CN101000583A - Smart card and USB combined equipment and method of self-destroy forillegal access and try to pass valve value - Google Patents
Smart card and USB combined equipment and method of self-destroy forillegal access and try to pass valve value Download PDFInfo
- Publication number
- CN101000583A CN101000583A CNA2007100003298A CN200710000329A CN101000583A CN 101000583 A CN101000583 A CN 101000583A CN A2007100003298 A CNA2007100003298 A CN A2007100003298A CN 200710000329 A CN200710000329 A CN 200710000329A CN 101000583 A CN101000583 A CN 101000583A
- Authority
- CN
- China
- Prior art keywords
- smart card
- flash disk
- usb flash
- equipment complex
- unauthorized access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
A integrated device of intelligent card and USB is prepared as setting autonomous operation system based on Java virtual machine on integrated device of intelligent card and USB, erecting self-destroying program on said autonomous system, enabling to finalize logic judgment that non-authorized call frequency is over threshold by self-destroying program and realizing self-destroying function when non-authorized call frequency is over set top-limit threshold.
Description
Technical field
The present invention relates to information security, access control, USB technical field of memory, particularly smart card and USB flash disk equipment complex information security are destroyed technical field with oneself.
Background technology
Common U disk is a mobile storage access medium equipment, its significant defective is: it is an external full disclosure, transparent mobile memory medium equipment, to the visit of data without any access control, promptly so long as have the access side of USB interface and can unhinderedly use.Therefore, the sensitive data that is stored on the common U disk exists by the risk of unauthorized access.
Solution to the problems described above mainly contains two kinds at present:
1) adopt cryptographic technique that the data on the common U disk are encrypted, illegally check preventing:
1. adopt the software cryptography mode, promptly the data of common U disk storage are encrypted by the encryption software of installing on the main frame;
2. adopt the hardware encipher mode: promptly realize encrypting on the sheet by the chip that has encryption function in increase on the common U disk.
2) prevent unauthorized access by revising the logical USB flash disk file system zone bit in Shanxi.
Certainly do not destroy function but above-mentioned two kinds of methods all do not have after by unauthorized access, be not suitable for the occasion that confidentiality is had relatively high expectations.
Summary of the invention:
The objective of the invention is to: provide a kind of and have from destroying the smart card and the USB flash disk equipment complex of technology, the smart card operating system of installing on smart card and the USB flash disk equipment complex is to the USB interface-based visit control that conducts interviews, and access attempts audited, if when finding that continuous unauthorized access attempt surpasses threshold values, then take the necessary measure of destruction certainly, for example, automatically memory contents is carried out format manipulation etc., to guarantee the safety of smart card and USB flash disk equipment complex.
Technical scheme of the present invention is as follows: a kind of smart card and USB flash disk equipment complex, comprise: internal memory 20, IO controller 30 and flash memory 40, also comprise: support RSA, DH, ElGamal, ECC public key algorithm, the cryptographic coprocessor 50 of DES, 3DES, AES symmetric cryptographic algorithm and third party's cryptographic algorithm, according to the smart card operating system 203 of Java Card technical manual establishment and finish the Z32UF safety governor 60 of encryption and decryption computing by described cryptographic coprocessor 50; Described cryptographic coprocessor 50 is integrated on described Z32UF safety governor 60 chips; Described internal memory 20, IO controller 30, flash memory 40, cryptographic coprocessor 50, Z32UF safety governor 60 constitute smart card and USB flash disk equipment complex 1.
On the described Z32UF safety governor 60 of described smart card and USB flash disk equipment complex 1, be equipped with according to smart card operating system 203 establishment of Java Card technical manual, that visit is controlled to USB, the destruction program certainly 111 that the unauthorized access number of times surpasses the logic determines of threshold value and realizes destroying certainly action of finishing is installed on this operating system 203, should be as follows from the step of destroying method:
(1), determining step 1., after described smart card and USB flash disk equipment complex 1 are received the instruction of " visit attempt ", judge its whether be " Lawful access " 1., as then entering audit steps 3., as then entering " end " step for "Yes" 2. for "No";
(2), audit steps 3., be used for the number of times of accumulative total " unauthorized access trials " signal, n is added 1, enter next step " whether 4. above the step of threshold values " m ";
(3), determining step 4., the step of, signal being sent into " whether surpassing threshold values m " through after the operation of " n+1 " 5., as then entering " format manipulation " step for "Yes" 5., as then entering " end " step for "No" 2.;
(4) " format manipulation " step 5., system receives more than or equal to after " m " inferior " unauthorized access trial ", carries out formative from destroying operation to described smart card and USB flash disk equipment complex 1 memory contents.
Described n is the number of times that the unauthorized access of system audit is attempted, and described m is the threshold values of the permission unauthorized access number of times of default.
Described encryption and decryption computing is checking and signature.
Owing to adopted above technical scheme, the present invention has following distinguishing feature:
(1), strong security, common U disk, can unhinderedly be used so long as have the access side of USB interface without any access control the visit of data, the data on the USB flash disk have no confidentiality and can say.
(2), prevent to crack, adopt existing cryptographic technique that the data on the USB flash disk are encrypted, can't prevent that enciphered data on the USB flash disk is deleted or be copied away, and crack the generation of situation.The present invention is based on the smart card operating system 203 of Java Virtual Machine, this operating system 203 and the corresponding protection that is subjected to tamper resistant hardware cryptographic coprocessor 50 from destruction program 111.
(3), prevent from illegal copies to prevent unauthorized access by revising USB flash disk file system zone bit usually, because the shortcoming that the existence of file system zone bit easily cracks and revises can't really prevent illegal copies.
Description of drawings
The physical arrangement synoptic diagram of Fig. 1--common U disk
The physical arrangement synoptic diagram of Fig. 2--smart card and USB flash disk equipment complex
Software layer hierarchical structure chart in Fig. 3--smart card and the USB flash disk equipment complex
Fig. 4--operational flowchart of the present invention
Wherein, the 20--internal memory, the 30--IO controller, the 40--flash memory, 50--cryptographic coprocessor, 60--Z32UF60 safety governor, 111--is from the destruction program, the 203--smart card operating system, the number of times of the quilt of n--system audit " unauthorized access trial ", the threshold values of the permission unauthorized access number of times of m--default.
Embodiment
It is so-called that " " function refers to: operating system can be audited to access attempts in destruction certainly, when the access attempts that does not become merit surpasses certain threshold value, system formats the USB flash disk storage space automatically,, be applicable to confidentiality is required than higher occasion by unauthorized reading or copy with the confidential data that prevents to store on the USB flash disk.
From the enforcement of destroying function based on following three conditions:
1) smart card operating system 203 on smart card and the USB flash disk equipment complex, visit is controlled to USB;
2) the destruction program certainly on the smart card operating system 203 111 is finished the logic determines that the unauthorized access number of times surpasses threshold value, and realizes destroying action;
3) smart card and USB flash disk equipment complex hardware chip adopt cryptographic coprocessor 50 and Z32UF safety governor 60 (Z32UF safety governor 60 comprises smart card controller and USB controller); operating system 203 and the corresponding protection that is subjected to tamper resistant hardware Z32UF safety governor 60 from destruction program 111; Z32UF safety governor 60 is being controlled flash memory 40, and the turnover that makes it data is with good conditionsi.Under the control of Z32UF safety governor 60, enter into the encrypted preservation of clear data of flash memory, decipher automatically when reading, promptly expressly to read.
Shown in the process flow diagram of accompanying drawing 4, at first system sets the threshold values m that allows the unauthorized access number of times to smart card and USB flash disk equipment complex, reviews the frequency n of this smart card of meter and USB flash disk equipment complex " unauthorized access trial ".The present invention has set the logic determines 4 that allows the unauthorized access number of times to surpass threshold value m, with this as the basis for estimation that access attempts is audited.
This smart card is received " visit is attempted " instruction with the USB flash disk equipment complex after, at first judge its whether be " Lawful access " 1., as then entering audit steps 3.,, can enter " end " step 2. as showing then that for "Yes" this " visit is attempted " is " Lawful access " for "No";
3. audit steps is used for the number of times of accumulative total " unauthorized access trial " signal, and n is added 1, enters next step and " whether surpasses threshold values " m " step 4.; 4. determining step is used for judging the number of times of " unauthorized access trial ", the threshold values m that whether surpasses the permission unauthorized access number of times of default, after " n+1 " operation, step 5. signal to be sent into " whether surpassing threshold values m ", as for "Yes" then system can judge automatically that this visit is illegal visit, 5. the program start of destruction certainly on the operating system enters " format manipulation " step, as carrying out format manipulation etc. to smart card and USB flash disk equipment complex memory contents automatically.As then entering " end " step for "No" 2..
The span of threshold values m can be positive integer less than 1000.
The present invention is based on the tamper resistant hardware Z32UF safety governor 60 and the smart card operating system 203 of smart card and USB flash disk equipment complex; combined with hardware chip encryption technology secrecy coprocessor 50 again; after can solving smart card and USB flash disk equipment complex well and losing; the safety problem of confidential data on smart card and the USB flash disk equipment complex; prevent unauthorized access by operating system on the tamper resistant hardware platform and destruction program certainly on the one hand; on the other hand; hardware-based cryptographic can play the assistance protective effect, is particularly useful for confidentiality is required than higher occasion.
Hardware product among the present invention is homemade commercially available prod.With the same or analogous technical scheme of content of the present invention, should be within the protection domain of this patent.
Claims (4)
1, a kind of smart card and USB flash disk equipment complex, comprise: internal memory (20), IO controller (30) and flash memory (40), it is characterized in that: also comprise: support RSA, DH, ElGamal, ECC public key algorithm, the cryptographic coprocessor (50) of DES, 3DES, AES symmetric cryptographic algorithm and third party's cryptographic algorithm, according to the smart card operating system (203) of Java Card technical manual establishment and finish the Z32UF safety governor (60) of encryption and decryption computing by described cryptographic coprocessor (50); Described cryptographic coprocessor (50) is integrated on described Z32UF safety governor (60) chip; Described internal memory (20), IO controller (30), flash memory (40), cryptographic coprocessor (50), Z32UF safety governor (60) constitute smart card and USB flash disk equipment complex (1).
2, a kind of when smart card and the unauthorized access of USB flash disk equipment complex attempt is surpassed threshold values from the method for destroying, on the described Z32UF safety governor (60) of described smart card and USB flash disk equipment complex (1), be equipped with according to smart card operating system (203) establishment of Java Card technical manual, that visit is controlled to USB, be equipped with on this operating system (203) and finish the destruction program certainly (111) that the unauthorized access number of times surpasses the logic determines of threshold value and realizes destroying certainly action, it is characterized in that: should be as follows from the step of destroying method:
(1), determining step 1., after described smart card and USB flash disk equipment complex (1) are received the instruction of " visit attempt ", judge its whether be " Lawful access " 1., as then entering audit steps 3., as then entering " end " step for "Yes" 2. for "No";
(2), audit steps 3., be used for the number of times of accumulative total " unauthorized access trials " signal, n is added 1, enter next step " whether 4. above the step of threshold values " m ";
(3), determining step 4., the step of, signal being sent into " whether surpassing threshold values m " through after the operation of " n+1 " 5., as then entering " format manipulation " step for "Yes" 5., as then entering " end " step for "No" 2.;
(4) " format manipulation " step 5., system receives more than or equal to after " m " inferior " unauthorized access trial ", carries out formative from destroying operation to described smart card and USB flash disk equipment complex (1) memory contents.
3, as claimed in claim 2 a kind of when smart card and the unauthorized access of USB flash disk equipment complex attempt is surpassed threshold values from the method for destroying, it is characterized in that: the number of times that described (n) attempts for the unauthorized access of system audit, the threshold values of the permission unauthorized access number of times that described (m) is default.
4, a kind of smart card as claimed in claim 1 and USB flash disk equipment complex is characterized in that: described encryption and decryption computing is used for checking and signature.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2007100003298A CN100535876C (en) | 2007-01-08 | 2007-01-08 | Smart card and USB combined equipment and method of self-destroy forillegal access and try to pass valve value |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2007100003298A CN100535876C (en) | 2007-01-08 | 2007-01-08 | Smart card and USB combined equipment and method of self-destroy forillegal access and try to pass valve value |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101000583A true CN101000583A (en) | 2007-07-18 |
CN100535876C CN100535876C (en) | 2009-09-02 |
Family
ID=38692562
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB2007100003298A Expired - Fee Related CN100535876C (en) | 2007-01-08 | 2007-01-08 | Smart card and USB combined equipment and method of self-destroy forillegal access and try to pass valve value |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100535876C (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102236765A (en) * | 2010-04-30 | 2011-11-09 | 深圳市合信自动化技术有限公司 | Method and device for protecting programmable logic controller (PLC) safely |
CN101403993B (en) * | 2008-07-28 | 2012-10-17 | 清华大学深圳研究生院 | Data security safekeeping equipment and method |
CN104573559A (en) * | 2015-01-24 | 2015-04-29 | 浙江远望软件有限公司 | File storage and access method capable of supporting password authentication and operation log |
CN104967518A (en) * | 2015-07-31 | 2015-10-07 | 中国人民解放军71777部队 | Method for improving information transmission security |
CN106920305A (en) * | 2017-02-10 | 2017-07-04 | 深圳市赛亿科技开发有限公司 | A kind of intelligent key system |
CN108376226A (en) * | 2017-01-18 | 2018-08-07 | 丰田自动车株式会社 | Unauthorized determines that system and unauthorized determine method |
CN108664817A (en) * | 2017-03-30 | 2018-10-16 | 金士顿数位股份有限公司 | Intelligent and safe memory |
CN111417947A (en) * | 2017-11-21 | 2020-07-14 | 奥迪股份公司 | Single chip system for vehicle |
CN112764691A (en) * | 2021-02-05 | 2021-05-07 | 浙江威固信息技术有限责任公司 | Solid state disk and safety management method thereof |
WO2024087939A1 (en) * | 2022-10-27 | 2024-05-02 | 中国科学院微电子研究所 | Solid-state drive and limited access control method therefor, and electronic device |
-
2007
- 2007-01-08 CN CNB2007100003298A patent/CN100535876C/en not_active Expired - Fee Related
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101403993B (en) * | 2008-07-28 | 2012-10-17 | 清华大学深圳研究生院 | Data security safekeeping equipment and method |
CN102236765B (en) * | 2010-04-30 | 2015-04-15 | 深圳市合信自动化技术有限公司 | Method and device for protecting programmable logic controller (PLC) safely |
CN102236765A (en) * | 2010-04-30 | 2011-11-09 | 深圳市合信自动化技术有限公司 | Method and device for protecting programmable logic controller (PLC) safely |
CN104573559A (en) * | 2015-01-24 | 2015-04-29 | 浙江远望软件有限公司 | File storage and access method capable of supporting password authentication and operation log |
CN104573559B (en) * | 2015-01-24 | 2018-05-04 | 浙江远望软件有限公司 | It is a kind of to support the storage of the file of password authorization and operation log and access method |
CN104967518A (en) * | 2015-07-31 | 2015-10-07 | 中国人民解放军71777部队 | Method for improving information transmission security |
CN108376226B (en) * | 2017-01-18 | 2022-04-01 | 丰田自动车株式会社 | Unauthorized determination system and unauthorized determination method |
CN108376226A (en) * | 2017-01-18 | 2018-08-07 | 丰田自动车株式会社 | Unauthorized determines that system and unauthorized determine method |
CN106920305A (en) * | 2017-02-10 | 2017-07-04 | 深圳市赛亿科技开发有限公司 | A kind of intelligent key system |
CN108664817A (en) * | 2017-03-30 | 2018-10-16 | 金士顿数位股份有限公司 | Intelligent and safe memory |
CN108664817B (en) * | 2017-03-30 | 2021-12-21 | 金士顿数位股份有限公司 | Intelligent safety memory |
CN111417947B (en) * | 2017-11-21 | 2021-03-02 | 奥迪股份公司 | Single chip system for vehicle |
US11244082B2 (en) | 2017-11-21 | 2022-02-08 | Audi Ag | One-chip system for a vehicle |
CN111417947A (en) * | 2017-11-21 | 2020-07-14 | 奥迪股份公司 | Single chip system for vehicle |
CN112764691A (en) * | 2021-02-05 | 2021-05-07 | 浙江威固信息技术有限责任公司 | Solid state disk and safety management method thereof |
WO2024087939A1 (en) * | 2022-10-27 | 2024-05-02 | 中国科学院微电子研究所 | Solid-state drive and limited access control method therefor, and electronic device |
Also Published As
Publication number | Publication date |
---|---|
CN100535876C (en) | 2009-09-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100535876C (en) | Smart card and USB combined equipment and method of self-destroy forillegal access and try to pass valve value | |
CN101853363B (en) | File protection method and system | |
CN101901313B (en) | Linux file protection system and method | |
CN101441601B (en) | Ciphering transmission method of hard disk ATA instruction and system | |
CN101470783B (en) | Identity recognition method and device based on trusted platform module | |
KR100894466B1 (en) | Information processing device, anti-tamper method, and anti-tamper program | |
CN107908574B (en) | Safety protection method for solid-state disk data storage | |
US20080016127A1 (en) | Utilizing software for backing up and recovering data | |
CN107508801B (en) | Method and device for preventing file from being tampered | |
TW200405963A (en) | Sleep protection | |
CN103065102A (en) | Data encryption mobile storage management method based on virtual disk | |
CN101430752A (en) | Sensitive data switching control module and method for computer and movable memory device | |
CN102948114A (en) | Single-use authentication methods for accessing encrypted data | |
CN101008974A (en) | Protection method and system of electronic document | |
CN105740725A (en) | File protection method and system | |
CN103440462A (en) | Embedded control method for improving security and secrecy performance of security microprocessor | |
CN104573549A (en) | Credible method and system for protecting confidentiality of database | |
CN102799539A (en) | Safe USB flash disk and data active protection method thereof | |
CN100399304C (en) | Method for automatic protecting magnetic disk data utilizing filter driving program combined with intelligent key device | |
CN102024115B (en) | Computer with user security subsystem | |
JP2008005408A (en) | Recorded data processing apparatus | |
CN110837634A (en) | Electronic signature method based on hardware encryption machine | |
CN1755572A (en) | Computer security startup method | |
US9076007B2 (en) | Portable data support with watermark function | |
Liu et al. | A file protection scheme based on the transparent encryption technology |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
DD01 | Delivery of document by public notice |
Addressee: Guo Tao Document name: Review of business letter |
|
DD01 | Delivery of document by public notice | ||
DD01 | Delivery of document by public notice |
Addressee: Beijing Mingyu Technology Co., Ltd. Document name: Notification of Termination of Patent Right |
|
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090902 Termination date: 20180108 |