CN113609540A - Trusted management method and system for USB interface of electronic equipment - Google Patents
Trusted management method and system for USB interface of electronic equipment Download PDFInfo
- Publication number
- CN113609540A CN113609540A CN202110885566.7A CN202110885566A CN113609540A CN 113609540 A CN113609540 A CN 113609540A CN 202110885566 A CN202110885566 A CN 202110885566A CN 113609540 A CN113609540 A CN 113609540A
- Authority
- CN
- China
- Prior art keywords
- user
- usb interface
- authority
- information
- trusted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 58
- 238000012795 verification Methods 0.000 claims abstract description 63
- 238000000034 method Methods 0.000 claims abstract description 30
- 238000003780 insertion Methods 0.000 claims abstract description 10
- 230000037431 insertion Effects 0.000 claims abstract description 10
- 238000013507 mapping Methods 0.000 claims description 7
- 230000003213 activating effect Effects 0.000 claims description 2
- 238000000605 extraction Methods 0.000 claims description 2
- 230000006872 improvement Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 230000001815 facial effect Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a trusted management method and a trusted management system for a USB interface of electronic equipment, wherein the method comprises the following steps: establishing a trusted user database at a cloud end, wherein the trusted user database comprises a user ID, a user name, USB interface use authority and verification information; triggering an information acquisition device on the electronic equipment by detecting an insertion event of the USB equipment inserted into a certain USB interface on the electronic equipment, and acquiring identity information of a user through the information acquisition device; and acquiring the authority corresponding to the user according to the matching result of the identity information and the verification information, and outputting a control instruction to a USB interface corresponding to the electronic equipment according to the authority to control the authority of the USB interface. The invention can realize flexible management of the USD interface use authority of a plurality of electronic devices, and has high safety and convenient use.
Description
Technical Field
The invention relates to the technical field of information security of electronic equipment, in particular to a trusted USB interface management method and a trusted USB interface management device of electronic equipment.
Background
Electronic devices such as electronic whiteboards and smart screens are increasingly used in office spaces and public environments. These electronic devices usually have a USB interface to facilitate connection with a USB portable mobile storage device such as a USB flash disk for file exchange. Therefore, the requirement of trusted management is generated, and on one hand, confidential files in the electronic equipment are prevented from being copied to the USB mobile storage equipment, so that information leakage is avoided; on the other hand, viruses in the USB mobile storage device are prevented from being implanted into the electronic equipment, so that the electronic equipment is prevented from being damaged.
In the prior art, similar interface management software such as a manageEngine USB is generally adopted to control and manage a USB interface of an electronic device, but the mode is uniform for the management and control of the USB interface, and once the mode is set, the mode takes effect on all people, and flexible configuration for different people cannot be achieved.
The chinese patent CN 111597520A discloses a computer USB interface information security control method and system, where a security control module is installed on a USB interface, and wirelessly connected to a manager for communication, and a power line of the USB interface is cut off or connected according to a control instruction of the manager, where the manager receives a connection instruction of an external USB device, controls a camera unit of the computer to turn on, and determines whether a user is an authorized person. In the scheme, the safety control module installed on the USB interface of the computer is used for management control, each computer and each USB interface can be only installed after the safety control module is installed, the scheme is difficult to implement and is not easy to popularize.
Chinese patent CN101867485B discloses a USB interface verification and security control method, which comprises: installing USB client software on a PC; inserting a USB device; prompting the user to input a user name and a password, if the verification is successful, the unified communication platform sends a short message requesting to use the USB interface of the PC to the mobile phone of the administrator and waits for a reply, and if the administrator replies correct information through the mobile phone within a specified time, the client software prompts the user to input a mobile phone number for receiving the security password; and after the unified communication platform sends the security password to the user, the client prompts the user to input the security password, and if the security password is input correctly, the USB user login success operation is executed. The scheme requires administrator authorization and is complex to operate.
In view of the above, there is a need to improve a USB interface management method of an existing electronic device, so as to improve convenience and flexibility of use while ensuring security.
Disclosure of Invention
In view of the above-mentioned drawbacks, an object of the present invention is to provide an electronic device and a trusted USB interface management apparatus thereof, so as to solve the problems of the prior art that a USB device is inconvenient to use and has poor security on an electronic device.
Therefore, the invention provides a trusted management method for a USB interface of electronic equipment, which comprises the following steps:
establishing a trusted user database at a cloud end, wherein the trusted user database comprises a user ID, a user name, USB interface use authority and verification information;
triggering an information acquisition device on the electronic equipment by detecting an insertion event of the USB equipment inserted into a certain USB interface on the electronic equipment, and acquiring identity information of a user through the information acquisition device;
and acquiring the authority corresponding to the user according to the matching result of the identity information and the verification information, and outputting a control instruction to a USB interface corresponding to the electronic equipment according to the authority to control the authority of the USB interface.
In the above method, preferably, the information obtaining device is a camera, the identity information is a face feature, and the face feature of the user is obtained through the camera;
and acquiring the authority corresponding to the user according to the matching result of the face features and the verification information.
In the above method, preferably, the information acquisition apparatus includes:
the two-dimensional code generator is used for generating a random two-dimensional code;
the extraction device is used for scanning the random two-dimensional code and acquiring a unique ID of an APP scanned by a user;
and acquiring the corresponding authority of the user according to the matching result of the unique ID of the APP and the verification information.
In the above method, preferably, the information acquiring apparatus further includes:
the password input device is used for inputting a password by a user and activating according to a successful code scanning result;
and the password receiving device is used for receiving the password input by the user and matching the password with the verification information.
In the above method, preferably, the default permission of the USB interface is disabled, and after the USB device is pulled out, the USB interface recovers the default permission.
In the above method, preferably, the trusted user is managed by a user management module, and the trusted user database is updated.
In the above method, preferably, the matching of the identity information and the verification information is performed on the smart device.
In the method, the identity information and the verification information are matched at the cloud end, the electronic equipment is configured to be visible to the external network through port mapping, the random two-dimensional code is composed of an internal network address of the electronic equipment and a cloud end link of a verification management module, the random two-dimensional code is accessed to the cloud end verification management module after being scanned, and after the random two-dimensional code passes verification, the control instruction is sent to the corresponding electronic equipment according to the port mapping address.
In the method, the random two-dimensional code includes a timestamp when the USB device is inserted into the electronic device, and is used to indicate a corresponding USB interface into which the USB device is inserted.
The invention also provides a trusted management system for the USB interface of the electronic equipment, which comprises the following components:
the trusted user database is arranged at the cloud end and comprises a user ID, a user name, USB interface use authority and verification information;
the information acquisition device is arranged on the electronic equipment and used for acquiring the identity information of the user;
and the verification management module is arranged on the electronic equipment or the cloud end and used for acquiring the authority corresponding to the user according to the matching result of the identity information and the verification information of the user, outputting a control instruction to the USB interface corresponding to the electronic equipment according to the authority and controlling the authority of the USB interface.
According to the technical scheme, the trusted management method and the trusted management system for the USB interfaces of the electronic equipment, which are provided by the invention, solve the problems that the USB interfaces of a plurality of electronic equipment are not flexible and convenient in the prior art. Compared with the prior art, the invention has the following beneficial effects:
setting a control identification area on a software interface of a top-layer application of the touch screen equipment as a virtual touch pad; according to the current touch input position on the touch screen, a first control instruction corresponding to the top-layer application or a second operation instruction corresponding to the virtual touch pad is executed alternatively, different functions are achieved for the same touch input in the application software interface, a user does not need to quit the current editing state of the application state, misoperation can be avoided, the use is convenient, and the user experience degree is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments of the present invention or the prior art will be briefly described and explained. It is obvious that the drawings in the following description are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 is a flowchart of a trusted USB interface management method of an electronic device according to embodiment 1 of the present invention;
FIG. 2 is a schematic diagram of a user management interface according to the present invention;
FIG. 3 is a schematic view of the operation of the present invention in use;
FIG. 4 is a diagram illustrating a trusted USB interface management system of an electronic device according to the present invention.
Detailed Description
The technical solutions of the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings, and it is to be understood that the embodiments described below are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without any inventive step, are within the scope of the present invention.
The realization principle of the invention is as follows:
establishing a trusted user database at a cloud end, wherein the trusted user database comprises a user ID, a user name, corresponding authority and verification information;
triggering an information acquisition device through an insertion event that a USB device is inserted into a certain USB interface to acquire the identity information of a user;
and acquiring the authority corresponding to the user according to the matching result of the identity information and the verification information, and outputting a control instruction to a USB interface corresponding to the electronic equipment according to the authority to control the authority of the USB interface.
The scheme provided by the invention can realize flexible management of the USD interface use permission on a plurality of electronic devices, and has the advantages of convenient use and high safety.
In order to make the technical solution and implementation of the present invention more clearly explained and illustrated, several preferred embodiments for implementing the technical solution of the present invention are described below.
It should be noted that the terms of orientation such as "inside, outside", "front, back" and "left and right" are used herein as reference objects, and it is obvious that the use of the corresponding terms of orientation does not limit the scope of protection of the present invention.
Example 1.
In the scheme provided in this embodiment 1, the face features of the user are identified by using the camera on the electronic device, and the face features are matched with the trusted user database established at the cloud, so that the use permission of each USB interface on the electronic device is flexibly managed.
Referring to fig. 1, fig. 1 is a flowchart of a trusted USB interface management method for an electronic device according to embodiment 1 of the present invention, where the method includes the following steps:
and step 110, establishing a trusted user database at the cloud, wherein the trusted user database comprises a user ID, a user name, USB interface use authority and verification information. The verification information is the face characteristics of the user.
Step 120, by detecting an insertion event that the USB device is inserted into a certain USB interface of the electronic device, an information obtaining apparatus on the electronic device is triggered, and the identity information of the user is obtained by the information obtaining apparatus.
Specifically, when a user inserts a USB device (e.g., a USB disk) into a USB interface of an electronic device, an operating system of the electronic device detects an insertion event of the USB device, and triggers an information obtaining device, and after the information obtaining device is started, a camera of the electronic device is automatically turned on, and facial features of the user are obtained through the camera.
Step 130, the electronic device matches the facial features of the user with the trusted user database.
If the human face is not detected or the user is not matched in the trusted user database within a certain time, it is indicated that the user does not belong to the trusted user of the electronic device, and the user does not have authority to use the USB interface of the electronic device, so the information acquisition device sends a control instruction to the corresponding USB interface on the electronic device, and the USB interface is in a disabled state.
If the user is matched in the trusted user database, the authority of the user is inquired and obtained according to the user ID of the user, and a control instruction is sent to the USB interface of the electronic equipment according to the corresponding authority to control the authority of the USB interface. For example: if the authority of the user is the complete authority, the USB interface is completely opened; if the authority of the user is the reading authority, the authority of the USB interface is set to be read only, and the USB equipment can only read files on the electronic equipment; and if the user's authority is the write authority, the file on the electronic device can be copied to the USB device.
In this embodiment, the default permission of the USB interface of the electronic device is disabled, and after the USB device is pulled out, the USB interface of the electronic device recovers the default permission.
The scheme provided by the specific embodiment identifies the human face features through the camera, is convenient and quick, and has high safety.
In addition, according to the scheme provided by the specific embodiment, after the user is set as the trusted user, the authority of the user is applicable to all electronic devices, so that multiple electronic devices can be managed through the cloud trusted user database, and management of multiple electronic devices is facilitated.
Example 2.
The embodiment 2 of the present invention is a further improvement made on the basis of the embodiment 1, and is used in an application scenario when no camera is provided on an electronic device, or to implement dual verification. The method comprises the following specific steps:
step 210, establishing a trusted user database at the cloud, where the trusted user database includes a user ID, a user name, a USB interface usage right, and verification information. The verification information is a user name, a unique ID of a scanning APP on a mobile terminal such as a user mobile phone can be used, for example, when scanning by using WeChat, the user name is an openid of the WeChat of the user.
Step 220, by detecting an insertion event that the USB device is inserted into a certain USB interface of the electronic device, an information obtaining apparatus on the electronic device is triggered, and the identity information of the user is obtained by the information obtaining apparatus.
Specifically, when a user inserts a USB device (e.g., a USB disk) into a USB interface of the electronic device, an operating system of the electronic device detects an insertion event of the USB device, and triggers the information obtaining apparatus, and after the information obtaining apparatus is started, the two-dimensional code generator is started to generate a random two-dimensional code, which is displayed on a screen of the electronic device.
The random two-dimensional code is generated, the problem that an actual user is not beside the electronic equipment and other people use the random two-dimensional code by scanning the previous two-dimensional code can be avoided, and the safety is improved.
The user scans and authorizes the random two-dimensional code by using an APP scanning function of a mobile terminal such as a mobile phone, so that the electronic device acquires the unique ID of the APP scanning by the user, for example, the apebid of the user WeChat is acquired by using WeChat scanning.
In step 230, the electronic device matches the unique ID of the APP of the user with the trusted user database.
If the user is not matched in the trusted user database, the user is not a trusted user and does not have the authority to use the USB interface of the electronic device, and then the information acquisition device sends a control instruction to the corresponding USB interface of the electronic device, so that the USB interface is in a disabled state.
If the user is matched in the trusted user database, the authority of the user is inquired and obtained according to the user ID of the user, and a control instruction is sent to the USB interface of the electronic equipment according to the corresponding authority to control the authority of the USB interface.
This embodiment 2 can be used in combination with embodiment 1 to further improve the safety, for example: scanning and verifying, and then verifying the human face; or, the face verification is performed first, and then the scanning verification is performed.
Example 3.
Embodiment 3 of the present invention is a further improvement made on the basis of embodiment 2, and provides a password authentication method to further improve security. The potential safety hazard caused by the operation of the mobile phone of other people is prevented. The specific method comprises the following steps:
step 310, establishing a trusted user database at the cloud, where the trusted user database includes a user ID, a user name, a USB interface usage right, and verification information. Wherein, the verification information is a password input by the user.
In step 320, an information obtaining apparatus on the electronic device is triggered by detecting an insertion event that the USB device is inserted into a certain USB interface on the electronic device, and identity information of the user is obtained through the information obtaining apparatus.
Specifically, when a user inserts a USB device (e.g., a USB disk) into a USB interface of an electronic device, an operating system of the electronic device detects an insertion event of the USB device, and triggers an information acquisition device, and after the information acquisition device is started, a two-dimensional code generator is started first to generate a random two-dimensional code, which is displayed on a screen of the electronic device;
the user scans and authorizes the random two-dimensional code by using an APP scanning function of a mobile terminal such as a mobile phone, so that the electronic device acquires the unique ID of the APP scanning by the user, for example, the openid of the WeChat of the user is acquired by using WeChat scanning.
In step 330, the electronic device matches the unique ID of the APP of the user with the trusted user database.
If the user is not matched in the trusted user database, the user is not a trusted user and does not have the authority to use the USB interface of the electronic device, and then the information acquisition device sends a control instruction to the corresponding USB interface of the electronic device, so that the USB interface is in a disabled state.
If the user is matched in the trusted user database, a password input window pops up on the electronic equipment, and the user inputs a password by using a remote controller or touch input and the like (the password is preset for the user and is stored in the trusted user database at the cloud end).
The electronic equipment verifies whether the password input by the user is correct or not, and if the password input by the user is incorrect, the information acquisition device sends a control instruction to a corresponding USB interface on the electronic equipment, so that the USB interface is in a use prohibition state.
If the password is correct, the authority of the user is inquired and obtained according to the user ID of the user, and a control instruction is sent to the USB interface of the electronic equipment according to the corresponding authority to control the authority of the USB interface.
Example 4.
In the above embodiment, the verification management module is disposed on the electronic device, and therefore, the electronic device needs to be pre-installed with the verification management module. The embodiment 4 of the present invention is a further improvement of the above embodiment, and the verification management module is disposed in the cloud, so that the verification management module does not need to be downloaded and installed on the electronic device. The specific implementation mode is as follows:
the electronic equipment is configured to be visible to the external network through port mapping, the random two-dimensional code is formed by an internal network address of the electronic equipment and a cloud link of a verification management module, a user scans an APP function through mobile terminals such as a mobile phone, after the random two-dimensional code is scanned, a cloud verification management module applet is opened, the cloud verification management module acquires a user name of the user scanning the APP and a port mapping address (an internal network address) of the electronic equipment, and the user name is matched with a trusted user database.
And after the matching is successful and the verification is passed, the control instruction is sent to the corresponding electronic equipment according to the port mapping address, and the electronic equipment controls the authority of the corresponding USB interface.
In the scheme of the invention, when the USB equipment is inserted into the electronic equipment, the generated random two-dimensional code contains the timestamp which is used for indicating the corresponding USB interface inserted into the USB equipment, and the electronic equipment can identify the interface inserted into the USB equipment.
When the user scans the two-dimensional code, the timestamp can be obtained at the same time, the user name can be obtained by the verification management module, the timestamp is also contained in the control instruction generated by the verification management module, and therefore the electronic equipment can know which USB interface the control instruction is issued to through the timestamp, and control over different USB interfaces is achieved.
For example: two U disks are inserted into the electronic equipment in sequence, wherein the U disk inserted in sequence is verified and files are copied. At this time, after the later inserted device is verified, the authority is read-only, the electronic device needs to control the USB interface, and if the USB interface given by the control instruction cannot be correctly distinguished, the USB disk that may be copying files may be suspended, thereby causing confusion of USB interface control. Two different USB disks and the USB interfaces which are respectively inserted can be distinguished through the timestamp, so that the control instruction is prevented from being issued to the wrong USB interface; or, the problem of unified control of all USB interfaces can be realized.
Therefore, the scheme of the application has a larger flexible control management function.
Example 5.
This embodiment 5 is a further improvement of embodiment 3, and the password verification is changed to fingerprint verification on the mobile phone terminal, and accordingly, the verification information in the cloud trusted user database includes fingerprint information of the user, and the electronic device can be connected to mobile terminals such as a mobile phone, and sends the password input window to the mobile phone terminal, and sends the password or the fingerprint input by the user to the intelligent electronic device for verification. The user can input the password and the fingerprint through the mobile phone, and the use is more convenient.
In the above specific embodiment, the verification information in the trusted database may include all the verification information described above, for example: the face features, the micro signals, the passwords, the fingerprints and the like are matched singly or in multiple ways according to the situation when the face recognition system is used.
As shown in fig. 2 and 3, in the scheme of the present invention, a user management system is used for user management, and a user can join in a code scanning manner, manage a trusted user through an administrator, manage the authority of the trusted user, for example, require a password, a WeChat trusted account authentication, a trusted face authentication, etc., add the authority or change the authority, and update a trusted user database. This technology can be implemented by the prior art, and is not the focus of the present invention.
Example 6.
Embodiment 6 of the present invention is a further improvement on the above embodiments, and aims to provide different electronic devices with different USB interface usage rights for the same user. For example, user a has no USB usage rights for a first electronic device in a first conference room, but has copy rights for a second electronic device in a second conference room.
Therefore, the trusted user database also comprises an electronic device ID and a USB interface number, and the electronic device ID and the USB interface number need to be matched when the identity information of the user is verified. When the USB device is inserted into the electronic device, the electronic device can automatically obtain the USB interface number.
When the verification management module is arranged at the cloud end, the USB interface number needs to be sent to the cloud end verification management module, and similarly, when the cloud end verification management module issues a control instruction, the electronic device ID and the USB interface number need to be carried, so that accurate control is achieved.
On the basis of the above method, the present invention further provides a trusted USB interface management system for an electronic device, as shown in fig. 2, the trusted USB interface management system for an electronic device provided by the present invention includes a trusted user database 10, an information obtaining apparatus 20, and a verification management module 30.
The trusted user database 10 is disposed in the cloud, and includes a user ID, a user name, a USB interface usage right, and authentication information, where the authentication information may include a face feature, a micro signal, a password, a fingerprint, and the like. In addition, the trusted user database 10 may also include an electronic device ID and a USB interface number.
The information acquiring device 20 is disposed on the electronic device 40 and is used for acquiring identity information of a user.
The information acquiring device 20 may be a camera for acquiring facial features of the user.
The information obtaining device 20 may also be a two-dimensional code generator and an extracting device, where the two-dimensional code generator is configured to generate a random two-dimensional code, and the extracting device is configured to obtain a user name of an APP scanned by a user according to a code scanning of the random two-dimensional code.
The information acquiring apparatus 20 may further include a password input device for the user to input a password and activate the password according to the result of successful code scanning, and a password receiving device for receiving the password input by the user and sending the password to the authentication management module 30.
The verification management module 30 is disposed on the electronic device 40 or on the cloud, and is configured to obtain a permission corresponding to the user according to a matching result between the identity information of the user and the verification information, and output a control instruction to a USB interface corresponding to the electronic device according to the permission to control the permission of the USB interface.
The functions of the above-mentioned devices and modules have been described in detail in the above-mentioned proprietary section and will not be described in detail here.
With the above description of the specific embodiment, compared with the prior art, the trusted management method and system for the USB interface of the electronic device provided by the present invention have the following advantages:
firstly, the trusted user database is arranged at the cloud instead of each electronic device, any electronic device can be subjected to trusted verification, the security is enhanced, the file protection on electronic devices such as large screens is enhanced, and accidental leakage is prevented; in terms of management, management of multiple devices is simplified.
And secondly, after the user inserts the USB equipment, the camera is automatically started to acquire the face characteristics of the user, and the face characteristics are verified through the credible user database, so that the USB equipment is convenient to use, safe and reliable.
And thirdly, any one USB interface of any electronic equipment can be independently controlled, and the management of the USB interface is more flexible and more intelligent.
Fourthly, the authority management of the USB interface of the electronic equipment can be realized by modifying the authority of the user in the trusted user database, the management is convenient, and the flexibility is high.
Finally, it should also be noted that the terms "comprises," "comprising," or any other variation thereof, as used herein, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The present invention is not limited to the above-mentioned preferred embodiments, and any structural changes made under the teaching of the present invention shall fall within the scope of the present invention, which is similar or similar to the technical solutions of the present invention.
Claims (10)
1. A trusted management method for a USB interface of electronic equipment is characterized by comprising the following steps:
establishing a trusted user database at a cloud end, wherein the trusted user database comprises a user ID, a user name, USB interface use authority and verification information;
triggering an information acquisition device on the electronic equipment by detecting an insertion event of the USB equipment inserted into a certain USB interface on the electronic equipment, and acquiring identity information of a user through the information acquisition device;
and acquiring the authority corresponding to the user according to the matching result of the identity information and the verification information, and outputting a control instruction to a USB interface corresponding to the electronic equipment according to the authority to control the authority of the USB interface.
2. The method of claim 1,
the information acquisition device is a camera, the identity information is face characteristics, and the face characteristics of the user are acquired through the camera;
and acquiring the authority corresponding to the user according to the matching result of the face features and the verification information.
3. The method according to claim 1, wherein the information acquisition device comprises:
the two-dimensional code generator is used for generating a random two-dimensional code;
the extraction device is used for scanning the random two-dimensional code and acquiring a unique ID of an APP scanned by a user;
and acquiring the corresponding authority of the user according to the matching result of the unique ID of the APP and the verification information.
4. The method of claim 3, wherein the information acquisition device further comprises:
the password input device is used for inputting a password by a user and activating according to a successful code scanning result;
and the password receiving device is used for receiving the password input by the user and matching the password with the verification information.
5. The method of claim 1, wherein the default permission of the USB interface is disabled, and the USB interface recovers the default permission after the USB device is unplugged.
6. The method of claim 1, wherein trusted users are managed by a user management module and the trusted users database is updated.
7. The method of claim 1, wherein the matching of the identity information to the authentication information is done on the smart device.
8. The method according to claim 3, wherein the matching between the identity information and the verification information is completed at a cloud end, the electronic device is configured to be visible to an external network through port mapping, the random two-dimensional code is composed of an internal network address of the electronic device and a cloud end link of a verification management module, the random two-dimensional code is accessed to the cloud end verification management module after code scanning, and the control instruction is sent to the corresponding electronic device according to the port mapping address after verification is passed.
9. The method as claimed in claim 8, wherein the random two-dimensional code includes a timestamp of when the USB device is inserted into the electronic device, and is used to indicate a corresponding USB interface into which the USB device is inserted.
10. A trusted management system for a USB interface of an electronic device, comprising:
the trusted user database is arranged at the cloud end and comprises a user ID, a user name, USB interface use authority and verification information;
the information acquisition device is arranged on the electronic equipment and used for acquiring the identity information of the user;
and the verification management module is arranged on the electronic equipment or the cloud end and used for acquiring the authority corresponding to the user according to the matching result of the identity information and the verification information of the user, outputting a control instruction to the USB interface corresponding to the electronic equipment according to the authority and controlling the authority of the USB interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110885566.7A CN113609540A (en) | 2021-08-03 | 2021-08-03 | Trusted management method and system for USB interface of electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110885566.7A CN113609540A (en) | 2021-08-03 | 2021-08-03 | Trusted management method and system for USB interface of electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113609540A true CN113609540A (en) | 2021-11-05 |
Family
ID=78339205
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110885566.7A Pending CN113609540A (en) | 2021-08-03 | 2021-08-03 | Trusted management method and system for USB interface of electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113609540A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115221490A (en) * | 2022-09-20 | 2022-10-21 | 陕西天视致远航空技术有限公司 | Port information reinforcing computer and port information reinforcing method thereof |
| CN115544589A (en) * | 2022-07-04 | 2022-12-30 | 中国移动通信集团四川有限公司 | I/O port prevention and control method and electronic equipment |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002312326A (en) * | 2001-04-17 | 2002-10-25 | Smart Card Technologies:Kk | Multiple authentication method using electronic device with usb interface |
| WO2015154489A1 (en) * | 2014-09-12 | 2015-10-15 | 中兴通讯股份有限公司 | Driving method of usb device, host and usb device |
| CN105099705A (en) * | 2015-08-19 | 2015-11-25 | 同方计算机有限公司 | Safety communication method and system based on USB protocol |
| WO2016011874A1 (en) * | 2014-07-25 | 2016-01-28 | 中兴通讯股份有限公司 | Video conferencing system, right control method and apparatus therefor and computer storage medium |
| US20170161750A1 (en) * | 2014-08-26 | 2017-06-08 | Tencent Technology (Shenzhen) Company Limited | Identity Authentication Method, Terminal Device And System |
| CN107870997A (en) * | 2017-11-03 | 2018-04-03 | 广州视源电子科技股份有限公司 | Management method, device, display device and the storage medium of conference board written matter |
| CN109347831A (en) * | 2018-10-24 | 2019-02-15 | 国家电网有限公司 | A kind of double authentication safety access system and method based on UKey certification |
| WO2021073163A1 (en) * | 2019-10-17 | 2021-04-22 | 平安科技(深圳)有限公司 | Method and system for controlling validity of qr code, and computer device and storage medium |
-
2021
- 2021-08-03 CN CN202110885566.7A patent/CN113609540A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002312326A (en) * | 2001-04-17 | 2002-10-25 | Smart Card Technologies:Kk | Multiple authentication method using electronic device with usb interface |
| WO2016011874A1 (en) * | 2014-07-25 | 2016-01-28 | 中兴通讯股份有限公司 | Video conferencing system, right control method and apparatus therefor and computer storage medium |
| US20170161750A1 (en) * | 2014-08-26 | 2017-06-08 | Tencent Technology (Shenzhen) Company Limited | Identity Authentication Method, Terminal Device And System |
| WO2015154489A1 (en) * | 2014-09-12 | 2015-10-15 | 中兴通讯股份有限公司 | Driving method of usb device, host and usb device |
| CN105099705A (en) * | 2015-08-19 | 2015-11-25 | 同方计算机有限公司 | Safety communication method and system based on USB protocol |
| CN107870997A (en) * | 2017-11-03 | 2018-04-03 | 广州视源电子科技股份有限公司 | Management method, device, display device and the storage medium of conference board written matter |
| CN109347831A (en) * | 2018-10-24 | 2019-02-15 | 国家电网有限公司 | A kind of double authentication safety access system and method based on UKey certification |
| WO2021073163A1 (en) * | 2019-10-17 | 2021-04-22 | 平安科技(深圳)有限公司 | Method and system for controlling validity of qr code, and computer device and storage medium |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115544589A (en) * | 2022-07-04 | 2022-12-30 | 中国移动通信集团四川有限公司 | I/O port prevention and control method and electronic equipment |
| CN115221490A (en) * | 2022-09-20 | 2022-10-21 | 陕西天视致远航空技术有限公司 | Port information reinforcing computer and port information reinforcing method thereof |
| CN115221490B (en) * | 2022-09-20 | 2024-02-23 | 陕西天视致远航空技术有限公司 | Port information reinforcement computer and port information reinforcement method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105825382B (en) | Mobile payment method and electronic equipment | |
| CN106233294B (en) | Mobile terminal privacy protection method and device and mobile terminal | |
| US9256723B2 (en) | Security key using multi-OTP, security service apparatus, security system | |
| US8495732B2 (en) | Entering an identifier with security improved by time based randomization of input steps | |
| EP2626807A1 (en) | Two- factor user authentication system, and method therefor | |
| CN113609540A (en) | Trusted management method and system for USB interface of electronic equipment | |
| SG189122A1 (en) | System, method and program for off-line two- factor user authentication | |
| CN103795716A (en) | Network account login method and device, and terminal | |
| CN106469269B (en) | A kind of method, apparatus and terminal of Password Management | |
| WO2018006318A1 (en) | Method and system for using intelligent entrance guard on basis of mobile terminal | |
| JP2022002103A (en) | Privacy protecting method and protecting device for mobile terminal and mobile terminal | |
| CA2550566C (en) | Process for releasing the access to a computer system or to a program | |
| CN108650219B (en) | User identity identification method, related device, equipment and system | |
| WO2013182131A1 (en) | Configuration method, configuration apparatus and electronic device | |
| WO2016206090A1 (en) | Two-factor authentication method, device and apparatus | |
| CN109639623A (en) | Verification System and server unit | |
| WO2018006349A1 (en) | Method and system for verifying user entry based on picture password | |
| WO2016165537A1 (en) | Method for controlling intelligent terminal and apparatus for controlling intelligent terminal | |
| CN113612772A (en) | Method and system for encrypting access to large-screen equipment file/application | |
| CN113704732A (en) | User identity verification method and device and electronic equipment | |
| CN108985062B (en) | File transmission control method, device and equipment | |
| CN105550543B (en) | A kind of iris information processing method and user terminal | |
| KR20070092527A (en) | Method of managing information for identification and recording media that saves program implementing the same | |
| CN110460993A (en) | A kind of authentication method and system based on gesture verifying | |
| JP7480017B2 (en) | Facial authentication system, server device, authentication method, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |