CN101013406A

CN101013406A - Automatic-installable information safety equipment and control method thereof

Info

Publication number: CN101013406A
Application number: CNA2007100638328A
Authority: CN
Inventors: 陆舟; 于华章
Original assignee: Beijing Feitian Technologies Co Ltd
Current assignee: Feitian Technologies Co Ltd
Priority date: 2007-02-12
Filing date: 2007-02-12
Publication date: 2007-08-08
Anticipated expiration: 2027-02-12
Also published as: CN100462949C

Abstract

The invention discloses the information security equipment that can be automatically installed and its control method, belonging to the field of information security. To address the problem that the automatically installed information security equipment can be operated by ordinary users, which is not restricted by mandate, the invention provides the information security equipments that can be installed automatically, which includes control modules, USB interface modules, switch mode modules, SCSI protocol processing modules, automatically run modules, un-limited protocol processing modules, information security modules and reset USB bus modules. The invention also proposes automatically installed security equipment control methods. Using the information security devices in this invention not only reduces the cost of inputs, but also greatly enhances the ease of use.

Description

A kind of information safety devices that can install automatically and control method thereof

Technical field

The present invention relates to information security field, the particularly a kind of information safety devices that can install automatically and control method thereof.

Background technology

Support multi-user, multi-task operation system because Windows operating system is one, make safety problem become very crucial problem, so Window operating system need be carried out the authority setting to the user.Authority is meant the right to access of user to system resource.The setting of authority is based on user and process, and different user capture computing machines have different authorities.The user of Windows is divided into many groups, and common user's group has following several:

Administrator: group of administrators, under the default situations, the user among the Administrator has unrestricted complete access right to computing machine/territory.

System: have equally, even than its also high authority, have the needed authority of the normal operation of system and system-level service with Administrator.

PowerUser: advanced level user's group, in authority was provided with, the authority of this group was only second to Administrator.PowerUser can carry out other any operating system task except keeping for the Administrator group of task.

User: domestic consumer's group, the user of this group can't change computer system.

Guest: guest's group, the restriction of guest account is more than common User account number.

Ordinary practice claims that Administrator, System and Power User are the power user, and User and Guest are non-power user.

Along with improving constantly of people's awareness of safety, various cryptographic algorithm are also arisen at the historic moment, and cryptographic algorithm commonly used mainly contains hashing algorithm, symmetric encipherment algorithm and rivest, shamir, adelman.Hashing algorithm is a kind of one-way algorithm that key participates in that need not, and the data of random length can be carried out conversion, is output into the data summarization of regular length, and it has long hash code and the characteristic that can resist the special password analytical attack.Hashing algorithm relatively more commonly used at present has hmac algorithm, MD5 algorithm, MD2 algorithm, SHA1 algorithm, SHA256 algorithm etc.In the symmetric encipherment algorithm (or being single secret key cryptographic algorithm), have only a key to be used for encryption and decryption information, although single secret key encryption is a simple process, but both sides must believe the other side completely, and all hold the backup of this key, after by symmetric encipherment algorithm data being encrypted, can utilize this key that encrypted result is decrypted.Symmetric encipherment algorithm relatively more commonly used at present has DES algorithm, 3DES algorithm, RC4 algorithm, RC5 algorithm etc.Rivest, shamir, adelman (public key encryption algorithm) uses pair of secret keys in encrypted process, and only uses an independent key unlike symmetric encipherment algorithm, and one is used for encrypting in the pair of secret keys, and another is used for deciphering, and promptly as with A encrypts, and then deciphers with B; If encrypt with B, then will decipher with A.Rivest, shamir, adelman relatively more commonly used at present has RSA Algorithm, DSA algorithm, elliptic curve etc.

In recent years, fast development along with Internet technology and ecommerce, increasing commercial activity is transferred on the network and is carried out, for example online government office, Web bank, shopping online or the like, meanwhile, more and more informational needs that relate to individual privacy and secret of the trade pass through network delivery.Yet deliberate threats such as virus, hacker and the counterfeit swindle of webpage have brought great challenge for the security of online transaction, cause the very important of network security problem change.

Information safety devices (abbreviation equipment) is a kind of small hardware device that has processor and storer, and it is connected with main frame by the data communication interface of computing machine.It has key generation, safe storage key, presets functions such as cryptographic algorithm.The information safety devices computing relevant with key be fully at the device internal operation, and information safety devices has anti-characteristic of attacking, and security is high.Information safety devices generally links to each other with computing machine by USB interface, is commonly called USB KEY or USB Token.Information safety devices manufacturer, software system development merchant or final user can store some important informations in the information safety devices into, in order to guarantee security or to prevent to forget.At present, the information safety devices of higher-end is programmable, promptly can be implemented in and move the code that pre-deposits wherein in the information safety devices.

Can realize the information security function by built-in Safety Design chip in the general information safety equipment.The Safety Design chip is except the various characteristics with general-purpose built-in type microcontroller, more be aspect security performance, the Safety Design chip can structurally be done some special processings aspect security performance when chip design, can adopt specific security kernel such as safety chip, this security kernel can be supported a plurality of states that have different rights definition, is used to realize the management to the hardware resource access rights; And the randomization of supporting instruction time (instruction cycle); Its interrupt system can realize the conversion of supporting chip state, thereby realizes the control to the level of security of different levels, to support the realizations of using more; It can also have MMU unit (Memory Management Unit-Memory Management Unit), be used to realize the isolation of logical address, physical address, and map addresses, the design of using (use), security from architecture support realizes more, organically forms a hardware firewall with the different conditions of kernel support; Its interrupt system can also the back-up system database and interface and the transfer of right and the switching of user program; Its storage medium aspect also can adopt non-volatile memory medium or the like.The Safety Design chip generally all requires to meet relevant standard and by the authentication of being correlated with etc. to guarantee its security performance, such as TCG TPM v1.2 standard, ISO15408 international standard, Chinese Password Management council standard or the like.There are a lot of money Safety Design chips available at present on the market, the ST19WP18 microcontroller of STMicw Electronics wherein, ensured the authentication of level EAL5+ (enhanced edition) by " public standard " assessment, this is the ISO15408 international standard about one of the highest standard of this series products.

Because the said structure characteristics of information safety devices, make it have a wide range of applications at information security field, information security operation generally comprises data interaction (data that write are encrypted or the data that read are decrypted) in described information safety devices in described information safety devices; Authentication information processing, storage/authentication password information, storage/certifying signature, storage/authentication certificate, rights management; And preset code and carry out data operation etc.; wherein presetting code comprises and presets user software part segment (user software part segment can not be read out information safety devices; and carry out data operation at the information safety devices internal operation), and preset the multiple operations such as (software protection application interface function are the interface level function between information safety devices and software developer use) of software protection application interface function.

Hardware identifier is that to be stored in information safety devices inner or be marked on the information safety devices, and a kind of globally unique identification number by device fabrication merchant oneself defines can be read.Hardware identifier comprises the production code member (PID number) of information safety devices and supplier number (VID number) etc., just can distinguish information such as the production firm of equipment and product type according to production code member (PID number) and supplier number (VID number).

The communication of existing information safety equipment can realize by the mode of SCSI (Small Computer System Interface-minihose system interface) order, SCSI is a kind of interface standard that main frame connects external equipment, and the faster data transmission rate can be provided.SCSI has reserved explosion command for making things convenient for the developer to use, for finishing the SCSI communication of information safety devices, the developer is designed to the SCSI explosion command order of information safety devices, to finish the function of information safety devices, but under Windows 2000 and above operating system, domestic consumer does not have authority to use the SCSI explosion command, and this has brought a lot of inconvenience with regard to the use of giving scsi device.

AutoPlay function (Autorun) is the function that the USB-SCSI kind equipment is carried, it makes the operation that equipment such as CD, hard disk and mass memory are carried out become easier, and the program that general custom claims this kind to move automatically is the Autorun program.Owing to comprised the needs order of operation automatically in the Autorun program, as change contents such as drive icon, run program file, optional shortcut menu, so when equipment such as CD that has the Autorun program or mass memory are connected on the computing machine, the Autorun program can be loaded corresponding document, for example GIF, JPEG, html file, pdf document, realize AutoPlay function, the Autorun program can also show startup interface etc.

CCID (USB Chip/Smart Card Interface Devices-USB chip intelligent card equipment) standard is that it provides a kind of read-write equipment for smart card and main frame or other embedded host to realize the possibility of mutual communication by the common standard of formulating of several big international IT enterprises.The CCID standard code CCID equipment be a kind of chip/intelligence card interface device, equipment is connected with main frame or other embedded host by USB interface, the data communication that meets the CCID standard, equipment carries out communication by interface and the smart card that meets 7816 standard agreements simultaneously.Microsoft provides on its Windows 2000 and above operating system and supports CCID to drive, and makes device fabrication manufacturer can develop the equipment that use meets the CCID interface standard easily.Simultaneously, the CCID interface standard is supported PC (Personal Computer-personal computer)/SC (Smart Card-smart card) interface interchange, make numerous developers develop operation to information safety devices easily, on numerous versions of other increase income operating system such as LINUX, also having many CCID that increase income to drive can use for developer and user.

HID (Human Interface Device-human interface device) class is a kind of in first USB device type of supporting fully of Windows operating system, at operation Windows 98 or more on the computing machine of highest version, application program can with the HID devices communicating that uses the built-in driving of operating system, for this reason, the USB device that meets the HID class just is provided with easily and is moved.But HID equipment must not have man-machine interface, and it just needs and can play a role in the restriction of HID class standard, and the major function of HID class and restriction are as follows: the data of exchange reside in the structure that is called as report; Each affairs comprises little data to moderate; Equipment can send information in the time that can not expect in the computing machine or the like.Although a lot of HID equipment mainly are that slave unit sends data to main frame, HID equipment also can be from host receiving data in fact, so the equipment within the restriction of any HID of being operated in class of we can say can be called HID equipment, these equipment both can send data to computing machine, also can receive the request of configuration device from computing machine, the main example of being responsible for receiving data is the control panel of remote display, remote equipment, and receives once in a while or the equipment of any kind of order periodically from main frame.HID equipment can be one of a plurality of USB interface of equipment support, both can be that low-speed device also can be a full speed equipment.Microsoft provides on its Windows98 and above operating system and supports HID to drive, and device fabrication manufacturer can be developed easily use the equipment that meets the HID interface standard.

Descriptor is the format piece of data result or information, and it can make main frame know this equipment, and each descriptor has comprised the information about the Global Information of this equipment or an element.

According to the SCSI consensus standard, the feature that meets its descriptor of equipment of USB-SCSI interface standard is: in interface descriptor, byte 0 is the byte length of descriptor, is worth to be 09h; Byte 1 is a descriptor type, is worth to be 04h; Byte 4 is terminal numbers of supporting; Byte 5 is category codes, is worth to be 08h; Byte 6 is the subclass code, is worth to be 00h; Byte 7 is protocol code, is worth to be 50h.In the type specification symbol, byte 0 is the byte length of descriptor, and byte 2 is version numbers of SCSI standard.Meet the byte in other descriptor of equipment of scsi interface standard, as other byte in the byte in device descriptor, the configuration descriptor and above-mentioned interface descriptor and the type specification symbol still according to the regulation setting in the usb protocol.

According to the CCID consensus standard, the feature that meets its descriptor of equipment of CCID interface standard is: in interface descriptor, byte 0 is the byte length of descriptor, is worth to be 09h; Byte 1 is a fixed terminal, is worth to be 04h; Byte 4 is represented the terminal number (except terminal 0) of its support, is worth to be 02h or 03h; Byte 5 is category codes, is worth to be 0Bh; Byte 6 is the subclass code, is worth to be 00h; Byte 7 is protocol code, is worth to be 00h.In the type specification symbol, byte 0 is the byte length of descriptor, is worth to be that 36h, byte 2 are version numbers of CCID standard, and it is the decimal of representing with binary code, is worth to be 0100h, and byte 52 is PIN code supports, is worth to be 00h-03h.Meet the byte in other descriptor of equipment of CCID interface standard, as other byte in the byte in device descriptor, the configuration descriptor and above-mentioned interface descriptor and the type specification symbol still according to the regulation setting in the usb protocol.

According to the HID consensus standard, the feature that meets its descriptor of equipment of HID interface standard is: in interface descriptor, byte 0 is the byte length of descriptor, is worth to be 09h; Byte 1 is a descriptor type, is worth to be 04h; Byte 4 is terminal numbers of supporting, is worth to be 01h; Byte 5 is category codes, is worth to be 03h; Byte 6 is subclass codes, is worth to be 00h; Byte 7 is protocol code, is worth to be 00h.In the type specification symbol, byte 0 is the byte length of descriptor; Byte 1 is the HID class, is worth to be 2Ih; Byte 2 is HID standard issues number, and its adopts binary-coded decimal form, is 0100h such as 1.0 versions, and 1.1 versions are 0110h.Meet the byte in other descriptor of equipment of HID interface standard, as other byte in the byte in device descriptor, the configuration descriptor and above-mentioned interface descriptor and the type specification symbol still according to the specified devices in the usb protocol.

On open was 2006.7.26, application number is in " information safety devices and the control method thereof of USB (universal serial bus) man-machine interaction class " patent of 200610002400.1, a kind of information safety devices and control method thereof based on USB (universal serial bus) man-machine interaction class disclosed, by comprising the main control chip that is built-in with the human interface device descriptor, with the usb interface module that links to each other with described main control chip, make and itself can accomplish small and exquisite portable easy-to-usely, and function is very powerful.HID equipment has obtained using widely at present, such as all have application on multiple products such as portable hard drive, USB flash disk, keyboard, mouse.

HID equipment and CCID equipment have plurality of advantages, can not be subjected to the restriction of user right such as HID equipment and CCID equipment, under Windows operating system, domestic consumer and administrator can realize HID equipment and CCID equipment conducts interviews and corresponding operation; And the equipment user does not need install driver just can use whenever and wherever possible, do not need to manage the constantly driver of upgrading of version, do not need to consider the compatibling problem of different product driver, demand side does not need to worry the pollution of the installation unloading of driver to system's generation to the operating system application risk that driver causes.Usually, when host computer system is supported the smart card login, the CCID agreement can be selected for use, when host computer system is not supported the smart card login, the HID agreement can be selected for use.Because the above-mentioned advantage of HID equipment and CCID equipment makes it use more and more widely, but a new problem has also been proposed simultaneously, be that HID equipment and CCID equipment can not have the function of automatic operation as USB-SCSI equipment, promptly can not realize automatic installation the equipment related application.

Can be under Windows operating system in order to solve information safety devices with automatic installation function, not limited by user right, the also operable problem of domestic consumer, realize that promptly information safety devices has following two specific characters: the automatic mounting characteristics of USB-SCSI equipment, and the also operable characteristic of HID equipment/CCID equipment domestic consumer under Windows operating system, main settling mode is at the inner USB flash disk partial circuit that increases in order to the realization CD function of HID category information safety equipment/CCID category information safety equipment at present, and hub (HUB) partial circuit is realized.But when with this kind equipment with after main frame is connected, when enumerating, system can be reported as HID device type/CCID device type and two kinds of device types of scsi device type to main frame simultaneously, cause the user to misread easily, the more important thing is, owing to increased hub partial circuit and USB flash disk partial circuit, cost up, reliability also decreases.

Summary of the invention

Can not limited by user right under Windows operating system in order to solve the information safety devices with automatic installation function, the also operable problem of domestic consumer the invention provides a kind of information safety devices that can install automatically and control method.

A kind of information safety devices that can install automatically, described information safety devices comprises control module, usb interface module, the mode of operation handover module, the SCSI protocol process module, the automatic operation module that links to each other with described SCSI protocol process module, not limited protocol process module, the information security module that links to each other with described not limited protocol process module, and the usb bus module that resets that links to each other with described usb interface module, described control module respectively with described usb interface module, the usb bus module resets, the mode of operation handover module, the SCSI protocol process module, not limited protocol process module links to each other;

Described usb interface module is used for by USB interface described information safety devices and main frame being connected, and resolves and handle the usb communication agreement;

Described SCSI protocol process module is built-in with the scsi interface device descriptor, is used for stating certainly as the scsi device type to main frame, and the dissection process scsi command;

Described automatic operation module is used for starting automatically and operation Autorun program;

Described mode of operation handover module is used to receive the mode of operation switching command, and described information safety devices is switched to not limited operation pattern from the SCSI mode of operation of giving tacit consent to;

The described usb bus module that resets is used to control the once plug incident of described information safety devices of usb bus simulation;

Described not limited protocol process module is built-in with the relevant device descriptor of interface protocol that is not subjected to the user right restriction under Windows operating system, is used for stating certainly as the relevant device type to main frame, and resolves and handle the related protocol order;

Described information security module is used for according to the subscriber identity information of the described information safety devices of visit its access rights being managed control and carrying out the enciphering/deciphering computing;

Described control module is used to control the mode of operation of described information safety devices, and data are handled.

Described information security module also comprises the key data storage unit, and described key data storage unit is used for the storage key data, and described key data comprises digital certificate, key and user's private data.

Described information security module also comprises the user program storage unit, and described user program storage unit is used to realize writing and calling of User Defined algorithm.

Described Autorun program is write in advance by the manufacturer of described information safety devices, and is stored in advance in the described information safety devices.

Described mode of operation switching command is not for being subjected to the CD steering order of user right restriction under Windows operating system.

The described usb bus module that resets changes the once plug incident of described information safety devices of simulating on the usb bus that is implemented in by the level on the control usb signal line.

Described not limited operation pattern is specially the HID mode of operation, and described not limited protocol process module is the HID protocol process module;

Described HID protocol process module is built-in with HID interfacing equipment descriptor, is used for stating certainly as the HID device type to main frame, and dissection process HID order.

Described not limited operation pattern is specially the CCID mode of operation, and described not limited protocol process module is the CCID protocol process module;

Described CCID protocol process module is built-in with CCID interfacing equipment descriptor, is used for stating certainly as the CCID device type to main frame, and dissection process CCID order.

Described automatic operation module comprises detecting unit and application program installation unit, the Autorun program that is used for described detecting unit detects main frame whether the application program relevant with described information safety devices has been installed, the application program installation unit is used for when described detecting unit does not detect main frame the application program relevant with described information safety devices has been installed, and the Autorun program is installed the application program relevant with described information safety devices in main frame.

The application program that described information safety devices is correlated with is write in advance by the manufacturer of described information safety devices, and is stored in advance in the described information safety devices.

The application program that described information safety devices is relevant also comprises watchdog routine, and described watchdog routine is used for sending the mode of operation switching command and/or judging the user right of current host computer system to described information safety devices.

Described SCSI protocol process module also links to each other with described information security module, and described automatic operation module comprises that also mode of operation selectes the unit;

The selected unit of described mode of operation is used for the user right that Autorun program or watchdog routine are judged current host computer system, and the mode of operation of the selected described information safety devices of user right of the described current host computer system of foundation, when described current host computer system is operated under the superuser right, select described information safety devices and continue to operate in the SCSI mode of operation; When described current host computer system is operated under the non-superuser right, select described information safety devices and be operated in not limited operation pattern.

Described mode of operation handover module also comprises the equipment judging unit, and described equipment judging unit is used to judge whether the SCSI type equipment that is connected with main frame is described information safety devices.

Described information security module is the Safety Design chip, and described Safety Design chip comprises intelligent card chip.

Described information security module and described mode of operation handover module, the usb bus module that resets, not limited protocol process module, SCSI protocol process module, control module, move in module, the usb interface module one or several automatically and be integrated in the chips.

Described chip is the Safety Design chip, and described Safety Design chip comprises intelligent card chip.

Described usb interface module is the USB interface chip.

A kind of installed security equipment control methods automatically, described method comprises:

Steps A: described information safety devices is connected by USB interface and main frame, and statement is certainly as the scsi device type;

Step B: start automatically and move the Autorun program;

Step C: the mode of operation of selected described information safety devices;

Step D: described information safety devices carries out alternately with main frame under described selected mode of operation, carries out information security operation.

Described step B specifically comprises: start the Autorun program automatically, described Autorun program detects whether the application program relevant with described information safety devices has been installed in the described main frame, if the application program relevant with described information safety devices is not installed in the described main frame, then described Autorun program is installed the application program relevant with described information safety devices in described main frame; If the application program relevant with described information safety devices has been installed in the described main frame, then select the mode of operation of described information safety devices.

Described step C specifically comprises: the Autorun program sends the mode of operation switching command to described information safety devices, described information safety devices switches to not limited operation pattern from the SCSI mode of operation of acquiescence, the simulation of control usb bus is the plug incident of described information safety devices once, and statement is certainly as the relevant device type.

Described step C specifically comprises: Autorun program or watchdog routine send the mode of operation switching command to described information safety devices, described information safety devices switches to not limited operation pattern from the SCSI mode of operation of acquiescence, the simulation of control usb bus is the plug incident of described information safety devices once, and statement is certainly as the relevant device type.

Described step C specifically comprises: the Autorun program is judged the user right of current host computer system, if described current host computer system is operated under the superuser right, selected described information safety devices continues to operate in the SCSI mode of operation; If described host computer system is operated under the non-superuser right, described Autorun program sends the mode of operation switching command to described information safety devices, described information safety devices switches to not limited operation pattern from the SCSI mode of operation of acquiescence, the simulation of control usb bus is the plug incident of described information safety devices once, and statement is certainly as the relevant device type.

Described step C specifically comprises: Autorun program or watchdog routine are judged the user right of current host computer system, if described current host computer system is operated under the superuser right, selected described information safety devices continues to operate in the SCSI mode of operation; If described host computer system is operated under the non-superuser right, described Autorun program or watchdog routine send the mode of operation switching command to described information safety devices, described information safety devices switches to not limited operation pattern from the SCSI mode of operation of acquiescence, the simulation of control usb bus is the plug incident of described information safety devices once, and statement is certainly as the relevant device type.

Described not limited operation pattern is not for being subjected to the interface protocol mode of operation of user right restriction under Windows operating system.

Described not limited operation pattern is HID mode of operation or CCID mode of operation.

The described control usb bus simulation once plug incident of described information safety devices changes by the level on the control usb signal line and realizes.

Beneficial effect: the information safety devices that can install automatically and the control method thereof that the present invention relates to owing to saved hub partial circuit and USB flash disk partial circuit, have obtained better controlled aspect cost; The present invention simultaneously also can not be subjected to the restriction of user right, information safety devices of the present invention and control method thereof can be used under Windows98, Windows2000, Windowsxp, Windows2003 operating system, all can use under power user and non-power user account number simultaneously.In addition, the present invention also possesses the advantage of HID equipment and CCID equipment, do not need install driver just can use whenever and wherever possible such as the user, do not need to manage the constantly driver of upgrading of version, do not need to consider the compatibling problem of different product driver, demand side does not need to worry the pollution of the installation unloading of driver to system's generation to the operating system application risk that driver causes.

Description of drawings

Fig. 1 is the structured flowchart of the information safety devices that can install automatically that provides of the embodiment of the invention 1;

Fig. 2 is the structured flowchart of the information safety devices that can install automatically that provides of the embodiment of the invention 2;

Fig. 3 is a kind of preferred version circuit connection diagram of the information safety devices that can install automatically that provides of the embodiment of the invention;

Fig. 4 is the installed security equipment control methods process flow diagram automatically that the embodiment of the invention 3 provides;

Fig. 5 is the installed security equipment control methods process flow diagram automatically that the embodiment of the invention 4 provides.

Embodiment

The invention will be further described below in conjunction with the drawings and specific embodiments, but not as a limitation of the invention.

Embodiment 1

Present embodiment provides a kind of information safety devices that can install automatically 100, as shown in Figure 1, comprise control module 102, usb interface module 101, mode of operation handover module 105, SCSI protocol process module 103, move module 104, HID protocol process module 107, information security module 108 and the usb bus module 106 that resets automatically.Control module links to each other with usb interface module, the usb bus module that resets, mode of operation handover module, SCSI protocol process module, HID protocol process module respectively, the usb bus module that resets links to each other with usb interface module, automatically the operation module links to each other with the SCSI protocol process module, and the information security module links to each other with the HID protocol process module.

Usb interface module 101 is used for by USB interface information safety devices and main frame being connected, and resolves and handle the usb communication agreement.

SCSI protocol process module 103 is built-in with the scsi interface device descriptor, is used for stating certainly as the scsi device type to main frame, and the dissection process scsi command.

Automatically operation module 104 is used for starting automatically and operation Autorun program, and the Autorun program is write in advance by the manufacturer of described information safety devices, and is stored in advance in the described information safety devices; Automatically the operation module comprises detecting unit and application program installation unit, detecting unit is used for detecting main frame whether the application program relevant with information safety devices has been installed, the application program installation unit is used for when detecting unit does not detect main frame the application program relevant with information safety devices has been installed, and the application program relevant with information safety devices is installed in main frame; The application program that information safety devices is relevant also comprises watchdog routine, and watchdog routine is used for sending the mode of operation switching command to information safety devices, and/or judges the user right of current host computer system; The application program that information safety devices is correlated with is write in advance by the manufacturer of information safety devices, and is stored in the information safety devices in advance.

Mode of operation handover module 105 is used to receive the mode of operation switching command of Autorun program or watchdog routine transmission, and information safety devices is switched to the HID mode of operation from the SCSI mode of operation of giving tacit consent to.The mode of operation switching command is not for being subjected to the CD steering order of user right restriction under Windows operating system.

The usb bus module 106 that resets is used to control the plug incident of usb bus simulation primary information safety equipment, and the usb bus module that resets changes the plug incident that is implemented in simulation primary information safety equipment on the usb bus by the level on the control usb signal line.

HID protocol process module 107 is built-in with HID interfacing equipment descriptor, is used for stating certainly as the HID device type to main frame, and dissection process HID order.

Information security module 108 is used for according to the subscriber identity information of visit information safety equipment its access rights being managed control and carrying out the enciphering/deciphering computing.Information security module 108 also comprises the key data storage unit, is used for the storage key data, and key data comprises digital certificate, key and user's private data; Information security module 108 also comprises the user program storage unit, is used to realize writing and calling of User Defined algorithm.The information security module can be the Safety Design chip, comprises intelligent card chip.

Control module 102 is used to control the mode of operation with the management information safety equipment, and data are handled and controlled.

In the product design of reality, multiple way of realization can be arranged, the information security module can be with mode of operation handover module, HID protocol process module, SCSI protocol process module, control module, move in module, reset usb bus module, the usb interface module one or several automatically is integrated in the chips (can be the Safety Design chip, comprise intelligent card chip) and realizes; Usb interface module also can be the USB interface chip discrete with main control chip.Realize the function of information security module, HID protocol process module, SCSI protocol process module and mode of operation handover module such as utilizing a Safety Design chip (comprising intelligent card chip), utilize a general single chip to realize the function of control module, utilize reset circuit to realize the plug incident of control usb bus simulation primary information safety equipment, utilize the Autorun program of memory chip stores, realize the function of operation module automatically, utilize a usb protocol chip to realize the function of usb interface module again; The information safety devices that can install automatically that present embodiment provides can also utilize the memory chip stores automatic running program, utilizes a Safety Design chip (comprising intelligent card chip) to realize the function of information security module, control module, mode of operation handover module, usb interface module, the usb bus module that resets, HID protocol process module and SCSI protocol process module again.Wherein the storage medium of storage chip can be one or more among RAM, ROM, EPROM, EEPROM, the FLASH.

HID protocol process module 107 in the present embodiment can be replaced by the corresponding protocol process module of interface protocol that is not subjected to the user right restriction under Windows operating system, such as being built-in with CCID interfacing equipment descriptor, be used for stating certainly as the CCID device type to main frame, and the CCID protocol process module of dissection process CCID order.

Embodiment 2

Present embodiment provides a kind of information safety devices that can install automatically 200, as shown in Figure 2, comprise control module 202, usb interface module 201, mode of operation handover module 205, SCSI protocol process module 203, move module 204, the usb bus module 206 that resets, HID protocol process module 207 and information security module 208 automatically.Control module links to each other with usb interface module, the usb bus module that resets, mode of operation handover module, SCSI protocol process module, HID protocol process module respectively, automatically the operation module links to each other with the SCSI protocol process module, the usb bus module that resets links to each other with usb interface module, and the information security module links to each other with the HID protocol process module with the SCSI protocol process module respectively.

Usb interface module 201 is used for by USB interface information safety devices and main frame being connected, and resolves and handle the usb communication agreement.

SCSI protocol process module 203 is built-in with the scsi interface device descriptor, is used for stating certainly as the scsi device type to main frame, and the dissection process scsi command.

Automatically operation module 204 is used for starting automatically and operation Autorun program, and the Autorun program is write in advance by the manufacturer of described information safety devices, and is stored in advance in the described information safety devices; Automatically the operation module comprises detecting unit and application program installation unit, detecting unit is used for detecting main frame whether the application program relevant with information safety devices has been installed, the application program installation unit is used for when detecting unit does not detect main frame the application program relevant with information safety devices has been installed, and the application program relevant with information safety devices is installed in main frame; The application program that information safety devices is relevant also comprises watchdog routine, and watchdog routine is used for sending the mode of operation switching command to information safety devices, and/or judges the user right of current host computer system; The application program that information safety devices is correlated with is write in advance by the manufacturer of information safety devices, and is stored in the information safety devices in advance.

Automatically the operation module comprises that mode of operation selectes unit 2041, utilize Autorun program or watchdog routine to judge the user right of current host computer system, and the mode of operation of the selected information safety devices of user right of the current host computer system of foundation, if promptly current host computer system is operated under the superuser right, selected information safety devices continues to operate in the SCSI mode of operation; If current host computer system is operated under the non-superuser right, selected information safety devices is operated in not limited operation pattern.

Mode of operation handover module 205 is used to receive the mode of operation switching command of Autorun program or watchdog routine transmission, and information safety devices is switched to the HID mode of operation from the SCSI mode of operation of giving tacit consent to; The mode of operation switching command is not for being subjected to the CD steering order of user right restriction under Windows operating system.

The usb bus module 206 that resets is used to control the plug incident of usb bus simulation primary information safety equipment, and the usb bus module that resets changes the plug incident that is implemented in simulation primary information safety equipment on the usb bus by the level on the control usb signal line.

HID protocol process module 207 is built-in with HID interfacing equipment descriptor, is used for stating certainly as the HID device type to main frame, and dissection process HID order.

Information security module 208 is used for according to the subscriber identity information of visit information safety equipment its access rights being managed control and carrying out the enciphering/deciphering computing.The information security module also comprises the key data storage unit, is used for the storage key data, and key data comprises digital certificate, key and user's private data; The information security module also comprises the user program storage unit, is used to realize writing and calling of User Defined algorithm.The information security module can be the Safety Design chip, comprises intelligent card chip.

Control module 202 is used to control the mode of operation with the management information safety equipment, and data are handled and controlled.

In the product design of reality, multiple way of realization can be arranged, the information security module can be with mode of operation handover module, HID protocol process module, SCSI protocol process module, control module, move in module, reset usb bus module, the usb interface module one or several automatically is integrated in the chips (can be the Safety Design chip, comprise intelligent card chip) and realizes; Usb interface module also can be the USB interface chip discrete with main control chip.Realize the function of information security module, HID protocol process module, SCSI protocol process module and mode of operation handover module such as utilizing a Safety Design chip (comprising intelligent card chip), utilize a general single chip to realize the function of control module, utilize reset circuit to realize the once plug incident of described equipment of control usb bus simulation, utilize the Autorun program of memory chip stores, realize the function of operation module automatically, utilize a usb protocol chip to realize the function of usb interface module again; The information safety devices that can install automatically that present embodiment provides can also utilize the memory chip stores automatic running program, utilizes a Safety Design chip (comprising intelligent card chip) to realize the function of information security module, control module, mode of operation handover module, usb interface module, the usb bus module that resets, HID protocol process module and SCSI protocol process module again.Wherein the storage medium of storage chip can be one or more among RAM, ROM, EPROM, EEPROM, the FLASH.

HID protocol process module 207 in the present embodiment can be replaced by the corresponding protocol process module of interface protocol that is not subjected to the user right restriction under Windows operating system, such as being built-in with CCID interfacing equipment descriptor, be used for stating certainly as the CCID device type to main frame, and the CCID protocol process module of dissection process CCID order.

Main frame among embodiment 1 and the embodiment 2 can be desktop computer, notebook computer, server or special machine.The information safety devices that can install automatically that the embodiment of the invention realizes also can be connected with other external unit, external unit can but to be not limited to be that card reader, communication apparatus, digital camera, main frame are outer if other specialized equipment.

A preferred version of the embodiment of the invention: information safety devices is by housing parts and be loaded on its inner circuit board two parts and constitute, core component on the circuit board is intelligent card chip (the Z32H256SU chip of emerging company in selecting for use in this programme), usb bus reset circuit, the high capacity storage chip (this programme is selected the S25FL004 chip of SPANSION company for use) that has USB interface, and the USB joint; As shown in Figure 3, intelligent card chip Z32H256SU (301) is installed on the circuit board, resistance R (302), high-capacity FLASH chip S25FL004 (304) and USB joint (303), USB joint are that the joint that provides information safety devices and main frame to communicate is provided; Intelligent card chip Z32H256SU can realize the function of information security module.The D+ pin of intelligent card chip Z32H256SU (usb data string anode) links to each other with the D+ pin (usb data string anode) of USB joint, the D-pin of intelligent card chip Z32H256SU (usb data string negative terminal) links to each other with the D-pin (usb data string negative terminal) of USB joint, in order to realize that intelligent card chip Z32H256SU communicates by USB joint and main frame, wherein pin D+ and pin D-are two signal wires of USB, be responsible for usb bus on devices exchange data.Intelligent card chip Z32H256SU utilizes an I/O pin to be connected to the D+ pin (usb data string anode) of USB joint by resistance R (302), realizes the usb bus reset operation; Also the D-pin (usb data string negative terminal) that the I/O pin of Z32H256SU chip is connected to the USB joint by resistance R (302) can be realized the reset operation of usb bus; When the I/O pin with the Z32H256SU chip is connected on the D-pin of USB joint by resistance R, information safety devices is designated as low speed USB device (can support the 1.5Mbps low-speed mode of USB to carry out data transmission this moment), when the I/O pin with the Z32H256SU chip was connected on the D+ pin of USB joint by resistance R, information safety devices was designated as USB device at full speed (12Mbps that can support USB this moment pattern at full speed carries out data transmission); The principle that specifically resets is after intelligent card chip Z32H256SU receives the mode of operation switching command of Autorun program or watchdog routine transmission, the Z32H256SU chip is given low level of this I/O pin earlier, give high level of this I/O pin afterwards again, change the plug incident that realizes usb bus simulation primary information safety equipment by the level on the control usb signal line, also can make this I/O pin be in the plug incident that high-impedance state realizes usb bus simulation primary information safety equipment here.

Intelligent card chip Z32H256SU extends out a high-capacity FLASH chip S25FL004, is used for storing the relevant application program of Autorun program and information safety devices etc.

Intelligent card chip Z32H256SU can realize the control of mode of operation and management, and data are handled and controlled; In addition, the EEPROM that has 32KB in the Z32H256SU intelligent card chip of selecting for use in this preferred version, be used to store data and program, and the FLASH of 256KB is used for stored programme, function library, incremental data etc. seldom, because its storage space is the non-volatile memory medium type, can realize repeatedly erasable, for the upgrading of program is provided convenience, simultaneously because its non-volatile characteristic also makes the storage of calling program more safe and reliable.

The structure of above-mentioned preferred version is a special case of the present invention, in the specific implementation, can also adopt the Safety Design chip of internal USB reset function to realize, can realize the internal USB reset function such as the CY7C63813 of Cypress company or the MOTO9085B8/JB16 chip of MOTOROLA company, when realizing, only need can realize just that to the USB reseting register value of writing the level on the usb signal line changes, thereby the realization of the plug incident of simulation primary information safety equipment on the control usb bus, being about to reset, to be integrated in a chips (can be the Safety Design chip for usb bus module and information security module, comprise intelligent card chip) the middle realization, at this moment, just can save USB reset circuit part on the circuit board.

In the specific implementation, usb interface module also can be the usb protocol chip discrete with the Safety Design chip, such as the USB interface chip PDIUSBD12 realization of Philip.

Embodiment 3

Present embodiment has proposed a kind of installed security equipment control methods automatically, as shown in Figure 4, comprises the steps:

Step 401: information safety devices is connected by USB interface and main frame.

Step 402: the information safety devices statement is certainly as the scsi device type.

Main frame sends the request of obtaining device type to information safety devices, and information safety devices is the scsi device descriptor to main frame reporting facility descriptor, and statement is certainly as the scsi device type.

Step 403: start the Autorun program automatically.

The Autorun program is for being stored in the information safety devices in advance, and write in advance by the information safety devices manufacturer.

Step 404:Autorun program detects in the main frame whether the application program relevant with information safety devices has been installed, if the application program relevant with information safety devices has been installed in the main frame, then execution in step 406, if the application program relevant with information safety devices is not installed in the main frame, then execution in step 405.

The relevant application program of information safety devices is for being stored in the information safety devices in advance, and write in advance by the information safety devices manufacturer; The application program that information safety devices is relevant comprises watchdog routine, if the relevant application program of information safety devices has been installed in the main frame, then when main frame is opened, just watchdog routine can start automatically.

Step 405:Autorun program is installed the application program relevant with information safety devices in main frame.

After application program installed, watchdog routine just can start automatically.

Step 406:Autorun program or watchdog routine judge whether the SCSI type equipment that is connected with main frame is information safety devices.

The method of judging can be: the production code member (PID) and the supplier number (VID) of the connected SCSI type equipment that the production code member (PID) of the equipment finished writing in advance in Autorun program or the watchdog routine and supplier number (VID) and main frame are got access to from its descriptor when enumerating information safety devices are compared, if comparison result unanimity, illustrate that then the SCSI type equipment that is connected with main frame is an information safety devices, execution in step 409; If comparison result is inconsistent, then execution in step 407.

Step 407: continue to judge whether other SCSI type equipment that is connected with main frame is information safety devices, if find the information safety devices that is claimed as the SCSI type, then execution in step 409, if do not find the information safety devices that is claimed as the SCSI type, then execution in step 408.

Step 408: the SCSI type equipment that is connected with main frame all is not an information safety devices, and the prompting error message finishes.

Step 409:Autorun program or watchdog routine send the mode of operation switching command to information safety devices.

The mode of operation switching command is not for being subjected to the CD steering order of user right restriction under Windows operating system, operable CD steering order has a lot, realizes such as the multimedia instruction that is used to eject CD (Multimedia Command Strings) that directly provides out in the Microsoft multimedia instruction storehouse can directly be provided:

#include <mmsystem.h>

mciSendString(″set?cdaudio?door?open″，NULL，0，0)；

Wherein " set cdaudio door open " multimedia instruction that is used to eject CD (Multimedia Command Strings) for directly providing out in the Microsoft multimedia instruction storehouse directly calls just passable.

Except using above-mentioned ejection CD instruction, can also adopt accomplished in many ways such as closing CD, track broadcast, enumerate several examples below:

#define?SCSI_PLAYAUD_10?0x45 //Play?Audio?10-Byte(O)

#define?SCSI_PLAYAUD_12?0xA5 //Play?Audio?12-Byte?12-Byte(O)

#define?SCSI_PLAYAUDMSF?0x47 //Play?Audio?MSF(O)

#define?SCSI_PLAYA_TKIN?0x48 //Play?Audio?Track/Index?(O)

Step 410: information safety devices switches to the HID mode of operation from the SCSI mode of operation of acquiescence.

The switching of mode of operation realizes by revising the mode of operation zone bit that writes in advance in the information safety devices, such as, preestablishing when mode of operation zone bit=0 is the SCSI mode of operation, when mode of operation zone bit=1 is the HID mode of operation, then after information safety devices is received the mode of operation switching command, just can modification mode flags position be 1, mode of operation is switched to the HID pattern.

Step 411: the plug incident of information safety devices control usb bus simulation primary information safety equipment, and statement is certainly as the HID device type.

The plug incident of usb bus simulation primary information safety equipment changes realization by the level on the control usb signal line, such as giving low level of usb signal line earlier, realizes for high level of usb signal line again; Also can realize by making the usb signal line be in high-impedance state; Can also be built-in with the main control chip of usb bus reset function by use, realize by writing the relevant control bit of its inner register.

After the plug incident of usb bus simulation primary information safety equipment, main frame can send the request of obtaining device type to information safety devices once more, by reading the mode of operation zone bit, information safety devices is the HID device descriptor to main frame reporting facility descriptor, and statement is certainly as the HID device type.

Step 412: carry out information security operation by the HID device command between information safety devices and the main frame.

Information security operation comprises data interaction, comprises the data that write are encrypted in information safety devices or the data that read are decrypted in information safety devices; Also comprise the authentication information processing, comprise storage/authentication password information, storage/certifying signature, storage/authentication certificate, rights management; Comprise that also presetting code carries out data operation; wherein presetting code comprises and presets user software part segment; user software part segment can not be read out information safety devices; and data operation is carried out in portion's operation within it; and presetting software protection application interface function, software protection application interface function is interface level function between information safety devices and software developer use or the like.

HID agreement in the present embodiment can be replaced by the interface protocol that is not subjected to user right restriction under Windows operating system, and such as the CCID agreement, step 410 can be replaced by following step to 412:

Step 410 ': information safety devices switches to the CCID mode of operation from the SCSI mode of operation of acquiescence.

Step 411 ': the plug incident of information safety devices control usb bus simulation primary information safety equipment, and statement is certainly as the CCID device type.

Step 412 ': carry out information security operation by the CCID device command between information safety devices and the main frame.

Can not comprise watchdog routine in the information safety devices related application in step 404 in the present embodiment～405, send SCSI type equipment that the mode of operation switching command is connected with main frame to information safety devices and judgement this moment and whether be operation such as information safety devices by the realization of Autorun program, promptly step 406 and step 409 are by following step replacement:

Step 406 ': the Autortn program judges whether the SCSI type equipment that is connected with main frame is information safety devices.

Step 409 ': the Autorun program sends the mode of operation switching command to information safety devices.

Embodiment 4

Present embodiment has proposed a kind of installed security equipment control methods automatically, as shown in Figure 5, comprises the steps:

Step 501: information safety devices is connected by USB interface and main frame.

Step 502: the information safety devices statement is certainly as the scsi device type.

Step 503: start the Autorun program automatically.

Step 504:Autorun program detects in the main frame whether the application program relevant with information safety devices has been installed.If the relevant application program of information safety devices has been installed in the main frame, then execution in step 506, if the application program relevant with information safety devices is not installed in the main frame, then execution in step 505.

Step 505:Autorun program is installed the application program relevant with information safety devices in main frame.

Step 506:Autorun program or watchdog routine are judged the user right of current host computer system, if current host computer system is operated under the superuser right, selected information safety devices continues to operate in the SCSI mode of operation, execution in step 514; If current host computer system is operated under the non-superuser right, selected information safety devices is operated in the HID mode of operation, execution in step 507.

The method of judging the user right of current host computer system has a lot, can judge by the function that calling system carries, and realizes such as directly calling following system function:

#include <Windows.h>

CheckTokenMembership(NULL，AdministratorsGroup，&b)；

Also can call following system function realizes:

#include <Windows.h>

GetUserName(lpszSystemInfo，&cchBuff)；

Step 507:Autorun program or watchdog routine judge whether the SCSI type equipment that is connected with main frame is information safety devices.

The method of judging can be: the production code member (PID) and the supplier number (VID) of the connected SCSI type equipment that the production code member (PID) of the equipment finished writing in advance in Autorun program or the watchdog routine and supplier number (VID) and main frame are got access to are compared, if comparison result unanimity, illustrate that then the SCSI type equipment that is connected with main frame is an information safety devices, execution in step 510; If comparison result is inconsistent, then execution in step 508.

Step 508: continue to judge whether other SCSI type equipment that is connected with main frame is information safety devices, if find the information safety devices that is claimed as the SCSI type, then execution in step 510, if do not find the information safety devices that is claimed as the SCSI type, then execution in step 509.

Step 509: the SCSI type equipment that is connected with main frame all is not an information safety devices, and the prompting error message finishes.

Step 510:Autorun program or watchdog routine send the mode of operation switching command to information safety devices.

Step 511: information safety devices switches to the HID mode of operation from the SCSI mode of operation of acquiescence.

Step 512: the plug incident of information safety devices control usb bus simulation primary information safety equipment, and statement is certainly as the HID device type.

Step 513: carry out information security operation by the HID device directive between information safety devices and the main frame, finish.

Step 514: carry out information security operation by the scsi device order between information safety devices and the main frame.

HID agreement in the present embodiment can be replaced by the interface protocol that is not subjected to user right restriction under Windows operating system, and such as the CCID agreement, step 511 can be replaced by following step to 513:

Step 511 ': information safety devices switches to the CCID mode of operation from the SCSI mode of operation of acquiescence.

Step 512 ': the plug incident of information safety devices control usb bus simulation primary information safety equipment, and statement is certainly as the CCID device type.

Step 513 ': carry out information security operation by the CCID device command between information safety devices and the main frame.

Can not comprise watchdog routine in the information safety devices related application in step 504 in the present embodiment～505, send SCSI type equipment that the mode of operation switching command is connected with main frame to information safety devices, the user right of judging current host computer system and judgement this moment and whether be information safety devices etc. and operate by the realization of Autorun program, promptly step 506, step 507 and step 510 are by following step replacement:

Step 506 ': the Autorun program is judged the user right of current host computer system, if current host computer system is operated under the superuser right, selected information safety devices continues to operate in the SCSI mode of operation, execution in step 514; If current host computer system is operated under the non-superuser right, selected information safety devices is operated in the HID mode of operation, execution in step 507.

Step 507 ': the Autorun program judges whether the SCSI type equipment that is connected with main frame is information safety devices.

Step 510 ': the Autorun program sends the mode of operation switching command to information safety devices.

Above-described embodiment is a more preferably embodiment of the present invention, and common variation that those skilled in the art carries out in the technical solution of the present invention scope and replacement all should be included in protection scope of the present invention.

Claims

1. the information safety devices that can install automatically, it is characterized in that, described information safety devices comprises control module, usb interface module, the mode of operation handover module, the SCSI protocol process module, the automatic operation module that links to each other with described SCSI protocol process module, not limited protocol process module, the information security module that links to each other with described not limited protocol process module, and the usb bus module that resets that links to each other with described usb interface module, described control module respectively with described usb interface module, the usb bus module resets, the mode of operation handover module, the SCSI protocol process module, not limited protocol process module links to each other;

2. the information safety devices that can install automatically as claimed in claim 1, it is characterized in that, described information security module also comprises the key data storage unit, and described key data storage unit is used for the storage key data, and described key data comprises digital certificate, key and user's private data.

3. the information safety devices that can install automatically as claimed in claim 1 is characterized in that, described information security module also comprises the user program storage unit, and described user program storage unit is used to realize writing and calling of User Defined algorithm.

4. the information safety devices that can install automatically as claimed in claim 1 is characterized in that, described Autorun program is write in advance by the manufacturer of described information safety devices, and is stored in advance in the described information safety devices.

5. the information safety devices that can install automatically as claimed in claim 1 is characterized in that, described mode of operation switching command is not for being subjected to the CD steering order of user right restriction under Windows operating system.

6. the information safety devices that can install automatically as claimed in claim 1 is characterized in that, the described usb bus module that resets changes the once plug incident of described information safety devices of simulating on the usb bus that is implemented in by the level on the control usb signal line.

7. the information safety devices that can install automatically as claimed in claim 1 is characterized in that, described not limited operation pattern is specially the HID mode of operation, and described not limited protocol process module is the HID protocol process module;

8. the information safety devices that can install automatically as claimed in claim 1 is characterized in that, described not limited operation pattern is specially the CCID mode of operation, and described not limited protocol process module is the CCID protocol process module;

9. the information safety devices that can install automatically as claimed in claim 1, it is characterized in that, described automatic operation module comprises detecting unit and application program installation unit, the Autorun program that is used for described detecting unit detects main frame whether the application program relevant with described information safety devices has been installed, the application program installation unit is used for when described detecting unit does not detect main frame the application program relevant with described information safety devices has been installed, and the Autorun program is installed the application program relevant with described information safety devices in main frame.

10. the information safety devices that can install automatically as claimed in claim 9 is characterized in that, the application program that described information safety devices is correlated with is write in advance by the manufacturer of described information safety devices, and is stored in advance in the described information safety devices.

11. the information safety devices that can install automatically as claimed in claim 9, it is characterized in that, the application program that described information safety devices is relevant also comprises watchdog routine, and described watchdog routine is used for sending the mode of operation switching command and/or judging the user right of current host computer system to described information safety devices.

12. as claim 9 or the 11 described information safety devices that can install automatically, it is characterized in that described SCSI protocol process module also links to each other with described information security module, described automatic operation module comprises that also mode of operation selectes the unit;

13. the information safety devices that can install automatically as claimed in claim 1, it is characterized in that, described mode of operation handover module also comprises the equipment judging unit, and described equipment judging unit is used to judge whether the SCSI type equipment that is connected with main frame is described information safety devices.

14. as the described information safety devices that can install automatically of any claim among the claim 1-3, it is characterized in that described information security module is the Safety Design chip, described Safety Design chip comprises intelligent card chip.

15. as the described information safety devices that can install automatically of any claim among the claim 1-3, it is characterized in that, described information security module and described mode of operation handover module, the usb bus module that resets, not limited protocol process module, SCSI protocol process module, control module, move in module, the usb interface module one or several automatically and be integrated in the chips.

16. the information safety devices that can install automatically as claimed in claim 15 is characterized in that, described chip is the Safety Design chip, and described Safety Design chip comprises intelligent card chip.

17., it is characterized in that described usb interface module is the USB interface chip as the described information safety devices that can install automatically of any claim among the claim 1-3.

18. an installed security equipment control methods automatically is characterized in that described method comprises:

Step B: start automatically and move the Autorun program;

Step C: the mode of operation of selected described information safety devices;

19. installed security equipment control methods automatically as claimed in claim 18 is characterized in that described Autorun program is write in advance by the manufacturer of described information safety devices, and is stored in advance in the described information safety devices.

20. installed security equipment control methods automatically as claimed in claim 18, it is characterized in that, described step B specifically comprises: start the Autorun program automatically, described Autorun program detects whether the application program relevant with described information safety devices has been installed in the described main frame, if the application program relevant with described information safety devices is not installed in the described main frame, then described Autorun program is installed the application program relevant with described information safety devices in described main frame; If the application program relevant with described information safety devices has been installed in the described main frame, then select the mode of operation of described information safety devices.

21. installed security equipment control methods automatically as claimed in claim 20, it is characterized in that, the application program that described information safety devices is correlated with is write in advance by the manufacturer of described information safety devices, and is stored in advance in the described information safety devices.

22. installed security equipment control methods automatically as claimed in claim 20, it is characterized in that, the application program that described information safety devices is relevant also comprises watchdog routine, and described watchdog routine is used for sending the mode of operation switching command and/or judging the user right of current host computer system to described information safety devices.

23. installed security equipment control methods automatically as claimed in claim 18, it is characterized in that, described step C specifically comprises: the Autorun program sends the mode of operation switching command to described information safety devices, described information safety devices switches to not limited operation pattern from the SCSI mode of operation of acquiescence, the simulation of control usb bus is the plug incident of described information safety devices once, and statement is certainly as the relevant device type.

24. installed security equipment control methods automatically as claimed in claim 22, it is characterized in that, described step C specifically comprises: Autorun program or watchdog routine send the mode of operation switching command to described information safety devices, described information safety devices switches to not limited operation pattern from the SCSI mode of operation of acquiescence, the simulation of control usb bus is the plug incident of described information safety devices once, and statement is certainly as the relevant device type.

25. installed security equipment control methods automatically as claimed in claim 18, it is characterized in that, described step C specifically comprises: the Autorun program is judged the user right of current host computer system, if described current host computer system is operated under the superuser right, selected described information safety devices continues to operate in the SCSI mode of operation; If described host computer system is operated under the non-superuser right, described Autorun program sends the mode of operation switching command to described information safety devices, described information safety devices switches to not limited operation pattern from the SCSI mode of operation of acquiescence, the simulation of control usb bus is the plug incident of described information safety devices once, and statement is certainly as the relevant device type.

26. installed security equipment control methods automatically as claimed in claim 22, it is characterized in that, described step C specifically comprises: Autorun program or watchdog routine are judged the user right of current host computer system, if described current host computer system is operated under the superuser right, selected described information safety devices continues to operate in the SCSI mode of operation; If described host computer system is operated under the non-superuser right, described Autorun program or watchdog routine send the mode of operation switching command to described information safety devices, described information safety devices switches to not limited operation pattern from the SCSI mode of operation of acquiescence, the simulation of control usb bus is the plug incident of described information safety devices once, and statement is certainly as the relevant device type.

27. as the described installed security equipment control methods automatically of any claim among the claim 23-26, it is characterized in that described not limited operation pattern is not for being subjected to the interface protocol mode of operation of user right restriction under Windows operating system.

28. installed security equipment control methods automatically as claimed in claim 27 is characterized in that, described not limited operation pattern is HID mode of operation or CCID mode of operation.

29. as the described installed security equipment control methods automatically of any claim among the claim 23-26, it is characterized in that described mode of operation switching command is not for being subjected to the CD steering order of user right restriction under Windows operating system.

30. as the described installed security equipment control methods automatically of any claim among the claim 23-26, it is characterized in that the described control usb bus simulation once plug incident of described information safety devices changes by the level on the control usb signal line and realizes.