system 20.
According to the invention, the security encryption chip is arranged on the control main board of the multimedia touch integrated machine, the encryption verification module is arranged in the security encryption chip, the daemon management module is arranged in the operating system in the control main board of the multimedia touch integrated machine, the daemon verification module is arranged in the OPS PC operating system, and whether the operation is normal or not is detected by using signals, so that the reliable standard allocation of the control main board of the multimedia touch integrated machine and the OPS PC operating system of the desktop is ensured, and the security risk of a user in the use of the multimedia touch integrated machine is effectively reduced.
The present invention is not limited to the above-mentioned preferred embodiments, and any person who can learn the structural changes made under the teaching of the present invention can fall within the scope of the present invention if the present invention has the same or similar technical solutions.
Claims (4)
1. A safety protection system for a multimedia touch all-in-one machine, comprising:
the safety encryption chip is arranged on a control main board of the multimedia touch control integrated machine, the control main board of the multimedia touch control integrated machine is connected with an OPS PC operating system through an OPS interface, and an encryption verification module is arranged in the safety encryption chip;
the daemon management module is arranged in an operating system in the control main board of the multimedia touch integrated machine and is used for sending a heartbeat signal to the OPS PC operating system, judging whether the OPS PC operating system operates normally or not according to the waiting time of a response signal of the OPS PC operating system, if the waiting time is exceeded, the OPS PC operating system is not operated normally, and the OPS PC operating system is closed;
the daemon verification module is arranged in the OPS PC operating system, the daemon management module is connected with the daemon verification module through an OPS interface, an SW1 on-off bus connected with the OPS PC operating system is arranged in the OPS interface, the daemon verification module is used for receiving the heartbeat signal sent by the daemon management module in real time, verifying whether the heartbeat signal is legal or not through the encryption verification module, if the heartbeat signal is legal, sending a response signal to the daemon management module, if the heartbeat signal is illegal, closing the OPS PC operating system, and if the heartbeat signal is not received after the waiting time is exceeded, closing the OPS PC operating system;
a USB channel is arranged in the OPS interface, and the security encryption chip is accessed into a control system of the multimedia touch control integrated machine through the USB channel; and after the daemon verification module receives the heartbeat signal, the heartbeat signal is encrypted and verified by utilizing an encryption function in the encryption verification module, if the verification returns to 1, a response signal is sent through the USB channel, and if the verification returns to 0, the OPS PC operating system is closed.
2. The protection method based on the safety protection system for the multimedia touch integrated machine according to claim 1, is characterized by comprising the following steps:
the method comprises the steps that a security encryption chip is arranged on a control main board of the multimedia touch control integrated machine, the control main board of the multimedia touch control integrated machine is connected with an OPS PC operating system through an OPS interface, and an encryption verification module is arranged in the security encryption chip;
the method comprises the steps that a daemon management module is arranged in an operating system in a control main board of the multimedia touch integrated machine, the daemon management module and the daemon verification module are connected with an SW1 on-off bus connected with an OPS PC operating system through an OPS interface, the daemon management module sends a heartbeat signal to the OPS PC operating system and receives a response signal of the OPS PC operating system, whether the OPS PC operating system operates normally is judged according to the waiting time of the response signal of the OPS PC operating system, abnormal operation is caused if the waiting time is exceeded, and the OPS PC operating system is closed;
the daemon verification module is arranged in the OPS PC operating system, the heartbeat signal sent by the daemon management module is received in real time, whether the heartbeat signal is legal or not is verified through the encryption verification module, if yes, a response signal is sent to the daemon management module, if not, the OPS PC operating system is closed, and if not, the OPS PC operating system is closed;
a USB channel is arranged in the OPS interface, and the security encryption chip is accessed into a control system of the multimedia touch control integrated machine through the USB channel; and after the daemon verification module receives the heartbeat signal, the heartbeat signal is encrypted and verified by utilizing an encryption function in the encryption verification module, if the verification returns to 1, a response signal is sent through the USB channel, and if the verification returns to 0, the OPS PC operating system is closed.
3. The protection method according to claim 2, wherein the daemon management module sends heartbeat signals at regular intervals, the timing period being 30s.
4. The protection method according to claim 2, wherein the daemon management module receives the response signal at a timing with a timing period of 1s.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811532844.5A CN109635596B (en) | 2018-12-14 | 2018-12-14 | Safety protection system and method for multimedia touch control integrated machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811532844.5A CN109635596B (en) | 2018-12-14 | 2018-12-14 | Safety protection system and method for multimedia touch control integrated machine |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109635596A CN109635596A (en) | 2019-04-16 |
| CN109635596B true CN109635596B (en) | 2024-04-12 |
Family
ID=66074068
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811532844.5A Active CN109635596B (en) | 2018-12-14 | 2018-12-14 | Safety protection system and method for multimedia touch control integrated machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109635596B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115001716B (en) * | 2022-08-02 | 2022-12-06 | 长沙朗源电子科技有限公司 | Network data processing method and system of education all-in-one machine and education all-in-one machine |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104734849A (en) * | 2013-12-19 | 2015-06-24 | 阿里巴巴集团控股有限公司 | Method and system for conducting authentication on third-party application |
| CN105635155A (en) * | 2016-01-04 | 2016-06-01 | 杭州亚美利嘉科技有限公司 | Method and device for detecting state of composition equipment in robot terminal |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1351145A1 (en) * | 2002-04-04 | 2003-10-08 | Hewlett-Packard Company | Computer failure recovery and notification system |
| JP5723069B1 (en) * | 2014-04-16 | 2015-05-27 | 株式会社小松製作所 | Information processing apparatus for work machine, work machine, and information processing method for work machine |
-
2018
- 2018-12-14 CN CN201811532844.5A patent/CN109635596B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104734849A (en) * | 2013-12-19 | 2015-06-24 | 阿里巴巴集团控股有限公司 | Method and system for conducting authentication on third-party application |
| CN105635155A (en) * | 2016-01-04 | 2016-06-01 | 杭州亚美利嘉科技有限公司 | Method and device for detecting state of composition equipment in robot terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109635596A (en) | 2019-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8862803B2 (en) | Mediating communciation of a univeral serial bus device | |
| CN111066008B (en) | Method and device for protecting KVM matrix | |
| US9081911B2 (en) | Mediating communication of a universal serial bus device | |
| Parno | Bootstrapping Trust in a" Trusted" Platform. | |
| US8566934B2 (en) | Apparatus and method for enhancing security of data on a host computing device and a peripheral device | |
| US10078754B1 (en) | Volume cryptographic key management | |
| US9684794B2 (en) | System and architecture for secure computer devices | |
| KR101641697B1 (en) | Security box | |
| US20180137278A1 (en) | Apparatus and Method for Enhancing Security of Data on a Host Computing Device and a Peripheral Device | |
| CN107563213B (en) | Safety secrecy control device for preventing data extraction of storage equipment | |
| GB2438359A (en) | Security chip | |
| CN103109294A (en) | Computer motherboard having peripheral security functions | |
| CN201397508Y (en) | Stand-alone terminal secure login and monitoring device | |
| CN102567235B (en) | Intelligent active anti-virus U disk based on partition authentication and anti-virus method of U disk | |
| US10528484B2 (en) | Device and method for protecting a security module from manipulation attempts in a field device | |
| CN108629206B (en) | Secure encryption method, encryption machine and terminal equipment | |
| CN111742315A (en) | Safety red-black air gap portable computer | |
| US8954624B2 (en) | Method and system for securing input from an external device to a host | |
| CN109635596B (en) | Safety protection system and method for multimedia touch control integrated machine | |
| CN109657490B (en) | Transparent encryption and decryption method and system for office files | |
| WO2022148324A1 (en) | I2c bus monitoring method, apparatus, and system, and storage medium | |
| CN103824014A (en) | Isolation certificating and monitoring method of USB (universal serial bus) port within local area network | |
| CN105095801A (en) | Method for destroying hard disk in toll breakdown of notebook computer enclosure | |
| CN115604315A (en) | Remote processing device and method of server and electronic equipment | |
| CN101924765B (en) | Single-system and single-network computer communication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |