CN102521164A - Access control method of mobile memory, mobile memory and system - Google Patents
Access control method of mobile memory, mobile memory and system Download PDFInfo
- Publication number
- CN102521164A CN102521164A CN2011103378507A CN201110337850A CN102521164A CN 102521164 A CN102521164 A CN 102521164A CN 2011103378507 A CN2011103378507 A CN 2011103378507A CN 201110337850 A CN201110337850 A CN 201110337850A CN 102521164 A CN102521164 A CN 102521164A
- Authority
- CN
- China
- Prior art keywords
- fileinfo
- display device
- mobile memory
- authentication
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses an access control method of a mobile memory, a mobile memory and a system, belonging to the field of information security. According to the method, the mobile memory is connected with a file information display device and receives an authentication request which contains a display device certification and is sent by the file information display device; after receiving the authentication request, the mobile memory performs authentication on the display device certification contained in the authentication request; and after the authentication is successful, the mobile memory receives a file information browsing request sent by the file information display device, extracts the file information corresponding to the file information browsing request and sends to the file information display device for display. The method can solve the poor security problem due to that the conventional security U disk performs identity authentication on a user by using static authentication passwords, thus the security of the access control of the security U disk can be improved.
Description
Technical field
The present invention relates to information security field, relate in particular to a kind of access control method, mobile memory and system of mobile memory.
Background technology
Along with mobile memory, especially be that the rapid of mobile memory (being designated hereinafter simply as USB flash disk) of interface popularized with USB, the safety of files problem that is stored in the USB flash disk receives publicity day by day.
In order to strengthen the security of USB flash disk, can be applied to fields such as military affairs, finance, commerce gradually to the safe U disc that the file access operation of USB flash disk is controlled.Safe U disc conduct interviews control ultimate principle be; The user is before conducting interviews to the file in the safe U disc; Need send authenticate password (being designated hereinafter simply as password) to safe U disc through terminal; Safe U disc carries out authentication to password, authentication through after just allow safe U disc carried out operations such as file read-write.
Existing safe U disc uses static authenticate password that the user is carried out authentication, and security is relatively poor.
Summary of the invention
Embodiment of the present invention provides the access control method and the system of a kind of mobile memory, mobile memory, can solve existing safe U disc and use static authenticate password the user to be carried out authentication, the problem that security is relatively poor.
For solving the problems of the technologies described above, embodiment of the present invention provides a kind of access control method of mobile memory, and this method may further comprise the steps:
Mobile memory receives the authentication request that comprises the display device certificate that the fileinfo display device is sent with after the fileinfo display device is connected;
After receiving authentication request; Mobile memory carries out authentication to the display device certificate that comprises in the authentication request; Behind the authentication success; Mobile memory receives the fileinfo browse request that the fileinfo display device is sent, and extraction and fileinfo browse request corresponding file information are sent to the fileinfo display device and show.
And mobile memory sends the mobile memory certificate to after the display device certificate verification success to the fileinfo display device;
The fileinfo display device is carried out authentication to said mobile memory certificate after receiving said mobile memory certificate, send said fileinfo browse request behind the authentication success.
And, after mobile memory receives said fileinfo browse request, this document information browse request is analyzed, judge whether current access rights allow to carry out the corresponding file accessing operation, if allow, then carry out subsequent operation; If do not allow, then return the response message of forbidding carrying out the corresponding file accessing operation to the fileinfo display device.
And, judging current access rights for after allowing to carry out the corresponding file accessing operation, further comprising the steps of:
Mobile memory judges that whether current file access operation need carry out password authentication, if need, then sends the password authentication request to the fileinfo display device;
After receiving the password authentication request, the fileinfo display device is imported the user through the fileinfo display device corresponding file operation password is included in the password authentication request answer and sends to mobile memory;
Mobile memory carries out authentication to said file operation password after receiving the password authentication request answer of fileinfo display device transmission, and authentication is carried out follow-up file access through the back and operated.
And, after mobile memory is to display device certificate verification success, also comprise:
Mobile memory is according to the user's identification information in the display device certificate, obtains the corresponding access authority information of this user of local storage, and with it as current access rights.
And that will extract in the following manner is sent to the fileinfo display device with fileinfo browse request corresponding file information and shows:
Mobile memory is with the transmission security key of setting in advance or the transmission security key that obtains with the negotiation of fileinfo display device; To extract encrypt with fileinfo browse request corresponding file information after, the fileinfo after encrypting is sent to the fileinfo display device;
After the fileinfo display device receives fileinfo, use corresponding transmission security key that it is deciphered, the fileinfo after the deciphering is shown on display screen.
And, before the fileinfo display device is sent said fileinfo browse request, further comprising the steps of:
Mobile memory and fileinfo display device are carried out key agreement, obtain being used for fileinfo is carried out the transmission security key of encryption and decryption.
Embodiment of the present invention also provides a kind of mobile memory, and this mobile memory comprises:
Main control module, data transmission module and memory module;
Wherein, said data transmission module is connected with said main control module, is used to connect outside fileinfo display device, makes the transmission of carrying out data between said main control module and the fileinfo display device;
Said memory module is connected with said main control module, is used to store the fileinfo of the said main control module extraction of confession and authentication request is carried out the issuer certificate that authentication is used;
Said main control module is connected with memory module with said data transmission module; Be used to receive the authentication request that comprises the display device certificate of the fileinfo display device transmission that connects through said data transmission module, the display device certificate that comprises in the authentication request that receives is carried out authentication; Behind the authentication success, receive the fileinfo browse request that the fileinfo display device is sent, and from memory module, extract and be sent to the fileinfo display device with fileinfo browse request corresponding file information and show through said data transmission module.
And said memory module also is used to store the mobile memory certificate;
Said main control module also is used for sending the mobile memory certificate to after the display device certificate verification success to the fileinfo display device; Make the fileinfo display device after receiving said mobile memory certificate, said mobile memory certificate is carried out authentication, send said fileinfo browse request behind the authentication success.
10, mobile memory according to claim 8 is characterized in that,
After receiving said fileinfo browse request,
Said main control module also is used for this document information browse request is analyzed, and judges whether current access rights allow to carry out the corresponding file accessing operation, if allow, then carries out subsequent operation; If do not allow, then return the response message of forbidding carrying out the corresponding file accessing operation to the fileinfo display device.
And, judging current access rights for after allowing to carry out the corresponding file accessing operation,
Said main control module; Be used to also judge whether current accessing operation need carry out password authentication; If need; Send the password authentication request to the fileinfo display device, and reply, comprise the corresponding file operation password through the input of fileinfo display device during password authentication is replied by the user through the password authentication that said data transmission module reception fileinfo display device is replied according to the password authentication request; File operation password to comprising in the password authentication response carries out authentication, and authentication is carried out follow-up file access operation through the back.
And the token corresponding dynamic password generation module with obtaining dynamic password is connected with said main control module, is used to generate the dynamic password that limits current accessing operation.
And, be sent to before the fileinfo display device shows with fileinfo browse request corresponding file information what extract,
Said main control module; Also be used for transmission security key that is provided with in advance or the transmission security key that obtains with the negotiation of fileinfo display device; To extract encrypt with fileinfo browse request corresponding file information after, the fileinfo after encrypting is sent to the fileinfo display device.
And, before the fileinfo display device is sent said fileinfo browse request,
Said main control module also is used for carrying out key agreement with the fileinfo display device, obtains being used for fileinfo is carried out the transmission security key of encryption and decryption.
Embodiment of the present invention further provides a kind of access control system of mobile memory, and this system comprises:
Interconnective mobile memory and fileinfo display device;
Wherein, said mobile memory adopts above-mentioned each described mobile memory.
Technical scheme by the invention described above provides can be found out; The access control method of the mobile memory that embodiment of the present invention provides; Can carry out authentication by the authentication request that comprises the display device certificate that mobile memory sends the fileinfo display device; After authentication is passed through, the corresponding fileinfo browse request of sending through the fileinfo display device according to the user again, extraction is sent to the fileinfo display device with fileinfo browse request corresponding file information and shows.This method can solve existing safe U disc and use static authenticate password the user to be carried out authentication, the problem that security is relatively poor.Improved the security of safe U disc access control.
Description of drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the invention; The accompanying drawing of required use is done to introduce simply in will describing embodiment below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skill in the art; Under the prerequisite of not paying creative work, can also obtain other accompanying drawings according to these accompanying drawings.
The process flow diagram of the access control method of the mobile memory that Fig. 1 provides for the embodiment of the invention;
The structural representation of the mobile memory that Fig. 2 provides for the embodiment of the invention;
The structural representation of the access control system of the mobile memory that Fig. 3 provides for the embodiment of the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on embodiments of the invention, those of ordinary skills belong to protection scope of the present invention not making the every other embodiment that is obtained under the creative work prerequisite.
To combine accompanying drawing that the embodiment of the invention is done to describe in detail further below.
Main points of the present invention are: in mobile memory (for example USB flash disk), store one or more certificates (issuer certificate) in advance, the corresponding believable CA (Certificate Authority, authentication center) of each root certificate; In fileinfo display device (for example, PC or special-purpose mobile memory display device are hereinafter to be referred as display device), need store the certificate of issuing by above-mentioned believable CA (can be called display device certificate or user certificate) in advance; With after display device is connected, mobile memory carries out carrying out after the authentication operation of follow-up display file information through the display device certificate that display device is sent again, and improves the security to the mobile memory access control at mobile memory.
In addition,, also need store the certificate (can be called the storer certificate) of self in the mobile memory in order to realize the two-way authentication between mobile memory and the display device, be used for send to display device after display device is connected and carry out authentication.
The first method embodiment
Fig. 1 is the access control method process flow diagram of mobile memory of the present invention.As shown in Figure 1, this method comprises the steps:
101, mobile memory is with after display device is connected, and display device is sent authentication request to mobile memory;
The certificate that comprises this display device in the above-mentioned authentication request.
Above-mentioned display device certificate can read acquisition by display device from its built-in or external memory module, and is sent to mobile memory.
Above-mentioned external memory module can be storage card, smart card, SIM etc.
102, mobile memory carries out authentication to the display device certificate that wherein comprises after receiving the authentication request that display device sends, if the certificate verification success is then carried out next step, otherwise the message of sending authentification failure to display device, this method finishes;
Above-mentioned verification process can be divided into following substep:
102a, the issuer identification information in the mobile memory reading displayed device certificate, and obtain corresponding issuer certificate according to this information;
102b, mobile memory read the PKI of this certificate from the issuer certificate;
102c, mobile memory use above-mentioned PKI that the certificate signature field of display device certificate is verified, show the certificate verification success if signature verification is successful, otherwise show the certificate verification failure.
103, mobile memory is according to the user's identification information in the display device certificate, obtains the corresponding access authority information of this user (user) of local storage, and with it as current access rights.
Access rights can be divided into a plurality of grades, different access permission level can corresponding different files and/or catalogue and/or subregion and/or different files accessing operation (for example, read file; Revised file; Deleted file is created file, the browser document folder; Create file, deleted file folder etc.).
For example, can access rights be divided into three grades: senior, middle rank and rudimentary;
For access rights is senior user, can carry out all accessing operations to the All Files in all catalogues (file) of all subregions;
For access rights is the user of middle rank, can the part or all of file in particular zones/catalogue (file) be read, retouching operation, and can create accessing operations such as file, browser document folder; But do not allow to carry out operations such as deleted file, deleted file folder;
For access rights is rudimentary user, can only carry out read operation to the partial document in particular zones/catalogue (file).
104, after the certificate verification success, mobile memory sends authentication response to display device, through authentication, can carry out operations such as follow-up key agreement, browsing file with notice display device/user;
The certificate that can comprise alternatively, mobile memory in the above-mentioned authentication response.
105, receive the authentication response that mobile memory sends after, display device is carried out authentication to the mobile memory certificate that wherein comprises, if certificate verification success then carry out next step, otherwise this method finishes;
Above-mentioned verification process can be divided into following substep:
105a, display device reads the issuer identification information in the mobile memory certificate, and obtains corresponding issuer certificate according to this information;
105b, display device reads the PKI of this certificate from the issuer certificate;
105c, display device uses above-mentioned PKI that the certificate signature field of mobile memory certificate is verified, shows the certificate verification success if signature verification is successful, otherwise shows the certificate verification failure.
Certainly, if display device possesses network function, display device also can send to specific certificate server with the mobile memory certificate and carry out authentication.
This step is an optional step.
106, mobile memory and display device are carried out key agreement, obtain being used for fileinfo is carried out the transmission security key of encryption and decryption.
Above-mentioned key agreement process can adopt ECDH (Diffie-Hellman of elliptic curve cryptosystem) algorithm to realize, also can adopt other key agreement of the prior art/exchange algorithm to realize.
This step is an optional step.
107, display device is display file information browse operation interface on its display screen, supplies user's startup file information browse operation;
Fileinfo browse operation interface can be a passage information, for example: " pressing the browse operation that begins to carry out fileinfo behind the X key ", the browse operation of startup file information after the user presses specified button; Fileinfo browse operation interface also can be an icon, the browse operation of startup file information after the user selects this icon.
If display device is a PC, above-mentioned fileinfo browse operation interface is generally the file browser that PC operating system provides, for example explorer.
108, receive the fileinfo browsing instructions of user through the input of input equipment such as keyboard after, display device is sent corresponding fileinfo browse request to mobile memory;
Above-mentioned fileinfo browsing instructions can be: browse the disk partition that comprises in the disk, browse the file or folder that comprises in the disk partition, display file information etc.
Comprise in the above-mentioned fileinfo browse request: partition information, file path information, file name, data reference position, ED position information such as (or data lengths).
Above-mentioned partition information is used to specify particular disk subregion or the root partition on the mobile memory;
For example, when mobile memory comprises a plurality of subregions when (for example, comprising subregion 1 and subregion 2), the sign that comprises subregion 1 in the partition information is then represented to browse the file or folder in the subregion 1; Comprise in the partition information root partition sign then expression need browse each disk partition (being subregion 1 and subregion 2) that comprises in the mobile memory.
File path information is used for specifying the particular disk subregion of mobile memory or the file of root partition;
For example, file path information need be browsed the file or folder in " sub-folder 2 " in " file 1 " in a certain disk partition or the root partition for " file 1 sub-folder 2 " expression.
File name is used for specifying the particular disk subregion of mobile memory or the title of the specific file in a certain file path of root partition;
The data reference position is used to specify the data reference position of a certain file that need read;
The ED position is used to specify the ED position of a certain file that need read;
The ED position also can be replaced by data length, i.e. the data reference position and the data length of the file that display device appointment need be read, mobile memory are confirmed the ED position of the file that the display device needs read according to above-mentioned information.
109, receive the fileinfo browse request that display device sends after, mobile memory is analyzed this document information browse request, judges whether current access rights allow to carry out corresponding accessing operation, if permission is then carried out next step; If do not allow, then return the response message of forbidding carrying out corresponding accessing operation to display device, this method finishes.
110, mobile memory extraction document information browse request corresponding file information;
Above-mentioned fileinfo can be: all or part of data of file also can be the attribute informations (for example, file name, file size etc.) of each file of comprising in a certain subregion or the file.
111, the transmission security key of consulting in transmission security key that the mobile memory use is provided with in advance or the step 105 to obtain is encrypted the fileinfo that extracts;
This step is an optional step.
112, mobile memory is sent to display device with fileinfo.
113, after display device receives fileinfo,, then use transmission security key that it is deciphered if this document information is encrypted, the fileinfo of deciphering is presented on the display screen; If the fileinfo unencryption then directly is presented at it on display screen.
After this; When using the input equipments such as keyboard in the display device, the user (for example carries out the file access operation; Open file operation, page turn over operation, browse new disk partition, browse new folder); In the time of need from mobile memory, reading new fileinfo, display device and mobile memory repeated execution of steps 108 are to step 113.
The second method embodiment
The difference of second embodiment and first embodiment is: mobile memory only carries out rights management through the certificate of display device among first embodiment; Among second embodiment, for specific file access operation, for example File Open operation also requires the user to import corresponding file operation password; Above-mentioned file operation password can be a static password, also can be dynamic password (for example, OTP password).Therefore between step 109~110, also need increase following steps:
A: mobile memory judges whether current accessing operation need carry out password authentication, if desired execution in step B then;
The accessing operation that need carry out password authentication can be the accessing operation of particular type; For example; All open file operation; Also can be to the specific accessing operation of specific file or file execution, for example, need carry out password authentication the open file operation that the file in the particular file folder is carried out.
B: mobile memory sends the password authentication request to display device;
C: display device prompting user imports corresponding file operation password;
Above-mentioned file operation password can be the static password that is provided with in advance, also can be dynamic password (for example, OTP password).If the employing dynamic password, the user need obtain password through token, needs in the mobile memory to be provided with and token corresponding dynamic password maker, so that carry out password authentication.
D: display device is included in password authentication with the file operation password of user input and sends to mobile memory in replying;
E: mobile memory carries out authentication to the file operation password, and authentication is carried out follow-up file access operation through the back.
The first device embodiment
Fig. 2 is the structural representation of mobile memory of the present invention, and is as shown in Figure 2, and this mobile memory comprises: main control module, data transmission module and memory module; Wherein,
Data transmission module is connected with main control module, is used to connect outside fileinfo display device, makes the transmission of carrying out data between main control module and the fileinfo display device;
Memory module is connected with said main control module, is used to store the fileinfo of the said main control module extraction of confession and authentication request is carried out the issuer certificate that authentication is used;
Main control module is connected with memory module with the institute data transmission module; Be used to receive the authentication request that comprises the display device certificate of the fileinfo display device transmission that connects through said data transmission module, the display device certificate that comprises in the authentication request that receives is carried out authentication; Behind the authentication success, receive the fileinfo browse request that the fileinfo display device is sent, and from memory module, extract and be sent to the fileinfo display device with fileinfo browse request corresponding file information and show through said data transmission module.
The memory module of above-mentioned mobile memory also is used to store the mobile memory certificate;
Described main control module also is used for sending the mobile memory certificate to after the display device certificate verification success to the fileinfo display device; Make the fileinfo display device after receiving said mobile memory certificate, said mobile memory certificate is carried out authentication, send said fileinfo browse request behind the authentication success.
After receiving the corresponding fileinfo browse request of user through the transmission of fileinfo display device; The main control module of above-mentioned mobile memory also is used for this document information browse request is analyzed; Judge whether current access rights allow to carry out the corresponding file accessing operation; If allow, then carry out subsequent operation; If do not allow, then return the response message of forbidding carrying out the corresponding file accessing operation to the fileinfo display device.
Judging that current access rights are for after allowing to carry out the corresponding file accessing operation; The main control module of above-mentioned mobile memory is used to also judge whether current accessing operation need carry out password authentication; If need; Send the password authentication request to the fileinfo display device; And receive the password authentication that the fileinfo display device replys according to the password authentication request through said data transmission module and reply, during replying, password authentication comprises the corresponding file operation password through the input of fileinfo display device by the user; File operation password to comprising in the password authentication response carries out authentication, and authentication is carried out follow-up file access operation through the back.
Also comprise in the above-mentioned mobile memory: the token corresponding dynamic password generation module with obtaining dynamic password, be connected with said main control module, be used to generate the dynamic password that limits current accessing operation.
Be sent to before the fileinfo display device shows with fileinfo browse request corresponding file information what extract; The main control module of above-mentioned mobile memory also is used for transmission security key that is provided with in advance or the transmission security key that obtains with the negotiation of fileinfo display device; To extract encrypt with fileinfo browse request corresponding file information after, the fileinfo after encrypting is sent to the fileinfo display device.
Before the fileinfo display device was sent said fileinfo browse request, the main control module of above-mentioned mobile memory also was used for carrying out key agreement with the fileinfo display device, obtains being used for fileinfo is carried out the transmission security key of encryption and decryption.
First system embodiment
Fig. 3 is the structural representation of the access control system of mobile memory provided by the invention.As shown in Figure 3, this system comprises: interconnective mobile memory and display device;
Wherein, said mobile memory adopts the mobile memory that the above-mentioned first device embodiment provides.
In sum; The access control method of the mobile memory of the embodiment of the invention; Can carry out authentication by the authentication request that comprises the display device certificate that mobile memory sends display device; After authentication is passed through, the corresponding fileinfo browse request of sending through display device according to the user again, extraction is sent to display device with fileinfo browse request corresponding file information and shows.This method can solve existing safe U disc and use static authenticate password the user to be carried out authentication, the problem that security is relatively poor.Improved the security of safe U disc access control.
The above; Be merely the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, any technician who is familiar with the present technique field is in the technical scope that the present invention discloses; The variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection domain of claims.
Claims (15)
1. the access control method of a mobile memory is characterized in that, this method may further comprise the steps:
Mobile memory receives the authentication request that comprises the display device certificate that the fileinfo display device is sent with after the fileinfo display device is connected;
After receiving authentication request; Mobile memory carries out authentication to the display device certificate that comprises in the authentication request; Behind the authentication success; Mobile memory receives the fileinfo browse request that the fileinfo display device is sent, and extraction and fileinfo browse request corresponding file information are sent to the fileinfo display device and show.
2. the access control method of mobile memory according to claim 1 is characterized in that,
Mobile memory sends the mobile memory certificate to after the display device certificate verification success to the fileinfo display device;
The fileinfo display device is carried out authentication to said mobile memory certificate after receiving said mobile memory certificate, send said fileinfo browse request behind the authentication success.
3. the access control method of mobile memory according to claim 1 is characterized in that,
After mobile memory receives said fileinfo browse request, this document information browse request is analyzed, judged whether current access rights allow to carry out the corresponding file accessing operation,, then carry out subsequent operation if allow; If do not allow, then return the response message of forbidding carrying out the corresponding file accessing operation to the fileinfo display device.
4. the access control method of mobile memory according to claim 3 is characterized in that,
Judging current access rights for after allowing to carry out the corresponding file accessing operation, further comprising the steps of:
Mobile memory judges that whether current file access operation need carry out password authentication, if need, then sends the password authentication request to the fileinfo display device;
After receiving the password authentication request, the fileinfo display device is imported the user through the fileinfo display device corresponding file operation password is included in the password authentication request answer and sends to mobile memory;
Mobile memory carries out authentication to said file operation password after receiving the password authentication request answer of fileinfo display device transmission, and authentication is carried out follow-up file access through the back and operated.
5. the access control method of mobile memory according to claim 1 is characterized in that,
After mobile memory is to display device certificate verification success, also comprise:
Mobile memory is according to the user's identification information in the display device certificate, obtains the corresponding access authority information of this user of local storage, and with it as current access rights.
6. the access control method of mobile memory according to claim 1 is characterized in that,
That will extract in the following manner is sent to the fileinfo display device with fileinfo browse request corresponding file information and shows:
Mobile memory is with the transmission security key of setting in advance or the transmission security key that obtains with the negotiation of fileinfo display device; To extract encrypt with fileinfo browse request corresponding file information after, the fileinfo after encrypting is sent to the fileinfo display device;
After the fileinfo display device receives fileinfo, use corresponding transmission security key that it is deciphered, the fileinfo after the deciphering is shown on display screen.
7. the access control method of mobile memory according to claim 6 is characterized in that,
Before the fileinfo display device is sent said fileinfo browse request, further comprising the steps of:
Mobile memory and fileinfo display device are carried out key agreement, obtain being used for fileinfo is carried out the transmission security key of encryption and decryption.
8. a mobile memory is characterized in that, this mobile memory comprises:
Main control module, data transmission module and memory module;
Wherein, said data transmission module is connected with said main control module, is used to connect outside fileinfo display device, makes the transmission of carrying out data between said main control module and the fileinfo display device;
Said memory module is connected with said main control module, is used to store the fileinfo of the said main control module extraction of confession and authentication request is carried out the issuer certificate that authentication is used;
Said main control module is connected with memory module with said data transmission module; Be used to receive the authentication request that comprises the display device certificate of the fileinfo display device transmission that connects through said data transmission module, the display device certificate that comprises in the authentication request that receives is carried out authentication; Behind the authentication success, receive the fileinfo browse request that the fileinfo display device is sent, and from memory module, extract and be sent to the fileinfo display device with fileinfo browse request corresponding file information and show through said data transmission module.
9. mobile memory according to claim 8 is characterized in that,
Said memory module also is used to store the mobile memory certificate;
Said main control module also is used for sending the mobile memory certificate to after the display device certificate verification success to the fileinfo display device; Make the fileinfo display device after receiving said mobile memory certificate, said mobile memory certificate is carried out authentication, send said fileinfo browse request behind the authentication success.
10. mobile memory according to claim 8 is characterized in that,
After receiving said fileinfo browse request,
Said main control module also is used for this document information browse request is analyzed, and judges whether current access rights allow to carry out the corresponding file accessing operation, if allow, then carries out subsequent operation; If do not allow, then return the response message of forbidding carrying out the corresponding file accessing operation to the fileinfo display device.
11. mobile memory according to claim 10 is characterized in that,
Judging current access rights for after allowing to carry out the corresponding file accessing operation,
Said main control module; Be used to also judge whether current accessing operation need carry out password authentication; If need; Send the password authentication request to the fileinfo display device, and reply, comprise the corresponding file operation password through the input of fileinfo display device during password authentication is replied by the user through the password authentication that said data transmission module reception fileinfo display device is replied according to the password authentication request; File operation password to comprising in the password authentication response carries out authentication, and authentication is carried out follow-up file access operation through the back.
12. mobile memory according to claim 11 is characterized in that, also comprises:
Token corresponding dynamic password generation module with obtaining dynamic password is connected with said main control module, is used to generate the dynamic password that limits current accessing operation.
13. mobile memory according to claim 10 is characterized in that,
Be sent to before the fileinfo display device shows with fileinfo browse request corresponding file information what extract,
Said main control module; Also be used for transmission security key that is provided with in advance or the transmission security key that obtains with the negotiation of fileinfo display device; To extract encrypt with fileinfo browse request corresponding file information after, the fileinfo after encrypting is sent to the fileinfo display device.
14. mobile memory according to claim 13 is characterized in that,
Before the fileinfo display device is sent said fileinfo browse request,
Said main control module also is used for carrying out key agreement with the fileinfo display device, obtains being used for fileinfo is carried out the transmission security key of encryption and decryption.
15. the access control system of a mobile memory is characterized in that, this system comprises:
Interconnective mobile memory and fileinfo display device;
Wherein, said mobile memory adopts aforesaid right to require 8~14 each described mobile memories.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110337850.7A CN102521164B (en) | 2011-10-31 | 2011-10-31 | Access control method of mobile memory, mobile memory and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110337850.7A CN102521164B (en) | 2011-10-31 | 2011-10-31 | Access control method of mobile memory, mobile memory and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102521164A true CN102521164A (en) | 2012-06-27 |
| CN102521164B CN102521164B (en) | 2014-12-03 |
Family
ID=46292093
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110337850.7A Active CN102521164B (en) | 2011-10-31 | 2011-10-31 | Access control method of mobile memory, mobile memory and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102521164B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790107A (en) * | 2016-12-26 | 2017-05-31 | 郑州云海信息技术有限公司 | A kind of access control method and server |
| CN111199049A (en) * | 2018-11-16 | 2020-05-26 | 浙江宇视科技有限公司 | File authority management method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003345663A (en) * | 2002-05-29 | 2003-12-05 | Fujitsu Ltd | Database access control method and program |
| CN101120352A (en) * | 2004-12-21 | 2008-02-06 | 桑迪士克股份有限公司 | Memory system with universal content control |
| CN101714123A (en) * | 2008-10-07 | 2010-05-26 | 谈剑锋 | Document mobile memory device capable of ensuring information security and implementing method thereof |
| CN102223364A (en) * | 2011-05-09 | 2011-10-19 | 飞天诚信科技股份有限公司 | Method and system for accessing e-book data |
-
2011
- 2011-10-31 CN CN201110337850.7A patent/CN102521164B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003345663A (en) * | 2002-05-29 | 2003-12-05 | Fujitsu Ltd | Database access control method and program |
| CN101120352A (en) * | 2004-12-21 | 2008-02-06 | 桑迪士克股份有限公司 | Memory system with universal content control |
| CN101714123A (en) * | 2008-10-07 | 2010-05-26 | 谈剑锋 | Document mobile memory device capable of ensuring information security and implementing method thereof |
| CN102223364A (en) * | 2011-05-09 | 2011-10-19 | 飞天诚信科技股份有限公司 | Method and system for accessing e-book data |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790107A (en) * | 2016-12-26 | 2017-05-31 | 郑州云海信息技术有限公司 | A kind of access control method and server |
| CN111199049A (en) * | 2018-11-16 | 2020-05-26 | 浙江宇视科技有限公司 | File authority management method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102521164B (en) | 2014-12-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2442601B1 (en) | Method and system for automatically logging in client | |
| KR20210065946A (en) | System and method for cryptographic authentication of contactless card | |
| KR20170134631A (en) | User authentication method and apparatus, and wearable device registration method and apparatus | |
| KR20210069033A (en) | System and method for cryptographic authentication of contactless card | |
| US9348768B2 (en) | Method for implementing encryption in storage card, and decryption method and device | |
| KR20210068028A (en) | System and method for cryptographic authentication of contactless card | |
| KR20210066795A (en) | System and method for cryptographic authentication of contactless card | |
| CN102368230A (en) | Mobile memory and access control method thereof as well as system | |
| KR20210065937A (en) | System and method for cryptographic authentication of contactless card | |
| CN101841418A (en) | Handheld multiple role electronic authenticator and service system thereof | |
| CN102368773B (en) | Access control method of mobile memory, mobile memory and system | |
| KR20210065961A (en) | System and method for cryptographic authentication of contactless card | |
| KR20210069643A (en) | System and method for cryptographic authentication of contactless card | |
| US20230252451A1 (en) | Contactless card with multiple rotating security keys | |
| KR20210065091A (en) | System and method for cryptographic authentication of contactless card | |
| US11405782B2 (en) | Methods and systems for securing and utilizing a personal data store on a mobile device | |
| KR20240026922A (en) | Cryptographic authentication to control access to storage devices | |
| KR20210065109A (en) | System and method for cryptographic authentication of contactless card | |
| KR20210066798A (en) | System and method for cryptographic authentication of contactless card | |
| CN102387150A (en) | Access control method and system of mobile memory and mobile memory | |
| CN102521164B (en) | Access control method of mobile memory, mobile memory and system | |
| KR20220084299A (en) | Data access control system and method of secure memory using short-range transceiver | |
| KR101666591B1 (en) | One time password certifacation system and method | |
| Husni et al. | Development of integrated mobile money system using Near Field Communication (NFC) | |
| CN102426635B (en) | Display device for file information, display method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |