CN102184357B - Portable trustworthy private information processing system - Google Patents
Portable trustworthy private information processing system Download PDFInfo
- Publication number
- CN102184357B CN102184357B CN201110108673.5A CN201110108673A CN102184357B CN 102184357 B CN102184357 B CN 102184357B CN 201110108673 A CN201110108673 A CN 201110108673A CN 102184357 B CN102184357 B CN 102184357B
- Authority
- CN
- China
- Prior art keywords
- private information
- information processing
- portable
- trustworthy
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000010365 information processing Effects 0.000 title claims abstract description 48
- 238000000034 method Methods 0.000 claims description 16
- 230000008569 process Effects 0.000 claims description 15
- 230000006870 function Effects 0.000 claims description 14
- 108700039691 Genetic Promoter Regions Proteins 0.000 claims description 11
- 238000012545 processing Methods 0.000 claims description 11
- 239000000463 material Substances 0.000 claims description 5
- 238000004891 communication Methods 0.000 claims description 2
- 238000001914 filtration Methods 0.000 claims description 2
- 238000003780 insertion Methods 0.000 claims description 2
- 230000037431 insertion Effects 0.000 claims description 2
- 230000007246 mechanism Effects 0.000 claims description 2
- 238000001629 sign test Methods 0.000 claims description 2
- 238000005259 measurement Methods 0.000 abstract 1
- 241000700605 Viruses Species 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a portable trustworthy private information processing system. The system physically comprises a safety chip, a Flash memory chip and a safety COS (Chip Operating System), and logically comprises a starting region, a USB (Universal Serial Bus) intelligent key region, a hidden region and an encryption region. When a computer terminal is set to be booted from a USB port and is started to run through the system, an entire computing environment is guaranteed to be trustworthy through trusted boot and measurement; and when the computer terminal is not started and booted from the system, the system can be independently used as an encrypted U disk. Through the system, the problem of safety for personal private information processing is solved, and the trustworthy computing environment is constructed.
Description
Technical field
The present invention relates to a kind of private information disposal system, be specifically related to a kind of Portable trustworthy private information processing system.
Background technology
The security of private information becomes the focus safety problem of unit, enterprises and individuals's concern day by day.User always wishes under a reliable computing environment, to carry out the processing of sensitive information, as unit document information processing, commercial matters information processing, management of personal money and personal information (as picture, video and document) etc.But in most cases, process the computing platform hardware environment of private information due to designs simplification, cause any use of resource, especially run time version can be revised, rogue program can be implanted, and the security threats such as wooden horse, virus, hacker exist all the time; More seriously, legal user is not carried out to strict access control, cause unauthorized access, thereby cause sensitive information leakage or critical data to lose.Therefore, for providing a bad computing environment of secure and trusted, private information system seems particularly important.
The various security protection means that provide safely for computing environment at present comprise fire wall, intruding detection system, secure router, security gateway, antivirus software etc.Above-mentioned security protection pattern mostly is Passive Defence pattern, and in the face of the system attack mode emerging in an endless stream, traditional security protection means can not tackle the problem at its root, and the security effectiveness of bringing into play is also had a greatly reduced quality.And, only rely on one or more security protection softwares cannot fundamentally construct reliable computing environment, guarantee the safety of private information system.
Summary of the invention
The object of the invention is to overcome the deficiency of existing safety product Passive Defence pattern, cause the believable private information disposal system that can face various security threats while processing private information and a kind of portable is provided.This system provides reliable computing environment for unit, enterprise or individual process private information.This system physical appearance is similar with common USB memory disc, user can insert and move this system on any PC with computational resource (CPU) or notebook computer, just switch to a reliable computing environment, even if I do not carry any computer, also the responsive private information that carries out that can be relieved on other people computing machine is processed, no longer worry intrusion and the destruction of wooden horse, virus, even if system loss also can not cause the leakage of sensitive information.
The present invention is by the following technical solutions:
According to the present invention, a kind of Portable trustworthy private information processing system is provided,
Its physical composition comprises:
Safety chip, for resisting physical attacks, and have for be connected with USB interface of computer to realize with terminal between the USB interface of communicating by letter;
Flash storage chip, is connected with safety chip by memory interface, for the safe storage of data; And
Safe COS, for realizing security function in logic,
Its logic forms and comprises:
Promoter region, for starting guiding to terminal;
USB Intelligent key district, provides cryptographic service and the credible password module of standard is provided, and for store and management key and realize rights management by password mechanism;
Hidden area, for storage security operating strategy and key material;
Encrypted area, for as encrypted U disk, with encrypt file,
Wherein, describedly from the LINUX of cutting operating system and private information processing components, be stored in described promoter region;
The BIOS of terminal is set, so that this terminal is specified with USB interface guiding, starts;
Insert described Portable trustworthy private information processing system;
Terminal start powers up;
Correct input identity protection PIN code; described system discharge described USB embedded credible rely private information treating apparatus promoter region from cutting LINUX operating system; under the support of safe COS; this system is the integrality of metric operations system kernel, the important process of system and private information processing components successively
If complete, described in safe guidance from the LINUX of cutting operating system to safe and reliable environment, the encrypted U disk function that use system provides, safe storage private information, and utilize the Intelligent key, the private information processing components that provide to carry out internet bank trade and privately owned document information processing;
If imperfect, stop guiding and startup system.
Wherein, the memory block of encrypted U disk is invisible to user, by user, authenticates, and the storage of subscriber data after encrypting, in the memory block of encrypted U disk, and while deriving from this memory block, is needed to deciphering.
Further comprise that terminal is not set to start from USB port, the described system of inserting terminal is only used as encrypted U disk, and need to carry out user and authenticate.
Wherein said credible password module comprises credible tolerance, trusted storage and credible report, and described cryptographic service comprises encryption and decryption, the signature/sign test based on symmetry algorithm based on grouping algorithm.
Wherein private information processing components provides the cryptographic service of bank's standard Intelligent key and the application component of processing private information.
Wherein said application component comprises word processing assembly, picture processing assembly, PDF reader assembly, browser component and Mail Clients assembly.
Wherein said key material comprises cipher card primary control program, cryptographic algorithm code and working key, and described Security Strategies comprises that guiding starts security strategy, port controlling strategy, network filtering strategy.
The invention has the beneficial effects as follows:
According to the present invention, in system start-up and operation process, important process, assembly are carried out to credible tolerance, assurance system is not maliciously tampered and uses, and guarantees data security responsive, private information, for user provides reliable private information processing environment.Simultaneously, various private information process softwares are also provided, comprise word processing, picture, Video processing, PDF document process, browser, Mail Clients etc., and the Intelligent key KEY function of the bank's standard providing, facilitate user security to carry out Internet-based banking services.
The present invention can solve the safety problem that E-Government, ecommerce, Web bank and personal sensitive information are processed.The present invention is based on the Security Linux OS from cutting, can conveniently be stored in the firmware of USB interface micro portable.When user need to process privately owned or sensitive information, only need this system to be inserted on any PC or notebook computer with computational resource (CPU), just switch to a reliable computing environment, even if I do not carry any computer, also can be on other people computing machine relieved carry out information processing.
Other advantages of the present invention, target and feature will be set forth to a certain extent in the following description, and to a certain extent, based on will be apparent to those skilled in the art to investigating below, or can be instructed from the practice of the present invention.Target of the present invention and other advantages can be by below instructions or accompanying drawing in specifically noted structure realize and obtain.
accompanying drawing explanation:
Fig. 1 is Portable trustworthy private information processing system physical composition figure.
Fig. 2 is Portable trustworthy private information processing system function composition figure.
Fig. 3 is trusted bootstrap and tolerance process flow diagram.
embodiment:
Below in conjunction with drawings and Examples, the present invention is described further:
As shown in Figure 1, Portable trustworthy private information processing system physical composition comprises safety chip, Flash storage chip and safe COS.Safety chip is connected with the USB port of computing machine by USB interface, complete and computing machine between high-speed communication.Safety chip is connected with Flash storage chip by memory interface simultaneously, realizes safe storage function.Safety chip can be resisted physical attacks physically, and logically the security function of described Portable trustworthy private information processing system is realized by safe COS.
As shown in Figure 2, described Portable trustworthy private information processing system logic forms and comprises four subregions, promoter region, USB Intelligent key district, hidden area and encrypted area.Promoter region is for user provides reliable computing environment, comprises described from the LINUX of cutting operating system and described private information processing components; The credible tolerance of credible password module TPM(, trusted storage and credible report that USB Intelligent key district provides cryptographic service function and standard is provided for user) function; Hidden area is used for depositing Security Strategies and key material; The encrypted U disk function of encrypted physical, storage encryption file are realized in encrypted area.
The BIOS of terminal is set, terminal can only be started from specifying USB port to guide;
Insert the USB port that described Portable trustworthy private information processing system is inserted into computing machine appointment;
As shown in Figure 3, terminal start powers up, and system starts from USB port.User inputs identity protection PIN code, and as correctly, described Portable trustworthy private information processing system discharges the LINUX operating system of USB embedded credible system promoter region; As continuous three mistakes, system is locked; Under the support of safe COS, described Portable trustworthy private information processing system is the integrality of metric operations system kernel, the important process of system and private information processing components successively, as complete, safe guidance LINUX operating system is safe and reliable environment extremely, and proceeds to step 6; As imperfect, stop guiding and start the operating system;
Portable trustworthy private information processing system normally moves, and user uses system that encrypted U disk function is provided, safe storage private information; And the Intelligent key provide, private information processing components etc. are provided, relievedly carry out internet bank trade and process the privately owned document information such as various words, picture, video.
If terminal is not set to start from USB port, when terminal self with os starting operation after, insert again described Portable trustworthy private information processing system, at this moment the function providing of Portable trustworthy private information processing system is only encrypted U disk, system meeting Auto-mounting encrypted U disk management software during insertion, input user password, if user authenticate by, encrypted U disk district can be used.
From the LINUX of cutting operating system and private information processing components, be integrated in Portable trustworthy private information processing system promoter region, private information processing components provides the cryptographic service of bank's standard Intelligent key and processes the various application components (word processing, picture processing, PDF reader, browser, Mail Clients etc.) of private information.
Although the present invention is set forth with reference to preferred embodiment, it should be appreciated by those skilled in the art that and can carry out different modifications and distortion and not depart from the scope of the present invention for the present invention.
Claims (2)
1. the believable private information disposal route of portable, the method is based upon on Portable trustworthy private information processing system basis, and the physical composition of Portable trustworthy private information processing system comprises:
Safety chip, for resisting physical attacks, and have for be connected with USB interface of computer to realize with terminal between the USB interface of communicating by letter, for complete and computing machine between high-speed communication;
Flash storage chip, is connected with safety chip by memory interface, for the safe storage of data; And safe COS, for realizing security function in logic;
Its logic forms and comprises:
Promoter region, for starting guiding to terminal; Promoter region is for user provides reliable computing environment, comprise from the LINUX of cutting operating system and described private information processing components;
USB Intelligent key district, provides cryptographic service and the credible password module of standard is provided, and for store and management key and realize rights management by password mechanism; Credible password module comprises credible tolerance, trusted storage and credible report, and described cryptographic service comprises encryption and decryption, the signature/sign test based on symmetry algorithm based on grouping algorithm;
Hidden area, for storage security operating strategy and key material; Described key material comprises cipher card primary control program, cryptographic algorithm code and working key, and described Security Strategies comprises that guiding starts security strategy, port controlling strategy, network filtering strategy;
Encrypted area, for as encrypted U disk, with encrypt file, the memory block of encrypted U disk is invisible to user, by user, authenticate, by the storage of subscriber data after encrypting in the memory block of encrypted U disk, and during the user data from encryption is derived in this memory block, need deciphering;
Wherein, describedly from the LINUX of cutting operating system and private information processing components, be stored in described promoter region; Private information processing components provides the cryptographic service of bank's standard Intelligent key and processes the application component of private information; Application component comprises word processing assembly, picture processing assembly, PDF reader assembly, browser component and Mail Clients assembly;
The BIOS of terminal is set, so that this terminal is specified with USB interface guiding, starts;
Insert described Portable trustworthy private information processing system;
It is characterized in that:
Step 1), terminal start power up, and system starts from USB port;
Step 2), correctly input identity protection PIN code;
Step 3), as correctly, described Portable trustworthy private information processing system discharges the LINUX operating system of USB embedded credible system promoter region, as continuous three mistakes, system is locked;
Step 4), under the support of safe COS, described Portable trustworthy private information processing system is the integrality of metric operations system kernel, the important process of system and private information processing components successively;
If step 5) is complete, described in safe guidance from the LINUX of cutting operating system to safe and reliable environment, the encrypted U disk function that use system provides, safe storage private information, and utilize the Intelligent key, the private information processing components that provide to carry out internet bank trade and privately owned document information processing;
Step 6), as imperfect, stop guiding and start the operating system; Portable trustworthy private information processing system normally moves, and user uses system that encrypted U disk function is provided, safe storage private information; And Intelligent key, the private information processing components provide be provided, relievedly carry out internet bank trade and process various words, picture, the privately owned document information of video.
2. the believable private information disposal route of portable according to claim 1, is characterized in that:
If terminal is not set to start from USB port, when terminal self with os starting operation after, insert again described Portable trustworthy private information processing system, at this moment the function providing of Portable trustworthy private information processing system is only encrypted U disk, system meeting Auto-mounting encrypted U disk management software during insertion, input user password, if user authenticate by, encrypted U disk district can be used.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110108673.5A CN102184357B (en) | 2011-04-28 | 2011-04-28 | Portable trustworthy private information processing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110108673.5A CN102184357B (en) | 2011-04-28 | 2011-04-28 | Portable trustworthy private information processing system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102184357A CN102184357A (en) | 2011-09-14 |
| CN102184357B true CN102184357B (en) | 2014-03-19 |
Family
ID=44570532
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110108673.5A Active CN102184357B (en) | 2011-04-28 | 2011-04-28 | Portable trustworthy private information processing system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102184357B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102610039B (en) * | 2012-03-12 | 2014-04-02 | 山东科技大学 | Encrypting method for leasehold bean milk machine |
| CN102663315B (en) * | 2012-03-28 | 2015-04-22 | 深圳市江波龙电子有限公司 | Authentication method of computer system and computer system |
| CN102722669B (en) * | 2012-05-28 | 2015-05-20 | 清华大学 | Completeness verification method of operating system |
| CN102982445A (en) * | 2012-11-16 | 2013-03-20 | 江苏乐买到网络科技有限公司 | Client-side system for achieving network safety transaction and payment |
| CN105426734B (en) * | 2015-11-12 | 2018-04-13 | 山东超越数控电子股份有限公司 | A kind of identity identifying method and device based on trust computing |
| CN108199849B (en) * | 2018-01-04 | 2021-01-05 | 北京中电华大电子设计有限责任公司 | USBKey equipment security attack system and method for real-time data acquisition |
| CN108536641B (en) * | 2018-02-28 | 2020-10-23 | 郑州信大捷安信息技术股份有限公司 | Communication mechanism and method for realizing Windows embedded system safety guide by using same |
| CN109086620B (en) * | 2018-07-19 | 2021-03-23 | 郑州信大捷安信息技术股份有限公司 | Physical isolation dual-system construction method based on mobile storage medium |
| CN111310189A (en) * | 2018-12-11 | 2020-06-19 | 航天信息股份有限公司 | USBKEY credibility verification method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436234A (en) * | 2008-04-30 | 2009-05-20 | 北京飞天诚信科技有限公司 | System and method for ensuring operation environment safety |
| CN102184358A (en) * | 2011-04-28 | 2011-09-14 | 郑州信大捷安信息技术有限公司 | USB (Universal Serial Bus) embedded trustworthiness private information processing device and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080148046A1 (en) * | 2006-12-07 | 2008-06-19 | Bryan Glancey | Real-Time Checking of Online Digital Certificates |
-
2011
- 2011-04-28 CN CN201110108673.5A patent/CN102184357B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436234A (en) * | 2008-04-30 | 2009-05-20 | 北京飞天诚信科技有限公司 | System and method for ensuring operation environment safety |
| CN102184358A (en) * | 2011-04-28 | 2011-09-14 | 郑州信大捷安信息技术有限公司 | USB (Universal Serial Bus) embedded trustworthiness private information processing device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102184357A (en) | 2011-09-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102184357B (en) | Portable trustworthy private information processing system | |
| CN102184358B (en) | USB (Universal Serial Bus) embedded trustworthiness private information processing device and system | |
| US11947688B2 (en) | Secure computing system | |
| US10162975B2 (en) | Secure computing system | |
| Dai et al. | SBLWT: A secure blockchain lightweight wallet based on trustzone | |
| US8335931B2 (en) | Interconnectable personal computer architectures that provide secure, portable, and persistent computing environments | |
| US8261072B2 (en) | Method and system for secure external TPM password generation and use | |
| US9047486B2 (en) | Method for virtualizing a personal working environment and device for the same | |
| CN112513857A (en) | Personalized cryptographic security access control in a trusted execution environment | |
| US7900252B2 (en) | Method and apparatus for managing shared passwords on a multi-user computer | |
| US20110265156A1 (en) | Portable security device protection against keystroke loggers | |
| US20110093693A1 (en) | Binding a cryptographic module to a platform | |
| US10747885B2 (en) | Technologies for pre-boot biometric authentication | |
| CN102024115B (en) | Computer with user security subsystem | |
| CN202067261U (en) | Universal serial bus (USB) embedding type trustworthy private information processing device and system | |
| US10938857B2 (en) | Management of a distributed universally secure execution environment | |
| CN202093522U (en) | Portable trustworthy private information processing system | |
| Neubauer et al. | A roadmap for personal identity management | |
| US11822648B2 (en) | Systems and methods for remote anomaly data scanner for cyber-physical systems | |
| JP5355351B2 (en) | Computer | |
| TW200841206A (en) | Method and system for secure external TPM password generation and use | |
| JP2006092081A (en) | Safe start/use method for personal computer to be used by unspecified person or multiple person and recording medium for realizing such use | |
| Kim | Securing a Firm’s Computer Operating System: Trusted Platform Module |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 450046 Henan city of Zhengzhou Province, West Zheng Dong new things are integrated services northbound Zhengzhou national trunk highway logistics building 14 floors of A towers Applicant after: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd. Address before: 450001 No. 11 Lianhua street, hi tech Development Zone, Henan, Zhengzhou Applicant before: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd. |
|
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 450046 Henan city of Zhengzhou Province, East West northbound Zheng Dong new district are integrated services Zhengzhou national trunk highway logistics building 14 floors of A towers Applicant after: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd. Address before: 450001 Henan city of Zhengzhou Province, West Zheng Dong new things are integrated services northbound Zhengzhou national trunk highway logistics building 14 floors of A towers Applicant before: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Portable trustworthy private information processing system Effective date of registration: 20180206 Granted publication date: 20140319 Pledgee: Bank of Communications Ltd. Henan branch Pledgor: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd. Registration number: 2018410000003 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20181105 Granted publication date: 20140319 Pledgee: Bank of Communications Ltd. Henan branch Pledgor: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd. Registration number: 2018410000003 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Portable Trustworthy Private Information Processing System Granted publication date: 20140319 Pledgee: Bank of Zhengzhou Co.,Ltd. Zhongyuan Science and Technology City Sub branch Pledgor: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd. Registration number: Y2024980007004 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |