CN100334520C - Information safety appliance based on MMC / SDIO interface and communication method - Google Patents
Information safety appliance based on MMC / SDIO interface and communication method Download PDFInfo
- Publication number
- CN100334520C CN100334520C CNB200510082685XA CN200510082685A CN100334520C CN 100334520 C CN100334520 C CN 100334520C CN B200510082685X A CNB200510082685X A CN B200510082685XA CN 200510082685 A CN200510082685 A CN 200510082685A CN 100334520 C CN100334520 C CN 100334520C
- Authority
- CN
- China
- Prior art keywords
- mmc
- information
- sdio
- information safety
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 230000006854 communication Effects 0.000 title abstract description 16
- 238000004891 communication Methods 0.000 title abstract description 14
- 238000012545 processing Methods 0.000 claims abstract description 7
- 230000008676 import Effects 0.000 claims description 2
- 238000011272 standard treatment Methods 0.000 claims description 2
- 230000008901 benefit Effects 0.000 abstract description 6
- 230000006870 function Effects 0.000 description 20
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 102100024080 CASP8-associated protein 2 Human genes 0.000 description 2
- 101000910382 Homo sapiens CASP8-associated protein 2 Proteins 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 230000019771 cognition Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000002224 dissection Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 230000008571 general function Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- KUAZQDVKQLNFPE-UHFFFAOYSA-N thiram Chemical compound CN(C)C(=S)SSC(=S)N(C)C KUAZQDVKQLNFPE-UHFFFAOYSA-N 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to an information safety device and a communication method, particularly to an information safety device and a communication method thereof based on an MMC/SDIO interface. The information safety device is connected and communicated with a main machine with the MMC/SDIO interface by a device comprising an MMC/SDIO interface chip, a CPU and a memory, and the information safety device is used for processing data by the CPU. Thus, the information safety and the software copyright protection based on the MMC / SDIO interface become possible, and simultaneously, the information safety device has the advantages of small volume, convenient carrying and low power consumption. The information safety device is hot-swappable, and the information safety device can be used by plugging at once.
Description
Technical field
The present invention relates to a kind of design of information safety devices control method, particularly a kind of information security control method based on the MMC/SDIO interfacing equipment.
Technical background
In Information technology flourishing day by day today, the security and the confidentiality of data message are subject to people's attention day by day.Wherein, the copyright protection product of software plays an important role in the software copyright protection field as a kind of information safety devices, and it protects software developer's interests, additional income, and the interests of protection validated user can also the Control Software distribution.Simultaneously, along with Internet development, more and more informational needs that relate to individual privacy and secret of the trade are by network delivery, the importance of information security also more and more by people cognition.Safety information product has boundless use prospect as aspects such as network ID authentication, data security storage, visit, control, transmission, data encrypting and decipherings in fields such as ecommerce, E-Government, Web banks.
Simultaneously, MMC (MultiMediaCard multimedia storage card) interface and SD (SecureDigital safe digital card) are two kinds of interface standards, because profile is small and exquisite, portable application advantage makes the MMC/SD interface be widely used.
The MMC interface mainly appears in the products such as digital image, music, mobile phone, PDA (PersonalDigital Assistant personal digital assistant is commonly called as palm PC), e-book, toy, uses more extensive.The MMC interfacing equipment can be accomplished low-power consumption, and high data throughput is supported hot plug, and favorable compatibility and reliability are arranged.SD is stuck in industries such as digital household appliances, mobile phone and is used widely the life that enters people more and more widely of SD interfacing.The SDIO agreement is based on the SD interface, can claim also to support that the SD interface of SDIO is the SDIO interface, below all is called the SDIO interface.SDIO equipment is supported plug and play as USB device, the communication speed height, and equipment can reach 100Mb/second at full speed.Power consumption is little, is suitable for various mobile devices.The previous interface that occurs such as contrast MMC/SDIO and CF (Compact Flash compact flash), MMC/SDIO are than other early stage interface power saving more, and miniaturization more also just becomes a trend of application more.
But at present, still do not have a kind of MMC/SDIO of utilization interface to realize information safety protecting method, thereby realize functions such as software protection and authentication identification.
Summary of the invention
The present invention utilizes the plurality of advantages of MMC/SDIO interface, provides a kind of simple in structure, method of carrying out data transmission based on the MMC/SDIO interfacing equipment easy to use.
A kind of information security control method based on the MMC/SDIO interfacing equipment is characterized in that, comprises the steps:
1) obtains authentication information and carry out authentication;
2) authentication legal after, receive the order that sends according to the MMC/SDIO interface protocol;
3) order from the MMC/SDIO agreement that receives is resolved;
4) according to resolving the corresponding information safety protection operation of command execution that the back obtains;
5) with the result after the MMC/SDIO agreement return.
The information safety protection operation of carrying out in the described step 4) comprises the operation of data being carried out encryption and decryption.
The information safety protection operation of carrying out in the described step 4) comprises with presetting the operation that code carries out data operation.
The authentication information of described step 1) can comprise that password that the user imports is or/and identification of the manufacturer.
Described step 1) specifically is meant: obtain the password of user input, with from the password storage district, read and handle after the password that obtains authenticate.
Described operation of data is handled and can be comprised self-defined processing and standard processing, and described standard treatments is drawn together: RSA, DES, 3DES, MD5, SHA-1, SSF33, AES, elliptic curve.
The present invention is by at first obtaining authentication information and carrying out authentication; receive the order that legal hosts sends according to the MMC/SDIO interface protocol; after mentioned order is resolved; the corresponding information safety protection operation of the command execution that obtains; again according to the result after the described MMC/SDIO interface protocol return; make information security and software copyright protection become possibility based on the MMC/SDIO interfacing equipment, possess simultaneously small and exquisite portable, at a high speed, the advantage of low-power consumption, hot-swappable, plug and play.
Description of drawings
Fig. 1 is the process flow diagram of embodiment 1 among the present invention
Fig. 2 is the process flow diagram of embodiment 2 among the present invention
Fig. 3 is the hardware block diagram of embodiment 2
Fig. 4 is the hardware block diagram of embodiment 3
Fig. 5 is the hardware block diagram of embodiment 1
Embodiment
First kind of preferred embodiment of the present invention provides a kind of software protection equipment and communication means thereof.
As shown in Figure 5; described software protection equipment 502 comprises MMC/SDIO interface chip 503, CPU 505 and the extended memory 504 that connects in turn; described extended memory can be selected RAM, ROM, EPROM, FLASH etc. arbitrarily for use, is used to store corresponding cryptographic algorithm.Described storer should have enough storage spaces, is used to store the cryptographic algorithm that presets, and perhaps can be selected or download algorithm by the user, and the words of storage area personal code work need enough big storage space if desired, can be in-chip FLASHs etc.
Firmware program partly comprises: identification division, the equipment wait of equipment and data, device parses and deal with data, the equipment that receives from main frame are returned to host data and wait for that next bar instruction and equipment disconnect the coupling part with main frame.Equipment is had the main frame identification of MMC/SDIO interface, the information of the register by being built in MCU inside, set up being connected of main frame and equipment, and statement for the communication type of the MMC/SDIO that determines to be used for carrying out follow-up communication, communications portion is observed the communication protocol of MMC/SDIO fully.
In the said procedure, the communications portion of equipment and main frame is the core, below in conjunction with Fig. 1 the communication process of equipment and main frame is described in detail.
At first, equipment has been finished initially, by step 102 main frame the product identification of the manufacturer of equipment has been verified again through step 101 main frame, if correct, equipment execution in step 103, otherwise forwarded for 110 being connected to equipment disconnection and main frame.Verify user password in the step 103, if it is correct, equipment waits for the order of self-application with execution in step 104, otherwise also forward step 110 to, equipment execution in step 104 receives after the order, resolve command is also carried out step 105 according to different application requirements and is carried out data encrypting and deciphering, perhaps step 106 operation of presetting the code operational data.Data processing finishes afterwards data to be returned to enter step 107, wait for the order of self-application, if use and to no longer include response, then enter step 110, disconnect and being connected of main frame, otherwise, if also have new order, then forward step 108 to, if through judging sign off, then execution in step 109 disconnects and being connected of main frame equipment, continues wait and takes orders otherwise forward step 104 to.
Below the code operational data is preset in utilization is that the function of performing step 106 is described further.
Equipment is as the device that software cryptography is provided.Can be used to preserve the part segment of user software, guarantee the safety of this part segment, and be not read out, and make it to come Control Software to guarantee its legal operation successively in device interior operation and mutual with external software.This equipment and external program are frequent alternately, and computing velocity and communication speed are important speed ability indexs.
According to the function of this embodiment, the software protection function that can be achieved as follows:
1. acquisition facility information, this information refers to the information of this device.These information stores offer the function of the equipment of user's memory and identification oneself in internal storage.As step 102.
2. format, the user can format this device, through making all settings and data return to factory state after the format.
3. written document, this class file comprises user's code snippet, perhaps needed data during this segment operation.
4. read file, this class file can be the data file in code snippet when operation but not be this code snippet itself.
5. operating file, this class file just is meant the code snippet that the user writes, and allows these code snippets move in this equipment and guarantees all data of its operation and memory information is retained in equipment with interior and return results only.
6. encryption and decryption offers the user and carries out encryption and decryption such as user data RSA, DES, 3DES in hardware inside, and the encryption and decryption result is returned to the user.
Preset and also comprise software protection application interface function in the code, described software protection application interface function is the interface level between software protection equipment and the 3rd side use, and this application interface function is mainly used by the developer, and following function mainly is provided:
1. the equipment of opening is opened the handle of this equipment, sets up the communication channel with this equipment.
2. closing device is removed the handle and the status information of equipment of this equipment when equipment is prepared not re-use.
3. this is the core of this protected software product to send order, and realization is provided with work, i.e. the realization of all software protection functions to all of this device.
The main effect of software protection equipment is that the defence program part can not appear in the internal memory of main frame, and the benefit of bringing like this is:
1. prevent the illegal copies of program, it is exactly incomplete that the program on the main frame is left the software protection key, and the distribution of software must have the existence of software protection key.
2. the program that prevents is illegally followed the tracks of or is debugged, and the code of the pith of software can not operate in the main frame, and all debugging softwares all can't obtain the running status of this section program.
3. prevent that by dump the situation that software the most easily is cracked is it in operation, traditional software that adds the shell protection is often reduced code return under the situation of core dump.
4. prevent decompiling, no matter how high the technology of decompiling have, and all can't obtain the code snippet of this embodiment device inside, therefore can't realize the complete function of its software itself.
Second kind of preferred embodiment of the present invention provides a kind of user identity identification equipment and communication means thereof.It mainly is responsible for preserving user's sensitive data, as password, digital certificate etc.
The hardware components of identification apparatus as shown in Figure 3,301 is main frame among the figure, and 302 is identification apparatus, and 303 for being arranged on the MCU in the described identification apparatus, described MCU is inner integrated CPU, MMC/SDIO interface chip and RAM storer is built-in with algorithm among the described RAM.Enough ram in slice spaces should be arranged among the described MCU, be used to preset algorithm, comprise RSA, DES, 3DES, MD5 algorithm etc., perhaps can select or download algorithm by the user, the words of storage area personal code work need enough big storage space if desired, can be in-chip FLASHs etc.Can select for use the chip of Intel xscale series to realize, also can use STR710 series and STR720 series.
The firmware program of identification apparatus part can the combined with intelligent card technique and modern password learn a skill, can support third party's algorithm to download, support multistage file management and visit.
Shown in Figure 2 as flow process.General function is: step 201 has been finished initialization for main frame to identification apparatus among Fig. 2, obtain the password A of user's input in the step 202 by identification apparatus, identification apparatus is read password and is obtained B through specific processing in the step 203 from the password storage district, in the step 204 A and B are compared, then authentication failure of difference, forward step 211 to, identification apparatus disconnects the connection with main frame, identically then distribute certain authority to give the user by identification apparatus, described this authority is associated with user's cryptographic levels, the user can authorize the application end operation in the identity allowed band, be order such as the step 205 that identification apparatus receives self-application, order is carried out dissection process such as step 206 data encryption processing and step 207 with presetting the code operational data, return to application then, execution in step 208 continues to wait for the order of self-application then.There is not to forward under the situation of legal response being connected of step 211 off device and main frame in application, otherwise receive the order of application layer, if judge the indication sign off by step 208, then arrive step 210 and disconnect this communication process of connection normal termination, continue to carry out otherwise forward step 205 to.Step 202, step 203, three modules of step 204 also can directly read password from identification apparatus, judge by host side whether password is correct.
Present embodiment can be achieved as follows function and comprise:
1. control accesses network: id information and user authentication information by containing in the identification apparatus are used to land network.
2. be used to verify digital signature or proof with the identity of the sender of document of identify, and prevent to be distorted midway.
3. storage encrypted message, the stored user encrypted message prevents the risk that the user brings when manually inputing password.
4. telnet, the website of bank can utilize signing messages to discern the user and get legitimacy.
5. the visit of control documents can add access control information in some files, can prevent unauthorized access or operation under the situation of identification apparatus.
6. control logs on specific application system, and the developer can be used for this function the product of oneself, and this product can utilize the present embodiment device to land.
Be meant described in above-mentioned 3 that the encrypted message that comprises in the identification apparatus sends to main frame and is used for discerning the lock people information of holding.
Described presetting also comprises identification apparatus application interface function in the code, identification apparatus application interface function is the interface level between identification apparatus and the 3rd side use, this application interface function is mainly used by the developer, and described application interface function mainly provides following function:
1. the equipment of opening is opened the handle of this equipment, sets up the communication channel with this equipment.
2. closing device is removed the handle and the status information of equipment of this equipment when equipment is prepared not re-use.
3. this is the core of identification apparatus to send order, and realization is provided with work, i.e. the realization of the intelligent card function of all this identity identification equipments to all of this device.
The main effect of digital identity identification equipment is that the important sensitive data that obtains of protection can be read out outside the key apparatus in the internal memory as main frame never, and such benefit of bringing is:
1. the user can remember redundant cipher, and the password of safety is necessarily formed enough complicated character string by letter and number, and upgrades often, stores the trouble that encrypted message can be removed the user from identification apparatus.
2. the measures of double factor authentication is provided,, can bring risk to the user even a side of user's password or digital identity identification equipment loses.
3. secret key can not derive, and has guaranteed the safety of user key.
4. algorithm is built-in.
The third embodiment of the present invention, another kind of identification apparatus is provided, as shown in Figure 4, be provided with MMC/SDIO interface chip 403 in the described identification apparatus 402, with the integrated CPU that is attached thereto and the MCU404 of storer, link to each other with main frame 401 by the MMC/SDIO of institute interface chip, be mainly used in the translation of finishing the MMC/SDIO interface protocol, make that the realization of MCU part 404 can be simpler, interface chip 403 can be selected the AC21C00 SDIO Controller of ARASAN to be equipped with common MCU again to realize.
Main frame in the present embodiment is identical with embodiment 2 with communicating by letter of equipment, and realization and embodiment 2 identical functions.
More than a kind of information security control method based on the MMC/SDIO interfacing equipment of software copyright protection and information security that realizes provided by the present invention is described in detail.Having used specific case herein sets forth principle of the present invention and embodiment.The explanation of above embodiment just is used for helping to understand method of the present invention and realizing thought; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, part in specific embodiments and applications all can change.In sum, this description should not be construed as limitation of the present invention.
Claims (6)
1, a kind of information security control method based on the MMC/SDIO interfacing equipment is characterized in that, comprises the steps:
1) obtains authentication information and carry out authentication;
2) authentication legal after, receive the order that sends according to the MMC/SDIO interface protocol;
3) order from the MMC/SDIO agreement that receives is resolved;
4), carry out corresponding information safety protection operation according to resolving the order that the back obtains;
5) with the result after the MMC/SDIO agreement return.
2, information security control method according to claim 1 is characterized in that: the information safety protection operation of carrying out in the described step 4) comprises the operation of data being carried out encryption and decryption.
3, information security control method according to claim 1 is characterized in that: the information safety protection operation of carrying out in the described step 4) comprises with presetting the operation that code carries out data operation.
4, according to claim 1 or 2 or 3 described information security control methods, it is characterized in that: the authentication information in the described step 1) comprises that password that the user imports is or/and identification of the manufacturer.
5, information security control method according to claim 4, it is characterized in that: the step that described step 1) is obtained authentication information and carried out authentication specifically is meant: obtain the password of user's input, with from the password storage district, read and handle after the password that obtains authenticate.
6, information security control method according to claim 3, it is characterized in that: described usefulness presets operation that code carries out data operation and comprises that self-defined processing and standard handle, and described standard treatments is drawn together: RSA, DES, 3DES, MD5, SHA-1, SSF33, AES, elliptic curve.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200510082685XA CN100334520C (en) | 2005-07-08 | 2005-07-08 | Information safety appliance based on MMC / SDIO interface and communication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200510082685XA CN100334520C (en) | 2005-07-08 | 2005-07-08 | Information safety appliance based on MMC / SDIO interface and communication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1696865A CN1696865A (en) | 2005-11-16 |
| CN100334520C true CN100334520C (en) | 2007-08-29 |
Family
ID=35349613
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB200510082685XA Active CN100334520C (en) | 2005-07-08 | 2005-07-08 | Information safety appliance based on MMC / SDIO interface and communication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100334520C (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107608928B (en) * | 2017-09-14 | 2020-10-16 | 记忆科技(深圳)有限公司 | Configurable device for analyzing SDIO data stream |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004192452A (en) * | 2002-12-12 | 2004-07-08 | Matsushita Electric Ind Co Ltd | Memory card |
| US20040205268A1 (en) * | 2003-01-21 | 2004-10-14 | C-Guys, Inc. | SDIO controller |
| CN1584925A (en) * | 2004-06-14 | 2005-02-23 | 张毅 | Multimedia memory card |
-
2005
- 2005-07-08 CN CNB200510082685XA patent/CN100334520C/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004192452A (en) * | 2002-12-12 | 2004-07-08 | Matsushita Electric Ind Co Ltd | Memory card |
| US20040205268A1 (en) * | 2003-01-21 | 2004-10-14 | C-Guys, Inc. | SDIO controller |
| CN1584925A (en) * | 2004-06-14 | 2005-02-23 | 张毅 | Multimedia memory card |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1696865A (en) | 2005-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100437618C (en) | Portable information safety device | |
| US7940932B2 (en) | Methods, apparatus, and systems for securing SIM (subscriber identity module) personalization and other data on a first processor and secure communication of the SIM data to a second processor | |
| US7636844B2 (en) | Method and system to provide a trusted channel within a computer system for a SIM device | |
| CN101034991B (en) | Secure guiding system, method, code signature construction method and authentication method | |
| CN201054140Y (en) | Information security control chip | |
| CN101770386A (en) | Safe startup method for Linux embedded system | |
| CN101013406A (en) | Automatic-installable information safety equipment and control method thereof | |
| CN110674515B (en) | Multilevel security storage chip framework | |
| CN101794362A (en) | Trusted computation trust root device for computer and computer | |
| CN101321065B (en) | USB data safety transmission technique with double-factor identity validation function | |
| Guneysu et al. | Dynamic intellectual property protection for reconfigurable devices | |
| CN102163267A (en) | Solid state disk as well as method and device for secure access control thereof | |
| CN101159754A (en) | Internet application management system operating on intelligent mobile terminal | |
| CN102024115B (en) | Computer with user security subsystem | |
| CN1331015C (en) | Computer security startup method | |
| CN101420299B (en) | Method for enhancing stability of intelligent cipher key equipment and intelligent cipher key equipment | |
| CN201150069Y (en) | Information safety equipment supporting multiple identification authentication | |
| CN100574192C (en) | A kind of information safety devices and communication means thereof based on usb protocol | |
| CN115391843A (en) | Credible digital identity CTID network card decoding algorithm | |
| CN100334520C (en) | Information safety appliance based on MMC / SDIO interface and communication method | |
| KR20100048323A (en) | Apparatus for and method of securing keyboard to evade stealth sniffing | |
| CN2927185Y (en) | Data safety transmission equipment | |
| US20050044408A1 (en) | Low pin count docking architecture for a trusted platform | |
| CN2906756Y (en) | Secure data transmission device | |
| CN2812076Y (en) | Information security equipment based on MMC/SDIO interface |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: FEITIAN TECHNOLOGIES CO., LTD. Free format text: FORMER NAME: BEIJING FEITIAN CHENGXIN TECHNOLOGY CO., LTD. |
|
| CP03 | Change of name, title or address |
Address after: 100085 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer Patentee after: Feitian Technologies Co.,Ltd. Address before: 100083, Haidian District, Xueyuan Road, Beijing No. 40 research, 7A building, 5 floor Patentee before: FEITIAN TECHNOLOGIES Co.,Ltd. |
|
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 17th floor, building B, Huizhi building, No.9, Xueqing Road, Haidian District, Beijing 100085 Patentee after: Feitian Technologies Co.,Ltd. Country or region after: China Address before: 100085 17th floor, block B, Huizhi building, No.9 Xueqing Road, Haidian District, Beijing Patentee before: Feitian Technologies Co.,Ltd. Country or region before: China |