A kind of implementation method of wireless messages safety means and system
Technical field
The present invention relates to information security field, particularly a kind of implementation method of wireless messages safety means and system.
Background technology
In prior art, information safety devices is the Main Means of realizing Software security protection and copyright protection, network security protection or authentication.So-called information safety devices is a kind of hardware device being attached in host interface (as: interface such as USB interface, serial ports, parallel port), and the specific software or the sensitive information that operate in main frame are carried out to safeguard protection and copyright protection.In current Software Protection Technique, encryption lock is the most frequently used a kind of.So-called encryption lock, is a kind of high strength intelligent card chip and advanced cryptological technique of adopting, and has certain computing and the hardware system of storage capacity, is difficult to be cracked and copied simultaneously, in high strength software copyright protection, has a wide range of applications.
As inventor place company has produced multiple encryption lock product, referring to following network address: http://www.sense.com.cn/.
At present, the common form of encryption lock is an independently hardware device, by USB or other interfaces and main frame, carries out physical connection.In the use procedure of encryption lock, inventor finds to exist following problem:
While 1, using encryption lock, may need to plug frequently encryption lock (as the plug lock process in situations such as going to work every day, come off duty, leave).Particularly nowadays, advocate in convenient, efficient society, this frequent, repeated operation has brought great inconvenience to user's use.Prior art also could not solve the technical problem that improves encryption lock ease for use, convenience.
2, user is when using encryption lock, if interim busy away from keyboard and forget and pull out encryption lock, at this moment illegal person just likely avails oneself of the opportunity to get in, and steals privacy of user or other data messages.
3, encryption lock is as a kind of hardware device, when the interface by joint and computer carries out physical connection, may have static, thereby may cause computer corruption, causes the loss of data.
4, encryption lock, as a kind of hardware device, is connected with computer physics by joint, while frequently plugging, may there is the loosening situations such as wearing and tearing, contained spring in the joint of encryption lock, may occur the situation of link fails, thereby cause the inconvenience of use, and replacing joint also there is certain cost.
5, often having many people and jointly participate in the research and development of project or jointly use some resource, is the fail safe of protection project technical information (document, code etc.) or other private informations, generally can distribute a corresponding encryption lock through authorizing for everyone.Participant is locked into the daily research and development of row and other uses by what distribute.In this process, may someone will forget or lose encryption lock, in addition, everyone distributes an encryption lock, and easily occurs that the situations such as loss, damage need replacing, and cost is too high; And be also not easy management while there is a plurality of encryption lock, and may there is artificial information leakage, technical method that can a plurality of encryption locks of control and management in prior art is to address the above problem.
Summary of the invention
In view of this, the invention provides a kind of system and method for wireless messages safety means.Described method step comprises: open information safety devices switch, information safety devices detects the wireless signal of the wireless transmitting-receiving equipments in its signal cover automatically, wireless signal detected, wireless connections, during use, information safety devices first carries out authentication, and authentication is passed through, and by the wireless transmitting-receiving equipments being connected with main frame, realizes the data interaction between main frame and information safety devices; While leaving, closing information safety means manually or automatically, information safety devices automatic disconnection connects.By method provided by the invention, can save cost, reduce the risk of information leakage, promote user and experience.
A Secure Equipment System, comprising: at least one wireless transmitting-receiving equipments, information safety devices.Wherein said at least one wireless transmitting-receiving equipments embedded micro-processor chip, is connected with main frame by host interface, specifically also comprises:
Wireless communication module, for carrying out the mutual transmission of radio communication and data with described information safety devices;
Processing module, for operating according to the data interaction between information safety devices described in the message of transmission or instruction process and described main frame;
Described information safety devices, can realize Software security protection function, except Software security protection function, also comprises:
Wireless communication unit, for carrying out radio communication with described wireless transmitting-receiving equipments, carries out data interaction by described wireless transmitting-receiving equipments and described main frame;
Memory cell, for facility information and/or the described wireless transmitting-receiving equipments identification list information of storage key, certificate, described information safety devices, related data information when also storage is used;
Processing unit, carries out corresponding computing and result is returned to described main frame for the message instruction to receiving;
Switch, for control information safety means state, as opens, cuts out;
Power supply unit, is used to described information safety devices that electric power support is provided, to guarantee the normal use of described information safety devices.
According to an aspect of the present invention, described wireless transmitting-receiving equipments has memory module, for storing the data messages such as enciphering and deciphering algorithm key, facility information.
According to an aspect of the present invention, in described information safety devices wireless communication unit, have detecting unit, described detecting unit is for the wireless signal of the wireless device in automatic detected wireless signals coverage.
According to an aspect of the present invention, described wireless transmitting-receiving equipments is Wireless USB receiver;
According to an aspect of the present invention, the corresponding information safety devices of at least one wireless transmitting-receiving equipments coupling.
According to an aspect of the present invention, described switch can comprise various ways, as modes such as button, slips.
According to an aspect of the present invention, the communication between described information safety devices and described wireless transmitting-receiving equipments comprises bluetooth, NFC.
According to an aspect of the present invention, described power supply unit can be powered to information safety devices by battery, such as described power supply unit is lithium battery.
According to an aspect of the present invention, described information safety devices includes but not limited to encryption lock.
An implementation method for wireless messages safety means, wherein at least comprises a wireless transmitting-receiving equipments, information safety devices, and the method comprises the steps:
Wireless transmitting-receiving equipments is connected with main frame by host interface;
Open information safety devices switch, information safety devices detects wireless signal around automatically;
Information safety devices detects after wireless signal, is automatically connected with the wireless device that sends described wireless signal, verifies that whether described wireless device is corresponding or matching unit;
If described wireless device is equipment corresponding or coupling, show that this wireless device is the wireless transmitting-receiving equipments supporting with described information safety devices, perform step 5, otherwise perform step 6;
Information safety devices and wireless transmitting-receiving equipments are set up wireless communication link;
Order connects item by item from the wireless signal list detecting, and whether the wireless device that described wireless signal is sent in judgement is matching unit, performs step 4; If all cannot connect, information safety devices continues to detect other new wireless signals and attempts connecting;
While using information safety devices, carry out authentication;
If authentication is passed through, show it is equipment legal or that authorize, can continue follow-up data interaction operation; Otherwise, think illegal or unauthorized device, prompting authentification failure, authenticates or bans use of information safety devices again; While leaving, can pass through mode closing information safety means manually or automatically, disconnection of wireless connects.
According to an aspect of the present invention, during an information safety devices of a plurality of wireless transmitting-receiving equipments coupling, information safety devices is connected with wireless transmitting-receiving equipments, sets up a plurality of radio communication channels, and each wireless transmitting-receiving equipments is separately by independent communication link and information safety devices communication.
According to an aspect of the present invention, for guaranteeing the fail safe in data transmission procedure, can to the data of transmission, be encrypted by cryptographic algorithm, receiving terminal receives after enciphered data, is decrypted, and then continues to carry out.According to an embodiment of the invention, described algorithm comprises: the modes such as symmetry or asymmetric arithmetic.Symmetry algorithm comprises AES, DES, TDES; Rivest, shamir, adelman comprises RSA, ECC.
According to an aspect of the present invention, by automated manner closing information safety means, refer in information safety devices opening certain hour cannot be connected with the wireless transmitting-receiving equipments of coupling time, information safety devices internal judgment thinks to leave state, automatically closing information safety means.According to an embodiment of the invention, described certain hour can self-definedly arrange.
The beneficial effect obtained by method provided by the invention is: adopt wireless mode to connect communication, can save cost, reduce the risk of information leakage, promote user and experience.
Accompanying drawing explanation
Fig. 1 is basic flow sheet of the present invention;
Fig. 2 is according to the schematic flow sheet of the preferred embodiments of the present invention 1;
Fig. 3 is according to the schematic flow sheet of the preferred embodiments of the present invention 2.
Embodiment
For making object of the present invention, technical scheme and advantage clearer, referring to the accompanying drawing embodiment that develops simultaneously, the present invention is described in more detail.
According to one embodiment of present invention, in the present invention, wireless transmitting-receiving equipments is a kind of embedded micro-processor (MCU) chip, wireless communication module, has the hardware device of storage and data processing function.Its outer appearnce is similar to the usb signal receiver in Wireless Keyboard or wireless mouse, and volume is little, easily carry.Wireless transmitting-receiving equipments is generally encapsulated as the form of USB joint, by USB interface, is connected with main frame, by USB communications protocol and main frame, carries out communication.Certainly, those skilled in the art knows, wireless transmitting-receiving equipments can also connect by other interface shape and computer, and the form of this connection has multiple situation, is not focus of the present invention, and it does not limit the scope of application of the present invention.
In the present invention, wireless transmitting-receiving equipments inside has wireless communication module, information safety devices inside has wireless communication unit, described wireless communication module, wireless communication unit contain controlled in wireless chip and the antenna of carrying out wireless communication protocol, can establish a communications link according to radio communication standard and other Wireless Telecom Equipments, then realize the data interaction transmission between wireless transmitting-receiving equipments and information safety devices.
According to an embodiment of the invention, described wireless transmitting-receiving equipments and information safety devices communication comprise bluetooth (Bluetooth), NFC etc.
According to an embodiment of the invention, described information safety devices adopts identical communication protocol with wireless transmitting-receiving equipments, as bluetooth.
In the present invention, information safety devices detects wireless signal, can automatically be connected with the wireless device that sends described wireless signal, whether authorization information safety means are corresponding or corollary equipment with the wireless device that sends described wireless signal, and described verification mode includes but not limited to following several mode:
1. wireless transmitting-receiving equipments and information safety devices are when dispatching from the factory, all there is unique identification, be stored in separately in equipment, in information safety devices, store legal or available wireless transmitting-receiving equipments unique identification list, while there is wireless transmitting-receiving equipments in information safety devices detects signal cover, from the wireless transmitting-receiving equipments that is dynamically connected, after connecting, information safety devices judges that the unique identification of wireless transmitting-receiving equipments of current connection is whether in the legal or available wireless transmitting-receiving equipments unique identification list in information safety devices, if, show that information safety devices and this wireless transmitting-receiving equipments are supporting available equipment, if do not existed, show that information safety devices and this wireless transmitting-receiving equipments do not mate, be that information safety devices and this wireless transmitting-receiving equipments are not a set of equipment.
2. wireless transmitting-receiving equipments and information safety devices are when dispatching from the factory, the unique identification of information safety devices is also stored in the wireless transmitting-receiving equipments of default fixed qty, while there is wireless transmitting-receiving equipments in information safety devices detects signal cover, from the wireless transmitting-receiving equipments that is dynamically connected, after connecting, wireless transmitting-receiving equipments obtains the unique identification of the information safety devices of current connection, and contrast with the information safety devices unique identification that is stored in wireless transmitting-receiving equipments inside, if consistent, show that information safety devices and this wireless transmitting-receiving equipments are matching unit, otherwise information safety devices and this wireless transmitting-receiving equipments are matching unit not.Certainly, those skilled in the art should be understood that except above-mentioned two kinds of methods, can also verify by calculating or other means of different keys or algorithm, and this is not emphasis of the present invention, and it does not limit the scope of application of the present invention.
According to an aspect of the present invention, above-mentioned unique identification can be device id, IP, random number, cryptographic algorithm key, numeral, or its combination in any.
Described information safety devices can also have charge function, as has patchplug.
According to an embodiment of the invention, described automatic closing information safety means refer in advance in the inner self-defined time value of information safety devices, when information safety devices is under opening, while not being connected with the wireless transmitting-receiving equipments of coupling over this time value, the inner automatic decision of information safety devices is for leaving state, by internal processes closing information safety means, can save electric weight in this way.
According to an embodiment of the invention, for guaranteeing the fail safe in data transmission procedure, can to the data of transmission, be encrypted by cryptographic algorithm, receiving terminal receives after enciphered data, is decrypted, and then continues to carry out.According to an embodiment of the invention, described algorithm comprises: the modes such as symmetry or asymmetric arithmetic.Symmetry algorithm comprises AES, DES, TDES; Rivest, shamir, adelman comprises RSA, ECC.
Embodiment 1
In the present embodiment, a corresponding wireless transmitting-receiving equipments of information safety devices, information safety devices switch is slipping switch, switch is arranged on the side of information safety devices, by the on off state of the control information safety means that slidably reciprocate.Information safety devices in the present embodiment is encryption lock, encryption lock oneself is carried (as being placed on the positions such as briefcase, pocket, key chain), wireless transmitting-receiving equipments adopts USB head (calling USB transceiver in the following text) to be connected with main frame, and communication is bluetooth.According to one embodiment of present invention, as shown in Figure 2, concrete steps are as follows:
1. USB transceiver is connected with main frame;
2. by sliding type, open encryption lock switch;
3. the wireless signal in encryption lock automatic detection signal coverage;
4. detect after wireless signal, be automatically connected with the wireless device that sends described wireless signal, encryption lock sends the request of obtaining equipment identification information to the wireless device that sends described wireless signal;
5., when if this wireless device is USB transceiver, USB transceiver is to encryption lock Returning equipment identification information; During if not USB transceiver, this wireless device can not respond or return other information;
6. encryption lock receives after information, contrasts, if the identification information receiving is in list of matches with being stored in inner USB transceiver identification list available legal or that mate, be indicated as and be verified, for matching unit, perform step 7, otherwise perform step 8;
7. encryption lock and USB device are set up wireless communication link;
8. be indicated as illegality equipment, forbid connecting;
9., while using encryption lock function, by input password (as PIN code), carry out authentication;
10. if authentication is passed through, show it is equipment legal or that authorize, can continue follow-up data interaction operation; Otherwise, think illegal or unauthorized device, prompting authentification failure, authenticates or bans use of encryption lock again;
11. when leave, can be by mode closing information safety means manually or automatically, and disconnection of wireless connects.
Embodiment 2
In the present embodiment, the corresponding a plurality of wireless transmitting-receiving equipments of information safety devices, information safety devices switch is push-button switch, by the on off state of shift knob control information safety means.Information safety devices in the present embodiment is encryption lock, encryption lock oneself is carried (as being placed on the positions such as briefcase, pocket, key chain), wireless transmitting-receiving equipments adopts USB head (calling USB transceiver in the following text) to be connected with main frame, communication is bluetooth, the USB transceiver identification list of storage coupling in encryption lock in the present invention, automatically closing encryption lock set of time is 10 minutes.According to an embodiment of the invention, concrete steps are as follows:
1. a plurality of USB transceivers are connected with main frame separately by host interface;
2. by the push-button switch on encryption lock, open encryption lock;
3. the wireless signal in encryption lock automatic detection signal coverage;
4. detect after wireless signal, be automatically connected with the wireless device that sends described wireless signal, by obtaining the identification list of identification information and encryption lock storage inside, contrast, whether checking is matching unit;
5., if the identification information obtaining, in the identification list of encryption lock storage, is indicated as the matching unit of coupling, performs step 6, otherwise perform step 7;
6. encryption lock and this USB transceiver are set up wireless communication link;
7. order connects item by item from the wireless signal list detecting, and according to step, 4-5 determines whether matching unit, and coupling, performs step 6; Otherwise repeat this step;
8. set up after communication link, when main frame need to carry out when mutual, need to first carrying out authentication with encryption lock, such as authenticating by modes such as input passwords (being PIN code);
9. authentication is passed through, and is indicated as legal or authorisation device, can continue follow-up data interaction operation; Otherwise think illegal or unauthorized device, prompting authentification failure, can authenticate or ban use of encryption lock again;
10. while leaving, close encryption lock button or adopt automated manner to close encryption lock, after closing, encryption lock disconnects with main frame automatically, forbids computer use encryption lock function;
According to an embodiment of the invention, in above-mentioned steps 10, automatically closing encryption lock refers to: when when leaving, distance surpasses encryption lock wireless signal coverage, encryption lock just can't detect the wireless signal of USB transceiver, therefore also just cannot set up wireless connections with USB transceiver, encryption lock internal judgment cannot connect the time of USB transceiver over 10 minutes, be defaulted as the state of leaving, by built-in command, close encryption lock.
The foregoing is only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of doing, be equal to and replace and improvement etc., within all should being included in protection scope of the present invention.