CN100574192C - A kind of information safety devices and communication means thereof based on usb protocol - Google Patents
A kind of information safety devices and communication means thereof based on usb protocol Download PDFInfo
- Publication number
- CN100574192C CN100574192C CNB2006100986266A CN200610098626A CN100574192C CN 100574192 C CN100574192 C CN 100574192C CN B2006100986266 A CNB2006100986266 A CN B2006100986266A CN 200610098626 A CN200610098626 A CN 200610098626A CN 100574192 C CN100574192 C CN 100574192C
- Authority
- CN
- China
- Prior art keywords
- data
- equipment
- usb protocol
- main frame
- order
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000004891 communication Methods 0.000 title claims abstract description 40
- 238000012545 processing Methods 0.000 claims abstract description 28
- 230000005540 biological transmission Effects 0.000 claims abstract description 9
- 238000000034 method Methods 0.000 claims description 12
- 230000008878 coupling Effects 0.000 abstract description 17
- 238000010168 coupling process Methods 0.000 abstract description 17
- 238000005859 coupling reaction Methods 0.000 abstract description 17
- 230000006870 function Effects 0.000 description 21
- 238000005516 engineering process Methods 0.000 description 6
- 230000004044 response Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 3
- 102100024080 CASP8-associated protein 2 Human genes 0.000 description 2
- 101000910382 Homo sapiens CASP8-associated protein 2 Proteins 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000019771 cognition Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000000284 resting effect Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of information safety devices and communication means thereof based on usb protocol; for solving the problem of usb protocol equipment realization based on wireless safe transmission; information safety devices provided by the invention; comprise micro controller unit; the coupling module antenna; radio-frequency module; baseband processing module and memory module; micro controller unit comprises security module; security module is used to provide information safety protection; micro controller unit links to each other with memory module with baseband processing module respectively; baseband processing module links to each other with radio-frequency module; radio-frequency module connects the coupling module antenna; this equipment intercoms with main frame mutually by wireless usb protocol, has realized communicating by letter based on the information security of wireless usb protocol equipment in software protection and identification field like this.
Description
Technical field
The present invention relates to a kind of information safety devices and communication means thereof, belong to the data security transmission field based on usb protocol.
Background technology
In Information technology flourishing day by day today, the fail safe and the confidentiality of data message are subject to people's attention day by day.Wherein, the copyright protection product of software plays an important role in the software copyright protection field as a kind of information safety devices, and it protects software developer's interests, additional income, and the interests of protection validated user can also the Control Software distribution.Simultaneously, along with Internet development, more and more informational needs that relate to individual privacy and business secret are by network delivery, the importance of information security also more and more by people cognition.Safety information product is as aspects such as network ID authentication, data security storage, visit, control, transmission, data encrypting and decipherings, some cryptographic algorithm of often using at information security field have: RSA, DES, 3DES, MD5, SHA-1, SSF33, AES, ECC etc. can also have user-defined algorithm promptly to preset code.This algorithm has just appearred in RSA:1978, and it is that first can be used for the algorithm that data encryption also can be used for digital signature.
DES: be the most widely used grouping symmetric encipherment algorithm of inventing the earliest.The suction parameter of DES algorithm has three: Key, Data, Mode.Wherein Key is totally 64 of 8 bytes, is the working key of DES algorithm; Data also is 64 of 8 bytes, is to want encrypted or decrypted data; Mode is the working method of DES, has two kinds: encrypt or deciphering.
3DES: it promptly is triple encryption standards that DES is carried out three times.
MD5: md5-challenge is mainly used in digital certificate and the electronic signature technology.This algorithm carries out cover to the data of input, if make that data bit length LEN is 448 to the result of 512 complementations.Be that data extend to the K*512+448 position.Be K*64+56 byte, K is an integer.
SHA-1: be mainly used in digital certificate and the electronic signature technology.
SSF33: homemade block encryption algorithm.
AES: the encryption standard of USA National Institute of Standard and Technology (NIST) promulgation.Aes algorithm can use 128,192 and 256 key to realize the encryption and decryption of 128 bit data block, thus the protection electronic data.Aes algorithm has substituted lower DES and the 3DES algorithm of fail safe originally.AES-128 can be in 3.4*1038 unique secret key nearly times chooses one and encrypts bit stream.Like this, even the accurate Hacker Program per second that is used to design can crack that key that 1,000,000 keys (this has been very high concurrent algorithm ability) also need 1*1025 (promptly ten million 1000000000000 years) just can find AES-128 to generate.
ECC: elliptic curve encryption algorithm also belongs to public key algorithm.
Safety information product has boundless use prospect in fields such as ecommerce, E-Government, Web banks.
Yet the information safety devices that occurs on the market is directly to be inserted in the main frame to use mostly now, also needing of having uses USB extended line or HUB (hub) to link to each other with the USB port of main frame, and then information safety devices linked on USB extended line or the HUB, this certainly will increase the cost of wired information safety devices, and this will to make the main frame of the abundant peripheral hardware of original connection be tediously long data connecting line everywhere, and main frame will connect a wired USB device and all needs a separate port, and the USB port of existing main frame generally is no more than 8, have only 4 mostly, and existing main frame peripheral hardware has occupied many USB port, as keyboard, mouse, printer, digital camera, music player and external drive etc., this will make the USB port resource shortage of main frame.
The Wireless USB of being made up of several big leading companys such as Intel promotes the common Wireless USB standard that advances of alliance, will make new main frame support Wireless USB standard (Wireless Universal Serial BusSpecification).Support the main frame of Wireless USB standard can connect nearly 127 equipment, support the wireless USB apparatus of this standard to link to each other very convenient with main frame, the speed and the host communication that can keep 480Mbps, and each equipment all has the time period of oneself to transmit data, even when sharing the 480Mbps transmission bandwidth of Wireless USB, still can there be several devices to work simultaneously, and keep very fast message transmission rate.And the equipment of supporting this standard has lower power consumption, and Wireless USB adopts super-broadband tech (UWB) exactly, and power consumption has only half of IEEE802.11 standard code power consumption.Wireless USB can temporarily be in resting state when not working, connection device only just can be set up contact when the transmission data, has reduced the power consumption output that there is no need.Ultralow transmitting power makes that Wireless USB is difficult for other electronic equipment is produced interference, and the general interference only distance several meters of zero points just can embody.Thereby around Wireless USB standard development peripheral hardware be current focus.
Resemble many major companies such as Alereon at present and developing the Wireless USB chip, price can be very low.On the one hand, their transmitting powers are very low, therefore can remove some circuit, as power amplifier.They can also be realized in CMOS fully, therefore utilize such chip can develop the information safety devices of cheap Wireless USB, can communicate with main frame or HWA (Host Wire Adapter host side transceiver).
But do not realize information safety protection based on the information safety devices and the communication means of wireless usb protocol at present, as functions such as software protection and authentication identifications, connecting line is cumbersome, the cost height.
Summary of the invention
(1) technical problem that will solve
In order to solve the problem that does not realize information safety protection at present based on the communication means of wireless usb protocol.
(2) technical scheme
In order to achieve the above object, the invention provides a kind of communication means of the information safety devices based on usb protocol, this method comprises the steps:
1) equipment sends the connection request contain the equipment notice by wireless usb protocol to main frame, and main frame recognizes equipment after receiving the described connection request that contains the equipment notice, and equipment is carried out initialization;
2) main frame sends order and the data that are used to provide information safety protection by wireless usb protocol to equipment;
3) equipment resolves and provides the processing of information safety protection to described order and data;
4) equipment returns to main frame by wireless usb protocol and resolves and result.
Described the order of information safety protection and data are provided is access control order and data, and respective handling is that access control is handled.
Described order that information safety protection is provided and data also comprise carries out encryption and decryption order and data to data, and respective handling comprises that also data are carried out encryption and decryption to be handled.
The described order of information safety protection and the data of providing also comprise safe storage order and data, and respective handling also comprises the safe storage processing.
Described encryption and decryption handle comprise RSA, DES, 3DES, MD5, SHA-1, SSF33, AES, ECC algorithm any one or several arbitrarily.
(3) beneficial effect
Can pass through equipment provided by the invention and communication means realization information safety protection based on wireless usb protocol; as realized based on functions such as software protection and authentication identifications; reduce the cumbersome of connecting line, increased the attachable USB device quantity of main frame, save maintenance cost.
Description of drawings
Fig. 1 is the flow chart of method 1 among the present invention;
Fig. 2 is the flow chart of method 2 among the present invention;
Fig. 3 is the flow chart of method 3 among the present invention;
Fig. 4 is device 2 and main-machine communication schematic diagram among the present invention;
Fig. 5 is the flow chart of method 4 among the present invention;
Fig. 6 is device 3 and main-machine communication schematic diagram among the present invention;
Fig. 7 is device 1 and main-machine communication schematic diagram among the present invention.
Embodiment
The present invention solves the technical scheme that its technical problem takes: a kind of information safety devices based on usb protocol comprises
MCU:(Micro-Controller Unit, micro controller unit) be used to move firmware program and user program, MCU comprises security module, security module is used to provide data security protecting.
Coupling module antenna: receive the electromagnetic signal that emits from main frame or HWA, and send the signal that receives to radio-frequency module.
Radio-frequency module: be used to receive the signal that sends from the coupling module antenna and with the communication of baseband processing module.
Baseband processing module: the link block that is used for carrying out communication and radio-frequency module with MCU.
Memory module: the module that is used for storage device firmware program and user data and state information.
Memory module can be by one or several form among RAM, ROM, EPROM, EEPROM, the FLASH.
Described MCU can be the chip of Safety Design, comprises intelligent card chip.
First kind of preferred embodiment of the present invention provides a kind of information safety devices based on usb protocol that is used for software protection.
As shown in Figure 7, MCU705, coupling module antenna 707, radio-frequency module 703, baseband processing module 706 and memory module 704, MCU705 links to each other with memory module 704 with baseband processing module 706 respectively, baseband processing module 706 links to each other with radio-frequency module 703, and radio-frequency module 703 connects coupling module antenna 707.
Information safety devices based on usb protocol is that software protection equipment 702 comprises coupling module antenna 707, radio-frequency module 703, baseband processing module 706, MCU 705 and the memory module 704 that connects in turn, and described memory can be selected RAM, ROM, EPROM, EEPROM, FLASH etc. arbitrarily for use.Communicate by letter with main frame 701 by wireless usb protocol, be used to store corresponding cryptographic algorithm.Described memory module should have enough memory spaces, is used to store the cryptographic algorithm that presets, and perhaps can be selected or download algorithm by the user, and the words of storage area personal code work need enough big memory space if desired, can be in-chip FLASHs etc.Radio-frequency module 703 can select for use the radio frequency chip AL4100 of ALEREON company to realize; baseband processing module can select for use the baseband processing chip AL4200 of ALEREON company to realize; coupling module antenna 707 can be realized by the PCB-type antenna of NEC; MCU705 can realize that security module can provide the program of information safety protection to realize by being used in the CPU run memory by the MC68HC908JB8 chip of motorola inc.
Second kind of preferred embodiment of the present invention provides a kind of communication means based on the information safety devices of usb protocol that is used for software protection
Firmware program partly comprises: identification division, the equipment wait of equipment and data, device parses and deal with data, the equipment that receives from main frame are returned to host data and wait for that next bar instruction and equipment disconnect the coupling part with main frame.Equipment is had the main frame or the HWA identification of Wireless USB interface, the information of the register by being built in MCU inside, set up being connected of main frame and equipment, and statement for the communication type of the Wireless USB determined to be used for carrying out follow-up communication, communications portion is observed the communication protocol of Wireless USB fully.
In the said procedure, the communications portion of equipment and main frame is the core, is described in detail below in conjunction with Fig. 1.
Step 101: the information safety devices A based on usb protocol that is used for software protection puts in the scope of host B wireless signal covering; device A sends the connection request that contains the device A notice to host B; direction is that device A arrives host B all the time; connectivity request message according to wireless usb protocol device A notice is no more than 32 bytes; host B recognizes device A after receiving the connection request that contains the device A notice; host B just begins enumerating this device A; obtain the information of this wireless USB apparatus A; and device A carried out initialization, host B has been finished carrying out subsequent step after the device A initialization.
Step 102: host B verifies the product identification of the manufacturer of device A, if correct, execution in step 103 will disconnect and being connected of the wireless USB apparatus A that can't discern otherwise forward 109 host Bs to.
Step 103: host B sends checking user password order and corresponding code data by wireless usb protocol to device A, device A receives this order and corresponding code data, and verifies the user password processing, if correct, then execution in step 104, otherwise forward step 109 to.
Step 104: device A continue to receive host B and sends by wireless usb protocol data are carried out the order that encryption and decryption is handled, and device A receives carries out resolving this order and carrying out step 105 respective handling after the order that encryption and decryption handles to data.
Step 105: to the user of legal identity is arranged, device A is carried out encryption and decryption to data and is handled.
Step 106: device A is carried out after the encryption and decryption processing to data; data after device A is handled encryption and decryption by wireless usb protocol return to host B; other provides the order of data security protecting from main frame in wait, if main frame no longer includes response, then enters step 109.
Step 107: device A judges whether to finish communication, if finish to communicate by letter then execution in step 109, if do not finish communication, then execution in step 104 continuation are waited for and received order.
Step 108: the device A sign off is disconnected and being connected of host B.
Step 109: miscommunication disconnects and being connected of host B device A.
Verify that wherein the user password order is custom command, the order that encryption and decryption is handled can be the custom command of data being used the MD5 algorithm process, corresponding treatment step is: device A is carried out MD5 algorithm standard to data and is handled, can certainly be during RSA, DES, 3DES, MD5, SHA-1, SSF33, aes algorithm standard are handled any one or several arbitrarily.
The third preferred embodiment of the present invention provides a kind of communication means that is used for software protection based on the information safety devices of usb protocol, and as shown in Figure 2, when need carried out safe storage to data, concrete steps 204-206 was with top some is different.
Step 201: put in the scope that the host B wireless signal covers when being used for the information safety devices A of software protection based on usb protocol; device A sends the connection request that contains the device A notice to host B; direction is that device A arrives host B all the time; connectivity request message according to wireless usb protocol device A notice is no more than 32 bytes; host B recognizes device A after receiving the connection request that contains the device A notice; host B just begins enumerating this device A; obtain the information of this wireless USB apparatus A; and device A carried out initialization, host B has been finished carrying out subsequent step after the device A initialization.
Step 202: host B verifies the product identification of the manufacturer of device A, if correct, execution in step 203 will disconnect and being connected of the wireless USB apparatus A that can't discern otherwise forward 209 host Bs to.
Step 203: host B sends checking user password order and corresponding code data by wireless usb protocol to device A, device A receives this order and corresponding code data, and verifies the user password processing, if correct, then execution in step 204, otherwise forward step 209 to.
Step 204: device A continues to receive host B and by the wireless usb protocol transmission a certain data segment is carried out the order of safe storage processing and these concrete data segment data, device A receives after the order of safe storage processing, resolves this order and execution in step 205.
Step 205: to the user of legal identity is arranged, device A is carried out safe storage to a certain data segment and is handled.
Step 206: device A is carried out after the safe storage processing to a certain data segment; device A returns to host B by wireless usb protocol with this result; wait if main frame no longer includes response, then enters step 209 from other the order that data security protecting is provided of main frame.
Step 207: device A judges whether to finish communication, if finish to communicate by letter then execution in step 209, if do not finish communication, then execution in step 204 continuation are waited for and received order.
Step 208: the device A sign off is disconnected and being connected of host B.
Step 209: miscommunication disconnects and being connected of host B device A.
The 4th kind of preferred embodiment of the present invention provides a kind of communication means that is used for software protection based on the information safety devices of usb protocol, and as shown in Figure 3, when the need utilization was preset code and carried out data operation, concrete steps 304-306 was with top some is different.
Step 301: be used for software protection and put in the scope that the host B wireless signal covers based on the information safety devices A of usb protocol; device A sends the connection request that contains the device A notice to host B; direction is that device A arrives host B all the time; connectivity request message according to wireless usb protocol device A notice is no more than 32 bytes; host B recognizes device A after receiving the connection request that contains the device A notice; host B just begins enumerating this device A; obtain the information of this wireless USB apparatus A; and device A carried out initialization, host B has been finished carrying out subsequent step after the device A initialization.
Step 302: host B verifies the product identification of the manufacturer of device A, if correct, execution in step 303 will disconnect and being connected of the wireless USB apparatus A that can't discern otherwise forward 309 host Bs to.
Step 303: host B sends checking user password order and corresponding code data by wireless usb protocol to device A, device A receives this order and corresponding code data, and verifies the user password processing, if correct, then execution in step 304, otherwise forward step 309 to.
Step 304: device A continues to receive host B and presets the order that code carries out data operation by wireless usb protocol transmission utilization, and device A receives after this order, resolves this order and carries out step 305 respective handling.
Step 305: to the user of legal identity is arranged, corresponding step 303, the device A utilization is preset code and is carried out data operation.
Step 306: corresponding step 305; the device A utilization is preset code and is carried out after the data operation; device A is passed through wireless usb protocol; the result that code carries out data operation is preset in utilization return to host B; wait provides the order of data security protecting from other of main frame; if main frame no longer includes response, then enter step 309.
Step 307: device A judges whether to finish communication, if finish to communicate by letter then execution in step 109, if do not finish communication, then execution in step 304 continuation are waited for and received order.
Step 308: the device A sign off is disconnected and being connected of host B.
Step 309: miscommunication disconnects and being connected of host B device A.
Below code is preset in utilization carry out data operation and be further described.
Equipment is as the device that software cryptography is provided.Can be used to preserve the part segment of user software, guarantee the safety of this part segment, and be not read out, and make it to come Control Software to guarantee its legal operation successively in device interior operation and mutual with external software.This equipment and external program are frequent alternately, and computational speed and communication speed are important speed ability indexs.
According to the function of this embodiment, the software protection function that can be achieved as follows:
1. acquisition facility information, this information refers to the information of this device.These information stores offer the equipment of user's memory and identification oneself, as step 102 in internal storage.
2. format, the user can format this device, through making all settings and data return to factory state after the format.
3. written document, this class file comprises user's code snippet, perhaps needed data during this segment operation.
4. read file, this class file can be the data file in code snippet when operation but not be this code snippet itself.
5. operating file, this class file just is meant the code snippet that the user writes, and allows these code snippets move in this equipment and guarantees all data of its operation and memory information is retained in equipment with interior and return results only.
6. encryption and decryption offers the user and user data is carried out encryption and decryption such as RSA, DES, 3DES, MD5, SHA-1, SSF33, AES, ECC in hardware inside, and the encryption and decryption result is returned to the user.
Preset and also comprise software protection application interface function in the code, described software protection application interface function is the interface level function between software protection equipment and the 3rd side use, and this application interface function is mainly used by the developer, and following function mainly is provided:
1. the equipment of opening is opened the handle of this equipment, sets up the communication channel with this equipment.
2. closing device is closed the handle of this equipment and is removed status information of equipment when main frame does not re-use this equipment.
3. this is the core of this protected software product to send order, and realization is provided with work, i.e. the realization of all software protection functions to all of this device.
The main effect of software protection equipment is that the defence program part can not appear in the internal memory of main frame, and the benefit of bringing like this is:
1. prevent the illegal copies of program, it is exactly incomplete that the program on the main frame is left the software protection key, and the distribution of software must have the existence of software protection key.
2. the program that prevents is illegally followed the tracks of or is debugged, and the code of the pith of software can not operate in the main frame, and all debugging softwares all can't obtain the running status of this section program.
3. prevent that by dump the situation that software the most easily is cracked is it in operation, traditional software that adds the shell protection is often reduced code return under the situation of core dump.
4. prevent decompiling, no matter how high the technology of decompiling have, and all can't obtain the code snippet of this embodiment device inside, therefore can't realize the complete function of its software itself.
The 5th kind of preferred embodiment of the present invention provides a kind of information safety devices based on usb protocol that is used for user identity identification.It mainly is responsible for preserving user's sensitive data, as password, digital certificate etc.
The hardware components of identification apparatus as shown in Figure 4, information safety devices based on usb protocol is an identification apparatus 402, comprise coupling module antenna, MCU, radio-frequency module, baseband processing module and memory module, MCU, radio-frequency module, baseband processing module and memory module are integrated in the single-chip (chip 403), single-chip (chip 403) connects coupling module antenna 404, is built-in with algorithm in the memory module.Enough sheet spaces should be arranged among the described MCU, be used to preset algorithm, comprise RSA, DES, 3DES, MD5, SHA-1, SSF33, AES, ECC algorithm etc., perhaps can select or download algorithm by the user, the words of storage area personal code work need enough big memory space if desired, can be in-chip FLASHs etc.Coupling module antenna 404 can be realized that single-chip (chip 403) can be realized that security module can provide the program of information safety protection to realize by being used in the CPU run memory by the chip SC2501D of Staccato by the PCB-type antenna of NEC.
401 is main frame/HWA, and identification apparatus 402 is communicated by letter with main frame 401 by wireless usb protocol.
The 6th kind of preferred embodiment of the present invention, shown in Figure 5 as flow process, a kind of communication means based on the information safety devices of usb protocol that is used for user identity identification is provided.
The firmware program of identification apparatus part can the combined with intelligent card technique and modern password learn a skill, can support third party's algorithm to download, support multistage file management and visit.
Step 501: in the information safety devices C based on usb protocol that is used for user identity identification puts into the scope of main frame D wireless signal covering, equipment C sends the connection request that contains equipment C notice to main frame D, direction is that equipment C is to main frame D all the time, connectivity request message according to wireless usb protocol equipment C notice is no more than 32 bytes, main frame D recognizes equipment C after receiving the connection request that contains equipment C notice, main frame D just begins enumerating this USB device C, obtain the information of this wireless USB apparatus C, and equipment C carried out initialization, main frame D has finished carrying out subsequent step after the equipment C initialization.
Step 502: to the identification apparatus C X that enters password.
Step 503: identification apparatus C reads password and obtains Y through specific processing from the password memory block.
Step 504: X and Y are compared, then authentication failure of difference, forward step 510 to, equipment C disconnects the connection with main frame D, identical then equipment C distributes certain authority to give the user, and this authority is associated with user's cryptographic levels, and the user can authorize the processing of the application end in the identity allowed band, main frame D sends to equipment C by wireless usb protocol data is carried out the order that encryption and decryption is handled, and equipment C receives the order that encryption and decryption is handled.
Step 505: equipment C receives data is carried out resolving also execution in step 506 of this order after the order data that encryption and decryption handles.
Step 506: equipment C carries out data encrypting and deciphering to be handled.
Step 507: equipment C carries out data after the encryption and decryption processing, and the data after equipment C handles encryption and decryption by wireless usb protocol return to main frame D, wait for the order from main frame, no longer include response if use, and then enter step 510.
Step 508: equipment C judges whether to finish to communicate by letter (what judges whether to finish communication according to), if finish to communicate by letter then execution in step 509, if do not finish communication, then execution in step 504 continuation are waited for and being taken orders.
Step 509: equipment C sign off is disconnected and being connected of main frame D.
Step 510: miscommunication, equipment C disconnection is connected with main frame D's.
Present embodiment can be achieved as follows function and comprise:
1. control accesses network: id information and user authentication information by containing in the identification apparatus are used to land network.
2. be used to verify digital signature or proof with the identity of the sender of document of identify, and prevent to be distorted midway.
3. storage encrypted message, the stored user encrypted message prevents the risk that the user brings when manually inputing password.
4. telnet, the website of bank can utilize signing messages to discern the user and get legitimacy.
5. the visit of control documents can add access control information in some files, can prevent unauthorized access or operation under the situation of identification apparatus.
6. control logs on specific application system, and the developer can be used for this function the product of oneself, and this product can utilize the present embodiment device to land.
Be meant described in above-mentioned 3 that the encrypted message that comprises in the identification apparatus sends to main frame and is used for discerning the lock people information of holding.
Described presetting also comprises identification apparatus application interface function in the code, identification apparatus application interface function is the interface level function between identification apparatus and the 3rd side use, this application interface function is mainly used by the developer, and described application interface function mainly provides following function:
1. the equipment of opening is opened the handle of this equipment, sets up the communication channel with this equipment.
2. closing device is closed the handle of this equipment and is removed status information of equipment when main frame does not re-use this equipment.
3. this is the core of identification apparatus to send order, and realization is provided with work, i.e. the realization of the intelligent card function of all this identity identification equipments to all of this device.
The main effect of digital identity identification equipment is that important, the sensitive data of protection can be read out outside the auto levelizer in the internal memory as main frame never, and such benefit of bringing is:
1. the user can remember redundant cipher, and the password of safety is necessarily formed enough complicated character string by letter and number, and upgrades often, stores the trouble that encrypted message can be removed the user from identification apparatus.
2. the measures of double factor authentication is provided,, can bring risk to the user even a side of user's password or digital identity identification equipment loses.
3. key can not be derived, and has guaranteed the safety of user key.
4. algorithm is built-in.
The 7th kind of embodiment of the present invention, provide another kind to be used for the information safety devices of user identity identification based on usb protocol, as shown in Figure 6, information safety devices based on usb protocol is an identification apparatus 602, comprise coupling module antenna, MCU, radio-frequency module, baseband processing module and memory module, MCU, baseband processing module and memory module are integrated in the single-chip (chip 604), single-chip (chip 604) connects radio-frequency module 603, and radio-frequency module 603 connects coupling module antenna 605.601 is main frame/HWA, identification apparatus 602 is communicated by letter with main frame 601 by wireless usb protocol, coupling module antenna 605 receives the signal that main frame/HWA sends, radio-frequency module receives the electromagnetic signal of receiving from coupling module antenna 605, and through suitably handling the MCU that sends tape base tape handling ability to, this mode makes that the realization of single-chip 604 can be simpler.Radio-frequency module 603 can select the radio frequency chip AL4100 of ALEREON company to realize; single-chip 604 can select the chip AL4300 of ALEREON company to realize; coupling module antenna 605 can be selected the PCB-type antenna of NEC, and security module can provide the program of information safety protection to realize by being used in the CPU run memory.
Main frame in the present embodiment is identical with embodiment five with communicating by letter of equipment, and realization and embodiment five identical functions.
More than a kind of information safety devices and communication means thereof based on wireless usb protocol of software copyright protection and information security realized provided by the present invention is described in detail.Having used specific case herein sets forth principle of the present invention and execution mode.The explanation of above embodiment just is used for helping to understand method of the present invention and realizing thought; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, part in specific embodiments and applications all can change.In sum, this description should not be construed as limitation of the present invention.
Claims (5)
1. the information security communication means based on usb protocol is characterized in that described transmission method comprises the steps:
1) equipment sends the connection request contain the equipment notice by wireless usb protocol to main frame, and main frame recognizes equipment after receiving the described connection request that contains the equipment notice, and equipment is carried out initialization;
2) main frame sends order and the data that are used to provide information safety protection by wireless usb protocol to equipment;
3) equipment resolves and provides the processing of information safety protection to described order and data;
4) equipment returns to main frame by wireless usb protocol and resolves and result.
2. according to claim 1 based on the information security communication means of usb protocol, it is characterized in that described the order of information safety protection and data are provided is access control order and data, respective handling is that access control is handled.
As described in the claim 2 based on the information security communication means of usb protocol, it is characterized in that described order that information safety protection is provided and data also comprise carries out encryption and decryption order and data to data, respective handling comprises that also data are carried out encryption and decryption to be handled.
As described in the claim 2 based on the information security communication means of usb protocol, it is characterized in that the described order of information safety protection and the data of providing also comprise safe storage order and data, respective handling comprises that also safe storage handles.
As described in the claim 3 based on the information security communication means of usb protocol, it is characterized in that, described encryption and decryption handle comprise RSA, DES, 3DES, MD5, SHA-1, SSF33, AES, ECC algorithm any one or several arbitrarily.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100986266A CN100574192C (en) | 2006-07-10 | 2006-07-10 | A kind of information safety devices and communication means thereof based on usb protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100986266A CN100574192C (en) | 2006-07-10 | 2006-07-10 | A kind of information safety devices and communication means thereof based on usb protocol |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1878063A CN1878063A (en) | 2006-12-13 |
| CN100574192C true CN100574192C (en) | 2009-12-23 |
Family
ID=37510376
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100986266A Expired - Fee Related CN100574192C (en) | 2006-07-10 | 2006-07-10 | A kind of information safety devices and communication means thereof based on usb protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100574192C (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2489344B (en) * | 2007-06-15 | 2012-12-05 | Apple Inc | circuitry and method for regulating a power supply signal |
| CN103491395B (en) * | 2013-08-29 | 2017-05-10 | 广州视源电子科技股份有限公司 | Peripheral extension method of smart television and smart television |
| CN103488920B (en) * | 2013-09-24 | 2016-06-08 | 北京深思数盾科技股份有限公司 | A kind of wireless messages safety equipment realize method and system |
| CN105138891B (en) * | 2015-07-30 | 2018-02-23 | 山东超越数控电子股份有限公司 | It is a kind of based on USBKey without driving encryption and decryption certification telecommunication circuit and method |
-
2006
- 2006-07-10 CN CNB2006100986266A patent/CN100574192C/en not_active Expired - Fee Related
Non-Patent Citations (6)
| Title |
|---|
| Wireless Universal Serial Bus Specification. Agere等.Wireless Universal Serial Bus Specification,No.1.0版本. 2005 |
| Wireless Universal Serial Bus Specification. Agere等.Wireless Universal Serial Bus Specification,No.1.0版本. 2005 * |
| 基于PKI的电子钥匙安全登录系统的设计与实现. 耿旭峰.太原理工大学硕士学位论文. 2006 |
| 基于PKI的电子钥匙安全登录系统的设计与实现. 耿旭峰.太原理工大学硕士学位论文. 2006 * |
| 基于超宽带的无线USB技术. 姜宇等.电子技术应用,第2006年第2期. 2006 |
| 基于超宽带的无线USB技术. 姜宇等.电子技术应用,第2006年第2期. 2006 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1878063A (en) | 2006-12-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1913427B (en) | System and method for encrypted smart card PIN entry | |
| CN101291224B (en) | Method and system for processing data in communication system | |
| CN1708942B (en) | Secure implementation and utilization of device-specific security data | |
| US8295484B2 (en) | System and method for securing data from a remote input device | |
| US8635456B2 (en) | Remote secure authorization | |
| CN100592739C (en) | Method and apparatus to provide secure communication | |
| CN105760764A (en) | Encryption and decryption methods and devices for embedded storage device file and terminal | |
| CN101399666A (en) | Safety control method and system for digital certificate of file | |
| CN104868998B (en) | A kind of system, apparatus and method that encryption data is supplied to electronic equipment | |
| CN104735471A (en) | Techniques For Secure Provisioning Of Digital Content Protection Scheme | |
| CN102255727B (en) | Improved anti-attacking intelligent card authentication method based on user defined algorithm environment | |
| CN100574192C (en) | A kind of information safety devices and communication means thereof based on usb protocol | |
| CN113591109B (en) | Method and system for communication between trusted execution environment and cloud | |
| CN111031535A (en) | Secure communication method and system for smart card system | |
| CN109961545A (en) | Intelligent door lock and its wireless telecommunications plaintext data encryption and decryption approaches | |
| CN109510711A (en) | A kind of network communication method, server, client and system | |
| CN101465740B (en) | WLAN network card chip capable of supporting PCI interface | |
| Rahnama et al. | Securing RFID-based authentication systems using ParseKey+ | |
| CN101489227B (en) | Host device, mobile terminal, method for processing mobile communication service and system thereof | |
| CN2906756Y (en) | Secure data transmission device | |
| CN100334520C (en) | Information safety appliance based on MMC / SDIO interface and communication method | |
| CN102355354A (en) | Method for implementing digital signature by using radio frequency CPU card of non-signature algorithm module | |
| CN106487796A (en) | Identity card reads the safe ciphering unit in equipment and its application process | |
| CN2927185Y (en) | Data safety transmission equipment | |
| CN102026182A (en) | Safety control method and system of mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: FEITIAN CHENGXIN TECHNOLOGIES CO., LTD. Free format text: FORMER NAME: BEIJING FEITIAN CHENGXIN SCIENCE + TECHNOLOGY CO. LTD. |
|
| CP03 | Change of name, title or address |
Address after: 100085 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer Patentee after: Feitian Technologies Co.,Ltd. Address before: 100083, Haidian District, Xueyuan Road, No. 40 research, 7 floor, 5 floor, Beijing Patentee before: FEITIAN TECHNOLOGIES Co.,Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091223 |